]> git.ipfire.org Git - thirdparty/openssl.git/blame - .github/workflows/ci.yml
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add M1 macOS runner to some workflows
[thirdparty/openssl.git] / .github / workflows / ci.yml
CommitLineData
da1c088f 1# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
08d8c2d8
P		 2#
3# Licensed under the Apache License 2.0 (the "License"). You may not use
4# this file except in compliance with the License. You can obtain a copy
5# in the file LICENSE in the source distribution or at
6# https://www.openssl.org/source/license.html
7
9524a308
MC		 8name: GitHub CI
9
4159ebca 10on: [pull_request, push]
9524a308 11
ae290d8f
DDO		 12# for some reason, this does not work:
13# variables:
14# BUILDOPTS: "-j4"
15# HARNESS_JOBS: "${HARNESS_JOBS:-4}"
16
17# for some reason, this does not work:
18# before_script:
19# - make="make -s"
20
c6e7f427
VS		 21permissions:
22 contents: read
23
1a74f32d 24env:
d1fe5738 25 OSSL_RUN_CI_TESTS: 1
1a74f32d 26
9524a308 27jobs:
8175476b 28 check_update:
834a2d70 29 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
8175476b 30 steps:
49f699b5
RL		 31 - name: install unifdef
32 run: |
33 sudo apt-get update
34 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
d4231af6 35 - uses: actions/checkout@v4
fd84b9c3
BE		 36 with:
37 fetch-depth: 0
8175476b 38 - name: config
8a764202 39 run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
8175476b
RL		 40 - name: make build_generated
41 run: make -s build_generated
42 - name: make update
f97bc7c4 43 run: make update
8175476b
RL		 44 - name: git diff
45 run: git diff --exit-code
46
47 check_docs:
834a2d70 48 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
8175476b 49 steps:
d4231af6 50 - uses: actions/checkout@v4
8175476b 51 - name: config
8a764202 52 run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
8175476b
RL		 53 - name: make build_generated
54 run: make -s build_generated
5bac37cb
DDO		 55 - name: make doc-nits
56 run: make doc-nits
d1080823
TS		 57 - name: make help
58 run: make help
43c2456f
RS		 59 - name: make md-nits
60 run: |
61 sudo gem install mdl
62 make md-nits
8175476b 63
a350e3ef
RL		 64 # This checks that we use ANSI C language syntax and semantics.
65 # We are not as strict with libraries, but rather adapt to what's
66 # expected to be available in a certain version of each platform.
67 check-ansi:
834a2d70 68 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
a350e3ef 69 steps:
d4231af6 70 - uses: actions/checkout@v4
a350e3ef 71 - name: config
8a764202 72 run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
a350e3ef
RL		 73 - name: make
74 run: make -s -j4
75
9524a308 76 basic_gcc:
834a2d70 77 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
9524a308 78 steps:
d4231af6 79 - uses: actions/checkout@v4
1ac0464d
TM		 80 - name: checkout fuzz/corpora submodule
81 run: git submodule update --init --depth 1 fuzz/corpora
c29cf394
DB		 82 - name: localegen
83 run: sudo locale-gen tr_TR.UTF-8
9524a308 84 - name: config
8a764202 85 # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
e98940d6 86 run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump
9524a308 87 - name: make
ae290d8f 88 run: make -s -j4
2d374e1c
DM		 89 - name: get cpu info
90 run: |
91 cat /proc/cpuinfo
92 ./util/opensslwrap.sh version -c
9524a308 93 - name: make test
f2db7096
HL		 94 run: .github/workflows/make-test
95 - name: save artifacts
96 uses: actions/upload-artifact@v4
97 with:
98 name: "ci@basic-gcc"
99 path: artifacts/
9524a308
MC		 100
101 basic_clang:
834a2d70 102 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
9524a308 103 steps:
d4231af6 104 - uses: actions/checkout@v4
1ac0464d
TM		 105 - name: checkout fuzz/corpora submodule
106 run: git submodule update --init --depth 1 fuzz/corpora
9524a308 107 - name: config
e98940d6 108 run: CC=clang ./config --banner=Configured no-fips --strict-warnings && perl configdata.pm --dump
9524a308 109 - name: make
ae290d8f 110 run: make -s -j4
2d374e1c
DM		 111 - name: get cpu info
112 run: |
113 cat /proc/cpuinfo
114 ./util/opensslwrap.sh version -c
9524a308 115 - name: make test
f2db7096
HL		 116 run: .github/workflows/make-test
117 - name: save artifacts
118 uses: actions/upload-artifact@v4
119 with:
120 name: "ci@basic-clang"
121 path: artifacts/
9524a308 122
6b7a11d8 123 self-hosted:
74fd6823 124 if: github.repository == 'openssl/openssl'
6b7a11d8
DM		 125 strategy:
126 matrix:
127 os: [freebsd-13.2, ubuntu-arm64-22.04]
128 runs-on: ${{ matrix.os }}-self-hosted
129 continue-on-error: true
130 steps:
131 - uses: actions/checkout@v4
132 - name: config
e98940d6 133 run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
6b7a11d8
DM		 134 - name: config dump
135 run: ./configdata.pm --dump
136 - name: make
137 run: make -j4
138 - name: get cpu info
139 run: ./util/opensslwrap.sh version -c
140 - name: make test
f2db7096
HL		 141 run: .github/workflows/make-test
142 - name: save artifacts
143 uses: actions/upload-artifact@v4
144 with:
9abcf116 145 name: "ci@self-hosted-${{ matrix.os }}"
f2db7096 146 path: artifacts/
6b7a11d8 147
9524a308 148 minimal:
834a2d70 149 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
9524a308 150 steps:
d4231af6 151 - uses: actions/checkout@v4
1ac0464d
TM		 152 - name: checkout fuzz/corpora submodule
153 run: git submodule update --init --depth 1 fuzz/corpora
9524a308 154 - name: config
e98940d6 155 run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
9524a308 156 - name: make
d0196ddc 157 run: make -j4 # verbose, so no -s here
2d374e1c
DM		 158 - name: get cpu info
159 run: |
160 cat /proc/cpuinfo
161 ./util/opensslwrap.sh version -c
9524a308 162 - name: make test
f2db7096
HL		 163 run: .github/workflows/make-test
164 - name: save artifacts
165 uses: actions/upload-artifact@v4
166 with:
167 name: "ci@minimal"
168 path: artifacts/
169 if-no-files-found: ignore
9524a308 170
e3577add 171 no-deprecated:
834a2d70 172 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
e3577add 173 steps:
d4231af6 174 - uses: actions/checkout@v4
1ac0464d
TM		 175 - name: checkout fuzz/corpora submodule
176 run: git submodule update --init --depth 1 fuzz/corpora
e3577add 177 - name: config
e98940d6 178 run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips && perl configdata.pm --dump
e3577add
RL		 179 - name: make
180 run: make -s -j4
2d374e1c
DM		 181 - name: get cpu info
182 run: |
183 cat /proc/cpuinfo
184 ./util/opensslwrap.sh version -c
e3577add 185 - name: make test
f2db7096
HL		 186 run: .github/workflows/make-test
187 - name: save artifacts
188 uses: actions/upload-artifact@v4
189 with:
190 name: "ci@no-deprecated"
191 path: artifacts/
e3577add 192
834a2d70
DM		 193 no-shared-ubuntu:
194 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
4a95b70d 195 steps:
d4231af6 196 - uses: actions/checkout@v4
1ac0464d
TM		 197 - name: checkout fuzz/corpora submodule
198 run: git submodule update --init --depth 1 fuzz/corpora
4a95b70d 199 - name: config
e98940d6 200 run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump
4a95b70d
RL		 201 - name: make
202 run: make -s -j4
2d374e1c 203 - name: get cpu info
834a2d70
DM		 204 run: |
205 cat /proc/cpuinfo
206 ./util/opensslwrap.sh version -c
207 - name: make test
f2db7096
HL		 208 run: .github/workflows/make-test
209 - name: save artifacts
210 uses: actions/upload-artifact@v4
211 with:
212 name: "ci@no-shared-ubuntu"
213 path: artifacts/
834a2d70
DM		 214
215 no-shared-macos:
ada9d8c7
DM		 216 strategy:
217 fail-fast: false
218 matrix:
219 os: [macos-13, macos-14]
834a2d70 220 if: github.server_url == 'https://github.com'
ada9d8c7 221 runs-on: ${{ matrix.os }}
834a2d70
DM		 222 steps:
223 - uses: actions/checkout@v4
224 - name: checkout fuzz/corpora submodule
225 run: git submodule update --init --depth 1 fuzz/corpora
226 - name: config
e98940d6 227 run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump
834a2d70
DM		 228 - name: make
229 run: make -s -j4
230 - name: get cpu info
231 run: |
232 sysctl machdep.cpu
233 ./util/opensslwrap.sh version -c
4a95b70d 234 - name: make test
f2db7096
HL		 235 run: .github/workflows/make-test
236 - name: save artifacts
237 uses: actions/upload-artifact@v4
238 with:
239 name: "ci@no-shared-macos"
240 path: artifacts/
4a95b70d 241
499f2ae9 242 non-caching:
834a2d70 243 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
499f2ae9 244 steps:
d4231af6 245 - uses: actions/checkout@v4
1ac0464d
TM		 246 - name: checkout fuzz/corpora submodule
247 run: git submodule update --init --depth 1 fuzz/corpora
37cd49f5
NH		 248 - name: Adjust ASLR for sanitizer
249 run: |
250 sudo cat /proc/sys/vm/mmap_rnd_bits
251 sudo sysctl -w vm.mmap_rnd_bits=28
499f2ae9 252 - name: config
e98940d6 253 run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
499f2ae9
P		 254 - name: make
255 run: make -s -j4
2d374e1c
DM		 256 - name: get cpu info
257 run: |
258 cat /proc/cpuinfo
259 ./util/opensslwrap.sh version -c
499f2ae9 260 - name: make test
f2db7096
HL		 261 run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
262 - name: save artifacts
263 uses: actions/upload-artifact@v4
264 with:
265 name: "ci@non-caching"
266 path: artifacts/
499f2ae9 267
a5a4dac9 268 address_ub_sanitizer:
834a2d70 269 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
9524a308 270 steps:
d4231af6 271 - uses: actions/checkout@v4
1ac0464d
TM		 272 - name: checkout fuzz/corpora submodule
273 run: git submodule update --init --depth 1 fuzz/corpora
37cd49f5
NH		 274 - name: Adjust ASLR for sanitizer
275 run: |
276 sudo cat /proc/sys/vm/mmap_rnd_bits
277 sudo sysctl -w vm.mmap_rnd_bits=28
9524a308 278 - name: config
e98940d6 279 run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
9524a308 280 - name: make
ae290d8f 281 run: make -s -j4
2d374e1c
DM		 282 - name: get cpu info
283 run: |
284 cat /proc/cpuinfo
285 ./util/opensslwrap.sh version -c
9524a308 286 - name: make test
f2db7096
HL		 287 run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
288 - name: save artifacts
289 uses: actions/upload-artifact@v4
290 with:
291 name: "ci@address_ub_sanitizer"
292 path: artifacts/
9524a308 293
27d88270 294 fuzz_tests:
834a2d70 295 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
27d88270
MC		 296 steps:
297 - uses: actions/checkout@v4
298 - name: checkout fuzz/corpora submodule
299 run: git submodule update --init --depth 1 fuzz/corpora
37cd49f5
NH		 300 - name: Adjust ASLR for sanitizer
301 run: |
302 sudo cat /proc/sys/vm/mmap_rnd_bits
303 sudo sysctl -w vm.mmap_rnd_bits=28
27d88270 304 - name: config
e98940d6 305 run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump
27d88270
MC		 306 - name: make
307 run: make -s -j4
308 - name: get cpu info
309 run: |
310 cat /proc/cpuinfo
311 ./util/opensslwrap.sh version -c
312 - name: make test
f2db7096
HL		 313 run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*"
314 - name: save artifacts
315 uses: actions/upload-artifact@v4
316 with:
317 name: "ci@fuzz_tests"
318 path: artifacts/
319 if-no-files-found: ignore
27d88270 320
a5a4dac9 321 memory_sanitizer:
834a2d70 322 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
a5a4dac9 323 steps:
d4231af6 324 - uses: actions/checkout@v4
1ac0464d
TM		 325 - name: checkout fuzz/corpora submodule
326 run: git submodule update --init --depth 1 fuzz/corpora
37cd49f5
NH		 327 - name: Adjust ASLR for sanitizer
328 run: |
329 sudo cat /proc/sys/vm/mmap_rnd_bits
330 sudo sysctl -w vm.mmap_rnd_bits=28
a5a4dac9
P		 331 - name: config
332 # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
e98940d6 333 run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
a5a4dac9
P		 334 - name: make
335 run: make -s -j4
2d374e1c
DM		 336 - name: get cpu info
337 run: |
338 cat /proc/cpuinfo
339 ./util/opensslwrap.sh version -c
a5a4dac9 340 - name: make test
f2db7096
HL		 341 run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
342 - name: save artifacts
343 uses: actions/upload-artifact@v4
344 with:
345 name: "ci@memory_sanitizer"
346 path: artifacts/
a5a4dac9 347
f94a9169 348 threads_sanitizer:
834a2d70 349 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
f94a9169 350 steps:
d4231af6 351 - uses: actions/checkout@v4
1ac0464d
TM		 352 - name: checkout fuzz/corpora submodule
353 run: git submodule update --init --depth 1 fuzz/corpora
37cd49f5
NH		 354 - name: Adjust ASLR for sanitizer
355 run: |
356 sudo cat /proc/sys/vm/mmap_rnd_bits
357 sudo sysctl -w vm.mmap_rnd_bits=28
f94a9169 358 - name: config
e98940d6 359 run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
f94a9169
MC		 360 - name: make
361 run: make -s -j4
2d374e1c
DM		 362 - name: get cpu info
363 run: |
364 cat /proc/cpuinfo
365 ./util/opensslwrap.sh version -c
f94a9169 366 - name: make test
f2db7096
HL		 367 run: .github/workflows/make-test V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
368 - name: save artifacts
369 uses: actions/upload-artifact@v4
370 with:
371 name: "ci@threads_sanitizer"
372 path: artifacts/
f94a9169 373
9524a308 374 enable_non-default_options:
834a2d70 375 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
9524a308 376 steps:
d4231af6 377 - uses: actions/checkout@v4
1ac0464d
TM		 378 - name: checkout fuzz/corpora submodule
379 run: git submodule update --init --depth 1 fuzz/corpora
c9eb4598
TM		 380 - name: modprobe tls
381 run: sudo modprobe tls
9524a308 382 - name: config
e98940d6 383 run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump
9524a308 384 - name: make
ae290d8f 385 run: make -s -j4
2d374e1c
DM		 386 - name: get cpu info
387 run: |
388 cat /proc/cpuinfo
389 ./util/opensslwrap.sh version -c
9524a308 390 - name: make test
f2db7096
HL		 391 run: .github/workflows/make-test
392 - name: save artifacts
393 uses: actions/upload-artifact@v4
394 with:
395 name: "ci@enable_non-default_options"
396 path: artifacts/
9524a308 397
5cd00422 398 full_featured:
834a2d70 399 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
a5d8a2f8 400 steps:
d4231af6 401 - uses: actions/checkout@v4
1ac0464d
TM		 402 - name: checkout fuzz/corpora submodule
403 run: git submodule update --init --depth 1 fuzz/corpora
a5d8a2f8
DB		 404 - name: modprobe tls
405 run: sudo modprobe tls
4ede274c
NH		 406 - name: Enable sctp
407 run: sudo modprobe sctp
408 - name: Enable auth in sctp
409 run: sudo sysctl -w net.sctp.auth_enable=1
410 - name: install extra config support
411 run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
a5d8a2f8 412 - name: config
e98940d6 413 run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
a5d8a2f8
DB		 414 - name: make
415 run: make -s -j4
2d374e1c
DM		 416 - name: get cpu info
417 run: |
418 cat /proc/cpuinfo
419 ./util/opensslwrap.sh version -c
a5d8a2f8 420 - name: make test
f2db7096
HL		 421 run: .github/workflows/make-test
422 - name: save artifacts
423 uses: actions/upload-artifact@v4
424 with:
425 name: "ci@full_featured"
426 path: artifacts/
a5d8a2f8 427
11c7874d 428 no-legacy:
834a2d70 429 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
11c7874d 430 steps:
d4231af6 431 - uses: actions/checkout@v4
1ac0464d
TM		 432 - name: checkout fuzz/corpora submodule
433 run: git submodule update --init --depth 1 fuzz/corpora
11c7874d 434 - name: config
e98940d6 435 run: ./config --banner=Configured --strict-warnings no-legacy enable-fips && perl configdata.pm --dump
11c7874d
P		 436 - name: make
437 run: make -s -j4
2d374e1c
DM		 438 - name: get cpu info
439 run: |
440 cat /proc/cpuinfo
441 ./util/opensslwrap.sh version -c
11c7874d 442 - name: make test
f2db7096
HL		 443 run: .github/workflows/make-test
444 - name: save artifacts
445 uses: actions/upload-artifact@v4
446 with:
447 name: "ci@no-legacy"
448 path: artifacts/
11c7874d 449
a67c7010 450 legacy:
834a2d70 451 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
9524a308 452 steps:
d4231af6 453 - uses: actions/checkout@v4
1ac0464d
TM		 454 - name: checkout fuzz/corpora submodule
455 run: git submodule update --init --depth 1 fuzz/corpora
9524a308 456 - name: config
e98940d6 457 run: ./config --banner=Configured -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
9524a308 458 - name: make
ae290d8f 459 run: make -s -j4
2d374e1c
DM		 460 - name: get cpu info
461 run: |
462 cat /proc/cpuinfo
463 ./util/opensslwrap.sh version -c
9524a308 464 - name: make test
f2db7096
HL		 465 run: .github/workflows/make-test
466 - name: save artifacts
467 uses: actions/upload-artifact@v4
468 with:
469 name: "ci@legacy"
470 path: artifacts/
4605b34d 471
266a3553
RL		 472 # out-of-source-and-install checks multiple things at the same time:
473 # - That building, testing and installing works from an out-of-source
474 # build tree
475 # - That building, testing and installing works with a read-only source
476 # tree
834a2d70
DM		 477 out-of-readonly-source-and-install-ubuntu:
478 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
4605b34d 479 steps:
d4231af6 480 - uses: actions/checkout@v4
266a3553
RL		 481 with:
482 path: ./source
1ac0464d
TM		 483 - name: checkout fuzz/corpora submodule
484 run: git submodule update --init --depth 1 fuzz/corpora
266a3553
RL		 485 working-directory: ./source
486 - name: make source read-only
487 run: chmod -R a-w ./source
488 - name: create build and install directories
4605b34d
RL		 489 run: |
490 mkdir ./build
491 mkdir ./install
492 - name: config
266a3553 493 run: |
e98940d6 494 ../source/config --banner=Configured enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
266a3553 495 perl configdata.pm --dump
4605b34d
RL		 496 working-directory: ./build
497 - name: make
498 run: make -s -j4
499 working-directory: ./build
2d374e1c 500 - name: get cpu info
834a2d70
DM		 501 run: |
502 cat /proc/cpuinfo
503 ./util/opensslwrap.sh version -c
504 working-directory: ./build
505 - name: make test
f2db7096 506 run: ../source/.github/workflows/make-test
834a2d70 507 working-directory: ./build
f2db7096
HL		 508 - name: save artifacts
509 uses: actions/upload-artifact@v4
510 with:
511 name: "ci@out-of-readonly-source-and-install-ubuntu"
512 path: build/artifacts/
834a2d70
DM		 513 - name: make install
514 run: make install
515 working-directory: ./build
516
517 out-of-readonly-source-and-install-macos:
ada9d8c7
DM		 518 strategy:
519 fail-fast: false
520 matrix:
521 os: [macos-13, macos-14]
522 runs-on: ${{ matrix.os }}
834a2d70
DM		 523 if: github.server_url == 'https://github.com'
524 steps:
525 - uses: actions/checkout@v4
526 with:
527 path: ./source
528 - name: checkout fuzz/corpora submodule
529 run: git submodule update --init --depth 1 fuzz/corpora
530 working-directory: ./source
531 - name: make source read-only
532 run: chmod -R a-w ./source
533 - name: create build and install directories
534 run: |
535 mkdir ./build
536 mkdir ./install
537 - name: config
538 run: |
e98940d6 539 ../source/config --banner=Configured enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
834a2d70
DM		 540 perl configdata.pm --dump
541 working-directory: ./build
542 - name: make
543 run: make -s -j4
544 working-directory: ./build
545 - name: get cpu info
546 run: |
547 sysctl machdep.cpu
548 ./util/opensslwrap.sh version -c
2d374e1c 549 working-directory: ./build
4605b34d 550 - name: make test
f2db7096 551 run: ../source/.github/workflows/make-test
4605b34d 552 working-directory: ./build
f2db7096
HL		 553 - name: save artifacts
554 uses: actions/upload-artifact@v4
555 with:
556 name: "ci@out-of-readonly-source-and-install-macos"
557 path: build/artifacts/
4605b34d
RL		 558 - name: make install
559 run: make install
560 working-directory: ./build
b414c811 561
996d2693 562 external-tests:
834a2d70 563 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
996d2693 564 steps:
d4231af6 565 - uses: actions/checkout@v4
996d2693
TM		 566 with:
567 submodules: recursive
568 - name: package installs
569 run: |
570 sudo apt-get update
dd62ec27 571 sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
b414c811
TM		 572 - name: install cpanm and Test2::V0 for gost_engine testing
573 uses: perl-actions/install-with-cpanm@v1
574 with:
575 install: Test2::V0
cd0aca53
TM		 576 - name: setup hostname workaround
577 run: sudo hostname localhost
996d2693 578 - name: config
d0364dcc 579 run: ./config --banner=Configured --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
996d2693
TM		 580 - name: make
581 run: make -s -j4
2d374e1c
DM		 582 - name: get cpu info
583 run: |
584 cat /proc/cpuinfo
585 ./util/opensslwrap.sh version -c
a7a041c2
TM		 586 - name: test external gost-engine
587 run: make test TESTS="test_external_gost_engine"
588 - name: test external krb5
589 run: make test TESTS="test_external_krb5"
e66c4172
DB		 590 - name: test external_tlsfuzzer
591 run: make test TESTS="test_external_tlsfuzzer"
fa66f62e
MB		 592 - name: test external oqs-provider
593 run: make test TESTS="test_external_oqsprovider"
a938f004
PK		 594
595 external-test-pyca:
834a2d70 596 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
a938f004
PK		 597 strategy:
598 matrix:
599 RUST:
600 - 1.51.0
601 PYTHON:
602 - 3.9
603 steps:
d4231af6 604 - uses: actions/checkout@v4
a938f004
PK		 605 with:
606 submodules: recursive
607 - name: Configure OpenSSL
d0364dcc 608 run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
a938f004
PK		 609 - name: make
610 run: make -s -j4
611 - name: Setup Python
51c85496 612 uses: actions/setup-python@v5.0.0
a938f004
PK		 613 with:
614 python-version: ${{ matrix.PYTHON }}
cd5911a6 615 - uses: dtolnay/rust-toolchain@master
a938f004 616 with:
a938f004 617 toolchain: ${{ matrix.RUST }}
2d374e1c
DM		 618 - name: get cpu info
619 run: |
620 cat /proc/cpuinfo
621 ./util/opensslwrap.sh version -c
a938f004 622 - name: test external pyca
94471ccf 623 run: make test TESTS="test_external_pyca" VERBOSE=1
fc110280
TM		 624
625 external-test-cf-quiche:
834a2d70 626 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
fc110280 627 steps:
d4231af6 628 - uses: actions/checkout@v4
fc110280
TM		 629 with:
630 submodules: recursive
631 - name: Configure OpenSSL
8a764202 632 run: ./config --banner=Configured --strict-warnings enable-external-tests && perl configdata.pm --dump
fc110280
TM		 633 - name: make
634 run: make -s -j4
cd5911a6 635 - uses: dtolnay/rust-toolchain@stable
2d374e1c
DM		 636 - name: get cpu info
637 run: |
638 cat /proc/cpuinfo
639 ./util/opensslwrap.sh version -c
fc110280
TM		 640 - name: test external Cloudflare quiche
641 run: make test TESTS="test_external_cf_quiche" VERBOSE=1
A mirror of the official openssl repository