group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
+permissions:
+ actions: write
+
env:
CCACHE_BASEDIR: ${{ github.workspace }}
CCACHE_COMPRESS: true
echo Using NDK ${NDK_VERSION}
yes | ${ANDROID_HOME}/cmdline-tools/latest/bin/sdkmanager --install "ndk;${NDK_VERSION}"
echo "ANDROID_NDK_ROOT=${ANDROID_HOME}/ndk/${NDK_VERSION}" >> "$GITHUB_OUTPUT"
- - uses: actions/cache@v5
+ - uses: actions/cache/restore@v5
+ id: cache-restore
with:
path: ~/.cache/ccache
- key: ccache-android-${{ github.sha }}
- restore-keys: |
- ccache-android-
+ key: ccache-android
# necessary for newer versions of the Gradle plugin
- uses: actions/setup-java@v5
with:
- uses: ./.github/actions/default
env:
ANDROID_NDK_ROOT: ${{ steps.ndk-install.outputs.ANDROID_NDK_ROOT }}
- - run: ccache -s
+ - run: ccache -sv
- uses: actions/upload-artifact@v6
with:
name: Lint Results
path: src/frontends/android/app/build/reports/lint-results*.xml
+ # delete old cache entry as we currently can't update it any other way
+ - env:
+ GH_TOKEN: ${{ github.token }}
+ if: steps.cache-restore.outputs.cache-hit
+ continue-on-error: true
+ run: gh cache delete -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ - uses: actions/cache/save@v5
+ with:
+ path: ~/.cache/ccache
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
if: ${{ needs.pre-check.outputs.should_skip != 'true' }}
runs-on: ubuntu-latest
permissions:
- actions: read
- contents: read
+ actions: write
security-events: write
strategy:
fail-fast: false
# this follows the steps of the Linux workflow
- if: matrix.language == 'cpp'
- uses: actions/cache@v5
+ uses: actions/cache/restore@v5
+ id: cache-restore
with:
path: ~/.cache/ccache
- key: ccache-ubuntu-latest-gcc-codeql-${{ github.sha }}
+ key: ccache-ubuntu-latest-gcc-codeql
restore-keys: |
- ccache-ubuntu-latest-gcc-codeql
- ccache-ubuntu-latest-gcc-all-${{ github.sha }}
- ccache-ubuntu-latest-gcc-all-
+ ccache-ubuntu-latest-gcc-all
ccache-ubuntu-latest-gcc-
- if: matrix.language == 'cpp'
run: |
TEST: codeql
uses: ./.github/actions/default
- if: matrix.language == 'cpp'
- run: ccache -s
+ run: ccache -sv
+ # delete old cache entry as we currently can't update it any other way
+ - if: matrix.language == 'cpp' && steps.cache-restore.outputs.cache-hit
+ env:
+ GH_TOKEN: ${{ github.token }}
+ continue-on-error: true
+ run: gh cache delete -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ - if: matrix.language == 'cpp'
+ uses: actions/cache/save@v5
+ with:
+ path: ~/.cache/ccache
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
+permissions:
+ actions: write
+
env:
# this test case does not actually test anything but tries to access system
# directories that might be inaccessible on build hosts
MONOLITHIC: ${{ matrix.monolithic || 'no' }}
CC: ${{ matrix.compiler || 'gcc' }}
TEST: ${{ matrix.test }}
+ # as several jobs use the same key, make sure we only store the cache for
+ # one specific config in case there is a race
+ STORE_CACHE: >-
+ ${{
+ !contains(fromJSON('["all", "default", "printf-builtin"]'),
+ matrix.test) ||
+ (matrix.leak-detective == 'no' && matrix.monolithic == 'no')
+ }}
steps:
- uses: actions/checkout@v6
- - uses: actions/cache@v5
+ - uses: actions/cache/restore@v5
+ id: cache-restore
with:
path: ~/.cache/ccache
# with regards to ccache, monolithic builds don't differ from regular
# builds and, similarly, builds with leak-detective only differ in two
# files (LD itself and library.c); but different tests build different
# dependencies, so different caches are needed
- key: ccache-ubuntu-latest-${{ env.CC }}-${{ matrix.test }}-${{ github.sha }}
+ key: ccache-ubuntu-latest-${{ env.CC }}-${{ matrix.test }}
restore-keys: |
- ccache-ubuntu-latest-${{ env.CC }}-${{ matrix.test }}-
ccache-ubuntu-latest-${{ env.CC }}-
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
ccache -z
- uses: ./.github/actions/default
- - run: ccache -s
+ - run: ccache -sv
+ # delete old cache entry as we currently can't update it any other way
+ - env:
+ GH_TOKEN: ${{ github.token }}
+ if: steps.cache-restore.outputs.cache-hit && fromJSON(env.STORE_CACHE)
+ continue-on-error: true
+ run: gh cache delete -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ - if: fromJSON(env.STORE_CACHE)
+ uses: actions/cache/save@v5
+ with:
+ path: ~/.cache/ccache
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
- if: ${{ success() && matrix.test == 'coverage' }}
uses: codecov/codecov-action@v4
with:
strategy:
fail-fast: false
matrix:
- test: [ botan, wolfssl, openssl, openssl-3, openssl-4, openssl-awslc, gcrypt ]
+ test: [ botan, wolfssl, openssl-sys, openssl-3, openssl-4, openssl-awslc, gcrypt ]
os: [ ubuntu-latest, ubuntu-22.04 ]
leak-detective: [ no, yes ]
exclude:
CC: ${{ matrix.compiler || 'gcc' }}
TEST: ${{ matrix.test }}
ACTIVE_TRANSFORMS_REF: .github/active-transforms/${{ matrix.test }}
+ STORE_CACHE: ${{ !matrix.leak-detective || matrix.leak-detective == 'no' }}
steps:
- uses: actions/checkout@v6
- - uses: actions/cache@v5
+ - uses: actions/cache/restore@v5
+ id: cache-restore
with:
# path is different on newer systems
path: |
~/.cache/ccache
~/.ccache
- key: ccache-${{ matrix.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.sha }}
+ key: ccache-${{ matrix.os }}-${{ env.CC }}-${{ matrix.test }}
restore-keys: |
- ccache-${{ matrix.os }}-${{ env.CC }}-${{ matrix.test }}-
- ccache-${{ matrix.os }}-${{ env.CC }}-all-${{ github.sha }}
- ccache-${{ matrix.os }}-${{ env.CC }}-all-
+ ccache-${{ matrix.os }}-${{ env.CC }}-all
ccache-${{ matrix.os }}-${{ env.CC }}-
- run: |
sudo apt-get install -qq ccache
- name: Verify active transforms
run: |
test ! -f $ACTIVE_TRANSFORMS_REF || diff -u --color=always $ACTIVE_TRANSFORMS_REF $TESTS_ACTIVE_TRANSFORMS
- - run: ccache -s
+ - run: ccache -sv
+ # delete old cache entry as we currently can't update it any other way
+ - env:
+ GH_TOKEN: ${{ github.token }}
+ if: steps.cache-restore.outputs.cache-hit && fromJSON(env.STORE_CACHE)
+ continue-on-error: true
+ run: gh cache delete -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ - if: fromJSON(env.STORE_CACHE)
+ uses: actions/cache/save@v5
+ with:
+ path: |
+ ~/.cache/ccache
+ ~/.ccache
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
- if: ${{ failure() }}
uses: actions/upload-artifact@v6
with:
TEST: ${{ matrix.test }}
steps:
- uses: actions/checkout@v6
- - uses: actions/cache@v5
+ - uses: actions/cache/restore@v5
+ id: cache-restore
with:
# path is different on newer systems
path: |
~/.cache/ccache
~/.ccache
- key: ccache-${{ matrix.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.sha }}
+ key: ccache-${{ matrix.os }}-${{ env.CC }}-${{ matrix.test }}
restore-keys: |
- ccache-${{ matrix.os }}-${{ env.CC }}-${{ matrix.test }}-
ccache-${{ matrix.os }}-${{ env.CC }}-
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
ccache -z
- uses: ./.github/actions/default
- - run: ccache -s
+ - run: ccache -sv
+ # delete old cache entry as we currently can't update it any other way
+ - env:
+ GH_TOKEN: ${{ github.token }}
+ if: steps.cache-restore.outputs.cache-hit
+ continue-on-error: true
+ run: gh cache delete -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ - uses: actions/cache/save@v5
+ with:
+ path: |
+ ~/.cache/ccache
+ ~/.ccache
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
- if: ${{ failure() }}
uses: actions/upload-artifact@v6
with:
- uses: actions/checkout@v6
# install tar and zstd before the cache action that requires them
- run: |
- apk add ccache tar zstd
+ apk add ccache tar zstd github-cli
echo "PATH=/usr/lib/ccache/bin:$PATH" >> $GITHUB_ENV
- - uses: actions/cache@v5
+ - uses: actions/cache/restore@v5
+ id: cache-restore
with:
path: ~/.cache/ccache
- key: ccache-alpine-${{ github.sha }}
- restore-keys: |
- ccache-alpine-
+ key: ccache-alpine
- run: ccache -z
# don't use the default action as we don't want to build dependencies or install bash
- run: ./scripts/test.sh deps
- run: ./scripts/test.sh
- run: ccache -sv
+ # delete old cache entry as we currently can't update it any other way
+ - env:
+ GH_TOKEN: ${{ github.token }}
+ if: steps.cache-restore.outputs.cache-hit
+ continue-on-error: true
+ run: gh cache delete --repo ${{ github.repository }} -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ - uses: actions/cache/save@v5
+ with:
+ path: ~/.cache/ccache
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
- if: ${{ failure() }}
uses: actions/upload-artifact@v6
with:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
+permissions:
+ actions: write
+
env:
TESTS_REDUCED_KEYLENGTHS: yes
CCACHE_BASEDIR: ${{ github.workspace }}
TEST: macos
steps:
- uses: actions/checkout@v6
- - uses: actions/cache@v5
+ - uses: actions/cache/restore@v5
+ id: cache-restore
with:
path: ~/Library/Caches/ccache
- key: ccache-${{ runner.os }}-${{ github.sha }}
- restore-keys: |
- ccache-${{ runner.os }}-
+ key: ccache-${{ runner.os }}
# workaround for conflict between Python installed in the image and via brew
- run: find /usr/local/bin -lname '*/Library/Frameworks/Python.framework/*' -delete -print
- run: |
echo "PATH=$(brew --prefix)/opt/ccache/libexec:$PATH" >> $GITHUB_ENV
ccache -z
- uses: ./.github/actions/default
- - run: ccache -s
+ - run: ccache -sv
+ # delete old cache entry as we currently can't update it any other way
+ - env:
+ GH_TOKEN: ${{ github.token }}
+ if: steps.cache-restore.outputs.cache-hit
+ continue-on-error: true
+ run: gh cache delete -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ - uses: actions/cache/save@v5
+ with:
+ path: ~/Library/Caches/ccache
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
- if: ${{ failure() }}
uses: actions/upload-artifact@v6
with:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
+permissions:
+ actions: write
+
env:
CCACHE_BASEDIR: ${{ github.workspace }}
CCACHE_COMPRESS: true
- uses: actions/checkout@v6
with:
fetch-depth: 0
- - uses: actions/cache@v5
+ - uses: actions/cache/restore@v5
+ id: cache-restore
with:
- path: |
- ~/.cache/ccache
- key: ccache-sonarcloud-${{ github.sha }}
- restore-keys: |
- ccache-sonarcloud-
+ path: ~/.cache/ccache
+ key: ccache-sonarcloud
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
-Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }}
-Dsonar.cfamily.threads=2
-Dsonar.cfamily.compile-commands=${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json
- - run: ccache -s
+ - run: ccache -sv
+ # delete old cache entry as we currently can't update it any other way
+ - env:
+ GH_TOKEN: ${{ github.token }}
+ if: steps.cache-restore.outputs.cache-hit
+ continue-on-error: true
+ run: gh cache delete -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ - uses: actions/cache/save@v5
+ with:
+ path: ~/.cache/ccache
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
+permissions:
+ actions: write
+
env:
CCACHE_DIR: ${{ github.workspace }}/.ccache
CCACHE_CONTAINER: /root/.ccache
TEST: tkm
steps:
- uses: actions/checkout@v6
- - uses: actions/cache@v5
+ - uses: actions/cache/restore@v5
+ id: cache-restore
with:
path: ${{ env.CCACHE_DIR }}
- key: ccache-tkm-${{ github.sha }}
- restore-keys: |
- ccache-tkm-
+ key: ccache-tkm
- name: Build Docker Image
run: docker build -t strongswan-tkm -f testing/tkm/Dockerfile testing
- name: Run Tests in Container
echo '### run the tests against TKM and get TKM log'; \
make -j check TESTS_RUNNERS=tkm TESTS_TKM=1 || exit 1; \
cat /tmp/tkm.log; \
- ccache -s; \
+ ccache -sv; \
"
+ # delete old cache entry as we currently can't update it any other way
+ - env:
+ GH_TOKEN: ${{ github.token }}
+ if: steps.cache-restore.outputs.cache-hit
+ continue-on-error: true
+ run: gh cache delete -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ - uses: actions/cache/save@v5
+ with:
+ path: ${{ env.CCACHE_DIR }}
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
+permissions:
+ actions: write
+
env:
TESTS_REDUCED_KEYLENGTHS: yes
CCACHE_COMPRESS: true
TEST: ${{ matrix.test }}
steps:
- uses: actions/checkout@v6
- - uses: actions/cache@v5
+ - uses: actions/cache/restore@v5
+ id: cache-restore
with:
path: ~/.cache/ccache
- key: ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.sha }}
- restore-keys: |
- ccache-${{ runner.os }}-${{ matrix.test }}-
+ key: ccache-${{ runner.os }}-${{ matrix.test }}
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
ccache -sz
- uses: ./.github/actions/default
- - run: ccache -s
+ - run: ccache -sv
+ # delete old cache entry as we currently can't update it any other way
+ - env:
+ GH_TOKEN: ${{ github.token }}
+ if: steps.cache-restore.outputs.cache-hit
+ continue-on-error: true
+ run: gh cache delete -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ - uses: actions/cache/save@v5
+ with:
+ path: ~/.cache/ccache
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
- if: ${{ failure() }}
uses: actions/upload-artifact@v6
with:
- run: git config --global core.autocrlf input
shell: bash
- uses: actions/checkout@v6
- - uses: actions/cache@v5
+ - uses: actions/cache/restore@v5
+ id: cache-restore
with:
path: ~\AppData\Local\ccache
- key: ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.sha }}
- restore-keys: |
- ccache-${{ runner.os }}-${{ matrix.test }}-
+ key: ccache-${{ runner.os }}-${{ matrix.test }}
- run: |
pacman --noconfirm -S --needed mingw-w64-${{ matrix.arch }}-ccache
ccache -sz
./scripts/test.sh
# sometimes streaming/threading tests hang completely
timeout-minutes: 30
- - run: ccache -s
+ - run: ccache -sv
+ # delete old cache entry as we currently can't update it any other way
+ - env:
+ GH_TOKEN: ${{ github.token }}
+ if: steps.cache-restore.outputs.cache-hit
+ continue-on-error: true
+ run: gh cache delete -r ${{ github.ref }} ${{ steps.cache-restore.outputs.cache-primary-key }}
+ shell: bash
+ - uses: actions/cache/save@v5
+ with:
+ path: ~\AppData\Local\ccache
+ key: ${{ steps.cache-restore.outputs.cache-primary-key }}
- if: ${{ failure() }}
uses: actions/upload-artifact@v6
with:
projects / thirdparty / strongswan.git / commitdiff
