]>
Commit | Line | Data |
---|---|---|
1 | # Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. | |
2 | # | |
3 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | # this file except in compliance with the License. You can obtain a copy | |
5 | # in the file LICENSE in the source distribution or at | |
6 | # https://www.openssl.org/source/license.html | |
7 | ||
8 | name: GitHub CI | |
9 | ||
10 | on: [pull_request, push] | |
11 | ||
12 | # for some reason, this does not work: | |
13 | # variables: | |
14 | # BUILDOPTS: "-j4" | |
15 | # HARNESS_JOBS: "${HARNESS_JOBS:-4}" | |
16 | ||
17 | # for some reason, this does not work: | |
18 | # before_script: | |
19 | # - make="make -s" | |
20 | ||
21 | permissions: | |
22 | contents: read | |
23 | ||
24 | env: | |
25 | OSSL_RUN_CI_TESTS: 1 | |
26 | ||
27 | jobs: | |
28 | check_update: | |
29 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
30 | steps: | |
31 | - name: install unifdef | |
32 | run: | | |
33 | sudo apt-get update | |
34 | sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef | |
35 | - uses: actions/checkout@v4 | |
36 | with: | |
37 | fetch-depth: 0 | |
38 | - name: config | |
39 | run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump | |
40 | - name: make build_generated | |
41 | run: make -s build_generated | |
42 | - name: make update | |
43 | run: make update | |
44 | - name: git diff | |
45 | run: git diff --exit-code | |
46 | ||
47 | check_docs: | |
48 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
49 | steps: | |
50 | - uses: actions/checkout@v4 | |
51 | - name: config | |
52 | run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump | |
53 | - name: make build_generated | |
54 | run: make -s build_generated | |
55 | - name: make doc-nits | |
56 | run: make doc-nits | |
57 | - name: make help | |
58 | run: make help | |
59 | - name: make md-nits | |
60 | run: | | |
61 | sudo gem install mdl | |
62 | make md-nits | |
63 | ||
64 | # This checks that we use ANSI C language syntax and semantics. | |
65 | # We are not as strict with libraries, but rather adapt to what's | |
66 | # expected to be available in a certain version of each platform. | |
67 | check-ansi: | |
68 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
69 | steps: | |
70 | - uses: actions/checkout@v4 | |
71 | - name: config | |
72 | run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump | |
73 | - name: make | |
74 | run: make -s -j4 | |
75 | ||
76 | basic_gcc: | |
77 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
78 | steps: | |
79 | - uses: actions/checkout@v4 | |
80 | - name: checkout fuzz/corpora submodule | |
81 | run: git submodule update --init --depth 1 fuzz/corpora | |
82 | - name: localegen | |
83 | run: sudo locale-gen tr_TR.UTF-8 | |
84 | - name: config | |
85 | # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere | |
86 | run: CC=gcc ./config --banner=Configured enable-demos enable-fips enable-quic --strict-warnings && perl configdata.pm --dump | |
87 | - name: make | |
88 | run: make -s -j4 | |
89 | - name: get cpu info | |
90 | run: | | |
91 | cat /proc/cpuinfo | |
92 | ./util/opensslwrap.sh version -c | |
93 | - name: make test | |
94 | run: .github/workflows/make-test | |
95 | - name: save artifacts | |
96 | uses: actions/upload-artifact@v3 | |
97 | with: | |
98 | name: "ci@basic-gcc" | |
99 | path: artifacts/ | |
100 | ||
101 | basic_clang: | |
102 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
103 | steps: | |
104 | - uses: actions/checkout@v4 | |
105 | - name: checkout fuzz/corpora submodule | |
106 | run: git submodule update --init --depth 1 fuzz/corpora | |
107 | - name: config | |
108 | run: CC=clang ./config --banner=Configured enable-demos no-fips --strict-warnings && perl configdata.pm --dump | |
109 | - name: make | |
110 | run: make -s -j4 | |
111 | - name: get cpu info | |
112 | run: | | |
113 | cat /proc/cpuinfo | |
114 | ./util/opensslwrap.sh version -c | |
115 | - name: make test | |
116 | run: .github/workflows/make-test | |
117 | - name: save artifacts | |
118 | uses: actions/upload-artifact@v3 | |
119 | with: | |
120 | name: "ci@basic-clang" | |
121 | path: artifacts/ | |
122 | ||
123 | self-hosted: | |
124 | if: github.repository == 'openssl/openssl' | |
125 | strategy: | |
126 | matrix: | |
127 | os: [freebsd-13.2, ubuntu-arm64-22.04] | |
128 | runs-on: ${{ matrix.os }}-self-hosted | |
129 | continue-on-error: true | |
130 | steps: | |
131 | - uses: actions/checkout@v4 | |
132 | - name: config | |
133 | run: ./config enable-demos enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace | |
134 | - name: config dump | |
135 | run: ./configdata.pm --dump | |
136 | - name: make | |
137 | run: make -j4 | |
138 | - name: get cpu info | |
139 | run: ./util/opensslwrap.sh version -c | |
140 | - name: make test | |
141 | run: .github/workflows/make-test | |
142 | - name: save artifacts | |
143 | uses: actions/upload-artifact@v3 | |
144 | with: | |
145 | name: "ci@self-hosted-${{ matrix.os }}" | |
146 | path: artifacts/ | |
147 | ||
148 | minimal: | |
149 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
150 | steps: | |
151 | - uses: actions/checkout@v4 | |
152 | - name: checkout fuzz/corpora submodule | |
153 | run: git submodule update --init --depth 1 fuzz/corpora | |
154 | - name: config | |
155 | run: ./config --banner=Configured --strict-warnings enable-demos no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump | |
156 | - name: make | |
157 | run: make -j4 # verbose, so no -s here | |
158 | - name: get cpu info | |
159 | run: | | |
160 | cat /proc/cpuinfo | |
161 | ./util/opensslwrap.sh version -c | |
162 | - name: make test | |
163 | run: .github/workflows/make-test | |
164 | - name: save artifacts | |
165 | uses: actions/upload-artifact@v3 | |
166 | with: | |
167 | name: "ci@minimal" | |
168 | path: artifacts/ | |
169 | if-no-files-found: ignore | |
170 | ||
171 | no-deprecated: | |
172 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
173 | steps: | |
174 | - uses: actions/checkout@v4 | |
175 | - name: checkout fuzz/corpora submodule | |
176 | run: git submodule update --init --depth 1 fuzz/corpora | |
177 | - name: config | |
178 | run: ./config --banner=Configured --strict-warnings enable-demos no-deprecated enable-fips && perl configdata.pm --dump | |
179 | - name: make | |
180 | run: make -s -j4 | |
181 | - name: get cpu info | |
182 | run: | | |
183 | cat /proc/cpuinfo | |
184 | ./util/opensslwrap.sh version -c | |
185 | - name: make test | |
186 | run: .github/workflows/make-test | |
187 | - name: save artifacts | |
188 | uses: actions/upload-artifact@v3 | |
189 | with: | |
190 | name: "ci@no-deprecated" | |
191 | path: artifacts/ | |
192 | ||
193 | no-shared-ubuntu: | |
194 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
195 | steps: | |
196 | - uses: actions/checkout@v4 | |
197 | - name: checkout fuzz/corpora submodule | |
198 | run: git submodule update --init --depth 1 fuzz/corpora | |
199 | - name: config | |
200 | run: ./config --banner=Configured --strict-warnings enable-demos no-shared no-fips && perl configdata.pm --dump | |
201 | - name: make | |
202 | run: make -s -j4 | |
203 | - name: get cpu info | |
204 | run: | | |
205 | cat /proc/cpuinfo | |
206 | ./util/opensslwrap.sh version -c | |
207 | - name: make test | |
208 | run: .github/workflows/make-test | |
209 | - name: save artifacts | |
210 | uses: actions/upload-artifact@v3 | |
211 | with: | |
212 | name: "ci@no-shared-ubuntu" | |
213 | path: artifacts/ | |
214 | ||
215 | no-shared-macos: | |
216 | strategy: | |
217 | fail-fast: false | |
218 | matrix: | |
219 | os: [macos-13, macos-14] | |
220 | if: github.server_url == 'https://github.com' | |
221 | runs-on: ${{ matrix.os }} | |
222 | steps: | |
223 | - uses: actions/checkout@v4 | |
224 | - name: checkout fuzz/corpora submodule | |
225 | run: git submodule update --init --depth 1 fuzz/corpora | |
226 | - name: config | |
227 | run: ./config --banner=Configured --strict-warnings enable-demos no-shared no-fips && perl configdata.pm --dump | |
228 | - name: make | |
229 | run: make -s -j4 | |
230 | - name: get cpu info | |
231 | run: | | |
232 | sysctl machdep.cpu | |
233 | ./util/opensslwrap.sh version -c | |
234 | - name: make test | |
235 | run: .github/workflows/make-test | |
236 | - name: save artifacts | |
237 | uses: actions/upload-artifact@v3 | |
238 | with: | |
239 | name: "ci@no-shared-${{ matrix.os }}" | |
240 | path: artifacts/ | |
241 | ||
242 | non-caching: | |
243 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
244 | steps: | |
245 | - uses: actions/checkout@v4 | |
246 | - name: checkout fuzz/corpora submodule | |
247 | run: git submodule update --init --depth 1 fuzz/corpora | |
248 | - name: Adjust ASLR for sanitizer | |
249 | run: | | |
250 | sudo cat /proc/sys/vm/mmap_rnd_bits | |
251 | sudo sysctl -w vm.mmap_rnd_bits=28 | |
252 | - name: config | |
253 | run: ./config --banner=Configured --debug enable-demos enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump | |
254 | - name: make | |
255 | run: make -s -j4 | |
256 | - name: get cpu info | |
257 | run: | | |
258 | cat /proc/cpuinfo | |
259 | ./util/opensslwrap.sh version -c | |
260 | - name: make test | |
261 | run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]" | |
262 | - name: save artifacts | |
263 | uses: actions/upload-artifact@v3 | |
264 | with: | |
265 | name: "ci@non-caching" | |
266 | path: artifacts/ | |
267 | ||
268 | address_ub_sanitizer: | |
269 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
270 | steps: | |
271 | - uses: actions/checkout@v4 | |
272 | - name: checkout fuzz/corpora submodule | |
273 | run: git submodule update --init --depth 1 fuzz/corpora | |
274 | - name: Adjust ASLR for sanitizer | |
275 | run: | | |
276 | sudo cat /proc/sys/vm/mmap_rnd_bits | |
277 | sudo sysctl -w vm.mmap_rnd_bits=28 | |
278 | - name: config | |
279 | run: ./config --banner=Configured --debug enable-demos enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump | |
280 | - name: make | |
281 | run: make -s -j4 | |
282 | - name: get cpu info | |
283 | run: | | |
284 | cat /proc/cpuinfo | |
285 | ./util/opensslwrap.sh version -c | |
286 | - name: make test | |
287 | run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 | |
288 | - name: save artifacts | |
289 | uses: actions/upload-artifact@v3 | |
290 | with: | |
291 | name: "ci@address_ub_sanitizer" | |
292 | path: artifacts/ | |
293 | ||
294 | fuzz_tests: | |
295 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
296 | steps: | |
297 | - uses: actions/checkout@v4 | |
298 | - name: checkout fuzz/corpora submodule | |
299 | run: git submodule update --init --depth 1 fuzz/corpora | |
300 | - name: Adjust ASLR for sanitizer | |
301 | run: | | |
302 | sudo cat /proc/sys/vm/mmap_rnd_bits | |
303 | sudo sysctl -w vm.mmap_rnd_bits=28 | |
304 | - name: config | |
305 | run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump | |
306 | - name: make | |
307 | run: make -s -j4 | |
308 | - name: get cpu info | |
309 | run: | | |
310 | cat /proc/cpuinfo | |
311 | ./util/opensslwrap.sh version -c | |
312 | - name: make test | |
313 | run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*" | |
314 | - name: save artifacts | |
315 | uses: actions/upload-artifact@v3 | |
316 | with: | |
317 | name: "ci@fuzz_tests" | |
318 | path: artifacts/ | |
319 | if-no-files-found: ignore | |
320 | ||
321 | memory_sanitizer: | |
322 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
323 | steps: | |
324 | - uses: actions/checkout@v4 | |
325 | - name: checkout fuzz/corpora submodule | |
326 | run: git submodule update --init --depth 1 fuzz/corpora | |
327 | - name: Adjust ASLR for sanitizer | |
328 | run: | | |
329 | sudo cat /proc/sys/vm/mmap_rnd_bits | |
330 | sudo sysctl -w vm.mmap_rnd_bits=28 | |
331 | - name: config | |
332 | # --debug -O1 is to produce a debug build that runs in a reasonable amount of time | |
333 | run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump | |
334 | - name: make | |
335 | run: make -s -j4 | |
336 | - name: get cpu info | |
337 | run: | | |
338 | cat /proc/cpuinfo | |
339 | ./util/opensslwrap.sh version -c | |
340 | - name: make test | |
341 | run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 | |
342 | - name: save artifacts | |
343 | uses: actions/upload-artifact@v3 | |
344 | with: | |
345 | name: "ci@memory_sanitizer" | |
346 | path: artifacts/ | |
347 | ||
348 | threads_sanitizer: | |
349 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
350 | steps: | |
351 | - uses: actions/checkout@v4 | |
352 | - name: checkout fuzz/corpora submodule | |
353 | run: git submodule update --init --depth 1 fuzz/corpora | |
354 | - name: Adjust ASLR for sanitizer | |
355 | run: | | |
356 | sudo cat /proc/sys/vm/mmap_rnd_bits | |
357 | sudo sysctl -w vm.mmap_rnd_bits=28 | |
358 | - name: config | |
359 | run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump | |
360 | - name: make | |
361 | run: make -s -j4 | |
362 | - name: get cpu info | |
363 | run: | | |
364 | cat /proc/cpuinfo | |
365 | ./util/opensslwrap.sh version -c | |
366 | - name: make test | |
367 | run: .github/workflows/make-test V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*" | |
368 | - name: save artifacts | |
369 | uses: actions/upload-artifact@v3 | |
370 | with: | |
371 | name: "ci@threads_sanitizer" | |
372 | path: artifacts/ | |
373 | ||
374 | enable_non-default_options: | |
375 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
376 | steps: | |
377 | - uses: actions/checkout@v4 | |
378 | - name: checkout fuzz/corpora submodule | |
379 | run: git submodule update --init --depth 1 fuzz/corpora | |
380 | - name: modprobe tls | |
381 | run: sudo modprobe tls | |
382 | - name: config | |
383 | run: ./config --banner=Configured --strict-warnings enable-demos no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump | |
384 | - name: make | |
385 | run: make -s -j4 | |
386 | - name: get cpu info | |
387 | run: | | |
388 | cat /proc/cpuinfo | |
389 | ./util/opensslwrap.sh version -c | |
390 | - name: make test | |
391 | run: .github/workflows/make-test | |
392 | - name: save artifacts | |
393 | uses: actions/upload-artifact@v3 | |
394 | with: | |
395 | name: "ci@enable_non-default_options" | |
396 | path: artifacts/ | |
397 | ||
398 | full_featured: | |
399 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
400 | steps: | |
401 | - uses: actions/checkout@v4 | |
402 | - name: checkout fuzz/corpora submodule | |
403 | run: git submodule update --init --depth 1 fuzz/corpora | |
404 | - name: modprobe tls | |
405 | run: sudo modprobe tls | |
406 | - name: Enable sctp | |
407 | run: sudo modprobe sctp | |
408 | - name: Enable auth in sctp | |
409 | run: sudo sysctl -w net.sctp.auth_enable=1 | |
410 | - name: install extra config support | |
411 | run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd | |
412 | - name: config | |
413 | run: ./config --banner=Configured --strict-warnings enable-demos enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd && perl configdata.pm --dump | |
414 | - name: make | |
415 | run: make -s -j4 | |
416 | - name: get cpu info | |
417 | run: | | |
418 | cat /proc/cpuinfo | |
419 | ./util/opensslwrap.sh version -c | |
420 | - name: make test | |
421 | run: .github/workflows/make-test | |
422 | - name: save artifacts | |
423 | uses: actions/upload-artifact@v3 | |
424 | with: | |
425 | name: "ci@full_featured" | |
426 | path: artifacts/ | |
427 | ||
428 | no-legacy: | |
429 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
430 | steps: | |
431 | - uses: actions/checkout@v4 | |
432 | - name: checkout fuzz/corpora submodule | |
433 | run: git submodule update --init --depth 1 fuzz/corpora | |
434 | - name: config | |
435 | run: ./config --banner=Configured --strict-warnings enable-demos no-legacy enable-fips && perl configdata.pm --dump | |
436 | - name: make | |
437 | run: make -s -j4 | |
438 | - name: get cpu info | |
439 | run: | | |
440 | cat /proc/cpuinfo | |
441 | ./util/opensslwrap.sh version -c | |
442 | - name: make test | |
443 | run: .github/workflows/make-test | |
444 | - name: save artifacts | |
445 | uses: actions/upload-artifact@v3 | |
446 | with: | |
447 | name: "ci@no-legacy" | |
448 | path: artifacts/ | |
449 | ||
450 | legacy: | |
451 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
452 | steps: | |
453 | - uses: actions/checkout@v4 | |
454 | - name: checkout fuzz/corpora submodule | |
455 | run: git submodule update --init --depth 1 fuzz/corpora | |
456 | - name: config | |
457 | run: ./config --banner=Configured -Werror --debug no-afalgeng enable-demos no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump | |
458 | - name: make | |
459 | run: make -s -j4 | |
460 | - name: get cpu info | |
461 | run: | | |
462 | cat /proc/cpuinfo | |
463 | ./util/opensslwrap.sh version -c | |
464 | - name: make test | |
465 | run: .github/workflows/make-test | |
466 | - name: save artifacts | |
467 | uses: actions/upload-artifact@v3 | |
468 | with: | |
469 | name: "ci@legacy" | |
470 | path: artifacts/ | |
471 | ||
472 | # out-of-source-and-install checks multiple things at the same time: | |
473 | # - That building, testing and installing works from an out-of-source | |
474 | # build tree | |
475 | # - That building, testing and installing works with a read-only source | |
476 | # tree | |
477 | out-of-readonly-source-and-install-ubuntu: | |
478 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
479 | steps: | |
480 | - uses: actions/checkout@v4 | |
481 | with: | |
482 | path: ./source | |
483 | - name: checkout fuzz/corpora submodule | |
484 | run: git submodule update --init --depth 1 fuzz/corpora | |
485 | working-directory: ./source | |
486 | - name: make source read-only | |
487 | run: chmod -R a-w ./source | |
488 | - name: create build and install directories | |
489 | run: | | |
490 | mkdir ./build | |
491 | mkdir ./install | |
492 | - name: config | |
493 | run: | | |
494 | ../source/config --banner=Configured enable-demos enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) | |
495 | perl configdata.pm --dump | |
496 | working-directory: ./build | |
497 | - name: make | |
498 | run: make -s -j4 | |
499 | working-directory: ./build | |
500 | - name: get cpu info | |
501 | run: | | |
502 | cat /proc/cpuinfo | |
503 | ./util/opensslwrap.sh version -c | |
504 | working-directory: ./build | |
505 | - name: make test | |
506 | run: ../source/.github/workflows/make-test | |
507 | working-directory: ./build | |
508 | - name: save artifacts | |
509 | uses: actions/upload-artifact@v3 | |
510 | with: | |
511 | name: "ci@out-of-readonly-source-and-install-ubuntu" | |
512 | path: build/artifacts/ | |
513 | - name: make install | |
514 | run: make install | |
515 | working-directory: ./build | |
516 | ||
517 | out-of-readonly-source-and-install-macos: | |
518 | strategy: | |
519 | fail-fast: false | |
520 | matrix: | |
521 | os: [macos-13, macos-14] | |
522 | runs-on: ${{ matrix.os }} | |
523 | if: github.server_url == 'https://github.com' | |
524 | steps: | |
525 | - uses: actions/checkout@v4 | |
526 | with: | |
527 | path: ./source | |
528 | - name: checkout fuzz/corpora submodule | |
529 | run: git submodule update --init --depth 1 fuzz/corpora | |
530 | working-directory: ./source | |
531 | - name: make source read-only | |
532 | run: chmod -R a-w ./source | |
533 | - name: create build and install directories | |
534 | run: | | |
535 | mkdir ./build | |
536 | mkdir ./install | |
537 | - name: config | |
538 | run: | | |
539 | ../source/config --banner=Configured enable-fips enable-demos enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) | |
540 | perl configdata.pm --dump | |
541 | working-directory: ./build | |
542 | - name: make | |
543 | run: make -s -j4 | |
544 | working-directory: ./build | |
545 | - name: get cpu info | |
546 | run: | | |
547 | sysctl machdep.cpu | |
548 | ./util/opensslwrap.sh version -c | |
549 | working-directory: ./build | |
550 | - name: make test | |
551 | run: ../source/.github/workflows/make-test | |
552 | working-directory: ./build | |
553 | - name: save artifacts | |
554 | uses: actions/upload-artifact@v3 | |
555 | with: | |
556 | name: "ci@out-of-readonly-source-and-install-${{ matrix.os }}" | |
557 | path: build/artifacts/ | |
558 | - name: make install | |
559 | run: make install | |
560 | working-directory: ./build | |
561 | ||
562 | external-tests: | |
563 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
564 | steps: | |
565 | - uses: actions/checkout@v4 | |
566 | with: | |
567 | submodules: recursive | |
568 | - name: package installs | |
569 | run: | | |
570 | sudo apt-get update | |
571 | sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy | |
572 | - name: install cpanm and Test2::V0 for gost_engine testing | |
573 | uses: perl-actions/install-with-cpanm@v1 | |
574 | with: | |
575 | install: Test2::V0 | |
576 | - name: setup hostname workaround | |
577 | run: sudo hostname localhost | |
578 | - name: config | |
579 | run: ./config --banner=Configured --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump | |
580 | - name: make | |
581 | run: make -s -j4 | |
582 | - name: get cpu info | |
583 | run: | | |
584 | cat /proc/cpuinfo | |
585 | ./util/opensslwrap.sh version -c | |
586 | - name: test external gost-engine | |
587 | run: make test TESTS="test_external_gost_engine" | |
588 | - name: test external krb5 | |
589 | run: make test TESTS="test_external_krb5" | |
590 | - name: test external_tlsfuzzer | |
591 | run: make test TESTS="test_external_tlsfuzzer" | |
592 | - name: test external oqs-provider | |
593 | run: make test TESTS="test_external_oqsprovider" | |
594 | ||
595 | external-test-pyca: | |
596 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
597 | strategy: | |
598 | matrix: | |
599 | RUST: | |
600 | - 1.51.0 | |
601 | PYTHON: | |
602 | - 3.9 | |
603 | steps: | |
604 | - uses: actions/checkout@v4 | |
605 | with: | |
606 | submodules: recursive | |
607 | - name: Configure OpenSSL | |
608 | run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump | |
609 | - name: make | |
610 | run: make -s -j4 | |
611 | - name: Setup Python | |
612 | uses: actions/setup-python@v5.1.0 | |
613 | with: | |
614 | python-version: ${{ matrix.PYTHON }} | |
615 | - uses: dtolnay/rust-toolchain@master | |
616 | with: | |
617 | toolchain: ${{ matrix.RUST }} | |
618 | - name: get cpu info | |
619 | run: | | |
620 | cat /proc/cpuinfo | |
621 | ./util/opensslwrap.sh version -c | |
622 | - name: test external pyca | |
623 | run: make test TESTS="test_external_pyca" VERBOSE=1 | |
624 | ||
625 | external-test-cf-quiche: | |
626 | runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} | |
627 | steps: | |
628 | - uses: actions/checkout@v4 | |
629 | with: | |
630 | submodules: recursive | |
631 | - name: Configure OpenSSL | |
632 | run: ./config --banner=Configured --strict-warnings enable-external-tests && perl configdata.pm --dump | |
633 | - name: make | |
634 | run: make -s -j4 | |
635 | - uses: dtolnay/rust-toolchain@stable | |
636 | - name: get cpu info | |
637 | run: | | |
638 | cat /proc/cpuinfo | |
639 | ./util/opensslwrap.sh version -c | |
640 | - name: test external Cloudflare quiche | |
641 | run: make test TESTS="test_external_cf_quiche" VERBOSE=1 |