From 17a669426f36b467dfd945b4b35f6211598b7977 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 5 Jun 2025 09:58:34 +0200 Subject: [PATCH] CI: fix zizmor 1.9.0 warnings, shellcheck verify CI shell code, fix fallouts zizmor 1.9.0 effectively bans using GHA macros within shell script snippets. Rework them to pass GHA macro values via envs and use those envs in shell snippets. `${{ env.* }}` macros could be converted to native env references after making their names shell-compatible. Envs and shell commands can no longer be used in GHA macro values. Most cases could be fixed by using literals. Passing quoted values with spaces combined with other args also doesn't work anymore. This was replaced by passing them separately. Despite the initial complications, avoiding GHA macros in scripts does seems to make the CI code reasonable cleaner. It also makes it possible to analyze the scripts with shellcheck, finding subtle issues that went unnoticed till now. Also: - un-ignore and fix three existing zizmor `template-injection` issues. - add script to extract and shellcheck all shell code stored within GHA and Circle CI YAML files. - add CI job to run this script. - fix shellcheck issues discovered. - fix minor differences between cmake and autotools FreeBSD jobs. - merge cmake/autotools FreeBSD jobs to avoid developing unwanted differences again. - fix/sync quote use across shell code. - replace `$HOME` with `~` or literal where it made sense. - replace most `brew --prefix` with literals. - move all curl install tests to the `curl-install*` prefix. - add missing curl install tests to cygwin/msys/mingw/*bsd. - pipe to `tar` instead of storing downloads on disk. - drop unnecessary `PKG_CONFIG_PATH` when building nghttp3. Ref: https://github.com/curl/curl/actions/runs/15461461371/job/43523546041 Ref: https://github.com/zizmorcore/zizmor/releases/tag/v1.9.0 Follow-up to e522f47986bb72f194636e155191d7dccdc2d4fc #17278 Closes #17537 --- .circleci/config.yml | 20 +- .github/scripts/shellcheck-ci.sh | 30 ++ .github/scripts/shellcheck.sh | 1 - .github/workflows/checkdocs.yml | 14 +- .github/workflows/checksrc.yml | 21 +- .github/workflows/configure-vs-cmake.yml | 17 +- .github/workflows/curl-for-win.yml | 10 +- .github/workflows/distcheck.yml | 47 ++-- .github/workflows/hacktoberfest-accepted.yml | 5 +- .github/workflows/http3-linux.yml | 227 +++++++-------- .github/workflows/linux-old.yml | 2 +- .github/workflows/linux.yml | 281 ++++++++++--------- .github/workflows/macos.yml | 182 ++++++------ .github/workflows/non-native.yml | 247 +++++++++------- .github/workflows/windows.yml | 247 +++++++++------- 15 files changed, 752 insertions(+), 599 deletions(-) create mode 100755 .github/scripts/shellcheck-ci.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 100dc9c0ba..a79abf1c8f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -52,11 +52,11 @@ commands: - run: command: | # renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com - WOLFSSL_VER=5.8.0 - echo "Installing wolfSSL $WOLFSSL_VER" - curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssl/archive/v$WOLFSSL_VER-stable.tar.gz - tar -xzf v$WOLFSSL_VER-stable.tar.gz - cd wolfssl-$WOLFSSL_VER-stable + WOLFSSL_VERSION=5.8.0 + echo "Installing wolfSSL $WOLFSSL_VERSION" + curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssl/archive/v$WOLFSSL_VERSION-stable.tar.gz + tar -xzf v$WOLFSSL_VERSION-stable.tar.gz + cd wolfssl-$WOLFSSL_VERSION-stable ./autogen.sh ./configure --disable-dependency-tracking --enable-tls13 --enable-all --enable-harden --prefix=$HOME/wssl make install @@ -66,11 +66,11 @@ commands: - run: command: | # renovate: datasource=github-tags depName=wolfSSL/wolfssh versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com - WOLFSSH_VER=1.4.19 - echo "Installing wolfSSH $WOLFSSH_VER" - curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssh/archive/v$WOLFSSH_VER-stable.tar.gz - tar -xzf v$WOLFSSH_VER-stable.tar.gz - cd wolfssh-$WOLFSSH_VER-stable + WOLFSSH_VERSION=1.4.19 + echo "Installing wolfSSH $WOLFSSH_VERSION" + curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssh/archive/v$WOLFSSH_VERSION-stable.tar.gz + tar -xzf v$WOLFSSH_VERSION-stable.tar.gz + cd wolfssh-$WOLFSSH_VERSION-stable ./autogen.sh ./configure --disable-dependency-tracking --with-wolfssl=$HOME/wssl --prefix=$HOME/wssh --enable-scp --enable-sftp --disable-term --disable-examples make install diff --git a/.github/scripts/shellcheck-ci.sh b/.github/scripts/shellcheck-ci.sh new file mode 100755 index 0000000000..87e03b9d12 --- /dev/null +++ b/.github/scripts/shellcheck-ci.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +# Required: yq + +set -eu + +export SHELLCHECK_OPTS='--exclude=1090,1091,2086,2153 --enable=avoid-nullary-conditions,deprecate-which' + +# GHA +git ls-files '.github/workflows/*.yml' | while read -r f; do + echo "Verifying ${f}..." + { + echo '#!/usr/bin/env bash' + echo 'set -eu' + yq eval '.. | select(has("run") and (.run | type == "!!str")) | .run + "\ntrue\n"' "${f}" + } | sed -E 's|\$\{\{ .+ \}\}|GHA_EXPRESSION|g' | shellcheck - +done + +# Circle CI +git ls-files '.circleci/*.yml' | while read -r f; do + echo "Verifying ${f}..." + { + echo '#!/usr/bin/env bash' + echo 'set -eu' + yq eval '.. | select(has("command") and (.command | type == "!!str")) | .command + "\ntrue\n"' "${f}" + } | shellcheck - +done diff --git a/.github/scripts/shellcheck.sh b/.github/scripts/shellcheck.sh index b4a07c58c3..66590ec6c7 100755 --- a/.github/scripts/shellcheck.sh +++ b/.github/scripts/shellcheck.sh @@ -3,7 +3,6 @@ # # SPDX-License-Identifier: curl -shellcheck --version # shellcheck disable=SC2046 shellcheck --exclude=1091 \ --enable=avoid-nullary-conditions,deprecate-which \ diff --git a/.github/workflows/checkdocs.yml b/.github/workflows/checkdocs.yml index b97475e72c..39d5475768 100644 --- a/.github/workflows/checkdocs.yml +++ b/.github/workflows/checkdocs.yml @@ -53,7 +53,7 @@ jobs: # # config file help: https://github.com/amperser/proselint/ # - name: create proselint config # run: | - # cat < $HOME/.proselintrc.json + # cat < ~/.proselintrc.json # { # "checks": { # "typography.diacritical_marks": false, @@ -74,7 +74,7 @@ jobs: # # This is for CHECKSRC and files with aggressive exclamation mark needs # - name: create second proselint config # run: | - # cat < $HOME/.proselintrc.json + # cat < ~/.proselintrc.json # { # "checks": { # "typography.diacritical_marks": false, @@ -109,10 +109,12 @@ jobs: name: checkout - name: trim all *.md files in docs/ - run: .github/scripts/cleancmd.pl $(find docs -name "*.md") + run: | + # shellcheck disable=SC2046 + .github/scripts/cleancmd.pl $(find docs -name '*.md') - name: setup the custom wordlist - run: grep -v '^#' .github/scripts/spellcheck.words > wordlist.txt + run: grep -v '^#' .github/scripts/spellcheck.words > wordlist.txt - name: Check Spelling uses: rojopolis/spellcheck-github-actions@584b2ae95998967a53af7fbfb7f5b15352c38748 # v0 @@ -128,7 +130,9 @@ jobs: name: checkout - name: badwords - run: .github/scripts/badwords.pl < .github/scripts/badwords.txt `git ls-files '**.md'` docs/TODO docs/KNOWN_BUGS packages/OS400/README.OS400 + run: | + # shellcheck disable=SC2046 + .github/scripts/badwords.pl < .github/scripts/badwords.txt $(git ls-files '**.md') docs/TODO docs/KNOWN_BUGS packages/OS400/README.OS400 - name: verify-synopsis run: .github/scripts/verify-synopsis.pl docs/libcurl/curl*.md diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml index ae11a8bdda..6b01e9faa4 100644 --- a/.github/workflows/checksrc.yml +++ b/.github/workflows/checksrc.yml @@ -124,7 +124,9 @@ jobs: name: checkout - name: shellcheck - run: .github/scripts/shellcheck.sh + run: | + shellcheck --version + .github/scripts/shellcheck.sh - name: spacecheck run: .github/scripts/spacecheck.pl @@ -135,11 +137,12 @@ jobs: # we allow some extra in source code - name: badwords run: | + # shellcheck disable=SC2046 grep -Ev '(\\bwill| url | dir )' .github/scripts/badwords.txt | \ .github/scripts/badwords.pl $(git ls-files -- src lib include) - ghacheck: - name: GHA analysis + cicheck: + name: CI analysis runs-on: macos-latest timeout-minutes: 1 steps: @@ -148,7 +151,13 @@ jobs: persist-credentials: false name: checkout - - name: zizmor + - name: install prereqs + run: brew install shellcheck yq zizmor + + - name: zizmor GHA + run: zizmor --pedantic .github/workflows/*.yml + + - name: shellcheck run: | - brew install zizmor - zizmor --pedantic .github/workflows/*.yml + shellcheck --version + .github/scripts/shellcheck-ci.sh diff --git a/.github/workflows/configure-vs-cmake.yml b/.github/workflows/configure-vs-cmake.yml index 6f731c66e3..f4a518ccf6 100644 --- a/.github/workflows/configure-vs-cmake.yml +++ b/.github/workflows/configure-vs-cmake.yml @@ -59,8 +59,8 @@ jobs: - name: 'dump generated files' run: | for f in libcurl.pc curl-config; do - echo "::group::AM ${f}"; cat bld-am/"${f}" | grep -v '^#' || true; echo '::endgroup::' - echo "::group::CM ${f}"; cat bld-cm/"${f}" | grep -v '^#' || true; echo '::endgroup::' + echo "::group::AM ${f}"; grep -v '^#' bld-am/"${f}" || true; echo '::endgroup::' + echo "::group::CM ${f}"; grep -v '^#' bld-cm/"${f}" || true; echo '::endgroup::' done - name: 'compare generated curl_config.h files' @@ -77,11 +77,12 @@ jobs: steps: - name: 'install packages' run: | - while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew install libtool autoconf automake && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done + # shellcheck disable=SC2181,SC2034 + while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done - name: 'toolchain versions' run: | - echo '::group::brew packages installed'; ls -l "$(brew --prefix)/opt"; echo '::endgroup::' + echo '::group::brew packages installed'; ls -l /opt/homebrew/opt; echo '::endgroup::' - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: @@ -109,8 +110,8 @@ jobs: - name: 'dump generated files' run: | for f in libcurl.pc curl-config; do - echo "::group::AM ${f}"; cat bld-am/"${f}" | grep -v '^#' || true; echo '::endgroup::' - echo "::group::CM ${f}"; cat bld-cm/"${f}" | grep -v '^#' || true; echo '::endgroup::' + echo "::group::AM ${f}"; grep -v '^#' bld-am/"${f}" || true; echo '::endgroup::' + echo "::group::CM ${f}"; grep -v '^#' bld-cm/"${f}" || true; echo '::endgroup::' done - name: 'compare generated curl_config.h files' @@ -158,8 +159,8 @@ jobs: - name: 'dump generated files' run: | for f in libcurl.pc curl-config; do - echo "::group::AM ${f}"; cat bld-am/"${f}" | grep -v '^#' || true; echo '::endgroup::' - echo "::group::CM ${f}"; cat bld-cm/"${f}" | grep -v '^#' || true; echo '::endgroup::' + echo "::group::AM ${f}"; grep -v '^#' bld-am/"${f}" || true; echo '::endgroup::' + echo "::group::CM ${f}"; grep -v '^#' bld-cm/"${f}" || true; echo '::endgroup::' done - name: 'compare generated curl_config.h files' diff --git a/.github/workflows/curl-for-win.yml b/.github/workflows/curl-for-win.yml index b141fdfac6..c3d27a118e 100644 --- a/.github/workflows/curl-for-win.yml +++ b/.github/workflows/curl-for-win.yml @@ -56,7 +56,7 @@ jobs: git clone --depth 1 https://github.com/curl/curl-for-win mv curl-for-win/* . export CW_CONFIG='-main-werror-linux-a64-x64-gcc' - export CW_REVISION='${{ github.sha }}' + export CW_REVISION="${GITHUB_SHA}" DOCKER_IMAGE='debian:bookworm-slim' export CW_CCSUFFIX='-15' export CW_GCCSUFFIX='-12' @@ -84,7 +84,7 @@ jobs: git clone --depth 1 https://github.com/curl/curl-for-win mv curl-for-win/* . export CW_CONFIG='-main-werror-linux-musl-r64-x64' - export CW_REVISION='${{ github.sha }}' + export CW_REVISION="${GITHUB_SHA}" . ./_versions.sh sudo podman image trust set --type reject default sudo podman image trust set --type accept docker.io/library @@ -112,7 +112,7 @@ jobs: git clone --depth 1 https://github.com/curl/curl-for-win mv curl-for-win/* . export CW_CONFIG='-main-werror-mac-x64' - export CW_REVISION='${{ github.sha }}' + export CW_REVISION="${GITHUB_SHA}" sh -c ./_ci-mac-homebrew.sh win-llvm: @@ -128,7 +128,7 @@ jobs: git clone --depth 1 https://github.com/curl/curl-for-win mv curl-for-win/* . export CW_CONFIG='-main-werror-win-x64' - export CW_REVISION='${{ github.sha }}' + export CW_REVISION="${GITHUB_SHA}" . ./_versions.sh sudo podman image trust set --type reject default sudo podman image trust set --type accept docker.io/library @@ -153,7 +153,7 @@ jobs: git clone --depth 1 https://github.com/curl/curl-for-win mv curl-for-win/* . export CW_CONFIG='-main-werror-win-x86-gcc-libssh1-zlibng' - export CW_REVISION='${{ github.sha }}' + export CW_REVISION="${GITHUB_SHA}" . ./_versions.sh sudo podman image trust set --type reject default sudo podman image trust set --type accept docker.io/library diff --git a/.github/workflows/distcheck.yml b/.github/workflows/distcheck.yml index c851de0cd3..0ae92090c6 100644 --- a/.github/workflows/distcheck.yml +++ b/.github/workflows/distcheck.yml @@ -57,13 +57,13 @@ jobs: echo "::stop-commands::$(uuidgen)" tar xvf curl-99.98.97.tar.gz pushd curl-99.98.97 - ./configure --prefix=$HOME/temp --without-ssl --without-libpsl + ./configure --prefix="$HOME"/temp --without-ssl --without-libpsl make make test-ci make install popd # basic check of the installed files - bash scripts/installcheck.sh $HOME/temp + bash scripts/installcheck.sh "$HOME"/temp rm -rf curl-99.98.97 verify-out-of-tree-docs: @@ -105,7 +105,7 @@ jobs: pushd curl-99.98.97 mkdir build pushd build - ../configure --without-ssl --enable-debug "--prefix=${PWD}/pkg" --without-libpsl + ../configure --without-ssl --enable-debug --prefix="$PWD"/curl-install --without-libpsl make make test-ci make install @@ -174,8 +174,9 @@ jobs: shell: ${{ contains(matrix.image, 'windows') && 'msys2 {0}' || 'bash' }} env: CC: ${{ !contains(matrix.image, 'windows') && 'clang' || '' }} + MATRIX_IMAGE: '${{ matrix.image }}' TESTOPTS: ${{ contains(matrix.image, 'macos') && '-D_CURL_PREFILL=ON' || '' }} ${{ contains(matrix.image, 'windows') && '-DCMAKE_UNITY_BUILD_BATCH_SIZE=30' || '' }} - old-cmake-version: 3.11.4 + OLD_CMAKE_VERSION: 3.11.4 strategy: fail-fast: false matrix: @@ -194,26 +195,26 @@ jobs: - name: 'install prereqs' run: | - if [[ '${{ matrix.image }}' = *'windows'* ]]; then - cd "${HOME}" || exit 1 + if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then + cd ~ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ - --location 'https://github.com/Kitware/CMake/releases/download/v${{ env.old-cmake-version }}/cmake-${{ env.old-cmake-version }}-win64-x64.zip' --output bin.zip + --location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-win64-x64.zip" --output bin.zip unzip -q bin.zip rm -f bin.zip - printf '%s' "${HOME}/cmake-${{ env.old-cmake-version }}-win64-x64/bin/cmake.exe" > "${HOME}/old-cmake-path.txt" - elif [[ '${{ matrix.image }}' = *'ubuntu'* ]]; then + printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-win64-x64/bin/cmake.exe > ~/old-cmake-path.txt + elif [[ "${MATRIX_IMAGE}" = *'ubuntu'* ]]; then sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install libpsl-dev libssl-dev - cd "${HOME}" || exit 1 + cd ~ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ - --location https://github.com/Kitware/CMake/releases/download/v${{ env.old-cmake-version }}/cmake-${{ env.old-cmake-version }}-Linux-x86_64.tar.gz | tar -xzf - - printf '%s' "$PWD/cmake-${{ env.old-cmake-version }}-Linux-x86_64/bin/cmake" > "${HOME}/old-cmake-path.txt" + --location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-Linux-x86_64.tar.gz" | tar -xz + printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-Linux-x86_64/bin/cmake > ~/old-cmake-path.txt else brew install libpsl openssl - cd "${HOME}" || exit 1 + cd ~ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ - --location https://github.com/Kitware/CMake/releases/download/v${{ env.old-cmake-version }}/cmake-${{ env.old-cmake-version }}-Darwin-x86_64.tar.gz | tar -xzf - - printf '%s' "$PWD/cmake-${{ env.old-cmake-version }}-Darwin-x86_64/CMake.app/Contents/bin/cmake" > "${HOME}/old-cmake-path.txt" + --location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-Darwin-x86_64.tar.gz" | tar -xz + printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-Darwin-x86_64/CMake.app/Contents/bin/cmake > ~/old-cmake-path.txt fi - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 @@ -229,26 +230,26 @@ jobs: - name: 'via add_subdirectory OpenSSL (old cmake)' run: | - export TEST_CMAKE_CONSUMER="$(cat "${HOME}/old-cmake-path.txt")" - if [[ '${{ matrix.image }}' = *'macos'* ]]; then + export TEST_CMAKE_CONSUMER; TEST_CMAKE_CONSUMER="$(cat ~/old-cmake-path.txt)" + if [[ "${MATRIX_IMAGE}" = *'macos'* ]]; then export CFLAGS='-arch arm64' export TEST_CMAKE_FLAGS='-DCURL_USE_LIBPSL=OFF' # auto-detection does not work with old-cmake fi - if [[ '${{ matrix.image }}' = *'windows'* ]]; then + if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then export TEST_CMAKE_GENERATOR='MSYS Makefiles' export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DOPENSSL_ROOT_DIR=C:/msys64/mingw64' fi - ./tests/cmake/test.sh add_subdirectory ${TESTOPTS} -DCURL_USE_OPENSSL=ON ${options} + ./tests/cmake/test.sh add_subdirectory ${TESTOPTS} -DCURL_USE_OPENSSL=ON - name: 'via find_package OpenSSL (old cmake)' run: | - export TEST_CMAKE_CONSUMER="$(cat "${HOME}/old-cmake-path.txt")" - if [[ '${{ matrix.image }}' = *'macos'* ]]; then + export TEST_CMAKE_CONSUMER; TEST_CMAKE_CONSUMER="$(cat ~/old-cmake-path.txt)" + if [[ "${MATRIX_IMAGE}" = *'macos'* ]]; then export CFLAGS='-arch arm64' export TEST_CMAKE_FLAGS='-DCURL_USE_LIBPSL=OFF' # auto-detection does not work with old-cmake fi - if [[ '${{ matrix.image }}' = *'windows'* ]]; then + if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then export TEST_CMAKE_GENERATOR='MSYS Makefiles' export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DOPENSSL_ROOT_DIR=C:/msys64/mingw64' fi - ./tests/cmake/test.sh find_package ${TESTOPTS} -DCURL_USE_OPENSSL=ON ${options} + ./tests/cmake/test.sh find_package ${TESTOPTS} -DCURL_USE_OPENSSL=ON diff --git a/.github/workflows/hacktoberfest-accepted.yml b/.github/workflows/hacktoberfest-accepted.yml index 6b07f0be02..e01338b222 100644 --- a/.github/workflows/hacktoberfest-accepted.yml +++ b/.github/workflows/hacktoberfest-accepted.yml @@ -40,8 +40,11 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Search relevant commit message lines starting with Closes/Merges + env: + GITHUB_EVENT_BEFORE: '${{ github.event.before }}' + GITHUB_EVENT_AFTER: '${{ github.event.after }}' run: | - git log --format=email '${{ github.event.before }}..${{ github.event.after }}' | \ + git log --format=email "${GITHUB_EVENT_BEFORE}..${GITHUB_EVENT_AFTER}" | \ grep -Ei '^Close[sd]? ' | sort | uniq | tee log if: steps.check.outputs.label == 'hacktoberfest' diff --git a/.github/workflows/http3-linux.yml b/.github/workflows/http3-linux.yml index b971c1bae9..3950579d60 100644 --- a/.github/workflows/http3-linux.yml +++ b/.github/workflows/http3-linux.yml @@ -40,21 +40,21 @@ env: MAKEFLAGS: -j 5 CURL_CI: github # handled in renovate.json - openssl-version: 3.5.0 + OPENSSL_VERSION: 3.5.0 # handled in renovate.json - quictls-version: 3.3.0 + QUICTLS_VERSION: 3.3.0 # renovate: datasource=github-tags depName=gnutls/gnutls versioning=semver registryUrl=https://github.com - gnutls-version: 3.8.9 + GNUTLS_VERSION: 3.8.9 # renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com - wolfssl-version: 5.8.0 + WOLFSSL_VERSION: 5.8.0 # renovate: datasource=github-tags depName=ngtcp2/nghttp3 versioning=semver registryUrl=https://github.com - nghttp3-version: 1.10.1 + NGHTTP3_VERSION: 1.10.1 # renovate: datasource=github-tags depName=ngtcp2/ngtcp2 versioning=semver registryUrl=https://github.com - ngtcp2-version: 1.13.0 + NGTCP2_VERSION: 1.13.0 # renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com - nghttp2-version: 1.65.0 + NGHTTP2_VERSION: 1.65.0 # renovate: datasource=github-tags depName=cloudflare/quiche versioning=semver registryUrl=https://github.com - quiche-version: 0.23.5 + QUICHE_VERSION: 0.23.5 jobs: build-cache: @@ -68,7 +68,7 @@ jobs: cache-name: cache-openssl-http3 with: path: ~/openssl/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.openssl-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }} - name: 'cache quictls' uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 @@ -77,7 +77,7 @@ jobs: cache-name: cache-quictls-no-deprecated with: path: ~/quictls/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quictls-version }}-quic1 + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.QUICTLS_VERSION }}-quic1 - name: 'cache gnutls' uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 @@ -86,7 +86,7 @@ jobs: cache-name: cache-gnutls with: path: ~/gnutls/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.gnutls-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.GNUTLS_VERSION }} - name: 'cache wolfssl' uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 @@ -95,7 +95,7 @@ jobs: cache-name: cache-wolfssl with: path: ~/wolfssl/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.wolfssl-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }} - name: 'cache nghttp3' uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 @@ -104,7 +104,7 @@ jobs: cache-name: cache-nghttp3 with: path: ~/nghttp3/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp3-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP3_VERSION }} - name: 'cache ngtcp2' uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 @@ -113,7 +113,7 @@ jobs: cache-name: cache-ngtcp2 with: path: ~/ngtcp2/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.ngtcp2-version }}-${{ env.openssl-version }}-${{ env.quictls-version }}-${{ env.gnutls-version }}-${{ env.wolfssl-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }} - name: 'cache nghttp2' uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 @@ -122,7 +122,7 @@ jobs: cache-name: cache-nghttp2 with: path: ~/nghttp2/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp2-version }}-${{ env.quictls-version }}-${{ env.ngtcp2-version }}-${{ env.nghttp3-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.NGTCP2_VERSION }}-${{ env.NGHTTP3_VERSION }} - id: settings if: | @@ -149,37 +149,37 @@ jobs: libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \ texinfo texlive texlive-extra-utils autopoint libev-dev \ apache2 apache2-dev libnghttp2-dev - echo 'CC=gcc-12' >> $GITHUB_ENV - echo 'CXX=g++-12' >> $GITHUB_ENV + echo 'CC=gcc-12' >> "$GITHUB_ENV" + echo 'CXX=g++-12' >> "$GITHUB_ENV" - name: 'build openssl' if: steps.cache-openssl-http3.outputs.cache-hit != 'true' run: | - cd $HOME - git clone --quiet --depth=1 -b openssl-${{ env.openssl-version }} https://github.com/openssl/openssl + cd ~ + git clone --quiet --depth=1 -b "openssl-${OPENSSL_VERSION}" https://github.com/openssl/openssl cd openssl - ./config --prefix=$PWD/build --libdir=lib no-makedepend no-apps no-docs no-tests + ./config --prefix="$PWD"/build --libdir=lib no-makedepend no-apps no-docs no-tests make make -j1 install_sw - name: 'build quictls' if: steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' run: | - cd $HOME - git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }}-quic1 https://github.com/quictls/openssl quictls + cd ~ + git clone --quiet --depth=1 -b "openssl-${QUICTLS_VERSION}-quic1" https://github.com/quictls/openssl quictls cd quictls - ./config no-deprecated --prefix=$PWD/build --libdir=lib no-makedepend no-apps no-docs no-tests + ./config no-deprecated --prefix="$PWD"/build --libdir=lib no-makedepend no-apps no-docs no-tests make make -j1 install_sw - name: 'build gnutls' if: steps.cache-gnutls.outputs.cache-hit != 'true' run: | - cd $HOME - git clone --quiet --depth=1 -b ${{ env.gnutls-version }} https://github.com/gnutls/gnutls.git + cd ~ + git clone --quiet --depth=1 -b "${GNUTLS_VERSION}" https://github.com/gnutls/gnutls.git cd gnutls ./bootstrap - ./configure --disable-dependency-tracking --prefix=$PWD/build \ + ./configure --disable-dependency-tracking --prefix="$PWD"/build \ LDFLAGS="-Wl,-rpath,$PWD/build/lib -L$PWD/build/lib" \ --with-included-libtasn1 --with-included-unistring \ --disable-guile --disable-doc --disable-tests --disable-tools @@ -189,26 +189,24 @@ jobs: - name: 'build wolfssl' if: steps.cache-wolfssl.outputs.cache-hit != 'true' run: | - cd $HOME - git clone --quiet --depth=1 -b v${{ env.wolfssl-version }}-stable https://github.com/wolfSSL/wolfssl.git + cd ~ + git clone --quiet --depth=1 -b "v${WOLFSSL_VERSION}-stable" https://github.com/wolfSSL/wolfssl.git cd wolfssl ./autogen.sh ./configure --disable-dependency-tracking --enable-all --enable-quic \ - --disable-benchmark --disable-crypttests --disable-examples --prefix=$PWD/build + --disable-benchmark --disable-crypttests --disable-examples --prefix="$PWD"/build make make install - name: 'build nghttp3' if: steps.cache-nghttp3.outputs.cache-hit != 'true' run: | - cd $HOME - git clone --quiet --depth=1 -b v${{ env.nghttp3-version }} https://github.com/ngtcp2/nghttp3 + cd ~ + git clone --quiet --depth=1 -b "v${NGHTTP3_VERSION}" https://github.com/ngtcp2/nghttp3 cd nghttp3 git submodule update --init --depth=1 autoreconf -fi - ./configure --disable-dependency-tracking --prefix=$PWD/build \ - PKG_CONFIG_PATH="$PWD/build/lib/pkgconfig" \ - --enable-lib-only + ./configure --disable-dependency-tracking --prefix="$PWD"/build --enable-lib-only make make install @@ -216,30 +214,30 @@ jobs: if: steps.cache-ngtcp2.outputs.cache-hit != 'true' # building twice to get crypto libs for ossl and quictls installed run: | - cd $HOME - git clone --quiet --depth=1 -b v${{ env.ngtcp2-version }} https://github.com/ngtcp2/ngtcp2 + cd ~ + git clone --quiet --depth=1 -b "v${NGTCP2_VERSION}" https://github.com/ngtcp2/ngtcp2 cd ngtcp2 autoreconf -fi - ./configure --disable-dependency-tracking --prefix=$PWD/build \ - PKG_CONFIG_PATH="$HOME/quictls/build/lib/pkgconfig" --enable-lib-only --with-quictls + ./configure --disable-dependency-tracking --prefix="$PWD"/build \ + PKG_CONFIG_PATH=/home/runner/quictls/build/lib/pkgconfig --enable-lib-only --with-quictls make install make clean - ./configure --disable-dependency-tracking --prefix=$PWD/build \ - PKG_CONFIG_PATH="$HOME/openssl/build/lib/pkgconfig:$HOME/gnutls/build/lib/pkgconfig:$HOME/wolfssl/build/lib/pkgconfig" \ + ./configure --disable-dependency-tracking --prefix="$PWD"/build \ + PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/wolfssl/build/lib/pkgconfig \ --enable-lib-only --with-openssl --with-gnutls --with-wolfssl make install - name: 'build nghttp2' if: steps.cache-nghttp2.outputs.cache-hit != 'true' run: | - cd $HOME - git clone --quiet --depth=1 -b v${{ env.nghttp2-version }} https://github.com/nghttp2/nghttp2 + cd ~ + git clone --quiet --depth=1 -b "v${NGHTTP2_VERSION}" https://github.com/nghttp2/nghttp2 cd nghttp2 git submodule update --init --depth=1 autoreconf -fi - ./configure --disable-dependency-tracking --prefix=$PWD/build \ - PKG_CONFIG_PATH="$HOME/quictls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig" \ - LDFLAGS="-Wl,-rpath,$HOME/quictls/build/lib" \ + ./configure --disable-dependency-tracking --prefix="$PWD"/build \ + PKG_CONFIG_PATH=/home/runner/quictls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig \ + LDFLAGS=-Wl,-rpath,/home/runner/quictls/build/lib \ --enable-http3 make install @@ -249,83 +247,85 @@ jobs: - build-cache runs-on: 'ubuntu-latest' timeout-minutes: 45 + env: + MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }} strategy: fail-fast: false matrix: build: - name: openssl - PKG_CONFIG_PATH: '$HOME/openssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig' + PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig configure: >- - LDFLAGS="-Wl,-rpath,$HOME/openssl/build/lib" - --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug --disable-ntlm - --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" - --with-openssl=$HOME/openssl/build --enable-ssls-export + LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib + --with-ngtcp2=/home/runner/ngtcp2/build --enable-warnings --enable-werror --enable-debug --disable-ntlm + --with-test-nghttpx=/home/runner/nghttp2/build/bin/nghttpx + --with-openssl=/home/runner/openssl/build --enable-ssls-export --with-libuv - name: quictls - PKG_CONFIG_PATH: '$HOME/quictls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig' + PKG_CONFIG_PATH: /home/runner/quictls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig configure: >- - LDFLAGS="-Wl,-rpath,$HOME/quictls/build/lib" - --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug --disable-ntlm - --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" - --with-openssl=$HOME/quictls/build --enable-ssls-export + LDFLAGS=-Wl,-rpath,/home/runner/quictls/build/lib + --with-ngtcp2=/home/runner/ngtcp2/build --enable-warnings --enable-werror --enable-debug --disable-ntlm + --with-test-nghttpx=/home/runner/nghttp2/build/bin/nghttpx + --with-openssl=/home/runner/quictls/build --enable-ssls-export --with-libuv - name: gnutls - PKG_CONFIG_PATH: '$HOME/gnutls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig' + PKG_CONFIG_PATH: /home/runner/gnutls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig configure: >- - LDFLAGS="-Wl,-rpath,$HOME/gnutls/build/lib" - --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug - --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" - --with-gnutls=$HOME/gnutls/build --enable-ssls-export + LDFLAGS=-Wl,-rpath,/home/runner/gnutls/build/lib + --with-ngtcp2=/home/runner/ngtcp2/build --enable-warnings --enable-werror --enable-debug + --with-test-nghttpx=/home/runner/nghttp2/build/bin/nghttpx + --with-gnutls=/home/runner/gnutls/build --enable-ssls-export --with-libuv - name: wolfssl - PKG_CONFIG_PATH: '$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig' + PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig configure: >- - LDFLAGS="-Wl,-rpath,$HOME/wolfssl/build/lib" - --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug - --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" - --with-wolfssl=$HOME/wolfssl/build + LDFLAGS=-Wl,-rpath,/home/runner/wolfssl/build/lib + --with-ngtcp2=/home/runner/ngtcp2/build --enable-warnings --enable-werror --enable-debug + --with-test-nghttpx=/home/runner/nghttp2/build/bin/nghttpx + --with-wolfssl=/home/runner/wolfssl/build --enable-ech --enable-ssls-export --with-libuv - name: wolfssl - PKG_CONFIG_PATH: '$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig' + PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig generate: >- -DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON -DENABLE_DEBUG=ON - -DTEST_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx" - -DHTTPD_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx" + -DTEST_NGHTTPX=/home/runner/nghttp2/build/bin/nghttpx + -DHTTPD_NGHTTPX=/home/runner/nghttp2/build/bin/nghttpx -DUSE_ECH=ON -DCURL_USE_LIBUV=ON - name: openssl-quic - PKG_CONFIG_PATH: '$HOME/openssl/build/lib/pkgconfig' + PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig configure: >- - LDFLAGS="-Wl,-rpath,$HOME/openssl/build/lib" + LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib --enable-warnings --enable-werror --enable-debug --disable-ntlm - --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" - --with-openssl=$HOME/openssl/build --with-openssl-quic - --with-nghttp3=$HOME/nghttp3/build + --with-test-nghttpx=/home/runner/nghttp2/build/bin/nghttpx + --with-openssl=/home/runner/openssl/build --with-openssl-quic + --with-nghttp3=/home/runner/nghttp3/build --with-libuv - name: quiche configure: >- - LDFLAGS="-Wl,-rpath,$HOME/quiche/target/release" - --with-openssl=$HOME/quiche/quiche/deps/boringssl/src + LDFLAGS=-Wl,-rpath,/home/runner/quiche/target/release + --with-openssl=/home/runner/quiche/quiche/deps/boringssl/src --enable-warnings --enable-werror --enable-debug - --with-quiche=$HOME/quiche/target/release - --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" + --with-quiche=/home/runner/quiche/target/release + --with-test-nghttpx=/home/runner/nghttp2/build/bin/nghttpx --with-ca-fallback --with-libuv - name: quiche - PKG_CONFIG_PATH: '$HOME/quiche/target/release' + PKG_CONFIG_PATH: /home/runner/quiche/target/release generate: >- - -DOPENSSL_ROOT_DIR=$HOME/quiche/quiche/deps/boringssl/src -DENABLE_DEBUG=ON + -DOPENSSL_ROOT_DIR=/home/runner/quiche/quiche/deps/boringssl/src -DENABLE_DEBUG=ON -DUSE_QUICHE=ON - -DTEST_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx" - -DHTTPD_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx" + -DTEST_NGHTTPX=/home/runner/nghttp2/build/bin/nghttpx + -DHTTPD_NGHTTPX=/home/runner/nghttp2/build/bin/nghttpx -DCURL_CA_FALLBACK=ON -DCURL_USE_LIBUV=ON @@ -342,9 +342,9 @@ jobs: libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \ texinfo texlive texlive-extra-utils autopoint libev-dev libuv1-dev \ apache2 apache2-dev libnghttp2-dev vsftpd - python3 -m venv $HOME/venv - echo 'CC=gcc-12' >> $GITHUB_ENV - echo 'CXX=g++-12' >> $GITHUB_ENV + python3 -m venv ~/venv + echo 'CC=gcc-12' >> "$GITHUB_ENV" + echo 'CXX=g++-12' >> "$GITHUB_ENV" - name: 'cache openssl' if: matrix.build.name == 'openssl' || matrix.build.name == 'openssl-quic' @@ -354,7 +354,7 @@ jobs: cache-name: cache-openssl-http3 with: path: ~/openssl/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.openssl-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }} fail-on-cache-miss: true - name: 'cache quictls' @@ -364,7 +364,7 @@ jobs: cache-name: cache-quictls-no-deprecated with: path: ~/quictls/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quictls-version }}-quic1 + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.QUICTLS_VERSION }}-quic1 fail-on-cache-miss: true - name: 'cache gnutls' @@ -375,7 +375,7 @@ jobs: cache-name: cache-gnutls with: path: ~/gnutls/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.gnutls-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.GNUTLS_VERSION }} fail-on-cache-miss: true - name: 'cache wolfssl' @@ -386,7 +386,7 @@ jobs: cache-name: cache-wolfssl with: path: ~/wolfssl/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.wolfssl-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }} fail-on-cache-miss: true - name: 'cache nghttp3' @@ -396,7 +396,7 @@ jobs: cache-name: cache-nghttp3 with: path: ~/nghttp3/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp3-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP3_VERSION }} fail-on-cache-miss: true - name: 'cache ngtcp2' @@ -406,7 +406,7 @@ jobs: cache-name: cache-ngtcp2 with: path: ~/ngtcp2/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.ngtcp2-version }}-${{ env.openssl-version }}-${{ env.quictls-version }}-${{ env.gnutls-version }}-${{ env.wolfssl-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }} fail-on-cache-miss: true - name: 'cache nghttp2' @@ -416,7 +416,7 @@ jobs: cache-name: cache-nghttp2 with: path: ~/nghttp2/build - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp2-version }}-${{ env.quictls-version }}-${{ env.ngtcp2-version }}-${{ env.nghttp3-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.NGTCP2_VERSION }}-${{ env.NGHTTP3_VERSION }} fail-on-cache-miss: true - name: 'cache quiche' @@ -427,13 +427,13 @@ jobs: cache-name: cache-quiche with: path: ~/quiche - key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quiche-version }} + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.QUICHE_VERSION }} - name: 'build quiche and boringssl' if: matrix.build.name == 'quiche' && steps.cache-quiche.outputs.cache-hit != 'true' run: | - cd $HOME - git clone --quiet --depth=1 -b ${{ env.quiche-version }} --recursive https://github.com/cloudflare/quiche.git + cd ~ + git clone --quiet --depth=1 -b "${QUICHE_VERSION}" --recursive https://github.com/cloudflare/quiche.git cd quiche #### Work-around https://github.com/curl/curl/issues/7927 ####### #### See https://github.com/alexcrichton/cmake-rs/issues/131 #### @@ -442,12 +442,13 @@ jobs: cargo build -v --package quiche --release --features ffi,pkg-config-meta,qlog --verbose ln -s libquiche.so target/release/libquiche.so.0 mkdir -v quiche/deps/boringssl/src/lib + # shellcheck disable=SC2046 ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/ # include dir - # $HOME/quiche/quiche/deps/boringssl/src/include + # /home/runner/quiche/quiche/deps/boringssl/src/include # lib dir - # $HOME/quiche/quiche/deps/boringssl/src/lib + # /home/runner/quiche/quiche/deps/boringssl/src/lib - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: @@ -458,19 +459,21 @@ jobs: run: autoreconf -fi - name: 'configure' + env: + MATRIX_CONFIGURE: '${{ matrix.build.configure }}' + MATRIX_GENERATE: '${{ matrix.build.generate }}' + MATRIX_PKG_CONFIG_PATH: '${{ matrix.build.PKG_CONFIG_PATH }}' run: | - if [ -n '${{ matrix.build.PKG_CONFIG_PATH }}' ]; then - export PKG_CONFIG_PATH="${{ matrix.build.PKG_CONFIG_PATH }}" - fi - if [ -n '${{ matrix.build.generate }}' ]; then + [ -n "${MATRIX_PKG_CONFIG_PATH}" ] && export PKG_CONFIG_PATH="${MATRIX_PKG_CONFIG_PATH}" + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake -B bld -G Ninja \ - -DCMAKE_C_COMPILER_TARGET=$(uname -m)-pc-linux-gnu -DBUILD_STATIC_LIBS=ON \ + -DCMAKE_C_COMPILER_TARGET="$(uname -m)-pc-linux-gnu" -DBUILD_STATIC_LIBS=ON \ -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON -DCURL_WERROR=ON \ - ${{ matrix.build.generate }} + ${MATRIX_GENERATE} else mkdir bld && cd bld && ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ --disable-dependency-tracking \ - ${{ matrix.build.configure }} + ${MATRIX_CONFIGURE} fi - name: 'configure log' @@ -487,7 +490,7 @@ jobs: - name: 'build' run: | - if [ -n '${{ matrix.build.generate }}' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose else make -C bld V=1 @@ -498,7 +501,7 @@ jobs: - name: 'build tests' run: | - if [ -n '${{ matrix.build.generate }}' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose --target testdeps else make -C bld V=1 -C tests @@ -506,15 +509,15 @@ jobs: - name: 'install test prereqs' run: | - source $HOME/venv/bin/activate + source ~/venv/bin/activate python3 -m pip install -r tests/requirements.txt - name: 'run tests' env: TFLAGS: '${{ matrix.build.tflags }}' run: | - source $HOME/venv/bin/activate - if [ -n '${{ matrix.build.generate }}' ]; then + source ~/venv/bin/activate + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose --target test-ci else make -C bld V=1 test-ci @@ -522,7 +525,7 @@ jobs: - name: 'install pytest prereqs' run: | - source $HOME/venv/bin/activate + source ~/venv/bin/activate python3 -m pip install -r tests/http/requirements.txt - name: 'run pytest event based' @@ -531,8 +534,8 @@ jobs: PYTEST_ADDOPTS: '--color=yes' PYTEST_XDIST_AUTO_NUM_WORKERS: 4 run: | - source $HOME/venv/bin/activate - if [ -n '${{ matrix.build.generate }}' ]; then + source ~/venv/bin/activate + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose --target curl-pytest-ci else make -C bld V=1 pytest-ci @@ -540,7 +543,7 @@ jobs: - name: 'build examples' run: | - if [ -n '${{ matrix.build.generate }}' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose --target curl-examples else make -C bld V=1 examples diff --git a/.github/workflows/linux-old.yml b/.github/workflows/linux-old.yml index 6d7c6a8b39..bc33b4a0d4 100644 --- a/.github/workflows/linux-old.yml +++ b/.github/workflows/linux-old.yml @@ -130,7 +130,7 @@ jobs: cd bld-am ../configure --disable-dependency-tracking --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ --with-openssl --enable-ares --with-libssh2 --with-zstd --with-gssapi --with-librtmp \ - --prefix="$PWD"/../install-am + --prefix="$PWD"/../curl-install-am - name: 'autoconf curl_config.h' run: | diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 34460ba163..be94941bfa 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -40,25 +40,25 @@ env: CURL_CI: github CURL_CLANG_TIDYFLAGS: '-checks=-clang-analyzer-security.insecureAPI.strcpy,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-valist.Uninitialized' # unhandled - bearssl-version: 0.6 + BEARSSL_VERSION: 0.6 # renovate: datasource=github-tags depName=libressl-portable/portable versioning=semver registryUrl=https://github.com - libressl-version: 4.1.0 + LIBRESSL_VERSION: 4.1.0 # renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com - wolfssl-version: 5.8.0 + WOLFSSL_VERSION: 5.8.0 # renovate: datasource=github-tags depName=wolfSSL/wolfssh versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com - wolfssh-version: 1.4.19 + WOLFSSH_VERSION: 1.4.19 # renovate: datasource=github-tags depName=Mbed-TLS/mbedtls versioning=semver registryUrl=https://github.com - mbedtls-version: 3.6.3 + MBEDTLS_VERSION: 3.6.3 # renovate: datasource=github-tags depName=nibanks/msh3 versioning=semver registryUrl=https://github.com - msh3-version: 0.6.0 + MSH3_VERSION: 0.6.0 # renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com - awslc-version: 1.52.0 + AWSLC_VERSION: 1.52.0 # handled in renovate.json - openssl-version: 3.5.0 + OPENSSL_VERSION: 3.5.0 # handled in renovate.json - quictls-version: 3.3.0 + QUICTLS_VERSION: 3.3.0 # renovate: datasource=github-tags depName=rustls/rustls-ffi versioning=semver registryUrl=https://github.com - rustls-version: 0.15.0 + RUSTLS_VERSION: 0.15.0 jobs: linux: @@ -66,6 +66,11 @@ jobs: runs-on: ${{ matrix.build.image || 'ubuntu-latest' }} container: ${{ matrix.build.container }} timeout-minutes: 45 + env: + MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }} + MATRIX_INSTALL_PACKAGES: '${{ matrix.build.install_packages }}' + MATRIX_INSTALL_STEPS: '${{ matrix.build.install_steps }}' + MATRIX_MAKE_PREFIX: '${{ matrix.build.make-prefix }}' strategy: fail-fast: false matrix: @@ -73,52 +78,52 @@ jobs: - name: bearssl install_packages: zlib1g-dev install_steps: bearssl pytest - configure: LDFLAGS="-Wl,-rpath,$HOME/bearssl/lib" --with-bearssl=$HOME/bearssl --enable-debug + configure: LDFLAGS=-Wl,-rpath,/home/runner/bearssl/lib --with-bearssl=/home/runner/bearssl --enable-debug - name: bearssl clang install_packages: zlib1g-dev clang install_steps: bearssl - configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/bearssl/lib" --with-bearssl=$HOME/bearssl --enable-debug + configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/bearssl/lib --with-bearssl=/home/runner/bearssl --enable-debug - name: libressl heimdal install_packages: zlib1g-dev libnghttp2-dev libldap-dev heimdal-dev install_steps: libressl pytest - configure: LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --with-gssapi --enable-debug + configure: LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --with-gssapi --enable-debug - name: libressl heimdal valgrind install_packages: zlib1g-dev libnghttp2-dev libldap-dev heimdal-dev valgrind install_steps: libressl - generate: -DOPENSSL_ROOT_DIR=$HOME/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON + generate: -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON - name: libressl clang install_packages: zlib1g-dev clang install_steps: libressl - configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --enable-debug + configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --enable-debug - name: wolfssl-all install_packages: zlib1g-dev install_steps: wolfssl-all - configure: LDFLAGS="-Wl,-rpath,$HOME/wolfssl-all/lib" --with-wolfssl=$HOME/wolfssl-all --enable-ech --enable-debug + configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-all/lib --with-wolfssl=/home/runner/wolfssl-all --enable-ech --enable-debug - name: wolfssl-opensslextra valgrind install_packages: zlib1g-dev valgrind install_steps: wolfssl-opensslextra wolfssh - configure: LDFLAGS="-Wl,-rpath,$HOME/wolfssl-opensslextra/lib" --with-wolfssl=$HOME/wolfssl-opensslextra --with-wolfssh=$HOME/wolfssh --enable-ech --enable-debug + configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --with-wolfssh=/home/runner/wolfssh --enable-ech --enable-debug - name: mbedtls valgrind install_packages: libnghttp2-dev libldap-dev valgrind install_steps: mbedtls - configure: LDFLAGS="-Wl,-rpath,$HOME/mbedtls/lib" --with-mbedtls=$HOME/mbedtls --enable-debug + configure: LDFLAGS=-Wl,-rpath,/home/runner/mbedtls/lib --with-mbedtls=/home/runner/mbedtls --enable-debug - name: mbedtls clang install_packages: libnghttp2-dev libldap-dev clang install_steps: mbedtls pytest - configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/mbedtls/lib" --with-mbedtls=$HOME/mbedtls --enable-debug + configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/mbedtls/lib --with-mbedtls=/home/runner/mbedtls --enable-debug - name: mbedtls install_packages: libnghttp2-dev install_steps: mbedtls - PKG_CONFIG_PATH: '$HOME/mbedtls/lib/pkgconfig' # Requires v3.6.0 or v2.28.8 + PKG_CONFIG_PATH: /home/runner/mbedtls/lib/pkgconfig # Requires v3.6.0 or v2.28.8 generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON - name: mbedtls-pkg @@ -133,23 +138,24 @@ jobs: - name: msh3 install_packages: zlib1g-dev install_steps: quictls msh3 - configure: LDFLAGS="-Wl,-rpath,$HOME/msh3/lib -Wl,-rpath,$HOME/quictls/lib" --with-msh3=$HOME/msh3 --with-openssl=$HOME/quictls --enable-debug + LDFLAGS: -Wl,-rpath,/home/runner/msh3/lib -Wl,-rpath,/home/runner/quictls/lib + configure: --with-msh3=/home/runner/msh3 --with-openssl=/home/runner/quictls --enable-debug - name: msh3 install_packages: zlib1g-dev install_steps: quictls msh3 skipall - PKG_CONFIG_PATH: '$HOME/msh3/lib/pkgconfig' # Broken as of v0.6.0 - generate: -DOPENSSL_ROOT_DIR=$HOME/quictls -DUSE_MSH3=ON -DMSH3_INCLUDE_DIR=$HOME/msh3/include -DMSH3_LIBRARY=$HOME/msh3/lib/libmsh3.so -DENABLE_DEBUG=ON + PKG_CONFIG_PATH: /home/runner/msh3/lib/pkgconfig # Broken as of v0.6.0 + generate: -DOPENSSL_ROOT_DIR=/home/runner/quictls -DUSE_MSH3=ON -DMSH3_INCLUDE_DIR=/home/runner/msh3/include -DMSH3_LIBRARY=/home/runner/msh3/lib/libmsh3.so -DENABLE_DEBUG=ON - name: awslc install_packages: zlib1g-dev install_steps: awslc pytest - configure: LDFLAGS="-Wl,-rpath,$HOME/awslc/lib" --with-openssl=$HOME/awslc --enable-ech + configure: LDFLAGS=-Wl,-rpath,/home/runner/awslc/lib --with-openssl=/home/runner/awslc --enable-ech - name: awslc install_packages: zlib1g-dev install_steps: awslc - generate: -DOPENSSL_ROOT_DIR=$HOME/awslc -DUSE_ECH=ON -DCMAKE_UNITY_BUILD=OFF + generate: -DOPENSSL_ROOT_DIR=/home/runner/awslc -DUSE_ECH=ON -DCMAKE_UNITY_BUILD=OFF - name: openssl default install_steps: pytest @@ -223,44 +229,39 @@ jobs: - name: clang-tidy install_packages: clang-tidy zlib1g-dev libssl-dev libkrb5-dev install_steps: skipall wolfssl-opensslextra wolfssh - configure: LDFLAGS="-Wl,-rpath,$HOME/wolfssl-opensslextra/lib" --with-wolfssl=$HOME/wolfssl-opensslextra --with-wolfssh=$HOME/wolfssh --with-openssl --enable-ech --with-gssapi --enable-ssls-export + configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --with-wolfssh=/home/runner/wolfssh --with-openssl --enable-ech --with-gssapi --enable-ssls-export make-custom-target: tidy - name: scanbuild install_packages: clang-tools clang libssl-dev libssh2-1-dev install_steps: skipall configure: --with-openssl --enable-debug --with-libssh2 --disable-unity - configure-prefix: CC=clang scan-build + CC: clang + configure-prefix: scan-build make-prefix: scan-build --status-bugs - name: address-sanitizer install_packages: zlib1g-dev libssh2-1-dev clang libssl-dev libubsan1 libasan8 libtsan2 install_steps: pytest randcurl - configure: >- - CC=clang - CFLAGS="-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g" - LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer" - LIBS="-ldl -lubsan" - --with-openssl --enable-debug + CFLAGS: -fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g + LDFLAGS: -fsanitize=address,undefined -fno-sanitize-recover=undefined,integer + LIBS: -ldl -lubsan + configure: CC=clang --with-openssl --enable-debug - name: thread-sanitizer install_packages: zlib1g-dev clang libtsan2 install_steps: pytest openssl-tsan - configure: >- - CC=clang - CFLAGS="-fsanitize=thread -g" - LDFLAGS="-fsanitize=thread -Wl,-rpath,$HOME/openssl/lib" - --with-openssl=$HOME/openssl --enable-debug + CFLAGS: -fsanitize=thread -g + LDFLAGS: -fsanitize=thread -Wl,-rpath,/home/runner/openssl/lib + configure: CC=clang --with-openssl=/home/runner/openssl --enable-debug - name: memory-sanitizer install_packages: clang install_steps: randcurl - configure: >- - CC=clang - CFLAGS="-fsanitize=memory -Wformat -Werror=format-security -Werror=array-bounds -g" - LDFLAGS="-fsanitize=memory" - LIBS="-ldl" - --without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug + CFLAGS: -fsanitize=memory -Wformat -Werror=format-security -Werror=array-bounds -g + LDFLAGS: -fsanitize=memory + LIBS: -ldl + configure: CC=clang --without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug - name: event-based install_packages: libssh-dev @@ -305,18 +306,21 @@ jobs: steps: - name: 'install prereqs' if: matrix.build.container == null && !contains(matrix.build.name, 'i686') - # zizmor: ignore[template-injection] + env: + INSTALL_PACKAGES: >- + ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'stunnel4' || '' }} + ${{ contains(matrix.build.install_steps, 'pytest') && 'apache2 apache2-dev libnghttp2-dev vsftpd' || '' }} + run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list sudo apt-get -o Dpkg::Use-Pty=0 update sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install \ libtool autoconf automake pkgconf \ - ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'stunnel4' || '' }} \ libpsl-dev libbrotli-dev libzstd-dev \ - ${{ matrix.build.install_packages }} \ - ${{ contains(matrix.build.install_steps, 'pytest') && 'apache2 apache2-dev libnghttp2-dev vsftpd' || '' }} - python3 -m venv $HOME/venv + ${INSTALL_PACKAGES} \ + ${MATRIX_INSTALL_PACKAGES} + python3 -m venv ~/venv - name: 'install prereqs' if: contains(matrix.build.name, 'i686') @@ -328,8 +332,8 @@ jobs: sudo apt-get -o Dpkg::Use-Pty=0 install \ libtool autoconf automake pkgconf stunnel4 \ libpsl-dev:i386 libbrotli-dev:i386 libzstd-dev:i386 \ - ${{ matrix.build.install_packages }} - python3 -m venv $HOME/venv + ${MATRIX_INSTALL_PACKAGES} + python3 -m venv ~/venv - name: 'install dependencies' if: startsWith(matrix.build.container, 'alpine') @@ -348,19 +352,18 @@ jobs: cache-name: cache-bearssl with: path: ~/bearssl - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.bearssl-version }} + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.BEARSSL_VERSION }} - name: 'build bearssl' if: contains(matrix.build.install_steps, 'bearssl') && steps.cache-bearssl.outputs.cache-hit != 'true' run: | curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \ - https://bearssl.org/bearssl-${{ env.bearssl-version }}.tar.gz - tar -xzf bearssl-${{ env.bearssl-version }}.tar.gz - cd bearssl-${{ env.bearssl-version }} + "https://bearssl.org/bearssl-${BEARSSL_VERSION}.tar.gz" | tar -xz + cd "bearssl-${BEARSSL_VERSION}" make - mkdir -p $HOME/bearssl/lib $HOME/bearssl/include - cp inc/*.h $HOME/bearssl/include - cp build/libbearssl.* $HOME/bearssl/lib + mkdir -p ~/bearssl/lib ~/bearssl/include + cp inc/*.h ~/bearssl/include + cp build/libbearssl.* ~/bearssl/lib - name: 'cache libressl' if: contains(matrix.build.install_steps, 'libressl') @@ -370,16 +373,15 @@ jobs: cache-name: cache-libressl with: path: ~/libressl - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.libressl-version }} + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }} - name: 'build libressl' if: contains(matrix.build.install_steps, 'libressl') && steps.cache-libressl.outputs.cache-hit != 'true' run: | curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \ - https://github.com/libressl/portable/releases/download/v${{ env.libressl-version }}/libressl-${{ env.libressl-version }}.tar.gz - tar -xzf libressl-${{ env.libressl-version }}.tar.gz - cd libressl-${{ env.libressl-version }} - ./configure --disable-dependency-tracking --prefix=$HOME/libressl + "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" | tar -xz + cd "libressl-${LIBRESSL_VERSION}" + ./configure --disable-dependency-tracking --prefix=/home/runner/libressl make install - name: 'cache wolfssl (all)' @@ -390,18 +392,17 @@ jobs: cache-name: cache-wolfssl-all with: path: ~/wolfssl-all - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.wolfssl-version }} + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }} - name: 'build wolfssl (all)' # does not support `OPENSSL_COEXIST` if: contains(matrix.build.install_steps, 'wolfssl-all') && steps.cache-wolfssl-all.outputs.cache-hit != 'true' run: | curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \ - https://github.com/wolfSSL/wolfssl/archive/v${{ env.wolfssl-version }}-stable.tar.gz - tar -xzf v${{ env.wolfssl-version }}-stable.tar.gz - cd wolfssl-${{ env.wolfssl-version }}-stable + "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" | tar -xz + cd "wolfssl-${WOLFSSL_VERSION}-stable" ./autogen.sh ./configure --disable-dependency-tracking --enable-tls13 --enable-harden --enable-all \ - --disable-benchmark --disable-crypttests --disable-examples --prefix=$HOME/wolfssl-all + --disable-benchmark --disable-crypttests --disable-examples --prefix=/home/runner/wolfssl-all make install - name: 'cache wolfssl (opensslextra)' # does support `OPENSSL_COEXIST` @@ -412,18 +413,17 @@ jobs: cache-name: cache-wolfssl-opensslextra with: path: ~/wolfssl-opensslextra - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.wolfssl-version }} + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }} - name: 'build wolfssl (opensslextra)' if: contains(matrix.build.install_steps, 'wolfssl-opensslextra') && steps.cache-wolfssl-opensslextra.outputs.cache-hit != 'true' run: | curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \ - https://github.com/wolfSSL/wolfssl/archive/v${{ env.wolfssl-version }}-stable.tar.gz - tar -xzf v${{ env.wolfssl-version }}-stable.tar.gz - cd wolfssl-${{ env.wolfssl-version }}-stable + "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" | tar -xz + cd "wolfssl-${WOLFSSL_VERSION}-stable" ./autogen.sh ./configure --disable-dependency-tracking --enable-tls13 --enable-harden --enable-wolfssh --enable-ech --enable-opensslextra \ - --disable-benchmark --disable-crypttests --disable-examples --prefix=$HOME/wolfssl-opensslextra + --disable-benchmark --disable-crypttests --disable-examples --prefix=/home/runner/wolfssl-opensslextra make install - name: 'cache wolfssh' @@ -434,18 +434,17 @@ jobs: cache-name: cache-wolfssh with: path: ~/wolfssh - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.wolfssh-version }}-${{ env.wolfssl-version }} + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSH_VERSION }}-${{ env.WOLFSSL_VERSION }} - name: 'build wolfssh' if: contains(matrix.build.install_steps, 'wolfssh') && steps.cache-wolfssh.outputs.cache-hit != 'true' run: | curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \ - https://github.com/wolfSSL/wolfssh/archive/v${{ env.wolfssh-version }}-stable.tar.gz - tar -xzf v${{ env.wolfssh-version }}-stable.tar.gz - cd wolfssh-${{ env.wolfssh-version }}-stable + "https://github.com/wolfSSL/wolfssh/archive/v${WOLFSSH_VERSION}-stable.tar.gz" | tar -xz + cd "wolfssh-${WOLFSSH_VERSION}-stable" ./autogen.sh - ./configure --disable-dependency-tracking --with-wolfssl=$HOME/wolfssl-opensslextra --enable-scp --enable-sftp --disable-term \ - --disable-examples --prefix=$HOME/wolfssh + ./configure --disable-dependency-tracking --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-scp --enable-sftp --disable-term \ + --disable-examples --prefix=/home/runner/wolfssh make install - name: 'cache mbedtls' @@ -456,18 +455,17 @@ jobs: cache-name: cache-mbedtls-threadsafe with: path: ~/mbedtls - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.mbedtls-version }} + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.MBEDTLS_VERSION }} - name: 'build mbedtls' if: contains(matrix.build.install_steps, 'mbedtls') && steps.cache-mbedtls.outputs.cache-hit != 'true' run: | curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \ - https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${{ env.mbedtls-version }}/mbedtls-${{ env.mbedtls-version }}.tar.bz2 - tar -xjf mbedtls-${{ env.mbedtls-version }}.tar.bz2 - cd mbedtls-${{ env.mbedtls-version }} + "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" | tar -xj + cd "mbedtls-${MBEDTLS_VERSION}" ./scripts/config.py set MBEDTLS_THREADING_C ./scripts/config.py set MBEDTLS_THREADING_PTHREAD - cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=$HOME/mbedtls \ + cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=/home/runner/mbedtls \ -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF cmake --build . cmake --install . @@ -480,14 +478,14 @@ jobs: cache-name: cache-openssl-tsan with: path: ~/openssl - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.openssl-version }} + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }} - name: 'build openssl (thread sanitizer)' if: contains(matrix.build.install_steps, 'openssl-tsan') && steps.cache-openssl-tsan.outputs.cache-hit != 'true' run: | - git clone --quiet --depth=1 -b openssl-${{ env.openssl-version }} https://github.com/openssl/openssl + git clone --quiet --depth=1 -b "openssl-${OPENSSL_VERSION}" https://github.com/openssl/openssl cd openssl - CC="clang" CFLAGS="-fsanitize=thread" LDFLAGS="-fsanitize=thread" ./config --prefix=$HOME/openssl --libdir=lib no-makedepend no-apps no-docs no-tests + CC=clang CFLAGS='-fsanitize=thread' LDFLAGS='-fsanitize=thread' ./config --prefix=/home/runner/openssl --libdir=lib no-makedepend no-apps no-docs no-tests make make -j1 install_sw @@ -499,14 +497,14 @@ jobs: cache-name: cache-quictls with: path: ~/quictls - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.quictls-version }}-quic1 + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.QUICTLS_VERSION }}-quic1 - name: 'build quictls' if: contains(matrix.build.install_steps, 'quictls') && steps.cache-quictls.outputs.cache-hit != 'true' run: | - git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }}-quic1 https://github.com/quictls/openssl + git clone --quiet --depth=1 -b "openssl-${QUICTLS_VERSION}-quic1" https://github.com/quictls/openssl cd openssl - ./config --prefix=$HOME/quictls --libdir=lib no-makedepend no-apps no-docs no-tests + ./config --prefix=/home/runner/quictls --libdir=lib no-makedepend no-apps no-docs no-tests make make -j1 install_sw @@ -518,14 +516,14 @@ jobs: cache-name: cache-msh3 with: path: ~/msh3 - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.msh3-version }} + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.MSH3_VERSION }} - name: 'build msh3' if: contains(matrix.build.install_steps, 'msh3') && steps.cache-msh3.outputs.cache-hit != 'true' run: | - git clone --quiet --depth=1 -b v${{ env.msh3-version }} --recursive https://github.com/nibanks/msh3 + git clone --quiet --depth=1 -b "v${MSH3_VERSION}" --recursive https://github.com/nibanks/msh3 cd msh3 - cmake -B . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=$HOME/msh3 + cmake -B . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=/home/runner/msh3 cmake --build . cmake --install . @@ -537,17 +535,16 @@ jobs: cache-name: cache-awslc with: path: ~/awslc - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.awslc-version }} + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.AWSLC_VERSION }} - name: 'build awslc' if: contains(matrix.build.install_steps, 'awslc') && steps.cache-awslc.outputs.cache-hit != 'true' run: | curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \ - https://github.com/awslabs/aws-lc/archive/refs/tags/v${{ env.awslc-version }}.tar.gz - tar -xzf v${{ env.awslc-version }}.tar.gz - mkdir aws-lc-${{ env.awslc-version }}-build - cd aws-lc-${{ env.awslc-version }}-build - cmake -G Ninja -DCMAKE_INSTALL_PREFIX=$HOME/awslc ../aws-lc-${{ env.awslc-version }} -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF + "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" | tar -xz + mkdir "aws-lc-${AWSLC_VERSION}-build" + cd "aws-lc-${AWSLC_VERSION}-build" + cmake -G Ninja -DCMAKE_INSTALL_PREFIX=/home/runner/awslc "../aws-lc-${AWSLC_VERSION}" -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF cmake --build . cmake --install . @@ -559,21 +556,21 @@ jobs: cache-name: cache-rustls with: path: ~/rustls - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.rustls-version }} + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.RUSTLS_VERSION }} - name: 'fetch rustls deb' if: contains(matrix.build.install_steps, 'rustls') && steps.cache-rustls.outputs.cache-hit != 'true' run: | mkdir -p ~/rustls - curl -L https://github.com/rustls/rustls-ffi/releases/download/v${{ env.rustls-version }}/librustls_${{ env.rustls-version }}_amd64.deb.zip -o ~/rustls/librustls.zip + curl -LsSf --retry 6 --retry-connrefused --max-time 999 \ + "https://github.com/rustls/rustls-ffi/releases/download/v${RUSTLS_VERSION}/librustls_${RUSTLS_VERSION}_amd64.deb.zip" -o ~/rustls/librustls.zip unzip ~/rustls/librustls.zip -d ~/rustls rm ~/rustls/librustls.zip - name: 'build rustls' # Note: we don't check cache-hit here. If the cache is hit, we still need to dpkg install the deb. if: contains(matrix.build.install_steps, 'rustls') - run: | - sudo dpkg -i ~/rustls/librustls_${{ env.rustls-version }}_amd64.deb + run: sudo dpkg -i ~/rustls/"librustls_${RUSTLS_VERSION}_amd64.deb" - name: 'install Intel compilers' if: contains(matrix.build.install_steps, 'intel') @@ -582,7 +579,7 @@ jobs: sudo add-apt-repository "deb https://apt.repos.intel.com/oneapi all main" sudo apt-get -o Dpkg::Use-Pty=0 install intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic source /opt/intel/oneapi/setvars.sh - printenv >> $GITHUB_ENV + printenv >> "$GITHUB_ENV" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: @@ -593,23 +590,30 @@ jobs: run: autoreconf -fi - name: 'configure' + env: + CC: '${{ matrix.build.CC }}' + CFLAGS: '${{ matrix.build.CFLAGS }}' + LDFLAGS: '${{ matrix.build.LDFLAGS }}' + LIBS: '${{ matrix.build.LIBS }}' + MATRIX_CONFIGURE: '${{ matrix.build.configure }}' + MATRIX_CONFIGURE_PREFIX: '${{ matrix.build.configure-prefix }}' + MATRIX_GENERATE: '${{ matrix.build.generate }}' + MATRIX_PKG_CONFIG_PATH: '${{ matrix.build.PKG_CONFIG_PATH }}' run: | - [[ '${{ matrix.build.install_steps }}' = *'awslc'* ]] && sudo apt-get -o Dpkg::Use-Pty=0 purge libssl-dev - if [ -n '${{ matrix.build.PKG_CONFIG_PATH }}' ]; then - export PKG_CONFIG_PATH="${{ matrix.build.PKG_CONFIG_PATH }}" - fi - if [ -n '${{ matrix.build.generate }}' ]; then + [[ "${MATRIX_INSTALL_STEPS}" = *'awslc'* ]] && sudo apt-get -o Dpkg::Use-Pty=0 purge libssl-dev + [ -n "${MATRIX_PKG_CONFIG_PATH}" ] && export PKG_CONFIG_PATH="${MATRIX_PKG_CONFIG_PATH}" + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake -B bld -G Ninja \ - -DCMAKE_INSTALL_PREFIX="$HOME/curl" \ - -DCMAKE_C_COMPILER_TARGET=$(uname -m)-pc-linux-gnu -DBUILD_STATIC_LIBS=ON \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ + -DCMAKE_C_COMPILER_TARGET="$(uname -m)-pc-linux-gnu" -DBUILD_STATIC_LIBS=ON \ -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON -DCURL_WERROR=ON \ - ${{ matrix.build.generate }} + ${MATRIX_GENERATE} else mkdir bld && cd bld && \ - ${{ matrix.build.configure-prefix }} \ + ${MATRIX_CONFIGURE_PREFIX} \ ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ --disable-dependency-tracking \ - ${{ matrix.build.configure }} + ${MATRIX_CONFIGURE} fi - name: 'configure log' @@ -625,23 +629,25 @@ jobs: run: grep -H -v '^#' bld/tests/config bld/tests/http/config.ini || true - name: 'build' + env: + MATRIX_MAKE_CUSTOM_TARGET: '${{ matrix.build.make-custom-target }}' run: | - if [ -n '${{ matrix.build.generate }}' ]; then - ${{ matrix.build.make-prefix }} cmake --build bld --verbose + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + ${MATRIX_MAKE_PREFIX} cmake --build bld --verbose else - ${{ matrix.build.make-prefix }} make -C bld V=1 ${{ matrix.build.make-custom-target }} + ${MATRIX_MAKE_PREFIX} make -C bld V=1 ${MATRIX_MAKE_CUSTOM_TARGET} fi - name: 'single-use function check' if: ${{ contains(matrix.build.configure, '--disable-unity') || contains(matrix.build.generate, '-DCMAKE_UNITY_BUILD=OFF') }} run: | git config --global --add safe.directory "*" - if [ -n '${{ matrix.build.generate }}' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then libcurla=bld/lib/libcurl.a else libcurla=bld/lib/.libs/libcurl.a fi - ./scripts/singleuse.pl --unit ${libcurla} + ./scripts/singleuse.pl --unit "${libcurla}" - name: 'check curl -V output' if: ${{ matrix.build.make-custom-target != 'tidy' }} @@ -654,7 +660,7 @@ jobs: - name: 'build tests' if: ${{ !contains(matrix.build.install_steps, 'skipall') }} run: | - if [ -n '${{ matrix.build.generate }}' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose --target testdeps else make -C bld V=1 -C tests @@ -663,37 +669,38 @@ jobs: - name: 'install test prereqs' if: ${{ !contains(matrix.build.install_steps, 'skipall') && matrix.build.container == null }} run: | - [ -x "$HOME/venv/bin/activate" ] && source $HOME/venv/bin/activate + [ -x ~/venv/bin/activate ] && source ~/venv/bin/activate python3 -m pip install -r tests/requirements.txt - name: 'run tests' if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }} timeout-minutes: ${{ contains(matrix.build.install_packages, 'valgrind') && 30 || 15 }} - # zizmor: ignore[template-injection] + env: + TEST_TARGET: ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} + TFLAGS: '${{ matrix.build.tflags }}' run: | - export TFLAGS='${{ matrix.build.tflags }}' - if [ -z '${{ matrix.build.torture }}' ]; then - if [[ '${{ matrix.build.install_steps }}' = *'wolfssh'* ]]; then + if [ "${TEST_TARGET}" = 'test-ci' ]; then + if [[ "${MATRIX_INSTALL_STEPS}" = *'wolfssh'* ]]; then TFLAGS+=' ~SFTP' # curl: (79) wolfssh SFTP connect error -1051 / WS_MATCH_KEY_ALGO_E / cannot match key algo with peer fi - if [[ '${{ matrix.build.install_packages }}' = *'valgrind'* ]]; then + if [[ "${MATRIX_INSTALL_PACKAGES}" = *'valgrind'* ]]; then TFLAGS+=' -j6' fi - if [[ '${{ matrix.build.install_packages }}' = *'heimdal-dev'* ]]; then + if [[ "${MATRIX_INSTALL_PACKAGES}" = *'heimdal-dev'* ]]; then TFLAGS+=' ~2077 ~2078' # valgrind reporting memory leaks from Curl_auth_decode_spnego_message() -> gss_import_name() fi fi - [ -x "$HOME/venv/bin/activate" ] && source $HOME/venv/bin/activate - if [ -n '${{ matrix.build.generate }}' ]; then - cmake --build bld --verbose --target ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} + [ -x ~/venv/bin/activate ] && source ~/venv/bin/activate + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target "${TEST_TARGET}" else - make -C bld V=1 ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} + make -C bld V=1 "${TEST_TARGET}" fi - name: 'install pytest prereqs' if: contains(matrix.build.install_steps, 'pytest') run: | - [ -x "$HOME/venv/bin/activate" ] && source $HOME/venv/bin/activate + [ -x ~/venv/bin/activate ] && source ~/venv/bin/activate python3 -m pip install -r tests/http/requirements.txt - name: 'run pytest' @@ -702,8 +709,8 @@ jobs: PYTEST_ADDOPTS: '--color=yes' PYTEST_XDIST_AUTO_NUM_WORKERS: 4 run: | - [ -x "$HOME/venv/bin/activate" ] && source $HOME/venv/bin/activate - if [ -n '${{ matrix.build.generate }}' ]; then + [ -x ~/venv/bin/activate ] && source ~/venv/bin/activate + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose --target curl-pytest-ci else make -C bld V=1 pytest-ci @@ -719,8 +726,8 @@ jobs: - name: 'build examples' if: ${{ matrix.build.make-custom-target != 'tidy' }} run: | - if [ -n '${{ matrix.build.generate }}' ]; then - ${{ matrix.build.make-prefix }} cmake --build bld --verbose --target curl-examples + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + ${MATRIX_MAKE_PREFIX} cmake --build bld --verbose --target curl-examples else - ${{ matrix.build.make-prefix }} make -C bld V=1 examples + ${MATRIX_MAKE_PREFIX} make -C bld V=1 examples fi diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index e5327820b3..98a1d5b785 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -58,8 +58,11 @@ jobs: timeout-minutes: 45 env: DEVELOPER_DIR: "/Applications/Xcode${{ matrix.build.xcode && format('_{0}', matrix.build.xcode) || '' }}.app/Contents/Developer" - CC: ${{ matrix.compiler }} - CFLAGS: '' + CC: '${{ matrix.compiler }}' + MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }} + MATRIX_COMPILER: '${{ matrix.compiler }}' + MATRIX_INSTALL: '${{ matrix.build.install }}' + MATRIX_MACOS_VERSION_MIN: '${{ matrix.build.macos-version-min }}' strategy: fail-fast: false matrix: @@ -78,15 +81,15 @@ jobs: configure: --enable-debug --without-ssl - name: '!ssl libssh2 AppleIDN' compiler: clang - configure: --enable-debug --with-libssh2=$(brew --prefix libssh2) --without-ssl --with-apple-idn + configure: --enable-debug --with-libssh2=/opt/homebrew/opt/libssh2 --without-ssl --with-apple-idn - name: 'OpenSSL libssh c-ares' compiler: clang install: libssh - configure: --enable-debug --with-libssh --with-openssl=$(brew --prefix openssl) --enable-ares + configure: --enable-debug --with-libssh --with-openssl=/opt/homebrew/opt/openssl --enable-ares - name: 'OpenSSL libssh' compiler: llvm@15 install: libssh libnghttp3 - configure: --enable-debug --with-libssh --with-openssl=$(brew --prefix openssl) --with-openssl-quic + configure: --enable-debug --with-libssh --with-openssl=/opt/homebrew/opt/openssl --with-openssl-quic - name: '!ssl c-ares' compiler: clang configure: --enable-debug --enable-ares --without-ssl @@ -104,68 +107,68 @@ jobs: macos-version-min: '10.15' # Catalina (2019) - name: 'SecureTransport libssh2' compiler: clang - configure: --enable-debug --with-secure-transport --with-libssh2=$(brew --prefix libssh2) + configure: --enable-debug --with-secure-transport --with-libssh2=/opt/homebrew/opt/libssh2 macos-version-min: '10.8' - name: 'SecureTransport libssh2 10.12' compiler: clang - configure: --enable-debug --with-secure-transport --with-libssh2=$(brew --prefix libssh2) + configure: --enable-debug --with-secure-transport --with-libssh2=/opt/homebrew/opt/libssh2 macos-version-min: '10.12' # for monotonic timers - name: 'SecureTransport libssh2' compiler: gcc-12 - configure: --enable-debug --with-secure-transport --with-libssh2=$(brew --prefix libssh2) + configure: --enable-debug --with-secure-transport --with-libssh2=/opt/homebrew/opt/libssh2 macos-version-min: '10.8' - name: 'LibreSSL +examples' compiler: clang install: libressl install_steps: pytest - configure: --enable-debug --with-openssl=$(brew --prefix libressl) + configure: --enable-debug --with-openssl=/opt/homebrew/opt/libressl - name: 'OpenSSL' compiler: clang install_steps: pytest - configure: --enable-debug --with-openssl=$(brew --prefix openssl) + configure: --enable-debug --with-openssl=/opt/homebrew/opt/openssl - name: 'OpenSSL event-based' compiler: clang - configure: --enable-debug --with-openssl=$(brew --prefix openssl) + configure: --enable-debug --with-openssl=/opt/homebrew/opt/openssl tflags: --test-event - name: 'quictls libssh2 !ldap 10.15' compiler: clang install: quictls - configure: --enable-debug --disable-ldap --with-openssl=$(brew --prefix quictls) LDFLAGS="${LDFLAGS} -L$(brew --prefix quictls)/lib" + configure: --enable-debug --disable-ldap --with-openssl=/opt/homebrew/opt/quictls LDFLAGS=-L/opt/homebrew/opt/quictls/lib macos-version-min: '10.15' # cmake - name: 'OpenSSL gsasl rtmp AppleIDN' install: gsasl rtmpdump - generate: -DOPENSSL_ROOT_DIR=$(brew --prefix openssl) -DCURL_USE_GSASL=ON -DUSE_LIBRTMP=ON -DUSE_APPLE_IDN=ON + generate: -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_USE_GSASL=ON -DUSE_LIBRTMP=ON -DUSE_APPLE_IDN=ON - name: 'MultiSSL AppleIDN clang-tidy +examples' install: llvm brotli zstd gnutls nettle mbedtls gsasl rtmpdump fish - generate: -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=$(brew --prefix openssl) -DCURL_DEFAULT_SSL_BACKEND=openssl -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DENABLE_ARES=ON -DCURL_USE_GSASL=ON -DUSE_LIBRTMP=ON -DUSE_APPLE_IDN=ON -DUSE_SSLS_EXPORT=ON -DCURL_CLANG_TIDY=ON -DCLANG_TIDY=$(brew --prefix llvm)/bin/clang-tidy -DCURL_COMPLETION_FISH=ON -DCURL_COMPLETION_ZSH=ON + generate: -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_DEFAULT_SSL_BACKEND=openssl -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DENABLE_ARES=ON -DCURL_USE_GSASL=ON -DUSE_LIBRTMP=ON -DUSE_APPLE_IDN=ON -DUSE_SSLS_EXPORT=ON -DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/opt/homebrew/opt/llvm/bin/clang-tidy -DCURL_COMPLETION_FISH=ON -DCURL_COMPLETION_ZSH=ON clang-tidy: true chkprefill: _chkprefill - name: 'quictls +static libssh +examples' install: quictls libssh - generate: -DOPENSSL_ROOT_DIR=$(brew --prefix quictls) -DBUILD_STATIC_LIBS=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON + generate: -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/quictls -DBUILD_STATIC_LIBS=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON - name: 'SecureTransport debug' generate: -DCURL_USE_SECTRANSP=ON -DENABLE_DEBUG=ON macos-version-min: '10.8' - name: 'LibreSSL !ldap heimdal c-ares +examples' install: libressl heimdal - generate: -DOPENSSL_ROOT_DIR=$(brew --prefix libressl) -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=$(brew --prefix heimdal) -DCURL_DISABLE_LDAP=ON + generate: -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/heimdal -DCURL_DISABLE_LDAP=ON - name: 'wolfSSL !ldap brotli zstd' install: brotli wolfssl zstd install_steps: pytest generate: -DCURL_USE_WOLFSSL=ON -DCURL_DISABLE_LDAP=ON -DUSE_ECH=ON - name: 'mbedTLS openldap brotli zstd' install: brotli mbedtls zstd openldap - generate: -DCURL_USE_MBEDTLS=ON -DLDAP_INCLUDE_DIR="$(brew --prefix openldap)/include" -DLDAP_LIBRARY="$(brew --prefix openldap)/lib/libldap.dylib" -DLDAP_LBER_LIBRARY="$(brew --prefix openldap)/lib/liblber.dylib" + generate: -DCURL_USE_MBEDTLS=ON -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib - name: 'GnuTLS !ldap krb5' install: gnutls nettle krb5 - generate: -DCURL_USE_GNUTLS=ON -DCURL_USE_OPENSSL=OFF -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=$(brew --prefix krb5) -DCURL_DISABLE_LDAP=ON -DUSE_SSLS_EXPORT=ON + generate: -DCURL_USE_GNUTLS=ON -DCURL_USE_OPENSSL=OFF -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 -DCURL_DISABLE_LDAP=ON -DUSE_SSLS_EXPORT=ON - name: 'OpenSSL torture !FTP' - generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=$(brew --prefix openssl) + generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl tflags: -t --shallow=25 !FTP torture: true - name: 'OpenSSL torture FTP' - generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=$(brew --prefix openssl) + generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl tflags: -t --shallow=20 FTP torture: true exclude: @@ -187,33 +190,35 @@ jobs: # Run this command with retries because of spurious failures seen # while running the tests, for example # https://github.com/curl/curl/runs/4095721123?check_suite_focus=true - # zizmor: ignore[template-injection] + env: + INSTALL_PACKAGES: >- + ${{ matrix.build.generate && 'ninja' || 'automake libtool' }} + ${{ !matrix.build.clang-tidy && 'nghttp2 stunnel' || '' }} + ${{ contains(matrix.build.install_steps, 'pytest') && 'caddy httpd vsftpd' || '' }} + run: | - echo ${{ matrix.build.generate && 'ninja' || 'automake libtool' }} \ - pkgconf libpsl libssh2 \ - ${{ !matrix.build.clang-tidy && 'nghttp2 stunnel' || '' }} \ - ${{ contains(matrix.build.install_steps, 'pytest') && 'caddy httpd vsftpd' || '' }} \ - ${{ matrix.build.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile - while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done + echo pkgconf libpsl libssh2 ${INSTALL_PACKAGES} ${MATRIX_INSTALL} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile + # shellcheck disable=SC2181,SC2034 + while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew bundle install --file /tmp/Brewfile; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done - name: 'brew unlink openssl' if: ${{ contains(matrix.build.install, 'libressl') || contains(matrix.build.install, 'quictls') }} run: | - if test -d $(brew --prefix)/include/openssl; then + if [ -d /opt/homebrew/include/openssl ]; then brew unlink openssl fi - name: 'toolchain versions' run: | - [[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang" - [[ '${{ matrix.compiler }}' = 'gcc'* ]] && "${CC}" --print-sysroot - which "${CC}"; "${CC}" --version || true + [[ "${MATRIX_COMPILER}" = 'llvm'* ]] && CC="$(brew --prefix "${MATRIX_COMPILER}")/bin/clang" + [[ "${MATRIX_COMPILER}" = 'gcc'* ]] && "${CC}" --print-sysroot + command -v "${CC}"; "${CC}" --version || true xcodebuild -version || true xcrun --sdk macosx --show-sdk-path 2>/dev/null || true xcrun --sdk macosx --show-sdk-version || true ls -l /Library/Developer/CommandLineTools/SDKs || true echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::' - echo '::group::brew packages installed'; ls -l "$(brew --prefix)/opt"; echo '::endgroup::' + echo '::group::brew packages installed'; ls -l /opt/homebrew/opt; echo '::endgroup::' - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: @@ -224,31 +229,36 @@ jobs: run: autoreconf -fi - name: 'configure' + env: + MATRIX_CHKPREFILL: '${{ matrix.build.chkprefill }}' + MATRIX_CONFIGURE: '${{ matrix.build.configure }}' + MATRIX_GENERATE: '${{ matrix.build.generate }}' + MATRIX_INSTALL_STEPS: '${{ matrix.build.install_steps }}' run: | - if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then + if [[ "${MATRIX_COMPILER}" = 'gcc'* ]]; then sysroot="$("${CC}" --print-sysroot)" # Must match the SDK gcc was built for else sysroot="$(xcrun --sdk macosx --show-sdk-path 2>/dev/null)" fi - if [[ '${{ matrix.compiler }}' = 'llvm'* ]]; then - CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang" + if [[ "${MATRIX_COMPILER}" = 'llvm'* ]]; then + CC="$(brew --prefix "${MATRIX_COMPILER}")/bin/clang" CC+=" --sysroot=${sysroot}" CC+=" --target=$(uname -m)-apple-darwin" fi - if [ -n '${{ matrix.build.generate }}' ]; then - for _chkprefill in '' ${{ matrix.build.chkprefill }}; do + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + for _chkprefill in '' ${MATRIX_CHKPREFILL}; do options='' - [ -n '${{ matrix.build.macos-version-min }}' ] && options+=' -DCMAKE_OSX_DEPLOYMENT_TARGET=${{ matrix.build.macos-version-min }}' - [[ '${{ matrix.build.install_steps }}' = *'pytest'* ]] && options+=' -DVSFTPD=NO' # Skip ~20 tests that stretch run time by 7x on macOS + [ -n "${MATRIX_MACOS_VERSION_MIN}" ] && options+=" -DCMAKE_OSX_DEPLOYMENT_TARGET=${MATRIX_MACOS_VERSION_MIN}" + [[ "${MATRIX_INSTALL_STEPS}" = *'pytest'* ]] && options+=' -DVSFTPD=NO' # Skip ~20 tests that stretch run time by 7x on macOS [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF' cmake -B "bld${_chkprefill}" -G Ninja -D_CURL_PREFILL=ON \ - -DCMAKE_INSTALL_PREFIX="$HOME/curl" \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON -DCURL_WERROR=ON \ -DCMAKE_OSX_SYSROOT="${sysroot}" \ -DCMAKE_C_COMPILER_TARGET="$(uname -m | sed 's/arm64/aarch64/')-apple-darwin$(uname -r)" \ - ${{ matrix.build.generate }} ${options} + ${MATRIX_GENERATE} ${options} done if [ -d bld_chkprefill ] && ! diff -u bld/lib/curl_config.h bld_chkprefill/lib/curl_config.h; then echo '::group::reference configure log'; cat bld_chkprefill/CMakeFiles/CMake*.yaml 2>/dev/null || true; echo '::endgroup::' @@ -256,19 +266,19 @@ jobs: fi else export CFLAGS - if [[ '${{ matrix.compiler }}' = 'llvm'* ]]; then + if [[ "${MATRIX_COMPILER}" = 'llvm'* ]]; then options+=" --target=$(uname -m)-apple-darwin" fi - if [ '${{ matrix.compiler }}' != 'clang' ]; then + if [ "${MATRIX_COMPILER}" != 'clang' ]; then options+=" --with-sysroot=${sysroot}" CFLAGS+=" --sysroot=${sysroot}" fi - [ -n '${{ matrix.build.macos-version-min }}' ] && CFLAGS+=' -mmacosx-version-min=${{ matrix.build.macos-version-min }}' - [[ '${{ matrix.build.install_steps }}' = *'pytest'* ]] && options+=' --with-test-vsftpd=no' # Skip ~20 tests that stretch run time by 7x on macOS + [ -n "${MATRIX_MACOS_VERSION_MIN}" ] && CFLAGS+=" -mmacosx-version-min=${MATRIX_MACOS_VERSION_MIN}" + [[ "${MATRIX_INSTALL_STEPS}" = *'pytest'* ]] && options+=' --with-test-vsftpd=no' # Skip ~20 tests that stretch run time by 7x on macOS mkdir bld && cd bld && ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ --disable-dependency-tracking \ - --with-libpsl=$(brew --prefix libpsl) \ - ${{ matrix.build.configure }} ${options} + --with-libpsl=/opt/homebrew/opt/libpsl \ + ${MATRIX_CONFIGURE} ${options} fi - name: 'configure log' @@ -285,7 +295,7 @@ jobs: - name: 'build' run: | - if [ -n '${{ matrix.build.generate }}' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose else make -C bld V=1 @@ -300,7 +310,7 @@ jobs: - name: 'build tests' run: | - if [ -n '${{ matrix.build.generate }}' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose --target testdeps else make -C bld V=1 -C tests @@ -309,28 +319,30 @@ jobs: - name: 'install test prereqs' if: ${{ !matrix.build.clang-tidy }} run: | - python3 -m venv $HOME/venv - source $HOME/venv/bin/activate + python3 -m venv ~/venv + source ~/venv/bin/activate python3 -m pip install -r tests/requirements.txt - name: 'run tests' if: ${{ !matrix.build.clang-tidy }} timeout-minutes: ${{ matrix.build.torture && 20 || 10 }} - # zizmor: ignore[template-injection] + env: + TEST_TARGET: ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} + TFLAGS: '${{ matrix.build.tflags }}' run: | - export TFLAGS='-j20 ${{ matrix.build.tflags }}' - source $HOME/venv/bin/activate - rm -f $HOME/.curlrc - if [ -n '${{ matrix.build.generate }}' ]; then - cmake --build bld --verbose --target ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} + TFLAGS="-j20 ${TFLAGS}" + source ~/venv/bin/activate + rm -f ~/.curlrc + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target "${TEST_TARGET}" else - make -C bld V=1 ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} + make -C bld V=1 "${TEST_TARGET}" fi - name: 'install pytest prereqs' if: ${{ !matrix.build.clang-tidy && contains(matrix.build.install_steps, 'pytest') }} run: | - source $HOME/venv/bin/activate + source ~/venv/bin/activate python3 -m pip install -r tests/http/requirements.txt - name: 'run pytest' @@ -339,8 +351,8 @@ jobs: PYTEST_ADDOPTS: '--color=yes' PYTEST_XDIST_AUTO_NUM_WORKERS: 4 run: | - source $HOME/venv/bin/activate - if [ -n '${{ matrix.build.generate }}' ]; then + source ~/venv/bin/activate + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose --target curl-pytest-ci else make -C bld V=1 pytest-ci @@ -349,7 +361,7 @@ jobs: - name: 'build examples' if: ${{ contains(matrix.build.name, '+examples') }} run: | - if [ -n '${{ matrix.build.generate }}' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose --target curl-examples else make -C bld examples V=1 @@ -362,7 +374,12 @@ jobs: timeout-minutes: 10 env: DEVELOPER_DIR: "/Applications/Xcode${{ matrix.xcode && format('_{0}', matrix.xcode) || '' }}.app/Contents/Developer" - CC: ${{ matrix.compiler }} + CC: '${{ matrix.compiler }}' + MATRIX_BUILD: '${{ matrix.build }}' + MATRIX_COMPILER: '${{ matrix.compiler }}' + MATRIX_CONFIG: '${{ matrix.config }}' + MATRIX_IMAGE: '${{ matrix.image }}' + MATRIX_MACOS_VERSION_MIN: '${{ matrix.macos-version-min }}' strategy: fail-fast: false matrix: @@ -377,6 +394,7 @@ jobs: # Ventura (2022) Sonoma (2023) Sequoia (2024) # https://github.com/actions/runner-images/tree/main/images/macos # https://en.wikipedia.org/wiki/MacOS_version_history + # TODO when dropping macos-13: replace '$(brew --prefix ...' with /opt/homebrew image: [macos-13, macos-14, macos-15] # Can skip these to reduce jobs: # 15.1 has the same default macOS SDK as 15.2 and identical test results. @@ -417,14 +435,14 @@ jobs: - name: 'install autotools' if: ${{ matrix.build == 'autotools' }} run: | - echo automake libtool | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile - while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done + # shellcheck disable=SC2181,SC2034 + while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done - name: 'toolchain versions' run: | - [[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang" - [[ '${{ matrix.compiler }}' = 'gcc'* ]] && "${CC}" --print-sysroot - which "${CC}"; "${CC}" --version || true + [[ "${MATRIX_COMPILER}" = 'llvm'* ]] && CC="$(brew --prefix "${MATRIX_COMPILER}")/bin/clang" + [[ "${MATRIX_COMPILER}" = 'gcc'* ]] && "${CC}" --print-sysroot + command -v "${CC}"; "${CC}" --version || true xcodebuild -version || true xcrun --sdk macosx --show-sdk-path 2>/dev/null || true xcrun --sdk macosx --show-sdk-version || true @@ -442,27 +460,27 @@ jobs: - name: 'configure / ${{ matrix.build }}' run: | - if [ '${{ matrix.compiler }}' = 'gcc-13' ] && [ '${{ matrix.image }}' = 'macos-15' ] ; then + if [ "${MATRIX_COMPILER}" = 'gcc-13' ] && [ "${MATRIX_IMAGE}" = 'macos-15' ] ; then # Ref: https://github.com/Homebrew/homebrew-core/issues/194778#issuecomment-2793243409 /opt/homebrew/opt/gcc@13/libexec/gcc/aarch64-apple-darwin24/13/install-tools/mkheaders fi - if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then + if [[ "${MATRIX_COMPILER}" = 'gcc'* ]]; then sysroot="$("${CC}" --print-sysroot)" # Must match the SDK gcc was built for else sysroot="$(xcrun --sdk macosx --show-sdk-path 2>/dev/null)" fi - if [[ '${{ matrix.compiler }}' = 'llvm'* ]]; then - CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang" + if [[ "${MATRIX_COMPILER}" = 'llvm'* ]]; then + CC="$(brew --prefix "${MATRIX_COMPILER}")/bin/clang" CC+=" --sysroot=${sysroot}" CC+=" --target=$(uname -m)-apple-darwin" fi - if [ '${{ matrix.build }}' = 'cmake' ]; then - [ '${{ matrix.config }}' = 'OpenSSL' ] && options+=' -DCURL_USE_OPENSSL=ON' - [ '${{ matrix.config }}' = 'SecureTransport' ] && options+=' -DCURL_USE_SECTRANSP=ON' - [ -n '${{ matrix.macos-version-min }}' ] && options+=' -DCMAKE_OSX_DEPLOYMENT_TARGET=${{ matrix.macos-version-min }}' + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + [ "${MATRIX_CONFIG}" = 'OpenSSL' ] && options+=' -DCURL_USE_OPENSSL=ON' + [ "${MATRIX_CONFIG}" = 'SecureTransport' ] && options+=' -DCURL_USE_SECTRANSP=ON' + [ -n "${MATRIX_MACOS_VERSION_MIN}" ] && options+=" -DCMAKE_OSX_DEPLOYMENT_TARGET=${MATRIX_MACOS_VERSION_MIN}" # would pick up nghttp2, libidn2, and libssh2 cmake -B bld -G Ninja -D_CURL_PREFILL=ON \ -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON -DCURL_WERROR=ON \ @@ -475,16 +493,16 @@ jobs: ${options} else export CFLAGS - if [[ '${{ matrix.compiler }}' = 'llvm'* ]]; then + if [[ "${MATRIX_COMPILER}" = 'llvm'* ]]; then options+=" --target=$(uname -m)-apple-darwin" fi - if [ '${{ matrix.compiler }}' != 'clang' ]; then + if [ "${MATRIX_COMPILER}" != 'clang' ]; then options+=" --with-sysroot=${sysroot}" CFLAGS+=" --sysroot=${sysroot}" fi - [ '${{ matrix.config }}' = 'OpenSSL' ] && options+=" --with-openssl=$(brew --prefix openssl)" - [ '${{ matrix.config }}' = 'SecureTransport' ] && options+=' --with-secure-transport' - [ -n '${{ matrix.macos-version-min }}' ] && CFLAGS+=' -mmacosx-version-min=${{ matrix.macos-version-min }}' + [ "${MATRIX_CONFIG}" = 'OpenSSL' ] && options+=" --with-openssl=$(brew --prefix openssl)" + [ "${MATRIX_CONFIG}" = 'SecureTransport' ] && options+=' --with-secure-transport' + [ -n "${MATRIX_MACOS_VERSION_MIN}" ] && CFLAGS+=" -mmacosx-version-min=${MATRIX_MACOS_VERSION_MIN}" # would pick up nghttp2, libidn2, but libssh2 is disabled by default mkdir bld && cd bld && ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ --disable-dependency-tracking \ @@ -505,7 +523,7 @@ jobs: - name: 'build / ${{ matrix.build }}' run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose else make -C bld V=1 diff --git a/.github/workflows/non-native.yml b/.github/workflows/non-native.yml index 74adcbfebd..86ee16fa57 100644 --- a/.github/workflows/non-native.yml +++ b/.github/workflows/non-native.yml @@ -52,7 +52,10 @@ jobs: persist-credentials: false - name: 'cmake' uses: cross-platform-actions/action@97419d18f6470332677e345e9df97cdc71244ead # v0.28.0 + env: + MATRIX_ARCH: '${{ matrix.arch }}' with: + environment_variables: MATRIX_ARCH operating_system: 'netbsd' version: '10.1' architecture: ${{ matrix.arch }} @@ -60,6 +63,7 @@ jobs: # https://pkgsrc.se/ time sudo pkgin -y install cmake ninja-build pkg-config perl brotli heimdal openldap-client libssh2 libidn2 libpsl nghttp2 py311-impacket time cmake -B bld -G Ninja \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON \ -DCURL_WERROR=ON \ -DENABLE_DEBUG=ON -DCMAKE_BUILD_TYPE=Debug \ @@ -69,8 +73,9 @@ jobs: echo '::group::curl_config.h (raw)'; cat bld/lib/curl_config.h || true; echo '::endgroup::' echo '::group::curl_config.h'; grep -F '#define' bld/lib/curl_config.h | sort || true; echo '::endgroup::' time cmake --build bld + time cmake --install bld bld/src/curl --disable --version - if [ '${{ matrix.arch }}' = 'x86_64' ]; then # Slow on emulated CPU + if [ "${MATRIX_ARCH}" = 'x86_64' ]; then # Slow on emulated CPU time cmake --build bld --target testdeps export TFLAGS='-j8' time cmake --build bld --target test-ci @@ -92,7 +97,10 @@ jobs: persist-credentials: false - name: 'cmake' uses: cross-platform-actions/action@97419d18f6470332677e345e9df97cdc71244ead # v0.28.0 + env: + MATRIX_ARCH: '${{ matrix.arch }}' with: + environment_variables: MATRIX_ARCH operating_system: 'openbsd' version: '7.7' architecture: ${{ matrix.arch }} @@ -101,6 +109,7 @@ jobs: # https://www.openbsd.org/faq/faq15.html time sudo pkg_add cmake ninja brotli openldap-client-- libssh2 libidn2 libpsl nghttp2 py3-six py3-impacket time cmake -B bld -G Ninja \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON \ -DCURL_WERROR=ON \ -DENABLE_DEBUG=ON -DCMAKE_BUILD_TYPE=Debug \ @@ -109,8 +118,9 @@ jobs: echo '::group::curl_config.h (raw)'; cat bld/lib/curl_config.h || true; echo '::endgroup::' echo '::group::curl_config.h'; grep -F '#define' bld/lib/curl_config.h | sort || true; echo '::endgroup::' time cmake --build bld + time cmake --install bld bld/src/curl --disable --version - if [ '${{ matrix.arch }}' = 'x86_64' ]; then # Slow on emulated CPU + if [ "${MATRIX_ARCH}" = 'x86_64' ]; then # Slow on emulated CPU time cmake --build bld --target testdeps export TFLAGS='-j8' time cmake --build bld --target test-ci @@ -135,84 +145,95 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - - name: 'autotools' - if: ${{ matrix.build == 'autotools' }} + - name: '${{ matrix.build }}' uses: cross-platform-actions/action@97419d18f6470332677e345e9df97cdc71244ead # v0.28.0 + env: + CC: '${{ matrix.compiler }}' + MATRIX_ARCH: '${{ matrix.arch }}' + MATRIX_BUILD: '${{ matrix.build }}' + MATRIX_DESC: '${{ matrix.desc }}' + MATRIX_OPTIONS: '${{ matrix.options }}' with: + environment_variables: CC MATRIX_ARCH MATRIX_BUILD MATRIX_DESC MATRIX_OPTIONS operating_system: 'freebsd' version: '14.2' architecture: ${{ matrix.arch }} run: | - export MAKEFLAGS=-j3 export CURL_CI=github + # https://ports.freebsd.org/ - time sudo pkg install -y autoconf automake libtool \ - pkgconf brotli openldap26-client libidn2 libnghttp2 stunnel py311-impacket - time autoreconf -fi - export CC='${{ matrix.compiler }}' - if [ '${{ matrix.arch }}' != 'x86_64' ]; then - options='--disable-manual --disable-docs' # Slow with autotools, skip on emulated CPU + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time sudo pkg install -y cmake-core ninja perl5 \ + pkgconf brotli openldap26-client libidn2 libnghttp2 stunnel py311-impacket + else + time sudo pkg install -y autoconf automake libtool \ + pkgconf brotli openldap26-client libidn2 libnghttp2 stunnel py311-impacket + export MAKEFLAGS=-j3 fi - mkdir bld && cd bld && time ../configure --enable-unity --enable-test-bundles --enable-debug --enable-warnings --enable-werror \ - --prefix="${HOME}"/install \ - --with-openssl \ - --with-brotli --enable-ldap --enable-ldaps --with-libidn2 --with-libssh2 --with-nghttp2 --with-gssapi \ - --disable-dependency-tracking \ - ${options} \ - ${{ matrix.options }} \ - || { tail -n 1000 config.log; false; } - echo '::group::curl_config.h (raw)'; cat lib/curl_config.h || true; echo '::endgroup::' - echo '::group::curl_config.h'; grep -F '#define' lib/curl_config.h | sort || true; echo '::endgroup::' - time make install - src/curl --disable --version - desc='${{ matrix.desc }}' - if [ '${{ matrix.arch }}' = 'x86_64' ]; then # Slow on emulated CPU - time make -C tests - if [ "${desc#*!runtests*}" = "${desc}" ]; then - time make test-ci V=1 TFLAGS='-j8' + + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time cmake -B bld -G Ninja \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ + -DCMAKE_C_COMPILER="${CC}" \ + -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON \ + -DCURL_WERROR=ON \ + -DENABLE_DEBUG=ON -DCMAKE_BUILD_TYPE=Debug \ + -DCURL_USE_OPENSSL=ON \ + -DCURL_USE_GSSAPI=ON \ + ${MATRIX_OPTIONS} \ + || { cat bld/CMakeFiles/CMake*.yaml; false; } + else + time autoreconf -fi + if [ "${MATRIX_ARCH}" != 'x86_64' ]; then + options='--disable-manual --disable-docs' # Slow with autotools, skip on emulated CPU fi - fi - if [ "${desc#*!examples*}" = "${desc}" ]; then - echo '::group::build examples' - time make examples - echo '::endgroup::' + mkdir bld && cd bld + time ../configure --enable-unity --enable-test-bundles --enable-debug --enable-warnings --enable-werror \ + --prefix="$HOME"/curl-install \ + --with-openssl \ + --with-brotli --enable-ldap --enable-ldaps --with-libidn2 --with-libssh2 --with-nghttp2 --with-gssapi \ + --disable-dependency-tracking \ + ${options} \ + ${MATRIX_OPTIONS} \ + || { tail -n 1000 config.log; false; } + cd .. fi - - name: 'cmake' - if: ${{ matrix.build == 'cmake' }} - uses: cross-platform-actions/action@97419d18f6470332677e345e9df97cdc71244ead # v0.28.0 - with: - operating_system: 'freebsd' - version: '14.1' - architecture: ${{ matrix.arch }} - run: | - # https://ports.freebsd.org/ - time sudo pkg install -y cmake-core ninja perl5 \ - pkgconf brotli openldap26-client libidn2 libnghttp2 stunnel py311-impacket - time cmake -B bld -G Ninja \ - -DCMAKE_C_COMPILER='${{ matrix.compiler }}' \ - -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON \ - -DCURL_WERROR=ON \ - -DENABLE_DEBUG=ON -DCMAKE_BUILD_TYPE=Debug \ - -DCURL_USE_OPENSSL=ON \ - -DCURL_USE_GSSAPI=ON \ - ${{ matrix.options }} \ - || { cat bld/CMakeFiles/CMake*.yaml; false; } echo '::group::curl_config.h (raw)'; cat bld/lib/curl_config.h || true; echo '::endgroup::' echo '::group::curl_config.h'; grep -F '#define' bld/lib/curl_config.h | sort || true; echo '::endgroup::' - time cmake --build bld + + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time cmake --build bld + time cmake --install bld + else + time make -C bld install + fi + bld/src/curl --disable --version - desc='${{ matrix.desc }}' - if [ '${{ matrix.arch }}' = 'x86_64' ]; then # Slow on emulated CPU - time cmake --build bld --target testdeps - if [ "${desc#*!runtests*}" = "${desc}" ]; then + + if [ "${MATRIX_ARCH}" = 'x86_64' ]; then # Slow on emulated CPU + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time cmake --build bld --target testdeps + else + time make -C bld -C tests + fi + if [ "${MATRIX_DESC#*!runtests*}" = "${MATRIX_DESC}" ]; then export TFLAGS='-j8' - time cmake --build bld --target test-ci + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time cmake --build bld --verbose --target test-ci + else + time make -C bld V=1 test-ci + fi fi fi - if [ "${desc#*!examples*}" = "${desc}" ]; then + + if [ "${MATRIX_DESC#*!examples*}" = "${MATRIX_DESC}" ]; then echo '::group::build examples' - time cmake --build bld --target curl-examples + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time cmake --build bld --target curl-examples + else + time make -C bld examples + fi echo '::endgroup::' fi @@ -236,8 +257,9 @@ jobs: export MAKEFLAGS=-j3 export CURL_CI=github time autoreconf -fi - mkdir bld && cd bld && time ../configure --enable-unity --enable-test-bundles --enable-debug --enable-warnings --enable-werror \ - --prefix="${HOME}"/install \ + mkdir bld && cd bld + time ../configure --enable-unity --enable-test-bundles --enable-debug --enable-warnings --enable-werror \ + --prefix="$HOME"/curl-install \ --with-openssl \ --disable-dependency-tracking \ || { tail -n 1000 config.log; false; } @@ -259,24 +281,26 @@ jobs: MAKEFLAGS: -j 4 DEVELOPER_DIR: "/Applications/Xcode${{ matrix.build.xcode && format('_{0}', matrix.build.xcode) || '' }}.app/Contents/Developer" CC: ${{ matrix.build.compiler || 'clang' }} + MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }} + MATRIX_OPTIONS: ${{ matrix.build.options }} # renovate: datasource=github-tags depName=libressl-portable/portable versioning=semver registryUrl=https://github.com - libressl-version: 4.1.0 + LIBRESSL_VERSION: 4.1.0 strategy: fail-fast: false matrix: build: - name: 'libressl' install_steps: libressl - configure: --with-openssl="$HOME/libressl" --without-libpsl + configure: --with-openssl=/Users/runner/libressl --without-libpsl - name: 'libressl' install_steps: libressl # FIXME: Could not make OPENSSL_ROOT_DIR work. CMake seems to prepend sysroot to it. generate: >- -DCMAKE_BUILD_TYPE=Release -DCMAKE_UNITY_BUILD_BATCH_SIZE=50 - -DOPENSSL_INCLUDE_DIR="$HOME/libressl/include" - -DOPENSSL_SSL_LIBRARY="$HOME/libressl/lib/libssl.a" - -DOPENSSL_CRYPTO_LIBRARY="$HOME/libressl/lib/libcrypto.a" + -DOPENSSL_INCLUDE_DIR=/Users/runner/libressl/include + -DOPENSSL_SSL_LIBRARY=/Users/runner/libressl/lib/libssl.a + -DOPENSSL_CRYPTO_LIBRARY=/Users/runner/libressl/lib/libcrypto.a -DCURL_USE_LIBPSL=OFF - name: 'libressl' @@ -286,27 +310,27 @@ jobs: generate: >- -DCMAKE_XCODE_ATTRIBUTE_CODE_SIGNING_ALLOWED=OFF -DMACOSX_BUNDLE_GUI_IDENTIFIER=se.curl - -DOPENSSL_INCLUDE_DIR="$HOME/libressl/include" - -DOPENSSL_SSL_LIBRARY="$HOME/libressl/lib/libssl.a" - -DOPENSSL_CRYPTO_LIBRARY="$HOME/libressl/lib/libcrypto.a" + -DOPENSSL_INCLUDE_DIR=/Users/runner/libressl/include + -DOPENSSL_SSL_LIBRARY=/Users/runner/libressl/lib/libssl.a + -DOPENSSL_CRYPTO_LIBRARY=/Users/runner/libressl/lib/libcrypto.a -DCURL_USE_LIBPSL=OFF steps: - name: 'brew install' if: ${{ matrix.build.configure }} run: | - echo automake libtool | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile - while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done + # shellcheck disable=SC2181,SC2034 + while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done - name: 'toolchain versions' run: | - which "${CC}"; "${CC}" --version || true + command -v "${CC}"; "${CC}" --version || true xcodebuild -version || true xcodebuild -sdk -version | grep '^Path:' || true xcrun --sdk iphoneos --show-sdk-path 2>/dev/null || true xcrun --sdk iphoneos --show-sdk-version || true echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::' - echo '::group::brew packages installed'; ls -l "$(brew --prefix)/opt"; echo '::endgroup::' + echo '::group::brew packages installed'; ls -l /opt/homebrew/opt; echo '::endgroup::' - name: 'cache libressl' if: contains(matrix.build.install_steps, 'libressl') @@ -316,18 +340,18 @@ jobs: cache-name: cache-libressl with: path: ~/libressl - key: iOS-${{ env.cache-name }}-${{ env.libressl-version }} + key: iOS-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }} - name: 'build libressl' if: contains(matrix.build.install_steps, 'libressl') && steps.cache-libressl.outputs.cache-hit != 'true' run: | curl -LsSf --retry 6 --retry-connrefused --max-time 999 \ - https://github.com/libressl/portable/releases/download/v${{ env.libressl-version }}/libressl-${{ env.libressl-version }}.tar.gz | tar -x - cd libressl-${{ env.libressl-version }} + "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" | tar -x + cd "libressl-${LIBRESSL_VERSION}" # FIXME: on the 4.0.1 release, delete '-DHAVE_ENDIAN_H=0' cmake -B . -G Ninja \ -DHAVE_ENDIAN_H=0 \ - -DCMAKE_INSTALL_PREFIX="$HOME/libressl" \ + -DCMAKE_INSTALL_PREFIX=/Users/runner/libressl \ -DCMAKE_SYSTEM_NAME=iOS \ -DCMAKE_SYSTEM_PROCESSOR=aarch64 \ -DBUILD_SHARED_LIBS=OFF \ @@ -345,22 +369,26 @@ jobs: run: autoreconf -fi - name: 'configure' + env: + MATRIX_CONFIGURE: '${{ matrix.build.configure }}' + MATRIX_GENERATE: '${{ matrix.build.generate }}' + MATRIX_GENERATOR: '${{ matrix.build.generator }}' run: | - if [ -n '${{ matrix.build.generate }}' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then # https://cmake.org/cmake/help/latest/manual/cmake-toolchains.7.html#cross-compiling-for-ios-tvos-visionos-or-watchos - [ -n '${{ matrix.build.generator }}' ] && options='-G ${{ matrix.build.generator }}' + [ -n "${MATRIX_GENERATOR}" ] && options="-G ${MATRIX_GENERATOR}" cmake -B bld -G Ninja -D_CURL_PREFILL=ON \ -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON -DCURL_WERROR=ON \ -DCMAKE_SYSTEM_NAME=iOS \ -DUSE_APPLE_IDN=ON \ - ${{ matrix.build.generate }} ${options} + ${MATRIX_GENERATE} ${options} else mkdir bld && cd bld && ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ --disable-dependency-tracking \ CFLAGS="-isysroot $(xcrun --sdk iphoneos --show-sdk-path 2>/dev/null)" \ --host=aarch64-apple-darwin \ --with-apple-idn \ - ${{ matrix.build.configure }} + ${MATRIX_CONFIGURE} fi - name: 'configure log' @@ -374,8 +402,8 @@ jobs: - name: 'build' run: | - if [ -n '${{ matrix.build.generate }}' ]; then - cmake --build bld ${{ matrix.build.options }} --parallel 4 --verbose + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld ${MATRIX_OPTIONS} --parallel 4 --verbose else make -C bld V=1 fi @@ -385,16 +413,16 @@ jobs: - name: 'build tests' run: | - if [ -n '${{ matrix.build.generate }}' ]; then - cmake --build bld ${{ matrix.build.options }} --parallel 4 --target testdeps --verbose + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld ${MATRIX_OPTIONS} --parallel 4 --target testdeps --verbose else make -C bld V=1 -C tests fi - name: 'build examples' run: | - if [ -n '${{ matrix.build.generate }}' ]; then - cmake --build bld ${{ matrix.build.options }} --parallel 4 --target curl-examples --verbose + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld ${MATRIX_OPTIONS} --parallel 4 --target curl-examples --verbose else make -C bld examples V=1 fi @@ -405,6 +433,7 @@ jobs: timeout-minutes: 25 env: MAKEFLAGS: -j 5 + MATRIX_BUILD: '${{ matrix.build }}' strategy: matrix: include: @@ -431,23 +460,26 @@ jobs: run: autoreconf -fi - name: 'configure' + env: + MATRIX_OPTIONS: '${{ matrix.options }}' + MATRIX_PLATFORM: '${{ matrix.platform }}' run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then # https://developer.android.com/ndk/guides/cmake + if [ "${MATRIX_BUILD}" = 'cmake' ]; then # https://developer.android.com/ndk/guides/cmake cmake -B bld -G Ninja \ -DANDROID_ABI=arm64-v8a \ - -DANDROID_PLATFORM='android-${{ matrix.platform }}' \ + -DANDROID_PLATFORM="android-${MATRIX_PLATFORM}" \ -DCMAKE_TOOLCHAIN_FILE="${ANDROID_NDK_HOME}/build/cmake/android.toolchain.cmake" -DCMAKE_WARN_DEPRECATED=OFF \ -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON \ -DCURL_WERROR=ON \ - ${{ matrix.options }} + ${MATRIX_OPTIONS} else TOOLCHAIN="${ANDROID_NDK_HOME}/toolchains/llvm/prebuilt/linux-x86_64" mkdir bld && cd bld && ../configure --disable-dependency-tracking --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ - CC="$TOOLCHAIN/bin/aarch64-linux-android${{ matrix.platform }}-clang" \ + CC="$TOOLCHAIN/bin/aarch64-linux-android${MATRIX_PLATFORM}-clang" \ AR="$TOOLCHAIN/bin/llvm-ar" \ RANLIB="$TOOLCHAIN/bin/llvm-ranlib" \ - --host=aarch64-linux-android${{ matrix.platform }} \ - ${{ matrix.options }} + --host="aarch64-linux-android${MATRIX_PLATFORM}" \ + ${MATRIX_OPTIONS} fi - name: 'configure log' @@ -461,7 +493,7 @@ jobs: - name: 'build' run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --verbose else make -C bld V=1 @@ -472,7 +504,7 @@ jobs: - name: 'build tests' run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --target testdeps else make -C bld -C tests @@ -480,7 +512,7 @@ jobs: - name: 'build examples' run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --target curl-examples else make -C bld examples @@ -492,7 +524,8 @@ jobs: timeout-minutes: 5 env: MAKEFLAGS: -j 5 - toolchain-version: '3.4' + MATRIX_BUILD: '${{ matrix.build }}' + TOOLCHAIN_VERSION: '3.4' strategy: matrix: build: [autotools, cmake] @@ -508,15 +541,15 @@ jobs: id: cache-compiler with: path: ~/djgpp - key: ${{ runner.os }}-djgpp-${{ env.toolchain-version }}-amd64 + key: ${{ runner.os }}-djgpp-${{ env.TOOLCHAIN_VERSION }}-amd64 - name: 'install compiler (djgpp)' if: ${{ steps.cache-compiler.outputs.cache-hit != 'true' }} run: | - cd "${HOME}" || exit 1 + cd ~ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 3 \ - --location 'https://github.com/andrewwutw/build-djgpp/releases/download/v${{ env.toolchain-version }}/djgpp-linux64-gcc1220.tar.bz2' | tar -xj - cd djgpp || exit 1 + --location "https://github.com/andrewwutw/build-djgpp/releases/download/v${TOOLCHAIN_VERSION}/djgpp-linux64-gcc1220.tar.bz2" | tar -xj + cd djgpp for f in wat3211b.zip zlb13b.zip ssl102ub.zip; do curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 \ "https://www.delorie.com/pub/djgpp/current/v2tk/$f" --output bin.zip @@ -530,7 +563,7 @@ jobs: - name: 'configure' run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake -B bld -G Ninja \ -DCMAKE_SYSTEM_NAME=DOS \ -DCMAKE_SYSTEM_PROCESSOR=x86 \ @@ -570,7 +603,7 @@ jobs: - name: 'build' run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld else make -C bld @@ -582,7 +615,7 @@ jobs: - name: 'build tests' if: ${{ matrix.build == 'cmake' }} # skip for autotools to save time run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --target testdeps else make -C bld -C tests @@ -591,7 +624,7 @@ jobs: - name: 'build examples' if: ${{ matrix.build == 'cmake' }} # skip for autotools to save time run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --target curl-examples else make -C bld examples diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index f4b2ad50e4..ed6303db91 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -49,6 +49,7 @@ jobs: env: MAKEFLAGS: -j 5 SHELLOPTS: 'igncr' + MATRIX_BUILD: '${{ matrix.build }}' strategy: matrix: include: @@ -88,19 +89,22 @@ jobs: - name: 'configure' timeout-minutes: 5 + env: + MATRIX_CONFIG: '${{ matrix.config }}' run: | PATH=/usr/bin - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake -B bld -G Ninja -D_CURL_PREFILL=ON ${options} \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ -DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=30 -DCURL_TEST_BUNDLES=ON \ -DCURL_WERROR=ON \ - ${{ matrix.config }} + ${MATRIX_CONFIG} else mkdir bld && cd bld && ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ - --prefix="${HOME}"/install \ + --prefix="$HOME"/curl-install \ --with-libssh2 \ --disable-dependency-tracking \ - ${{ matrix.config }} + ${MATRIX_CONFIG} fi - name: 'configure log' @@ -119,8 +123,9 @@ jobs: timeout-minutes: 10 run: | PATH=/usr/bin - if [ '${{ matrix.build }}' = 'cmake' ]; then - cmake --build bld + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose + cmake --install bld --verbose else make -C bld V=1 install fi @@ -130,7 +135,7 @@ jobs: run: | PATH=/usr/bin find . \( -name '*.exe' -o -name '*.dll' -o -name '*.a' \) -exec file '{}' \; - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then PATH="$PWD/bld/lib:$PATH" fi bld/src/curl.exe --disable --version @@ -140,8 +145,8 @@ jobs: timeout-minutes: 15 run: | PATH=/usr/bin - if [ '${{ matrix.build }}' = 'cmake' ]; then - cmake --build bld --target testdeps + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target testdeps else make -C bld V=1 -C tests fi @@ -149,15 +154,17 @@ jobs: - name: 'run tests' if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} timeout-minutes: 15 + env: + TFLAGS: '${{ matrix.tflags }}' run: | PATH=/usr/bin - export TFLAGS='-j8 ${{ matrix.tflags }}' + TFLAGS="-j8 ${TFLAGS}" if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" fi - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then PATH="$PWD/bld/lib:$PATH" - cmake --build bld --target test-ci + cmake --build bld --verbose --target test-ci else make -C bld V=1 test-ci fi @@ -167,8 +174,8 @@ jobs: timeout-minutes: 5 run: | PATH=/usr/bin - if [ '${{ matrix.build }}' = 'cmake' ]; then - cmake --build bld --target curl-examples + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target curl-examples else make -C bld V=1 examples fi @@ -182,6 +189,9 @@ jobs: shell: msys2 {0} env: MAKEFLAGS: -j 5 + MATRIX_BUILD: '${{ matrix.build }}' + MATRIX_SYS: '${{ matrix.sys }}' + MATRIX_TEST: '${{ matrix.test }}' strategy: matrix: include: @@ -250,32 +260,39 @@ jobs: - name: 'configure' timeout-minutes: 5 - run: | - if [ '${{ matrix.test }}' = 'uwp' ]; then + env: + CFLAGS: '${{ matrix.cflags }}' + MATRIX_CHKPREFILL: '${{ matrix.chkprefill }}' + MATRIX_CONFIG: '${{ matrix.config }}' + MATRIX_ENV: '${{ matrix.env }}' + MATRIX_TYPE: '${{ matrix.type }}' + run: | + if [ "${MATRIX_TEST}" = 'uwp' ]; then CPPFLAGS='-DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP' - if [[ '${{ matrix.env }}' != 'clang'* ]]; then + if [[ "${MATRIX_ENV}" != 'clang'* ]]; then specs="$(realpath gcc-specs-uwp)" gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp/' -e 's/-lmsvcrt/-lucrtapp/' > "${specs}" CFLAGS="-specs=${specs}" CFLAGS_CMAKE="-specs=$(cygpath -w "${specs}")" fi fi - if [ '${{ matrix.build }}' = 'cmake' ]; then - for _chkprefill in '' ${{ matrix.chkprefill }}; do - if [[ '${{ matrix.env }}' = 'clang'* ]]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + for _chkprefill in '' ${MATRIX_CHKPREFILL}; do + if [[ "${MATRIX_ENV}" = 'clang'* ]]; then options='-DCMAKE_C_COMPILER=clang' else options='-DCMAKE_C_COMPILER=gcc' fi - [ '${{ matrix.sys }}' = 'msys' ] && options+=' -D_CURL_PREFILL=ON' - [ '${{ matrix.test }}' = 'uwp' ] && options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0' + [ "${MATRIX_SYS}" = 'msys' ] && options+=' -D_CURL_PREFILL=ON' + [ "${MATRIX_TEST}" = 'uwp' ] && options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0' [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF' cmake -B "bld${_chkprefill}" -G Ninja ${options} \ - -DCMAKE_C_FLAGS="${{ matrix.cflags }} ${CFLAGS_CMAKE} ${CPPFLAGS}" \ - -DCMAKE_BUILD_TYPE='${{ matrix.type }}' \ + -DCMAKE_INSTALL_PREFIX="${HOME}"/curl-install \ + -DCMAKE_C_FLAGS="${CFLAGS_CMAKE} ${CPPFLAGS}" \ + -DCMAKE_BUILD_TYPE="${MATRIX_TYPE}" \ -DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=30 -DCURL_TEST_BUNDLES=ON \ -DCURL_WERROR=ON \ - ${{ matrix.config }} + ${MATRIX_CONFIG} done if [ -d bld_chkprefill ] && ! diff -u bld/lib/curl_config.h bld_chkprefill/lib/curl_config.h; then echo '::group::reference configure log'; cat bld_chkprefill/CMakeFiles/CMake*.yaml 2>/dev/null || true; echo '::endgroup::' @@ -284,10 +301,10 @@ jobs: else export CFLAGS CPPFLAGS mkdir bld && cd bld && ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ - --prefix="${HOME}"/install \ + --prefix="$HOME"/curl-install \ --with-libssh2 \ --disable-dependency-tracking \ - ${{ matrix.config }} + ${MATRIX_CONFIG} fi - name: 'configure log' @@ -298,12 +315,14 @@ jobs: run: | echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' grep -F '#define' bld/lib/curl_config.h | sort || true + cat bld/cmake_install.cmake || true - name: 'build' timeout-minutes: 10 run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then - cmake --build bld + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose + cmake --install bld --verbose else make -C bld V=1 install fi @@ -311,7 +330,7 @@ jobs: - name: 'curl version' timeout-minutes: 1 run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then PATH="$PWD/bld/lib:$PATH" else PATH="$PWD/bld/lib/.libs:$PATH" @@ -319,7 +338,7 @@ jobs: mv bld/src/.libs/curl.exe bld/src/curl.exe fi find . \( -name '*.exe' -o -name '*.dll' -o -name '*.a' \) -exec file '{}' \; - if [ '${{ matrix.test }}' != 'uwp' ]; then # curl: error initializing curl library + if [ "${MATRIX_TEST}" != 'uwp' ]; then # curl: error initializing curl library bld/src/curl.exe --disable --version fi @@ -327,12 +346,12 @@ jobs: if: ${{ matrix.tflags != 'skipall' }} # Save time by skipping this for autotools timeout-minutes: 10 run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then - cmake --build bld --target testdeps + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target testdeps else make -C bld V=1 -C tests fi - if [ '${{ matrix.build }}' != 'cmake' ]; then + if [ "${MATRIX_BUILD}" != 'cmake' ]; then # avoid libtool's .exe wrappers mv bld/tests/http/clients/.libs/*.exe bld/tests/http/clients mv bld/tests/libtest/.libs/*.exe bld/tests/libtest @@ -360,11 +379,14 @@ jobs: - name: 'run tests' if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} timeout-minutes: 10 + env: + MATRIX_INSTALL: '${{ matrix.install }}' + TFLAGS: '${{ matrix.tflags }}' run: | - export TFLAGS='-j8 ${{ matrix.tflags }}' - if [ '${{ matrix.sys }}' != 'msys' ]; then + TFLAGS="-j8 ${TFLAGS}" + if [ "${MATRIX_SYS}" != 'msys' ]; then TFLAGS+=' !498' # 'Reject too large HTTP response headers on endless redirects' HTTP, HTTP GET (runtests detecting result code 2009 instead of 56 returned by curl) - if [[ '${{ matrix.install }}' = *'libssh2-wincng'* ]]; then + if [[ "${MATRIX_INSTALL}" = *'libssh2-wincng'* ]]; then TFLAGS+=' ~SCP ~SFTP' # Flaky: `-8, Unable to exchange encryption keys`. https://github.com/libssh2/libssh2/issues/804 fi fi @@ -372,9 +394,9 @@ jobs: TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" fi PATH="$PATH:/c/Program Files (x86)/stunnel/bin" - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then PATH="$PWD/bld/lib:$PATH" - cmake --build bld --target test-ci + cmake --build bld --verbose --target test-ci else PATH="$PWD/bld/lib/.libs:$PATH" make -C bld V=1 test-ci @@ -384,8 +406,8 @@ jobs: if: ${{ matrix.build == 'cmake' || (matrix.tflags == 'skipall' || matrix.tflags == 'skiprun') }} # Save time by skipping this for autotools running tests timeout-minutes: 5 run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then - cmake --build bld --target curl-examples + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target curl-examples else make -C bld V=1 examples fi @@ -399,6 +421,7 @@ jobs: shell: msys2 {0} env: MAKEFLAGS: -j 5 + MATRIX_DIR: '${{ matrix.dir }}' strategy: matrix: include: @@ -457,11 +480,13 @@ jobs: - name: 'install compiler (gcc ${{ matrix.ver }}-${{ matrix.env }})' if: ${{ steps.cache-compiler.outputs.cache-hit != 'true' }} timeout-minutes: 5 + env: + MATRIX_URL: '${{ matrix.url }}' run: | - cd /d || exit 1 + cd /d mkdir my-cache - cd my-cache || exit 1 - curl --fail --silent --show-error --retry 3 --retry-connrefused --output pack.bin --location --proto-redir =https '${{ matrix.url }}' + cd my-cache + curl --fail --silent --show-error --retry 3 --retry-connrefused --output pack.bin --location --proto-redir =https "${MATRIX_URL}" pwd 7z x -y pack.bin >/dev/null rm -r -f pack.bin @@ -475,18 +500,22 @@ jobs: - name: 'configure' timeout-minutes: 5 + env: + MATRIX_CHKPREFILL: '${{ matrix.chkprefill }}' + MATRIX_CONFIG: '${{ matrix.config }}' + MATRIX_TYPE: '${{ matrix.type }}' run: | - PATH="/d/my-cache/${{ matrix.dir }}/bin:$PATH" - for _chkprefill in '' ${{ matrix.chkprefill }}; do + PATH="/d/my-cache/${MATRIX_DIR}/bin:$PATH" + for _chkprefill in '' ${MATRIX_CHKPREFILL}; do options='' [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF' cmake -B "bld${_chkprefill}" -G Ninja ${options} \ -DCMAKE_C_COMPILER=gcc \ - -DCMAKE_BUILD_TYPE='${{ matrix.type }}' \ + -DCMAKE_BUILD_TYPE="${MATRIX_TYPE}" \ -DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=30 -DCURL_TEST_BUNDLES=ON \ -DCURL_WERROR=ON \ -DUSE_LIBIDN2=OFF \ - ${{ matrix.config }} + ${MATRIX_CONFIG} done if [ -d bld_chkprefill ] && ! diff -u bld/lib/curl_config.h bld_chkprefill/lib/curl_config.h; then echo '::group::reference configure log'; cat bld_chkprefill/CMakeFiles/CMake*.yaml 2>/dev/null || true; echo '::endgroup::' @@ -505,7 +534,7 @@ jobs: - name: 'build' timeout-minutes: 5 run: | - PATH="/d/my-cache/${{ matrix.dir }}/bin:$PATH" + PATH="/d/my-cache/${MATRIX_DIR}/bin:$PATH" cmake --build bld - name: 'curl version' @@ -519,7 +548,7 @@ jobs: if: ${{ matrix.tflags != 'skipall' }} timeout-minutes: 10 run: | - PATH="/d/my-cache/${{ matrix.dir }}/bin:$PATH" + PATH="/d/my-cache/${MATRIX_DIR}/bin:$PATH" cmake --build bld --target testdeps - name: 'install test prereqs' @@ -542,9 +571,11 @@ jobs: - name: 'run tests' if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} timeout-minutes: 10 + env: + TFLAGS: '${{ matrix.tflags }}' run: | - PATH="/d/my-cache/${{ matrix.dir }}/bin:$PATH" - export TFLAGS='-j8 ${{ matrix.tflags }}' + PATH="/d/my-cache/${MATRIX_DIR}/bin:$PATH" + TFLAGS="-j8 ${TFLAGS}" TFLAGS+=' !498' # 'Reject too large HTTP response headers on endless redirects' HTTP, HTTP GET (runtests detecting result code 2009 instead of 56 returned by curl) if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" @@ -555,7 +586,7 @@ jobs: - name: 'build examples' timeout-minutes: 5 run: | - PATH="/d/my-cache/${{ matrix.dir }}/bin:$PATH" + PATH="/d/my-cache/${MATRIX_DIR}/bin:$PATH" cmake --build bld --target curl-examples linux-cross-mingw-w64: @@ -565,6 +596,8 @@ jobs: env: MAKEFLAGS: -j 5 TRIPLET: 'x86_64-w64-mingw32' + MATRIX_BUILD: '${{ matrix.build }}' + MATRIX_COMPILER: '${{ matrix.compiler }}' strategy: fail-fast: false matrix: @@ -575,11 +608,11 @@ jobs: steps: - name: 'install packages' timeout-minutes: 5 - # zizmor: ignore[template-injection] + env: + INSTALL_PACKAGES: ${{ matrix.compiler == 'clang-tidy' && 'clang' || '' }} run: | sudo rm -f /var/lib/man-db/auto-update - sudo apt-get -o Dpkg::Use-Pty=0 install mingw-w64 \ - ${{ matrix.compiler == 'clang-tidy' && 'clang' || '' }} + sudo apt-get -o Dpkg::Use-Pty=0 install mingw-w64 ${INSTALL_PACKAGES} - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: @@ -591,8 +624,8 @@ jobs: - name: 'configure' run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then - if [ '${{ matrix.compiler }}' = 'clang-tidy' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + if [ "${MATRIX_COMPILER}" = 'clang-tidy' ]; then options+=' -DCURL_CLANG_TIDY=ON' options+=' -DENABLE_UNICODE=ON -DUSE_SSLS_EXPORT=ON' options+=' -DCMAKE_C_COMPILER=clang' @@ -627,7 +660,7 @@ jobs: - name: 'build' run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld else make -C bld @@ -639,7 +672,7 @@ jobs: - name: 'build tests' if: ${{ matrix.build == 'cmake' && matrix.compiler != 'clang-tidy' }} # Save time by skipping this for autotools and clang-tidy run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --target testdeps else make -C bld -C tests @@ -648,7 +681,7 @@ jobs: - name: 'build examples' if: ${{ matrix.compiler != 'clang-tidy' }} # Save time by skipping this for clang-tidy run: | - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --target curl-examples else make -C bld examples @@ -660,7 +693,8 @@ jobs: timeout-minutes: 10 env: MAKEFLAGS: -j 4 - toolchain-version: '0.59.1' + TOOLCHAIN_VERSION: '0.59.1' + MATRIX_BUILD: '${{ matrix.build }}' strategy: matrix: build: [autotools, cmake] @@ -670,23 +704,23 @@ jobs: if: ${{ matrix.build == 'autotools' }} timeout-minutes: 5 run: | - echo automake libtool | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile - while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done + # shellcheck disable=SC2181,SC2034 + while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done - name: 'cache compiler (mingw32ce)' uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 id: cache-compiler with: path: ~/opt/mingw32ce - key: ${{ runner.os }}-mingw32ce-${{ env.toolchain-version }}-amd64 + key: ${{ runner.os }}-mingw32ce-${{ env.TOOLCHAIN_VERSION }}-amd64 - name: 'install compiler (mingw32ce)' if: ${{ steps.cache-compiler.outputs.cache-hit != 'true' }} timeout-minutes: 5 run: | - cd "${HOME}" || exit 1 + cd ~ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 3 --retry-connrefused --proto-redir =https \ - --location 'https://downloads.sourceforge.net/cegcc/cegcc/${{ env.toolchain-version }}/cegcc_mingw32ce_snowleopard_r1397.tar.bz2' | tar -x + --location "https://downloads.sourceforge.net/cegcc/cegcc/${TOOLCHAIN_VERSION}/cegcc_mingw32ce_snowleopard_r1397.tar.bz2" | tar -x ls -l - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 @@ -696,7 +730,7 @@ jobs: - name: 'configure' run: | PATH="$HOME/opt/mingw32ce/bin:$PATH" - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake -B bld -G Ninja \ -DCMAKE_SYSTEM_NAME=WindowsCE \ -DCMAKE_SYSTEM_VERSION=8.0 \ @@ -706,7 +740,7 @@ jobs: -DCMAKE_C_COMPILER=arm-mingw32ce-gcc \ -DCMAKE_RC_COMPILER=arm-mingw32ce-windres \ -DMINGW32CE_LIBRARY_DIR="$HOME/opt/mingw32ce/arm-mingw32ce/lib" \ - -DCMAKE_IGNORE_PREFIX_PATH="$(brew --prefix)" \ + -DCMAKE_IGNORE_PREFIX_PATH=/opt/homebrew \ -DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=50 -DCURL_TEST_BUNDLES=ON \ -DBUILD_SHARED_LIBS=ON -DBUILD_STATIC_LIBS=ON -DBUILD_STATIC_CURL=OFF \ -DCURL_WERROR=ON \ @@ -733,7 +767,7 @@ jobs: - name: 'build' run: | PATH="$HOME/opt/mingw32ce/bin:$PATH" - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld else make -C bld @@ -747,7 +781,7 @@ jobs: if: ${{ matrix.build == 'cmake' }} # skip for autotools to save time run: | PATH="$HOME/opt/mingw32ce/bin:$PATH" - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --target testdeps else make -C bld -C tests @@ -757,7 +791,7 @@ jobs: if: ${{ matrix.build == 'cmake' }} # skip for autotools to save time run: | PATH="$HOME/opt/mingw32ce/bin:$PATH" - if [ '${{ matrix.build }}' = 'cmake' ]; then + if [ "${MATRIX_BUILD}" = 'cmake' ]; then cmake --build bld --target curl-examples else make -C bld examples @@ -771,7 +805,13 @@ jobs: run: shell: msys2 {0} env: - openssh_windows-version: 'v9.8.1.0p1-Preview' + MATRIX_ARCH: '${{ matrix.arch }}' + MATRIX_IMAGE: '${{ matrix.image }}' + MATRIX_INSTALL: '${{ matrix.install }}' + MATRIX_OPENSSH: '${{ matrix.openssh }}' + MATRIX_PLAT: '${{ matrix.plat }}' + MATRIX_TYPE: '${{ matrix.type }}' + OPENSSH_WINDOWS_VERSION: 'v9.8.1.0p1-Preview' VCPKG_DISABLE_METRICS: '1' strategy: matrix: @@ -831,7 +871,7 @@ jobs: - name: 'vcpkg build' timeout-minutes: 45 - run: vcpkg x-set-installed ${{ matrix.install }} '--triplet=${{ matrix.arch }}-${{ matrix.plat }}' + run: vcpkg x-set-installed ${MATRIX_INSTALL} --triplet="${MATRIX_ARCH}-${MATRIX_PLAT}" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: @@ -839,24 +879,27 @@ jobs: - name: 'configure' timeout-minutes: 5 + env: + MATRIX_CHKPREFILL: '${{ matrix.chkprefill }}' + MATRIX_CONFIG: '${{ matrix.config }}' run: | - for _chkprefill in '' ${{ matrix.chkprefill }}; do + for _chkprefill in '' ${MATRIX_CHKPREFILL}; do options='' - if [ '${{ matrix.plat }}' = 'uwp' ]; then + if [ "${MATRIX_PLAT}" = 'uwp' ]; then options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0' cflags='-DWINAPI_FAMILY=WINAPI_FAMILY_PC_APP' ldflags='-OPT:NOREF -OPT:NOICF -APPCONTAINER:NO' vsglobals=';AppxPackage=false;WindowsAppContainer=false' fi - [ '${{ matrix.arch }}' = 'arm64' ] && options+=' -A ARM64' - [ '${{ matrix.arch }}' = 'x64' ] && options+=' -A x64' - [ '${{ matrix.arch }}' = 'x86' ] && options+=' -A Win32' + [ "${MATRIX_ARCH}" = 'arm64' ] && options+=' -A ARM64' + [ "${MATRIX_ARCH}" = 'x64' ] && options+=' -A x64' + [ "${MATRIX_ARCH}" = 'x86' ] && options+=' -A Win32' [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF' cmake -B "bld${_chkprefill}" ${options} \ -DCMAKE_TOOLCHAIN_FILE="$VCPKG_INSTALLATION_ROOT/scripts/buildsystems/vcpkg.cmake" \ -DVCPKG_INSTALLED_DIR="$VCPKG_INSTALLATION_ROOT/installed" \ - -DVCPKG_TARGET_TRIPLET='${{ matrix.arch }}-${{ matrix.plat }}' \ - -DCMAKE_C_COMPILER_TARGET='${{ matrix.arch }}-${{ matrix.plat }}' \ + -DVCPKG_TARGET_TRIPLET="${MATRIX_ARCH}-${MATRIX_PLAT}" \ + -DCMAKE_C_COMPILER_TARGET="${MATRIX_ARCH}-${MATRIX_PLAT}" \ -DCMAKE_C_FLAGS="${cflags}" \ -DCMAKE_EXE_LINKER_FLAGS="-INCREMENTAL:NO ${ldflags}" \ -DCMAKE_SHARED_LINKER_FLAGS="-INCREMENTAL:NO ${ldflags}" \ @@ -864,7 +907,7 @@ jobs: -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON \ -DCURL_WERROR=ON \ -DBUILD_SHARED_LIBS=OFF \ - ${{ matrix.config }} + ${MATRIX_CONFIG} done if [ -d bld_chkprefill ] && ! diff -u bld/lib/curl_config.h bld_chkprefill/lib/curl_config.h; then echo '::group::reference configure log'; cat bld_chkprefill/CMakeFiles/CMake*.yaml 2>/dev/null || true; echo '::endgroup::' @@ -882,43 +925,43 @@ jobs: - name: 'build' timeout-minutes: 5 - run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 + run: cmake --build bld --config "${MATRIX_TYPE}" --parallel 5 - name: 'curl version' timeout-minutes: 1 run: | PATH=/usr/bin find . \( -name '*.exe' -o -name '*.dll' -o -name '*.lib' -o -name '*.pdb' \) -exec file '{}' \; - if [ '${{ matrix.plat }}' != 'uwp' ]; then # Missing: ucrtbased.dll, VCRUNTIME140D.dll, VCRUNTIME140D_APP.dll - PATH="$PWD/bld/lib/${{ matrix.type }}:$PATH" - 'bld/src/${{ matrix.type }}/curl.exe' --disable --version + if [ "${MATRIX_PLAT}" != 'uwp' ]; then # Missing: ucrtbased.dll, VCRUNTIME140D.dll, VCRUNTIME140D_APP.dll + PATH="$PWD/bld/lib/${MATRIX_TYPE}:$PATH" + "bld/src/${MATRIX_TYPE}/curl.exe" --disable --version fi - name: 'build tests' if: ${{ matrix.tflags != 'skipall' }} timeout-minutes: 10 - run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target testdeps + run: cmake --build bld --config "${MATRIX_TYPE}" --parallel 5 --target testdeps - name: 'install test prereqs' if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} timeout-minutes: 5 run: | - if [ '${{ matrix.openssh }}' = '' ]; then # MSYS2 openssh + if [ -z "${MATRIX_OPENSSH}" ]; then # MSYS2 openssh /usr/bin/pacman --noconfirm --noprogressbar --sync --needed openssh - elif [ '${{ matrix.openssh }}' = 'OpenSSH-Windows-builtin' ]; then + elif [ "${MATRIX_OPENSSH}" = 'OpenSSH-Windows-builtin' ]; then # https://learn.microsoft.com/windows-server/administration/openssh/openssh_install_firstuse - if [ '${{ matrix.image }}' != 'windows-2025' ]; then + if [ "${MATRIX_IMAGE}" != 'windows-2025' ]; then pwsh -Command 'Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0' pwsh -Command 'Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0' fi else # OpenSSH-Windows - cd /c || exit 1 # no D: drive on windows-11-arm runners + cd /c # no D: drive on windows-11-arm runners curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 \ - --location 'https://github.com/PowerShell/Win32-OpenSSH/releases/download/${{ env.openssh_windows-version }}/OpenSSH-Win64.zip' --output bin.zip + --location "https://github.com/PowerShell/Win32-OpenSSH/releases/download/${OPENSSH_WINDOWS_VERSION}/OpenSSH-Win64.zip" --output bin.zip unzip bin.zip rm -f bin.zip fi /c/ProgramData/chocolatey/choco.exe install --yes --no-progress --limit-output --timeout 180 --force stunnel || true - if [ '${{ matrix.image }}' != 'windows-11-arm' ]; then # save 30-60 seconds, to counteract the slower test run step + if [ "${MATRIX_IMAGE}" != 'windows-11-arm' ]; then # save 30-60 seconds, to counteract the slower test run step python3 -m pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary impacket fi @@ -935,26 +978,28 @@ jobs: - name: 'run tests' if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} timeout-minutes: 10 + env: + TFLAGS: '${{ matrix.tflags }}' run: | - export CURL_DIRSUFFIX='${{ matrix.type }}' - export TFLAGS='-j8 ${{ matrix.tflags }}' + export CURL_DIRSUFFIX="${MATRIX_TYPE}" + TFLAGS="-j8 ${TFLAGS}" TFLAGS+=' !498' # 'Reject too large HTTP response headers on endless redirects' HTTP, HTTP GET (runtests detecting result code 2009 instead of 56 returned by curl) - if [[ '${{ matrix.install }}' = *'libssh2[core,zlib]'* ]]; then + if [[ "${MATRIX_INSTALL}" = *'libssh2[core,zlib]'* ]]; then TFLAGS+=' ~SCP ~SFTP' # Flaky: `-8, Unable to exchange encryption keys`. https://github.com/libssh2/libssh2/issues/804 fi - if [ -n '${{ matrix.openssh }}' ]; then # OpenSSH-Windows + if [ -n "${MATRIX_OPENSSH}" ]; then # OpenSSH-Windows TFLAGS+=' ~601 ~603 ~617 ~619 ~621 ~641 ~665 ~2004' # SCP - if [[ '${{ matrix.install }}' = *'libssh '* ]]; then + if [[ "${MATRIX_INSTALL}" = *'libssh '* ]]; then TFLAGS+=' ~614' # 'SFTP pre-quote chmod' SFTP, pre-quote, directory else TFLAGS+=' ~3022' # 'SCP correct sha256 host key' SCP, server sha256 key check fi PATH="/c/OpenSSH-Win64:$PATH" fi - PATH="$PWD/bld/lib/${{ matrix.type }}:$PATH:/c/Program Files (x86)/stunnel/bin" - cmake --build bld --config '${{ matrix.type }}' --target test-ci + PATH="$PWD/bld/lib/${MATRIX_TYPE}:$PATH:/c/Program Files (x86)/stunnel/bin" + cmake --build bld --config "${MATRIX_TYPE}" --target test-ci - name: 'build examples' timeout-minutes: 5 if: ${{ contains(matrix.name, '+examples') }} - run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target curl-examples + run: cmake --build bld --config "${MATRIX_TYPE}" --parallel 5 --target curl-examples -- 2.47.2