chore(ci): add CI tests

Author: cxw620

.github/workflows/ci.yml

@@ -0,0 +1,97 @@
+name: CI
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+  merge_group:
+
+permissions:
+  contents: read
+
+env:
+  RUSTFLAGS: -Dwarnings
+  RUST_BACKTRACE: 1
+
+jobs:
+  test:
+    name: Test (Rust ${{matrix.toolchain}}, target ${{matrix.target}})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        toolchain: ["nightly", "beta", "stable", "1.83.0"]
+        target: ["x86_64-unknown-linux-gnu", "x86_64-unknown-linux-musl"]
+    timeout-minutes: 45
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{matrix.toolchain}}
+          components: llvm-tools, clippy, rust-src
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: just,cargo-llvm-cov,cargo-nextest
+      - name: Enable type layout randomization
+        if: matrix.toolchain == 'nightly'
+        run: echo RUSTFLAGS=${RUSTFLAGS}\ -Zrandomize-layout >> $GITHUB_ENV
+      - run: sudo apt-get update && sudo apt-get install -y musl-tools
+        if: endsWith(matrix.target, 'musl')
+      - run: rustup target add ${{matrix.target}}
+      - run: just ci-test --target ${{matrix.target}}
+
+  docs:
+    name: Documentation
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    env:
+      RUSTDOCFLAGS: -Dwarnings
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@nightly
+      - uses: dtolnay/install@cargo-docs-rs
+      - run: cargo docs-rs --package ktls-core
+      - run: cargo docs-rs --package ktls-stream
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    if: github.event_name != 'pull_request'
+    timeout-minutes: 45
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: 1.83.0
+          components: clippy
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: just
+      - run: just clippy
+
+  coverage:
+    name: Coverage
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: nightly
+          components: llvm-tools, clippy, rust-src
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: just,cargo-llvm-cov,cargo-nextest
+      - run: just ci-test
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          slug: hanyu-dev/ktls

.github/workflows/kernel-compatibility-test.yml

@@ -0,0 +1,295 @@
+# Credits: https://github.com/tokio-rs/io-uring/blob/master/.github/workflows/kernel-version-test.yml
+#
+# Tests kTLS functionality across multiple kernel versions.
+# Manual trigger supports custom space-separated version list.
+
+name: Kernel Compatibility Test
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+  merge_group:
+  schedule:
+    # Every day at 04:00 UTC
+    - cron: "0 4 * * *"
+  workflow_dispatch:
+    inputs:
+      kernel-versions:
+        description: "Space-separated list of Linux kernel versions to test"
+        required: true
+
+permissions:
+  contents: read
+
+jobs:
+  prepare-kernel-versions:
+    name: Prepare kernel versions matrix
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y jq curl
+
+      - name: Set matrix
+        id: set-matrix
+        run: |
+          if [ -n "${GITHUB_EVENT_INPUTS_KERNEL_VERSIONS}" ]; then
+            # Manual trigger with custom versions
+            versions="${GITHUB_EVENT_INPUTS_KERNEL_VERSIONS}"
+            echo "Using manual input versions: $versions"
+          else
+            # Get from https://www.kernel.org/releases.json
+            echo "Fetching latest kernel versions from kernel.org..."
+            
+            # Fetch releases data
+            releases_json=$(curl -s https://www.kernel.org/releases.json)
+
+            if [ -z "$releases_json" ]; then
+              echo "Failed to fetch kernel releases data"
+              exit 1
+            fi
+            
+            # Extract versions for specific kernel series
+            mainline=$(echo "$releases_json" | jq -r '.releases[] | select(.moniker == "mainline") | .version')
+            stable=$(echo "$releases_json" | jq -r '.releases[] | select(.moniker == "stable") | .version')
+            
+            # Extract latest longterm versions for specific series
+            lts_6_12=$(echo "$releases_json" | jq -r '.releases[] | select(.moniker == "longterm" and (.version | startswith("6.12."))) | .version' | head -1)
+            lts_6_6=$(echo "$releases_json" | jq -r '.releases[] | select(.moniker == "longterm" and (.version | startswith("6.6."))) | .version' | head -1)
+            lts_6_1=$(echo "$releases_json" | jq -r '.releases[] | select(.moniker == "longterm" and (.version | startswith("6.1."))) | .version' | head -1)
+            lts_5_15=$(echo "$releases_json" | jq -r '.releases[] | select(.moniker == "longterm" and (.version | startswith("5.15."))) | .version' | head -1)
+            lts_5_10=$(echo "$releases_json" | jq -r '.releases[] | select(.moniker == "longterm" and (.version | startswith("5.10."))) | .version' | head -1)
+            lts_5_4=$(echo "$releases_json" | jq -r '.releases[] | select(.moniker == "longterm" and (.version | startswith("5.4."))) | .version' | head -1)
+            
+            # Build versions list with fallbacks for missing LTS versions
+            versions=""
+            [ -n "$mainline" ] && versions="$versions $mainline"
+            [ -n "$stable" ] && versions="$versions $stable"
+            [ -n "$lts_6_12" ] && versions="$versions $lts_6_12"
+            [ -n "$lts_6_6" ] && versions="$versions $lts_6_6"
+            [ -n "$lts_6_1" ] && versions="$versions $lts_6_1"
+            [ -n "$lts_5_15" ] && versions="$versions $lts_5_15"
+            [ -n "$lts_5_10" ] && versions="$versions $lts_5_10"
+            [ -n "$lts_5_4" ] && versions="$versions $lts_5_4"
+          fi
+
+          # Convert space-separated list to JSON array
+          json_array=$(echo "$versions" | xargs | tr ' ' '\n' | grep -v '^$' | jq -R . | jq -s -c .)
+          echo "matrix=$json_array" >> $GITHUB_OUTPUT
+          echo "Generated matrix: $json_array"
+        env:
+          GITHUB_EVENT_INPUTS_KERNEL_VERSIONS: ${{ github.event.inputs.kernel-versions }}
+
+  build-test-binary:
+    name: Build test binary
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y musl-tools
+
+      - name: Install Rust 1.83.0
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: 1.83.0
+          targets: x86_64-unknown-linux-musl
+
+      - name: Build test binary
+        run: |
+          cargo build --package ktls-tests --bin ktls-test-echo --release --target x86_64-unknown-linux-musl
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ktls-test-echo
+          path: target/x86_64-unknown-linux-musl/release/ktls-test-echo
+          retention-days: 1
+          compression-level: 0
+          overwrite: true
+
+  build-kernel:
+    name: Build kernel - ${{ matrix.kernel-version }}
+    needs: prepare-kernel-versions
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        kernel-version: ${{fromJson(needs.prepare-kernel-versions.outputs.matrix)}}
+      fail-fast: false
+    env:
+      KERNEL_VERSION: ${{ matrix.kernel-version }}
+    steps:
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            bison flex libelf-dev \
+            xz-utils wget
+
+      - name: Cache Linux source
+        id: cache-kernel
+        uses: actions/cache@v4
+        with:
+          path: linux-${{ env.KERNEL_VERSION }}
+          key: linux-${{ env.KERNEL_VERSION }}-cache-v1
+
+      - name: Build Linux kernel
+        if: steps.cache-kernel.outputs.cache-hit != 'true'
+        run: |
+          MAJOR=${KERNEL_VERSION%%.*}
+          wget https://cdn.kernel.org/pub/linux/kernel/v${MAJOR}.x/linux-${KERNEL_VERSION}.tar.xz
+          tar xf linux-${KERNEL_VERSION}.tar.xz
+          cd linux-${KERNEL_VERSION}
+
+          # Generate the default config
+          make defconfig
+
+          # Enable essentials as built-ins
+          scripts/config --enable CONFIG_DEVTMPFS
+          scripts/config --enable CONFIG_DEVTMPFS_MOUNT
+
+          # Enable virtio drivers
+          scripts/config --enable CONFIG_VIRTIO
+          scripts/config --enable CONFIG_VIRTIO_PCI
+          scripts/config --enable CONFIG_VIRTIO_BLK
+
+          # Enable kTLS support
+          scripts/config --enable CONFIG_TLS
+          scripts/config --enable CONFIG_TLS_DEVICE
+
+          # Generate the updated config
+          make olddefconfig
+
+          make -j$(nproc)
+
+      - name: Upload kernel artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: linux-kernel-${{ env.KERNEL_VERSION }}
+          path: linux-${{ env.KERNEL_VERSION }}/arch/x86/boot/bzImage
+          retention-days: 1
+          compression-level: 6
+          overwrite: true
+
+  test:
+    name: Test - ${{ matrix.kernel-version }} @ ${{ matrix.arg-termination }} ${{ matrix.arg-cipher }}
+    needs: [prepare-kernel-versions, build-test-binary, build-kernel]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        kernel-version: ${{fromJson(needs.prepare-kernel-versions.outputs.matrix)}}
+        arg-termination: ["client", "server"]
+        arg-cipher:
+          [
+            "TLS13_AES_128_GCM_SHA256",
+            "TLS13_AES_256_GCM_SHA384",
+            "TLS13_CHACHA20_POLY1305_SHA256",
+            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+          ]
+      fail-fast: false
+    env:
+      KERNEL_VERSION: ${{ matrix.kernel-version }}
+      TEST_ARG_TERMINATION: ${{ matrix.arg-termination }}
+      TEST_ARG_CIPHER: ${{ matrix.arg-cipher }}
+    steps:
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            qemu-system-x86 busybox-static cpio e2fsprogs
+
+      - name: Download test binary artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ktls-test-echo
+          path: .
+
+      - name: Download kernel artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: linux-kernel-${{ env.KERNEL_VERSION }}
+          path: .
+
+      - name: Prepare initramfs + tests binaries
+        run: |
+          rm -rf initramfs && mkdir -p initramfs/{bin,sbin,proc,sys,tmp}
+
+          # Copy the test binary (downloaded from artifact)
+          chmod +x ktls-test-echo
+          cp ktls-test-echo initramfs/bin/
+
+          # Add necessary binaries from busybox
+          cp /usr/bin/busybox initramfs/bin/
+          for cmd in sh mount ip ifconfig cat; do ln -sf busybox initramfs/bin/$cmd; done
+          ln -sf ../bin/busybox initramfs/sbin/poweroff
+
+          # Generate init script
+          cat > initramfs/init << EOF
+          #!/bin/sh
+          set -e
+
+          # Activating the loopback interface (it's required for some network tests)
+          ip link set lo up
+
+          mkdir -p /dev
+
+          # Enable necessary devices
+          # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
+          mknod /dev/port c 1 4
+          mknod /dev/null c 1 3
+          mknod /dev/zero c 1 5
+          mknod /dev/tty c 5 0
+
+          mkdir -p /tmp && mount -t tmpfs -o mode=1777 tmpfs /tmp
+
+          # Bring up ext4 test volume at /mnt
+          mount -t devtmpfs devtmpfs /dev
+
+          exit_code=0
+
+          # Run the test binary
+          RUST_BACKTRACE=1 /bin/ktls-test-echo -t "${TEST_ARG_TERMINATION}" -c "${TEST_ARG_CIPHER}" || exit_code=1
+
+          # If the test binary exited with a non-zero code, write it to /dev/port.
+          # This lets QEMU exit with non-zero exit-code, triggering a CI error.
+          [ \$exit_code -eq 0 ] || printf '\x01' \\
+            | dd of=/dev/port bs=1 seek=244 count=1 2>/dev/null
+
+          /sbin/poweroff -f
+
+          EOF
+
+          chmod +x initramfs/init
+
+          # Pack into a CPIO archive
+          (cd initramfs && find . -print0 \
+            | cpio --null -ov --format=newc | gzip -9 > ../initramfs.cpio.gz)
+
+      - name: Run tests in QEMU
+        run: |
+          qemu-system-x86_64 \
+            -device isa-debug-exit,iobase=0xf4,iosize=0x04 \
+            -kernel bzImage \
+            -initrd initramfs.cpio.gz \
+            -netdev user,id=net0 \
+            -device e1000,netdev=net0 \
+            -append "console=ttyS0 rootfstype=ramfs panic=1" \
+            -nographic -no-reboot -m 1024 -action panic=exit-failure
+
+          if [ $? -ne 0 ]; then
+            echo "tests failed (QEMU exited abnormally)"
+            exit 1
+          else
+            echo "all tests passed"
+          fi

.gitignore

@@ -1,3 +1,2 @@
 /target
-/Cargo.lock
 *coverage*