GHA/http3-linux: add AWS-LC and BoringSSL jobs

author Viktor Szakats <commit@vsz.me>

Sun, 24 Aug 2025 19:29:23 +0000 (21:29 +0200)

committer Viktor Szakats <commit@vsz.me>

Tue, 26 Aug 2025 10:01:39 +0000 (12:01 +0200)
author Viktor Szakats <commit@vsz.me>
Sun, 24 Aug 2025 19:29:23 +0000 (21:29 +0200)
committer Viktor Szakats <commit@vsz.me>
Tue, 26 Aug 2025 10:01:39 +0000 (12:01 +0200)
diff --git a/.github/workflows/http3-linux.yml b/.github/workflows/http3-linux.yml

index 1cc287056e10d5cee2420f27040f2fdc47a642be..5b41cf083b47770ec019c4e967c112cec9a76183 100644 (file)
--- a/.github/workflows/http3-linux.yml
+++ b/.github/workflows/http3-linux.yml
@@ -47,6 +47,10 @@ env:
    QUICTLS_VERSION: 3.3.0
    # renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com
    LIBRESSL_VERSION: 4.1.0
+  # renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
+  AWSLC_VERSION: 1.58.0
+  # renovate: datasource=github-tags depName=google/boringssl versioning=semver registryUrl=https://github.com
+  BORINGSSL_VERSION: 0.20250818.0
    # renovate: datasource=github-tags depName=gnutls/gnutls versioning=semver registryUrl=https://github.com
    GNUTLS_VERSION: 3.8.10
    # renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
@@ -84,6 +88,24 @@ jobs:
            path: ~/libressl/build
            key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}
  
+      - name: 'cache awslc'
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
+        id: cache-awslc
+        env:
+          cache-name: cache-awslc
+        with:
+          path: ~/awslc/build
+          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.AWSLC_VERSION }}
+
+      - name: 'cache boringssl'
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
+        id: cache-boringssl
+        env:
+          cache-name: cache-boringssl
+        with:
+          path: ~/boringssl/build
+          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.BORINGSSL_VERSION }}
+
        - name: 'cache quictls'
          uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
          id: cache-quictls-no-deprecated
@@ -127,7 +149,16 @@ jobs:
            cache-name: cache-ngtcp2
          with:
            path: ~/ngtcp2/build
-          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}
+          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}
+
+      - name: 'cache ngtcp2 boringssl'
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
+        id: cache-ngtcp2-boringssl
+        env:
+          cache-name: cache-ngtcp2-boringssl
+        with:
+          path: ~/ngtcp2-boringssl/build
+          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.BORINGSSL_VERSION }}
  
        - name: 'cache nghttp2'
          uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
@@ -142,11 +173,14 @@ jobs:
          if: >-
            ${{ steps.cache-openssl-http3.outputs.cache-hit != 'true' ||
                steps.cache-libressl.outputs.cache-hit != 'true' ||
+              steps.cache-awslc.outputs.cache-hit != 'true' ||
+              steps.cache-boringssl.outputs.cache-hit != 'true' ||
                steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' ||
                steps.cache-gnutls.outputs.cache-hit != 'true' ||
                steps.cache-wolfssl.outputs.cache-hit != 'true' ||
                steps.cache-nghttp3.outputs.cache-hit != 'true' ||
                steps.cache-ngtcp2.outputs.cache-hit != 'true' ||
+              steps.cache-ngtcp2-boringssl.outputs.cache-hit != 'true' ||
                steps.cache-nghttp2.outputs.cache-hit != 'true' }}
  
          run: echo 'needs-build=true' >> "$GITHUB_OUTPUT"
@@ -188,6 +222,28 @@ jobs:
            cmake --build .
            cmake --install .
  
+      - name: 'build awslc'
+        if: ${{ steps.cache-awslc.outputs.cache-hit != 'true' }}
+        run: |
+          cd ~
+          curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
+            --location "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" | tar -xz
+          cd "aws-lc-${AWSLC_VERSION}"
+          cmake -B . -G Ninja -DBUILD_SHARED_LIBS=ON -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/awslc/build
+          cmake --build .
+          cmake --install .
+
+      - name: 'build boringssl'
+        if: ${{ steps.cache-boringssl.outputs.cache-hit != 'true' }}
+        run: |
+          mkdir boringssl-src
+          cd boringssl-src
+          curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
+            "https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" | tar -xz
+          cmake -B . -G Ninja -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/boringssl/build
+          cmake --build .
+          cmake --install .
+
        - name: 'build quictls'
          if: ${{ steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' }}
          run: |
@@ -238,7 +294,7 @@ jobs:
  
        - name: 'build ngtcp2'
          if: ${{ steps.cache-ngtcp2.outputs.cache-hit != 'true' }}
-        # building 3 times to get crypto libs for ossl, libressl and quictls installed
+        # building 3 times to get crypto libs for ossl, libressl, quictls and awslc installed
          run: |
            cd ~
            git clone --quiet --depth=1 -b "v${NGTCP2_VERSION}" https://github.com/ngtcp2/ngtcp2
@@ -254,7 +310,22 @@ jobs:
            make clean
            ./configure --disable-dependency-tracking --prefix="$PWD"/build \
              PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/wolfssl/build/lib/pkgconfig \
-            --enable-lib-only --with-openssl --with-gnutls --with-wolfssl
+            --enable-lib-only --with-openssl --with-gnutls --with-wolfssl --with-boringssl \
+            BORINGSSL_LIBS='-L/home/runner/awslc/build/lib -lssl -lcrypto' \
+            BORINGSSL_CFLAGS='-I/home/runner/awslc/build/include'
+          make install
+
+      - name: 'build ngtcp2 boringssl'
+        if: ${{ steps.cache-ngtcp2-boringssl.outputs.cache-hit != 'true' }}
+        run: |
+          cd ~
+          git clone --quiet --depth=1 -b "v${NGTCP2_VERSION}" https://github.com/ngtcp2/ngtcp2 ngtcp2-boringssl
+          cd ngtcp2-boringssl
+          autoreconf -fi
+          ./configure --disable-dependency-tracking --prefix="$PWD"/build \
+            --enable-lib-only --with-openssl=no --with-boringssl \
+            BORINGSSL_LIBS='-L/home/runner/boringssl/build/lib -lssl -lcrypto' \
+            BORINGSSL_CFLAGS='-I/home/runner/boringssl/build/include'
            make install
  
        - name: 'build nghttp2'
@@ -313,6 +384,36 @@ jobs:
                -DOPENSSL_ROOT_DIR=/home/runner/libressl/build
                -DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON
  
+          - name: 'awslc'
+            install_steps: skipall
+            PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
+            configure: >-
+              LDFLAGS=-Wl,-rpath,/home/runner/awslc/build/lib
+              --with-ngtcp2 --disable-ntlm
+              --with-openssl=/home/runner/awslc/build --enable-ssls-export
+
+          - name: 'awslc'
+            PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
+            generate: >-
+              -DOPENSSL_ROOT_DIR=/home/runner/awslc/build -DBUILD_SHARED_LIBS=OFF
+              -DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON
+              -DCMAKE_UNITY_BUILD=ON
+
+          - name: 'boringssl'
+            install_steps: skipall
+            PKG_CONFIG_PATH: /home/runner/boringssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2-boringssl/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
+            configure: >-
+              LDFLAGS=-Wl,-rpath,/home/runner/boringssl/build/lib
+              --with-ngtcp2 --disable-ntlm
+              --with-openssl=/home/runner/boringssl/build --enable-ssls-export
+
+          - name: 'boringssl'
+            PKG_CONFIG_PATH: /home/runner/boringssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2-boringssl/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
+            generate: >-
+              -DOPENSSL_ROOT_DIR=/home/runner/boringssl/build -DBUILD_SHARED_LIBS=OFF
+              -DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON
+              -DCMAKE_UNITY_BUILD=ON
+
            - name: 'quictls'
              install_steps: skipall
              PKG_CONFIG_PATH: /home/runner/quictls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
@@ -428,6 +529,26 @@ jobs:
            key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}
            fail-on-cache-miss: true
  
+      - name: 'cache awslc'
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
+        id: cache-awslc
+        env:
+          cache-name: cache-awslc
+        with:
+          path: ~/awslc/build
+          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.AWSLC_VERSION }}
+          fail-on-cache-miss: true
+
+      - name: 'cache boringssl'
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
+        id: cache-boringssl
+        env:
+          cache-name: cache-boringssl
+        with:
+          path: ~/boringssl/build
+          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.BORINGSSL_VERSION }}
+          fail-on-cache-miss: true
+
        - name: 'cache quictls'
          uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
          id: cache-quictls-no-deprecated
@@ -477,7 +598,17 @@ jobs:
            cache-name: cache-ngtcp2
          with:
            path: ~/ngtcp2/build
-          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}
+          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}
+          fail-on-cache-miss: true
+
+      - name: 'cache ngtcp2 boringssl'
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
+        id: cache-ngtcp2-boringssl
+        env:
+          cache-name: cache-ngtcp2-boringssl
+        with:
+          path: ~/ngtcp2-boringssl/build
+          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.BORINGSSL_VERSION }}
            fail-on-cache-miss: true
  
        - name: 'cache nghttp2'
author	Viktor Szakats <commit@vsz.me>
	Sun, 24 Aug 2025 19:29:23 +0000 (21:29 +0200)
committer	Viktor Szakats <commit@vsz.me>
	Tue, 26 Aug 2025 10:01:39 +0000 (12:01 +0200)