1- name : CI
1+ # This CI optionally builds libraries and then builds examples against them.
2+ #
3+ # If a change is detected within `esp-mbedtls-sys/`, a rebuild is triggered and this CI will automatically
4+ # rebuild the libraries using the xtask. Then the tests are executed against the rebuilt libraries.
5+ #
6+ # If no rebuild occurs, the tests are executed against the current libraries.
7+ #
8+ # The libraries are pushed on either of these conditions:
9+ # 1. The PR is labelled with `rebuild-libs`.
10+ # Then libraries will be forcefully rebuilt and then pushed onto the PR branch.
11+ # 2. The libraries are rebuilt on the main branch.
12+ # When pushing a PR that would trigger a rebuild, the libraries get automatically
13+ # pushed to the main branch after successful testing.
14+
15+ name : Build (optional) and test examples
216
317on :
4- pull_request :
18+ pull_request_target :
519 branches :
620 - main
21+ types :
22+ - opened
23+ - synchronize
24+ - reopened
25+ - labeled
726 push :
27+ branches :
28+ - main
829 workflow_dispatch :
930
1031env :
@@ -20,27 +41,126 @@ concurrency:
2041 group : ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
2142
2243jobs :
23- all :
44+ build-test :
2445 runs-on : ubuntu-latest
46+ permissions : read-all
47+ outputs :
48+ upload-libs : ${{ steps.detect-changes.outputs.libs == 'true' }}
2549
2650 steps :
27- - uses : actions/checkout@v3
51+ # ==== Setup ====
52+ - uses : actions/checkout@v4
53+
54+ - name : mbedtls init
55+ run : git submodule update --init --recursive
56+
2857 - uses : dtolnay/rust-toolchain@v1
2958 with :
30- target : riscv32imc -unknown-none-elf
31- toolchain : nightly
59+ target : x86_64 -unknown-linux-gnu
60+ toolchain : stable
3261 components : rust-src,rustfmt
33- 62+
63+ - uses : Swatinem/rust-cache@v2
64+ with :
65+ workspaces : |
66+ ./
67+ xtask
68+
69+ name : Install Rust for Xtensa
70+ 3471 with :
3572 ldproxy : true
3673 override : false
37- - uses : Swatinem/rust-cache@v2
74+
75+ # ==== Build libs ====
76+ - name : Detect esp-mbedtls-sys/ changes
77+ uses : dorny/paths-filter@v3
78+ id : detect-changes
79+ with :
80+ filters : |
81+ libs:
82+ - 'esp-mbedtls-sys/**'
83+
84+ # https://github.com/esp-rs/xtensa-toolchain/issues/40
85+ - name : Install full Espressif LLVM installation
86+ if : |
87+ steps.detect-changes.outputs.libs == 'true' ||
88+ contains(github.event.pull_request.labels.*.name, 'rebuild-libs')
89+ run : $HOME/.cargo/bin/espup install -l debug --extended-llvm
90+
91+ - name : Build libraries and bindings
92+ if : |
93+ steps.detect-changes.outputs.libs == 'true' ||
94+ contains(github.event.pull_request.labels.*.name, 'rebuild-libs')
95+ run : |
96+ rm -rf esp-mbedtls-sys/libs/*
97+ cargo +stable xtask gen
98+
99+ # ==== Test ====
100+ # If the libs are rebuilt, the tests are executed against the new libraries,
101+ # else they get executed against the latest version in HEAD
102+
103+ # Tests requires nightly riscv32imc-unknown-none-elf to be installed
104+ - uses : dtolnay/rust-toolchain@v1
105+ with :
106+ target : riscv32imc-unknown-none-elf
107+ toolchain : nightly
108+ components : rust-src,rustfmt
38109 - uses : extractions/setup-just@v1
39110 with :
40111 just-version : 1.13.0
41112
42- - name : mbedtls init
43- run : git submodule update --init --recursive
44-
45113 - name : check
46114 run : just
115+
116+ - name : Upload libraries artifacts for commit
117+ if : |
118+ (steps.detect-changes.outputs.libs == 'true' &&
119+ github.ref == 'refs/heads/main') ||
120+ contains(github.event.pull_request.labels.*.name, 'rebuild-libs')
121+ uses : actions/upload-artifact@v4
122+ with :
123+ name : esp-mbedtls-sys
124+ retention-days : 1
125+ path : |
126+ esp-mbedtls-sys/libs
127+ esp-mbedtls-sys/src
128+
129+ # If libraries are rebuilt and tests are successful, we upload them in a specific job
130+ # that has write access to prevent security breaches, and unwanted use of the token
131+ commit-libs :
132+ runs-on : ubuntu-latest
133+ permissions :
134+ contents : write
135+ needs : build-test
136+ if : |
137+ (needs.build-test.outputs.upload-libs &&
138+ github.ref == 'refs/heads/main') ||
139+ contains(github.event.pull_request.labels.*.name, 'rebuild-libs')
140+ steps :
141+ - uses : actions/checkout@v4
142+ with :
143+ # In a pull request trigger, ref is required as GitHub Actions checks out in detached HEAD mode,
144+ # meaning it doesn’t check out your branch by default.
145+ ref : ${{ github.head_ref || github.ref_name }}
146+ # When doing a pull request, we need to fetch the forked repository.
147+ repository : ${{ github.event.pull_request.head.repo.full_name || github.repository }}
148+
149+ - name : Download artifacts
150+ uses : actions/download-artifact@v4
151+ with :
152+ name : esp-mbedtls-sys
153+ # Required because else artifacts will be put into the base directory
154+ path : esp-mbedtls-sys/
155+
156+ - name : Commit and push libraries to ${{ github.head_ref || github.ref_name }}
157+ run : |
158+ git config user.name "github-actions[bot]"
159+ git config user.email "github-actions[bot]@users.noreply.github.com"
160+ git add esp-mbedtls-sys/libs
161+ git add esp-mbedtls-sys/src
162+ # Only commit and push when there are changes
163+ git diff --cached --quiet || (
164+ git commit -m "chore: auto-push built libraries"
165+ git push
166+ )
0 commit comments