CI: github: add a WolfSSL job which tries the latest version

Like the AWS-LC job, add a CI job which looks for the latest WolfSSL
version and tries to build it.

The patch adds a function which determines the latest version of WolfSSL
from the github tag, and the yml which describes the job.

diff --git a/.github/matrix.py b/.github/matrix.py
index 130eda226515f3f93f5ccd3e8cdc0408c5e72d3e..20f714a60383ae4d874a8c4d8e9260dad68785d1 100755 (executable)
--- a/.github/matrix.py
+++ b/.github/matrix.py
@@ -67,6 +67,21 @@ def determine_latest_aws_lc(ssl):
     latest_tag = max(valid_tags, key=aws_lc_version_string_to_num)
     return "AWS_LC_VERSION={}".format(latest_tag[1:])
 
+def wolfssl_version_string_to_num(version_string):
+    return tuple(map(int, version_string[1:].removesuffix('-stable').split('.')))
+
+def wolfssl_version_valid(version_string):
+    return re.match('^v[0-9]+(\.[0-9]+)*-stable$', version_string)
+
+@functools.lru_cache(5)
+def determine_latest_wolfssl(ssl):
+    tags = get_all_github_tags("https://api.github.com/repos/wolfssl/wolfssl/tags")
+    if not tags:
+        return "WOLFSSL_VERSION=failed_to_detect"
+    valid_tags = list(filter(wolfssl_version_valid, tags))
+    latest_tag = max(valid_tags, key=wolfssl_version_string_to_num)
+    return "WOLFSSL_VERSION={}".format(latest_tag[1:].removesuffix('-stable'))
+
 @functools.lru_cache(5)
 def determine_latest_libressl(ssl):
     try:

diff --git a/.github/workflows/wolfssl.yml b/.github/workflows/wolfssl.yml
new file mode 100644 (file)
index 0000000..c33e89e
--- /dev/null
+++ b/.github/workflows/wolfssl.yml
@@ -0,0 +1,66 @@
+name: WolfSSL
+
+on:
+  schedule:
+    - cron: "0 0 * * 4"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install VTest
+        run: |
+          scripts/build-vtest.sh
+      - name: Determine latest WolfSSL release
+        id: get_wolfssl_release
+        run: |
+          result=$(cd .github && python3  -c "from matrix import determine_latest_wolfssl; print(determine_latest_wolfssl(''))")
+          echo $result
+          echo "result=$result" >> $GITHUB_OUTPUT
+      - name: Cache WolfSSL
+        id: cache_wolfssl
+        uses: actions/cache@v4
+        with:
+          path: '~/opt/'
+          key: ssl-${{ steps.get_wolfssl_release.outputs.result }}-Ubuntu-latest-gcc
+      - name: Install WolfSSL
+        if: ${{ steps.cache_ssl.outputs.cache-hit != 'true' }}
+        run: env ${{ steps.get_wolfssl_release.outputs.result }} scripts/build-ssl.sh
+      - name: Compile HAProxy
+        run: |
+          make -j$(nproc) ERR=1 CC=gcc TARGET=linux-glibc \
+            USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 \
+            SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include \
+            DEBUG="-DDEBUG_POOL_INTEGRITY" \
+            ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/"
+          sudo make install
+      - name: Show HAProxy version
+        id: show-version
+        run: |
+          ldd $(which haproxy)
+          haproxy -vv
+          echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT
+      - name: Install problem matcher for VTest
+        run: echo "::add-matcher::.github/vtest.json"
+      - name: Run VTest for HAProxy
+        id: vtest
+        run: |
+          # This is required for macOS which does not actually allow to increase
+          # the '-n' soft limit to the hard limit, thus failing to run.
+          ulimit -n 65536
+          make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel
+      - name: Show VTest results
+        if: ${{ failure() && steps.vtest.outcome == 'failure' }}
+        run: |
+          for folder in ${TMPDIR}/haregtests-*/vtc.*; do
+            printf "::group::"
+            cat $folder/INFO
+            cat $folder/LOG
+            echo "::endgroup::"
+          done
+          exit 1