.github/workflows/ci.yml

# Copyright 2022 The Fuchsia Authors
#
# Licensed under a BSD-style license <LICENSE-BSD>, Apache License, Version 2.0
# <LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0>, or the MIT
# license <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your option.
# This file may not be copied, modified, or distributed except according to
# those terms.

name: Build & Tests

on:
  pull_request:
  push:
    branches:
      - main
      - v0.8.x
  merge_group:

permissions: read-all

env:
  CARGO_TERM_COLOR: always
  RUSTFLAGS: -Dwarnings
  RUSTDOCFLAGS: -Dwarnings
  # `ZC_NIGHTLY_XXX` are flags that we add to `XXX` only on the nightly
  # toolchain.
  ZC_NIGHTLY_RUSTFLAGS: -Zrandomize-layout
  ZC_NIGHTLY_MIRIFLAGS: "-Zmiri-strict-provenance -Zmiri-backtrace=full"

jobs:
  build_test:
    runs-on: ubuntu-latest
    # Generate and populate the global Cargo registry and cache first. Each
    # job in the matrix runs in parallel, so without populating the cache
    # first, most jobs would duplicate the work of downloading crates from
    # the internet. Populating the cache first ensures that this work only
    # happens once.
    needs: generate_cache

    strategy:
      # By default, this is set to `true`, which means that a single CI job
      # failure will cause all outstanding jobs to be canceled. This slows down
      # development because it means that errors need to be encountered and
      # fixed one at a time.
      fail-fast: false
      matrix:
        # See `INTERNAL.md` for an explanation of these pinned toolchain
        # versions.
        toolchain: [
          "msrv",
          "stable",
          "nightly",

          # These are the names of specific Rust versions detected in
          # `build.rs`. Each of these represents the minimum Rust version for
          # which a particular feature is supported.
          "zerocopy-core-error-1-81-0",
          "zerocopy-diagnostic-on-unimplemented-1-78-0",
          "zerocopy-generic-bounds-in-const-fn-1-61-0",
          "zerocopy-target-has-atomics-1-60-0",
          "zerocopy-aarch64-simd-1-59-0",
          "zerocopy-panic-in-const-and-vec-try-reserve-1-57-0"
        ]
        target: [
          "i686-unknown-linux-gnu",
          "x86_64-unknown-linux-gnu",
          "arm-unknown-linux-gnueabi",
          "aarch64-unknown-linux-gnu",
          "powerpc-unknown-linux-gnu",
          "powerpc64-unknown-linux-gnu",
          "riscv64gc-unknown-linux-gnu",
          "s390x-unknown-linux-gnu",
          "x86_64-pc-windows-msvc",
          "thumbv6m-none-eabi",
          "wasm32-wasi"
        ]
        features: [
          "--no-default-features",
          "",
          "--features __internal_use_only_features_that_work_on_stable",
          "--all-features"
        ]
        crate: [ "zerocopy", "zerocopy-derive" ]
        event_name: [ "${{ github.event_name }}" ]
        exclude:
          # Exclude any combination which uses a non-nightly toolchain but
          # enables nightly features.
          - toolchain: "msrv"
            features: "--all-features"
          - toolchain: "stable"
            features: "--all-features"
          - toolchain: "zerocopy-core-error-1-81-0"
            features: "--all-features"
          - toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
            features: "--all-features"
          - toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
            features: "--all-features"
          - toolchain: "zerocopy-target-has-atomics-1-60-0"
            features: "--all-features"
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            features: "--all-features"
          - toolchain: "zerocopy-panic-in-const-and-vec-try-reserve-1-57-0"
            features: "--all-features"
          # Exclude any combination for the zerocopy-derive crate which
          # uses zerocopy features.
          - crate: "zerocopy-derive"
            features: "--no-default-features"
          - crate: "zerocopy-derive"
            features: "--features __internal_use_only_features_that_work_on_stable"
          - crate: "zerocopy-derive"
            features: "--all-features"
          # Exclue any combination of zerocopy-derive and any toolchain version
          # other than "msrv", "stable", and "nightly". These other versions
          # exist to exercise zerocopy behavior which differs by toolchain;
          # zerocopy-derive doesn't behave different on these toolchains.
          - crate: "zerocopy-derive"
            toolchain: "zerocopy-core-error-1-81-0"
          - crate: "zerocopy-derive"
            toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
          - crate: "zerocopy-derive"
            toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
          - crate: "zerocopy-derive"
            toolchain: "zerocopy-target-has-atomics-1-60-0"
          - crate: "zerocopy-derive"
            toolchain: "zerocopy-aarch64-simd-1-59-0"
          - crate: "zerocopy-derive"
            toolchain: "zerocopy-panic-in-const-and-vec-try-reserve-1-57-0"
          # Exclude non-aarch64 targets from the `zerocopy-aarch64-simd-1-59-0`
          # toolchain.
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            target: "i686-unknown-linux-gnu"
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            target: "x86_64-unknown-linux-gnu"
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            target: "arm-unknown-linux-gnueabi"
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            target: "powerpc-unknown-linux-gnu"
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            target: "powerpc64-unknown-linux-gnu"
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            target: "riscv64gc-unknown-linux-gnu"
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            target: "s390x-unknown-linux-gnu"
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            target: "x86_64-pc-windows-msvc"
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            target: "thumbv6m-none-eabi"
          - toolchain: "zerocopy-aarch64-simd-1-59-0"
            target: "wasm32-wasi"
          # Exclude most targets targets from the `zerocopy-core-error-1-81-0`
          # toolchain since the `zerocopy-core-error-1-81-0` feature is unrelated to
          # compilation target. This only leaves i686 and x86_64 targets.
          - toolchain: "zerocopy-core-error-1-81-0"
            target: "arm-unknown-linux-gnueabi"
          - toolchain: "zerocopy-core-error-1-81-0"
            target: "aarch64-unknown-linux-gnu"
          - toolchain: "zerocopy-core-error-1-81-0"
            target: "powerpc-unknown-linux-gnu"
          - toolchain: "zerocopy-core-error-1-81-0"
            target: "powerpc64-unknown-linux-gnu"
          - toolchain: "zerocopy-core-error-1-81-0"
            target: "riscv64gc-unknown-linux-gnu"
          - toolchain: "zerocopy-core-error-1-81-0"
            target: "s390x-unknown-linux-gnu"
          - toolchain: "zerocopy-core-error-1-81-0"
            target: "x86_64-pc-windows-msvc"
          - toolchain: "zerocopy-core-error-1-81-0"
            target: "thumbv6m-none-eabi"
          - toolchain: "zerocopy-core-error-1-81-0"
            target: "wasm32-wasi"
          # Exclude most targets targets from the
          # `zerocopy-diagnostic-on-unimplemented-1-78-0` toolchain since the
          # `zerocopy-diagnostic-on-unimplemented-1-78-0` feature is unrelated to
          # compilation target. This only leaves i686 and x86_64 targets.
          - toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
            target: "arm-unknown-linux-gnueabi"
          - toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
            target: "aarch64-unknown-linux-gnu"
          - toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
            target: "powerpc-unknown-linux-gnu"
          - toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
            target: "powerpc64-unknown-linux-gnu"
          - toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
            target: "riscv64gc-unknown-linux-gnu"
          - toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
            target: "s390x-unknown-linux-gnu"
          - toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
            target: "x86_64-pc-windows-msvc"
          - toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
            target: "thumbv6m-none-eabi"
          - toolchain: "zerocopy-diagnostic-on-unimplemented-1-78-0"
            target: "wasm32-wasi"
          # Exclude most targets targets from the
          # `zerocopy-generic-bounds-in-const-fn-1-61-0` toolchain since the
          # `zerocopy-generic-bounds-in-const-fn-1-61-0` feature is unrelated to
          # compilation target. This only leaves i686 and x86_64 targets.
          - toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
            target: "arm-unknown-linux-gnueabi"
          - toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
            target: "aarch64-unknown-linux-gnu"
          - toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
            target: "powerpc-unknown-linux-gnu"
          - toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
            target: "powerpc64-unknown-linux-gnu"
          - toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
            target: "riscv64gc-unknown-linux-gnu"
          - toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
            target: "s390x-unknown-linux-gnu"
          - toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
            target: "x86_64-pc-windows-msvc"
          - toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
            target: "thumbv6m-none-eabi"
          - toolchain: "zerocopy-generic-bounds-in-const-fn-1-61-0"
            target: "wasm32-wasi"
          # Exclude `thumbv6m-none-eabi` combined with any feature that implies
          # the `std` feature since `thumbv6m-none-eabi` does not include a
          # pre-compiled std.
          - target: "thumbv6m-none-eabi"
            features: "--features __internal_use_only_features_that_work_on_stable"
          - target: "thumbv6m-none-eabi"
            features: "--all-features"
          # Exclude most targets during PR development, but allow them in the
          # merge queue. This speeds up our development flow, while still
          # ensuring that errors on these targets are caught before a PR is
          # merged to main.
          - target: "arm-unknown-linux-gnueabi"
            event_name: "pull_request"
          - target: "aarch64-unknown-linux-gnu"
            event_name: "pull_request"
          - target: "powerpc-unknown-linux-gnu"
            event_name: "pull_request"
          - target: "powerpc64-unknown-linux-gnu"
            event_name: "pull_request"
          - target: "riscv64gc-unknown-linux-gnu"
            event_name: "pull_request"
          - target: "s390x-unknown-linux-gnu"
            event_name: "pull_request"
          - target: "thumbv6m-none-eabi"
            event_name: "pull_request"
          - target: "wasm32-wasi"
            event_name: "pull_request"

    name: Build & Test (${{ matrix.crate }} / ${{ matrix.toolchain }} / ${{ matrix.features }} / ${{ matrix.target }})

    steps:
    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      with:
        fetch-depth: 2

    - name: Populate cache
      uses: ./.github/actions/cache

    # Ensure that Cargo resolves the minimum possible syn version so that if we
    # accidentally make a change which depends upon features added in more
    # recent versions of syn, we'll catch it in CI.
    #
    # TODO(#1595): Debug why this step is still necessary after #1564 and maybe
    # remove it.
    - name: Pin syn dependency
      run: |
        set -eo pipefail
        # Override the exising `syn` dependency with one which requires an exact
        # version.
        cargo add -p zerocopy-derive 'syn@=2.0.46'

    - name: Configure environment variables
      run: |
        set -eo pipefail

        # We use toolchain descriptors ("msrv", "stable", "nightly", and values
        # from the "metadata.build-rs" key in Cargo.toml) in the matrix. This
        # step converts the current descriptor to a particular toolchain version
        # by looking up the corresponding key in `Cargo.toml`. It sets the
        # `ZC_TOOLCHAIN` environment variable for use in the next step
        # (toolchain installation) because GitHub variable interpolation doesn't
        # support running arbitrary commands. In other words, we can't rewrite:
        #
        #   toolchain: $ {{ env.ZC_TOOLCHAIN }}
        #
        # ...to:
        #
        #   toolchain: $ {{ ./cargo.sh --version matrix.toolchain }} # hypothetical syntax
        ZC_TOOLCHAIN="$(./cargo.sh --version ${{ matrix.toolchain }})"
        echo "Found that the '${{ matrix.toolchain }}' toolchain is $ZC_TOOLCHAIN" | tee -a $GITHUB_STEP_SUMMARY
        echo "ZC_TOOLCHAIN=$ZC_TOOLCHAIN" >> $GITHUB_ENV

        if [[ '${{ matrix.toolchain }}' == 'nightly' ]]; then
          RUSTFLAGS="$RUSTFLAGS $ZC_NIGHTLY_RUSTFLAGS"
          MIRIFLAGS="$MIRIFLAGS $ZC_NIGHTLY_MIRIFLAGS"
          echo "Using nightly toolchain; setting RUSTFLAGS='$RUSTFLAGS' and MIRIFLAGS='$MIRIFLAGS'" | tee -a $GITHUB_STEP_SUMMARY
          echo "RUSTFLAGS=$RUSTFLAGS" >> $GITHUB_ENV
          echo "MIRIFLAGS=$MIRIFLAGS" >> $GITHUB_ENV
        else
          echo "Using non-nightly toolchain; not modifying RUSTFLAGS='$RUSTFLAGS' or MIRIFLAGS='$MIRIFLAGS'" | tee -a $GITHUB_STEP_SUMMARY
        fi

    # On our MSRV, `cargo` does not know about the `rust-version` field. As a
    # result, in `cargo.sh`, if we use our MSRV toolchain in order to run `cargo
    # metadata`, we will not be able to extract the `rust-version` field. Thus,
    # in `cargo.sh`, we explicitly do `cargo +stable metadata`. This requires a
    # (more recent) stable toolchain to be installed. As of this writing, this
    # toolchain is not used for anything else.
    - name: Install stable Rust for use in 'cargo.sh'
      uses: dtolnay/rust-toolchain@00b49be78f40fba4e87296b2ead62868750bdd83 # stable
      with:
        toolchain: stable

    - name: Install Rust with ${{ matrix.toolchain }} toolchain (${{ env.ZC_TOOLCHAIN }}) and target ${{ matrix.target }}
      uses: dtolnay/rust-toolchain@00b49be78f40fba4e87296b2ead62868750bdd83 # stable
      with:
          toolchain: ${{ env.ZC_TOOLCHAIN }}
          targets: ${{ matrix.target }}
          # We require the `rust-src` component to ensure that the compiler
          # error output generated during UI tests matches that generated on
          # local developer machines; see
          # https://github.com/rust-lang/rust/issues/116433.
          #
          # Only nightly has a working Miri, so we skip installing on all other
          # toolchains. This expression is effectively a ternary expression -
          # see [1] for details.
          #
          # [1] https://github.com/actions/runner/issues/409#issuecomment-752775072
          components: clippy, rust-src ${{ matrix.toolchain == 'nightly' && ', miri' || '' }}

    - name: Rust Cache
      uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
      with:
        key: "${{ matrix.target }}"

    # On the `thumbv6m-none-eabi` target, we can't run `cargo check --tests` due
    # to the `memchr` crate, so we just do `cargo check` instead.
    - name: Check
      run: ./cargo.sh +${{ matrix.toolchain }} check --package ${{ matrix.crate }} --target ${{ matrix.target }} ${{ matrix.features }} --verbose
      if: matrix.target == 'thumbv6m-none-eabi'

    - name: Check tests
      run: ./cargo.sh +${{ matrix.toolchain }} check --tests --package ${{ matrix.crate }} --target ${{ matrix.target }} ${{ matrix.features }} --verbose
      if: matrix.target != 'thumbv6m-none-eabi'

    - name: Build
      run: ./cargo.sh +${{ matrix.toolchain }} build --package ${{ matrix.crate }} --target ${{ matrix.target }} ${{ matrix.features }} --verbose
      if: matrix.target != 'thumbv6m-none-eabi'

    # When building tests for the i686 target, we need certain libraries which
    # are not installed by default; `gcc-multilib` includes these libraries.
    - name: Install gcc-multilib
      # Per [1]:
      #
      #   Note: Always run `sudo apt-get update` before installing a package. In
      #   case the `apt` index is stale, this command fetches and re-indexes any
      #   available packages, which helps prevent package installation failures.
      #
      # [1] https://docs.github.com/en/actions/using-github-hosted-runners/customizing-github-hosted-runners
      run: |
        sudo apt-get update
        sudo apt-get install gcc-multilib
      if: contains(matrix.target, 'i686')

    - name: Run tests
      run: |
        ./cargo.sh +${{ matrix.toolchain }} test \
          --package ${{ matrix.crate }} \
          --target ${{ matrix.target }} \
          ${{ matrix.features }} \
          --verbose \
          -- \
          --skip ui

      # Only run tests when targetting Linux x86 (32- or 64-bit) - we're
      # executing on Linux x86_64, so we can't run tests for any non-x86 target.
      #
      # TODO(https://github.com/dtolnay/trybuild/issues/184#issuecomment-1269097742):
      # Run compile tests when building for other targets.
      if: contains(matrix.target, 'linux') && (contains(matrix.target, 'x86_64') || contains(matrix.target, 'i686'))

    - name: Run UI tests
      run: |
        # Run UI tests separately, treating warnings as warnings (rather than
        # as errors, as we do everywhere else in our CI tests). This allows
        # our UI tests to more accurately reflect what users will see, and
        # also ensures that we're not spuriously relying on warnings being
        # errors to ensure compilation failure (if we were, then our code
        # would be unsound whenever -Dwarnings is not enabled).
        #
        # TODO(#560), TODO(#187): Once we migrate to the ui-test crate, we
        # likely won't have to special-case the UI tests like this.
        RUSTFLAGS="$RUSTFLAGS -Wwarnings" ./cargo.sh +${{ matrix.toolchain }} test \
          --package ${{ matrix.crate }} \
          --target ${{ matrix.target }} \
          ${{ matrix.features }} \
          --verbose \
          ui

      # Only run tests when targetting Linux x86 (32- or 64-bit) - we're
      # executing on Linux x86_64, so we can't run tests for any non-x86 target.
      #
      # TODO(https://github.com/dtolnay/trybuild/issues/184#issuecomment-1269097742):
      # Run compile tests when building for other targets.
      #
      # Only run UI tests for zerocopy-derive, or for zerocopy with the derive
      # feature.
      #
      # Only run UI tests for the 'msrv', 'stable', and 'nightly' toolchains.
      # Other toolchains are tested only because zerocopy has behavior which
      # differs on those toolchains, but at present, none of that behavior
      # affects UI tests. If we were to run UI tests on these toolchains, we
      # would need a new set of UI test files per toolchain, which would be a
      # maintenance burden not worth the (at present, zero) benefit.
      if: |
        (!contains(matrix.target, 'windows')) &&
        (contains(matrix.target, 'x86_64') || contains(matrix.target, 'i686')) &&
          (matrix.crate == 'zerocopy-derive' ||
            (matrix.features != '' && matrix.features != '--no-default-features')) &&
          (matrix.toolchain == 'msrv' || matrix.toolchain == 'stable' || matrix.toolchain == 'nightly')

    - name: Run tests under Miri
      run: |
        set -eo pipefail

        # Work around https://github.com/rust-lang/miri/issues/3125
        [ "${{ matrix.target }}" == "aarch64-unknown-linux-gnu" ] && cargo clean

        # Spawn twice the number of workers as there are CPU cores.
        THREADS=$(echo "$(nproc) * 2" | bc)
        echo "Running Miri tests with $THREADS threads" | tee -a $GITHUB_STEP_SUMMARY

        cargo install cargo-nextest

        # Run under both the stacked borrows model (default) and under the tree 
        # borrows model to ensure we're compliant with both.
        for EXTRA_FLAGS in "" "-Zmiri-tree-borrows"; do
          MIRIFLAGS="$MIRIFLAGS $EXTRA_FLAGS" ./cargo.sh +${{ matrix.toolchain }} \
            miri nextest run \
            --test-threads "$THREADS" \
            --package ${{ matrix.crate }} \
            --target ${{ matrix.target }} \
            ${{ matrix.features }}
        done
      # Only nightly has a working Miri, so we skip installing on all other
      # toolchains.
      #
      # We skip Miri tests on pull request, but run them in the merge queue.
      # Miri tests are far and away the most expensive aspect of our CI tests,
      # but they rarely surface issues (ie, tests that pass `cargo test` but
      # fail `cargo miri test`). Skipping them during PR development
      # significantly speeds up our development flow, while still ensuring that
      # Miri can catch any errors before a PR is merged into main.
      #
      # TODO(#22): Re-enable testing on riscv64gc-unknown-linux-gnu and/or
      # wasm32-wasi once those work.
      if: |
        matrix.toolchain == 'nightly' &&
        matrix.target != 'riscv64gc-unknown-linux-gnu' &&
        matrix.target != 'thumbv6m-none-eabi' &&
        matrix.target != 'wasm32-wasi' &&
        github.event_name != 'pull_request'

    # On the `thumbv6m-none-eabi` target, we can't run `cargo clippy --tests`
    # due to the `memchr` crate, so we just do `cargo clippy` instead.
    - name: Clippy
      run: ./cargo.sh +${{ matrix.toolchain }} clippy --package ${{ matrix.crate }} --target ${{ matrix.target }} ${{ matrix.features }} --verbose
      if: matrix.toolchain == 'nightly' && matrix.target == 'thumbv6m-none-eabi'

    - name: Clippy tests
      run: ./cargo.sh +${{ matrix.toolchain }} clippy --package ${{ matrix.crate }} --target ${{ matrix.target }} ${{ matrix.features }} --tests --verbose
      # Clippy improves the accuracy of lints over time, and fixes bugs. Only
      # running Clippy on nightly allows us to avoid having to write code which
      # is compatible with older versions of Clippy, which sometimes requires
      # hacks to work around limitations that are fixed in more recent versions.
      if: matrix.toolchain == 'nightly' && matrix.target != 'thumbv6m-none-eabi'

    - name: Cargo doc
      # We pass --document-private-items and --document-hidden items to ensure that 
      # documentation always builds even for these items. This makes future changes to 
      # make those items public/non-hidden more painless. Note that 
      # --document-hidden-items is unstable; if a future release breaks or removes it,
      # we can just update CI to no longer pass that flag.
      run: |
        # Include arguments passed during docs.rs deployments to make sure those
        # work properly.
        set -eo pipefail
        METADATA_DOCS_RS_RUSTDOC_ARGS="$(cargo metadata --format-version 1 | \
          jq -r ".packages[] | select(.name == \"zerocopy\").metadata.docs.rs.\"rustdoc-args\"[]" | tr '\n' ' ')"
        export RUSTDOCFLAGS="${{ matrix.toolchain == 'nightly' && '-Z unstable-options --document-hidden-items $METADATA_DOCS_RS_RUSTDOC_ARGS'|| '' }} $RUSTDOCFLAGS"
        ./cargo.sh +${{ matrix.toolchain }} doc --document-private-items --package ${{ matrix.crate }} ${{ matrix.features }}

    # If the commit message contains the line `SKIP_CARGO_SEMVER_CHECKS=1`, then
    # skip the cargo-semver-checks step.
    - name: Check whether to skip cargo-semver-checks
      run: |
        set -eo pipefail

        if [ "${{ github.event_name }}" == "pull_request" ]; then
          # Invoked from a PR - get the PR body directly
          MESSAGE="$(git log -1 --pretty=%B ${{ github.event.pull_request.head.sha }})"
        else
          # Invoked from the merge queue - get the commit message
          MESSAGE="$(git log -1 --pretty=%B ${{ github.sha }})"
        fi

        if echo "$MESSAGE" | grep '^\s*SKIP_CARGO_SEMVER_CHECKS=1\s*$' > /dev/null; then
          echo "Found 'SKIP_CARGO_SEMVER_CHECKS=1' in commit message; skipping cargo-semver-checks..." | tee -a $GITHUB_STEP_SUMMARY
          echo "ZC_SKIP_CARGO_SEMVER_CHECKS=1" >> $GITHUB_ENV
        fi

    # Check semver compatibility with the most recently-published version on
    # crates.io. We do this in the matrix rather than in its own job so that it
    # gets run on different targets. Some of our API is target-specific (e.g.,
    # SIMD type impls), and so we need to run on each target.
    - name: Check semver compatibility
      uses: obi1kenobi/cargo-semver-checks-action@7272cc2caa468d3e009a2b0a9cc366839348237b # v2.6
      with:
        # Don't semver check zerocopy-derive; as a proc macro, it doesn't have
        # an API that cargo-semver-checks can understand.
        package: zerocopy
        # Test on the stable toolchain, and thus don't test nightly features.
        # We previously tested on the nightly toolchain, but this caused problems
        # [1] because cargo-semver-checks only promises compatibility with the
        # latest stable toolchain. Testing on the stable toolchain is more
        # reliable, and doesn't require us to give up anything - we wouldn't want
        # to test nightly-only features anyway, as we don't make stability
        # guarantees regarding these features.
        # 
        # [1] See, for example: https://github.com/google/zerocopy/actions/runs/9466417300/job/26078264384?pr=1413
        feature-group: only-explicit-features
        features: __internal_use_only_features_that_work_on_stable
        rust-toolchain: ${{ env.ZC_TOOLCHAIN }}
        rust-target: ${{ matrix.target }}
      # TODO(#1565): Run on wasm32-wasi. As of this writing, this target fails:
      # https://github.com/google/zerocopy/actions/runs/9944220377/job/27469879712
      if: |
        matrix.crate == 'zerocopy' &&
        matrix.features == '--features __internal_use_only_features_that_work_on_stable' &&
        matrix.toolchain == 'stable' &&
        matrix.target != 'wasm32-wasi' &&
        env.ZC_SKIP_CARGO_SEMVER_CHECKS != '1'

    # TODO(#453): Doing this as a matrix step is a hack that allows us to depend
    # on the fact that toolchains have already been installed. We currently only
    # run this on a single matrix combination, but doing it outside of the
    # matrix would require us to replicate the toolchain resolution and
    # installation logic. We should either:
    # - Figure out how to factor out the toolchain resolution and installation
    #   logic (see #1275) for an attempt
    # - Support multiple matrix combinations (which we intend to do as part of
    #   #453 eventually anyway) so that this location is justified
    - name: Generate code coverage
      run: |
        set -eo pipefail
        ./cargo.sh +nightly install cargo-llvm-cov

        ./cargo.sh +${{ matrix.toolchain }} llvm-cov \
          --package ${{ matrix.crate }}              \
          --target ${{ matrix.target }}              \
          ${{ matrix.features }}                     \
          --lcov                                     \
          --output-path lcov.info                    \
          --verbose                                  \
          --                                         \
          --skip ui
      if: |
        matrix.crate == 'zerocopy'          &&
        matrix.features == '--all-features' &&
        matrix.toolchain == 'nightly'       &&
        matrix.target == 'x86_64-unknown-linux-gnu'

    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v4
      with:
        token: ${{ secrets.CODECOV_TOKEN }}
        files: lcov.info
      if: |
        matrix.crate == 'zerocopy'          &&
        matrix.features == '--all-features' &&
        matrix.toolchain == 'nightly'       &&
        matrix.target == 'x86_64-unknown-linux-gnu'

  kani:
    runs-on: ubuntu-latest        
    name: 'Run tests under Kani'
    steps:
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - uses: model-checking/kani-github-action@f838096619a707b0f6b2118cf435eaccfa33e51f # v1.1
        with:
          # Use `--features __internal_use_only_features_that_work_on_stable`
          # because the Kani GitHub Action uses its own pinned nightly
          # toolchain. Sometimes, we make changes to our nightly features for
          # more recent toolchains, and so our nightly features become
          # incompatible with the toolchain that Kani uses. By only testing
          # stable features, we ensure that this doesn't cause problems in CI.
          #
          # TODO(https://github.com/model-checking/kani-github-action/issues/56):
          # Go back to testing all features once the Kani GitHub Action supports
          # specifying a particular toolchain.
          args: "--package zerocopy --features __internal_use_only_features_that_work_on_stable --output-format=terse --randomize-layout --memory-safety-checks --overflow-checks --undefined-function-checks --unwinding-checks"
          # This version is automatically rolled by
          # `roll-pinned-toolchain-versions.yml`.
          kani-version: 0.55.0

  # NEON intrinsics are currently broken on big-endian platforms. [1] This test ensures
  # that we don't accidentally attempt to compile these intrinsics on such platforms. We
  # can't use this as part of the build matrix because rustup doesn't support the
  # `aarch64_be-unknown-linux-gnu` target.
  #
  # [1] https://github.com/rust-lang/stdarch/issues/1484
  check_be_aarch64:
    runs-on: ubuntu-latest
    name: Build (zerocopy / nightly / --simd / aarch64_be-unknown-linux-gnu)
    steps:
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Configure environment variables
        run: |
          set -eo pipefail
          ZC_TOOLCHAIN="$(./cargo.sh --version nightly)"
          RUSTFLAGS="$RUSTFLAGS $ZC_NIGHTLY_RUSTFLAGS"
          echo "RUSTFLAGS=$RUSTFLAGS" >> $GITHUB_ENV
          echo "ZC_TOOLCHAIN=$ZC_TOOLCHAIN" >> $GITHUB_ENV
      - name: Rust Cache
        uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
        with:
          key: aarch64_be-unknown-linux-gnu
      - name: Install stable Rust for use in 'cargo.sh'
        uses: dtolnay/rust-toolchain@00b49be78f40fba4e87296b2ead62868750bdd83 # stable
        with:
          toolchain: stable
      - name: Install Rust with nightly toolchain (${{ env.ZC_TOOLCHAIN }}) and target aarch64_be-unknown-linux-gnu
        uses: dtolnay/rust-toolchain@00b49be78f40fba4e87296b2ead62868750bdd83 # stable
        with:
            toolchain: ${{ env.ZC_TOOLCHAIN }}
            components: clippy, rust-src
      - name: Check big endian for aarch64_be-unknown-linux-gnu target
        run: ./cargo.sh +nightly build --target=aarch64_be-unknown-linux-gnu -Zbuild-std --features simd

  check_fmt:
    runs-on: ubuntu-latest
    name: Check Rust formatting
    steps:
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Check Rust formatting
        run: ./ci/check_fmt.sh

  check_readme:
    needs: generate_cache
    runs-on: ubuntu-latest
    name: Check README.md
    steps:
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

      - name: Populate cache
        uses: ./.github/actions/cache
      
      - name: Check README.md
        run: ./ci/check_readme.sh

  check_versions:
    needs: generate_cache
    runs-on: ubuntu-latest
    name: Check crate versions match
    steps:
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

      - name: Populate cache
        uses: ./.github/actions/cache

      # Make sure that both crates are at the same version, and that zerocopy
      # depends exactly upon the current version of zerocopy-derive. See
      # `INTERNAL.md` for an explanation of why we do this.
      - name: Check crate versions match
        run: ./ci/check_versions.sh

  generate_cache:
    runs-on: ubuntu-latest
    name: Generate cache
    steps:
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

      - name: Populate cache
        uses: ./.github/actions/cache

      - name: Download dependencies
        run: |
          # Ensure all dependencies are downloaded - both for our crates and for
          # tools we use in CI. We don't care about these tools succeeding for
          # two reasons: First, this entire job is best-effort since it's just a
          # performance optimization. Second, there may be failures due to
          # issues other than failing to download dependencies (e.g., `cargo
          # metadata` called with a malformed `Cargo.toml`, build failure in our
          # own crate or in dependencies, etc). For those reasons, we discard
          # stderr and ignore status codes.
          #
          # For downloading our crates' dependencies in particular, note that
          # there is no support for doing this directly [1], so we just check
          # all crates using --tests.
          #
          # We background all jobs and then wait for them so that they can run
          # in parallel.
          #
          # [1]  https://stackoverflow.com/a/42139535/836390

          # See comment on "Pin syn dependency" job for why we do this. It needs
          # to happen before the subsequent `cargo check`, so we don't
          # background it.
          #
          # TODO(#1595): Debug why this step is still necessary after #1564 and
          # maybe remove it.
          cargo add -p zerocopy-derive 'syn@=2.0.46' &> /dev/null

          cargo check --workspace --tests            &> /dev/null &
          cargo metadata                             &> /dev/null &
          cargo install cargo-readme --version 3.2.0 &> /dev/null &
          cargo install --locked kani-verifier       &> /dev/null &
          cargo install cargo-nextest                &> /dev/null &
          cargo kani setup                           &> /dev/null &

          wait

  check-all-toolchains-tested:
    runs-on: ubuntu-latest
    name: Check that all toolchains listed in Cargo.toml are tested in CI
    steps:
      - name: Install yq (for YAML parsing)
        run: go install github.com/mikefarah/yq/v4@latest
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Run check
        run: ./ci/check_all_toolchains_tested.sh

  check-job-dependencies:
    runs-on: ubuntu-latest
    name: Check all-jobs-succeeded depends on all jobs
    steps:
      - name: Install yq (for YAML parsing)
        run: go install github.com/mikefarah/yq/v4@latest
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Run dependency check
        run: ./ci/check_job_dependencies.sh

  run-git-hooks:
    runs-on: ubuntu-latest
    name: Run Git hooks
    steps:
      - name: Install yq (for YAML parsing)
        run: go install github.com/mikefarah/yq/v4@latest
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Run dependency check
        # Ensure that Git hooks execute successfully.
        #
        # Note that this runs all hooks. As of this writing, the only Git hook
        # is `pre-push`. Running all hooks ensures that, if a new hook is added
        # which can't run in CI (at least not using this naive setup), we'll
        # notice and it will remind us to update this test.
        run: set -e; for hook in ./githooks/*; do $hook; done

  # Used to signal to branch protections that all other jobs have succeeded.
  all-jobs-succeed:
      name: All checks succeeded
      # On failure, we run and unconditionally exit with a failing status code.
      # On success, this job is skipped. Jobs skipped using `if:` are considered
      # to have succeeded:
      #
      # https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/troubleshooting-required-status-checks#handling-skipped-but-required-checks
      if: failure()
      runs-on: ubuntu-latest
      needs: [build_test, kani,check_be_aarch64 , check_fmt, check_readme, check_versions, generate_cache, check-all-toolchains-tested, check-job-dependencies, run-git-hooks]
      steps:
        - name: Mark the job as failed
          run: exit 1