-
Notifications
You must be signed in to change notification settings - Fork 16
168 lines (152 loc) · 6.4 KB
/
Copy pathbloat.yml
File metadata and controls
168 lines (152 loc) · 6.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: Bloat Budget
# Enforce a hard cargo-bloat budget so silent binary
# growth blocks merge. The musl static builds themselves live in
# .github/workflows/reusable-build.yml (build-linux-amd64 / build-linux-arm64
# / build-windows-amd64 / build-windows-arm64); this workflow only adds the
# per-(target, role) regression gate on top of them.
#
# Per-target ceilings exist on purpose: a Linux musl binary and a Windows
# MSVC binary (with static_vcruntime + windows-sys) have very different
# baselines. One shared ceiling would either let Windows regress silently
# or false-flag every Linux PR. See ci/README.md for the override path.
on:
push:
branches: ["main", "dev"]
pull_request:
branches: ["main", "dev"]
env:
CARGO_TERM_COLOR: always
# Strict default: every non-first-party crate must stay under this share of
# the text section. Per-(target, crate) exceptions live in the matrix below
# as `crate_share_overrides` so they're auditable and narrowly scoped.
MAX_CRATE_SHARE: "0.10" # 10% of text per non-first-party crate
concurrency:
group: bloat-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
bloat-budget:
name: bloat (${{ matrix.target }} / ${{ matrix.crate }})
runs-on: ${{ matrix.runs_on }}
strategy:
fail-fast: false
matrix:
include:
# -------- Linux x86_64 musl --------
- target: x86_64-unknown-linux-musl
runs_on: ubuntu-latest
crate: azure-proxy-agent
max_binary_bytes: "20000000" # ~20 MB
# Vendored OpenSSL (approved crypto) is structurally ~20% of text
# for the agent on musl; HMAC-SHA256 in proxy_agent_shared pulls it.
crate_share_overrides: "openssl_sys=0.25"
apt_packages: musl-tools
- target: x86_64-unknown-linux-musl
runs_on: ubuntu-latest
crate: ProxyAgentExt
max_binary_bytes: "10000000" # ~10 MB
crate_share_overrides: "clap_builder=0.15 regex_automata=0.15"
apt_packages: musl-tools
- target: x86_64-unknown-linux-musl
runs_on: ubuntu-latest
crate: proxy_agent_setup
max_binary_bytes: "6000000" # ~6 MB
# proxy_agent_setup is tiny (~1 MiB text after the openssl gate),
# so a normal-sized clap derive parser is ~30% by share.
crate_share_overrides: "clap_builder=0.35"
apt_packages: musl-tools
# -------- Linux aarch64 musl (native arm64 runner) --------
- target: aarch64-unknown-linux-musl
runs_on: ubuntu-24.04-arm
crate: azure-proxy-agent
max_binary_bytes: "20000000"
crate_share_overrides: "openssl_sys=0.15"
apt_packages: musl-tools
- target: aarch64-unknown-linux-musl
runs_on: ubuntu-24.04-arm
crate: ProxyAgentExt
max_binary_bytes: "10000000"
crate_share_overrides: "clap_builder=0.15 regex_automata=0.15"
apt_packages: musl-tools
- target: aarch64-unknown-linux-musl
runs_on: ubuntu-24.04-arm
crate: proxy_agent_setup
max_binary_bytes: "11000000"
crate_share_overrides: "clap_builder=0.35"
apt_packages: musl-tools
# -------- Windows x86_64 MSVC --------
- target: x86_64-pc-windows-msvc
runs_on: windows-2022
crate: azure-proxy-agent
max_binary_bytes: "10000000"
- target: x86_64-pc-windows-msvc
runs_on: windows-2022
crate: ProxyAgentExt
max_binary_bytes: "5000000"
crate_share_overrides: "clap_builder=0.20 regex_automata=0.15 regex_syntax=0.15"
- target: x86_64-pc-windows-msvc
runs_on: windows-2022
crate: proxy_agent_setup
max_binary_bytes: "4000000"
crate_share_overrides: "clap_builder=0.35 regex_automata=0.20 regex_syntax=0.15"
# -------- Windows aarch64 MSVC (cross-compiled on x64 runner) --------
- target: aarch64-pc-windows-msvc
runs_on: windows-2022
crate: azure-proxy-agent
max_binary_bytes: "8000000"
# No vendored OpenSSL on Windows (BCrypt), but the binary is much
# smaller so tokio's fixed cost crosses 10% by share.
crate_share_overrides: "tokio=0.12"
- target: aarch64-pc-windows-msvc
runs_on: windows-2022
crate: ProxyAgentExt
max_binary_bytes: "5000000"
crate_share_overrides: "clap_builder=0.20 regex_automata=0.20 regex_syntax=0.15"
- target: aarch64-pc-windows-msvc
runs_on: windows-2022
crate: proxy_agent_setup
max_binary_bytes: "4000000"
crate_share_overrides: "clap_builder=0.25 regex_automata=0.20 regex_syntax=0.15"
steps:
- uses: actions/checkout@v4
- name: Install apt packages (Linux only)
if: runner.os == 'Linux' && matrix.apt_packages != ''
run: |
sudo apt-get update
sudo apt-get install -y ${{ matrix.apt_packages }}
- uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- uses: Swatinem/rust-cache@v2
with:
key: bloat-${{ matrix.target }}-${{ matrix.crate }}
- name: Install cargo-bloat
run: cargo install cargo-bloat --locked
- name: Run cargo-bloat
shell: bash
run: |
cargo bloat --release --crates \
--target ${{ matrix.target }} \
-p ${{ matrix.crate }} \
--message-format json > bloat.json
- name: Enforce budget
shell: bash
run: |
overrides=""
for kv in ${{ matrix.crate_share_overrides }}; do
overrides="$overrides --crate-share-override $kv"
done
python3 ci/check_bloat.py \
--bloat-json bloat.json \
--max-binary-bytes ${{ matrix.max_binary_bytes }} \
--max-crate-share ${{ env.MAX_CRATE_SHARE }} \
$overrides \
| tee bloat-report.txt
- name: Upload bloat report
if: always()
uses: actions/upload-artifact@v4
with:
name: bloat-report-${{ matrix.target }}-${{ matrix.crate }}
path: |
bloat.json
bloat-report.txt
if-no-files-found: warn