Build

Add an example of rule preventing CVE-2021-4034 #470

	name: Build
	on:
	pull_request:
	branches:
	- main

	jobs:
	build:
	name: Build
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	profile:
	- debug
	- release

	platform:
	- target: x86_64-unknown-linux-gnu
	args: "--features full"

	# For `musl` builds openssl must be vendored
	- target: x86_64-unknown-linux-musl
	args: "--features full --features openssl-vendored"

	- target: aarch64-unknown-linux-gnu
	args: "--features full"

	# For `musl` builds openssl must be vendored
	- target: aarch64-unknown-linux-musl
	args: "--features full --features openssl-vendored"

	# Dependencies of `xtask` might fail to build on riscv64.
	- target: riscv64gc-unknown-linux-gnu
	args: "--features full --exclude xtask"

	steps:
	- name: Code checkout
	uses: actions/checkout@v4

	- name: Install Rust toolchain (stable)
	uses: dtolnay/rust-toolchain@stable
	with:
	target: ${{ matrix.platform.target }}

	- name: Install cross
	uses: ./.github/actions/install-cross

	- name: Build Debug
	if: ${{ matrix.profile == 'debug' }}
	run: cross build --locked --target=${{ matrix.platform.target }} --workspace --all-targets ${{ matrix.platform.args }}

	- name: Build Release
	if: ${{ matrix.profile == 'release' }}
	run: cross build --locked --target=${{ matrix.platform.target }} --workspace --all-targets ${{ matrix.platform.args }} --release

	- name: Check build did not modify any files
	run: test -z "$(git status --porcelain)"

	- name: Unit tests
	run: cross test --locked --target=${{ matrix.platform.target }} --workspace --all-targets ${{ matrix.platform.args }}

Provide feedback