From: Viktor Szakats Date: Sun, 24 Aug 2025 19:29:23 +0000 (+0200) Subject: GHA/http3-linux: add AWS-LC and BoringSSL jobs X-Git-Tag: curl-8_16_0~83 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=455cd0741061dfe7565aed4c9d80d426a2c57ca7;p=thirdparty%2Fcurl.git GHA/http3-linux: add AWS-LC and BoringSSL jobs Closes #18391 --- diff --git a/.github/workflows/http3-linux.yml b/.github/workflows/http3-linux.yml index 1cc287056e..5b41cf083b 100644 --- a/.github/workflows/http3-linux.yml +++ b/.github/workflows/http3-linux.yml @@ -47,6 +47,10 @@ env: QUICTLS_VERSION: 3.3.0 # renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com LIBRESSL_VERSION: 4.1.0 + # renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com + AWSLC_VERSION: 1.58.0 + # renovate: datasource=github-tags depName=google/boringssl versioning=semver registryUrl=https://github.com + BORINGSSL_VERSION: 0.20250818.0 # renovate: datasource=github-tags depName=gnutls/gnutls versioning=semver registryUrl=https://github.com GNUTLS_VERSION: 3.8.10 # renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com @@ -84,6 +88,24 @@ jobs: path: ~/libressl/build key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }} + - name: 'cache awslc' + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 + id: cache-awslc + env: + cache-name: cache-awslc + with: + path: ~/awslc/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.AWSLC_VERSION }} + + - name: 'cache boringssl' + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 + id: cache-boringssl + env: + cache-name: cache-boringssl + with: + path: ~/boringssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.BORINGSSL_VERSION }} + - name: 'cache quictls' uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 id: cache-quictls-no-deprecated @@ -127,7 +149,16 @@ jobs: cache-name: cache-ngtcp2 with: path: ~/ngtcp2/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }} + + - name: 'cache ngtcp2 boringssl' + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 + id: cache-ngtcp2-boringssl + env: + cache-name: cache-ngtcp2-boringssl + with: + path: ~/ngtcp2-boringssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.BORINGSSL_VERSION }} - name: 'cache nghttp2' uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 @@ -142,11 +173,14 @@ jobs: if: >- ${{ steps.cache-openssl-http3.outputs.cache-hit != 'true' || steps.cache-libressl.outputs.cache-hit != 'true' || + steps.cache-awslc.outputs.cache-hit != 'true' || + steps.cache-boringssl.outputs.cache-hit != 'true' || steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' || steps.cache-gnutls.outputs.cache-hit != 'true' || steps.cache-wolfssl.outputs.cache-hit != 'true' || steps.cache-nghttp3.outputs.cache-hit != 'true' || steps.cache-ngtcp2.outputs.cache-hit != 'true' || + steps.cache-ngtcp2-boringssl.outputs.cache-hit != 'true' || steps.cache-nghttp2.outputs.cache-hit != 'true' }} run: echo 'needs-build=true' >> "$GITHUB_OUTPUT" @@ -188,6 +222,28 @@ jobs: cmake --build . cmake --install . + - name: 'build awslc' + if: ${{ steps.cache-awslc.outputs.cache-hit != 'true' }} + run: | + cd ~ + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" | tar -xz + cd "aws-lc-${AWSLC_VERSION}" + cmake -B . -G Ninja -DBUILD_SHARED_LIBS=ON -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/awslc/build + cmake --build . + cmake --install . + + - name: 'build boringssl' + if: ${{ steps.cache-boringssl.outputs.cache-hit != 'true' }} + run: | + mkdir boringssl-src + cd boringssl-src + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + "https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" | tar -xz + cmake -B . -G Ninja -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/boringssl/build + cmake --build . + cmake --install . + - name: 'build quictls' if: ${{ steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' }} run: | @@ -238,7 +294,7 @@ jobs: - name: 'build ngtcp2' if: ${{ steps.cache-ngtcp2.outputs.cache-hit != 'true' }} - # building 3 times to get crypto libs for ossl, libressl and quictls installed + # building 3 times to get crypto libs for ossl, libressl, quictls and awslc installed run: | cd ~ git clone --quiet --depth=1 -b "v${NGTCP2_VERSION}" https://github.com/ngtcp2/ngtcp2 @@ -254,7 +310,22 @@ jobs: make clean ./configure --disable-dependency-tracking --prefix="$PWD"/build \ PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/wolfssl/build/lib/pkgconfig \ - --enable-lib-only --with-openssl --with-gnutls --with-wolfssl + --enable-lib-only --with-openssl --with-gnutls --with-wolfssl --with-boringssl \ + BORINGSSL_LIBS='-L/home/runner/awslc/build/lib -lssl -lcrypto' \ + BORINGSSL_CFLAGS='-I/home/runner/awslc/build/include' + make install + + - name: 'build ngtcp2 boringssl' + if: ${{ steps.cache-ngtcp2-boringssl.outputs.cache-hit != 'true' }} + run: | + cd ~ + git clone --quiet --depth=1 -b "v${NGTCP2_VERSION}" https://github.com/ngtcp2/ngtcp2 ngtcp2-boringssl + cd ngtcp2-boringssl + autoreconf -fi + ./configure --disable-dependency-tracking --prefix="$PWD"/build \ + --enable-lib-only --with-openssl=no --with-boringssl \ + BORINGSSL_LIBS='-L/home/runner/boringssl/build/lib -lssl -lcrypto' \ + BORINGSSL_CFLAGS='-I/home/runner/boringssl/build/include' make install - name: 'build nghttp2' @@ -313,6 +384,36 @@ jobs: -DOPENSSL_ROOT_DIR=/home/runner/libressl/build -DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON + - name: 'awslc' + install_steps: skipall + PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + configure: >- + LDFLAGS=-Wl,-rpath,/home/runner/awslc/build/lib + --with-ngtcp2 --disable-ntlm + --with-openssl=/home/runner/awslc/build --enable-ssls-export + + - name: 'awslc' + PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + generate: >- + -DOPENSSL_ROOT_DIR=/home/runner/awslc/build -DBUILD_SHARED_LIBS=OFF + -DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON + -DCMAKE_UNITY_BUILD=ON + + - name: 'boringssl' + install_steps: skipall + PKG_CONFIG_PATH: /home/runner/boringssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2-boringssl/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + configure: >- + LDFLAGS=-Wl,-rpath,/home/runner/boringssl/build/lib + --with-ngtcp2 --disable-ntlm + --with-openssl=/home/runner/boringssl/build --enable-ssls-export + + - name: 'boringssl' + PKG_CONFIG_PATH: /home/runner/boringssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2-boringssl/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + generate: >- + -DOPENSSL_ROOT_DIR=/home/runner/boringssl/build -DBUILD_SHARED_LIBS=OFF + -DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON + -DCMAKE_UNITY_BUILD=ON + - name: 'quictls' install_steps: skipall PKG_CONFIG_PATH: /home/runner/quictls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig @@ -428,6 +529,26 @@ jobs: key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }} fail-on-cache-miss: true + - name: 'cache awslc' + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 + id: cache-awslc + env: + cache-name: cache-awslc + with: + path: ~/awslc/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.AWSLC_VERSION }} + fail-on-cache-miss: true + + - name: 'cache boringssl' + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 + id: cache-boringssl + env: + cache-name: cache-boringssl + with: + path: ~/boringssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.BORINGSSL_VERSION }} + fail-on-cache-miss: true + - name: 'cache quictls' uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 id: cache-quictls-no-deprecated @@ -477,7 +598,17 @@ jobs: cache-name: cache-ngtcp2 with: path: ~/ngtcp2/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }} + fail-on-cache-miss: true + + - name: 'cache ngtcp2 boringssl' + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 + id: cache-ngtcp2-boringssl + env: + cache-name: cache-ngtcp2-boringssl + with: + path: ~/ngtcp2-boringssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.BORINGSSL_VERSION }} fail-on-cache-miss: true - name: 'cache nghttp2'