CI: scripts: add support for git in openssl builds

Add support for git releases downloaded from github in openssl builds:

- GIT_TYPE variable allow you to chose between "branch" or "commit"
- OPENSSL_VERSION variable supports a "git-" prefix
- "git-${commit_id}" is stored in .openssl_version instead of the branch
  name for version comparison.

diff --git a/scripts/build-ssl.sh b/scripts/build-ssl.sh
index 4b46b430130949b8c87b250b0a2d86a32d46b082..f7499fac3c378c0fa1bce815e1a2c9c210e5b248 100755 (executable)
--- a/scripts/build-ssl.sh
+++ b/scripts/build-ssl.sh
@@ -4,25 +4,36 @@ set -eux
 BUILDSSL_DESTDIR=${BUILDSSL_DESTDIR:-${HOME}/opt}
 BUILDSSL_TMPDIR=${BUILDSSL_TMPDIR:-/tmp/download-cache}
 QUICTLS_URL=${QUICTLS_URL:-https://github.com/quictls/openssl}
-
 WOLFSSL_DEBUG=${WOLFSSL_DEBUG:-0}
+GIT_TYPE=${GIT_TYPE:-commit}
 
-download_openssl () {
-    if [ ! -f "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz" ]; then
 
-#
-# OpenSSL has different links for latest and previous releases
-# since we want to download several versions, let us try to treat
-# current version as latest, if it fails, follow with previous
-#
 
-       wget -P ${BUILDSSL_TMPDIR}/ \
-           "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" || \
-        wget -P ${BUILDSSL_TMPDIR}/ \
-            "https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz" || \
-       wget -P ${BUILDSSL_TMPDIR}/ \
-           "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz"
-    fi
+download_openssl () {
+
+       # chose between a release or a git version from github
+       if [ "${OPENSSL_VERSION%%-*}" != "git" ]; then
+
+               if [ ! -f "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz" ]; then
+                       # OpenSSL has different links for latest and previous releases
+                       # since we want to download several versions, let us try to treat
+                       # current version as latest, if it fails, follow with previous
+                       wget -P ${BUILDSSL_TMPDIR}/ \
+                           "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" || \
+                       wget -P ${BUILDSSL_TMPDIR}/ \
+                           "https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz" || \
+                       wget -P ${BUILDSSL_TMPDIR}/ \
+                           "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz"
+               fi
+       else
+               if [ "${GIT_TYPE}" = "branch" ]; then
+                       # update the openssl version using the commit ID of the branch HEAD
+                       branch_name="${OPENSSL_VERSION##git-}"
+                       OPENSSL_VERSION=git-$(wget -q -O- "https://api.github.com/repos/openssl/openssl/branches/$branch_name" |  grep '"sha":' | head -n 1 | sed -E 's/ *"sha": "(.*)",/\1/')
+               fi
+               wget -q -O "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz" \
+                   "https://github.com/openssl/openssl/archive/${OPENSSL_VERSION##git-}.tar.gz"
+       fi
 }
 
 # recent openssl versions support parallel builds and skipping the docs,