ci.yml 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640
  1. # Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
  2. #
  3. # Licensed under the Apache License 2.0 (the "License"). You may not use
  4. # this file except in compliance with the License. You can obtain a copy
  5. # in the file LICENSE in the source distribution or at
  6. # https://www.openssl.org/source/license.html
  7. name: GitHub CI
  8. on: [pull_request, push]
  9. # for some reason, this does not work:
  10. # variables:
  11. # BUILDOPTS: "-j4"
  12. # HARNESS_JOBS: "${HARNESS_JOBS:-4}"
  13. # for some reason, this does not work:
  14. # before_script:
  15. # - make="make -s"
  16. permissions:
  17. contents: read
  18. env:
  19. OSSL_RUN_CI_TESTS: 1
  20. jobs:
  21. check_update:
  22. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  23. steps:
  24. - name: install unifdef
  25. run: |
  26. sudo apt-get update
  27. sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
  28. - uses: actions/checkout@v4
  29. with:
  30. fetch-depth: 0
  31. - name: config
  32. run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
  33. - name: make build_generated
  34. run: make -s build_generated
  35. - name: make update
  36. run: make update
  37. - name: git diff
  38. run: git diff --exit-code
  39. check_docs:
  40. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  41. steps:
  42. - uses: actions/checkout@v4
  43. - name: config
  44. run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
  45. - name: make build_generated
  46. run: make -s build_generated
  47. - name: make doc-nits
  48. run: make doc-nits
  49. - name: make help
  50. run: make help
  51. - name: make md-nits
  52. run: |
  53. sudo gem install mdl
  54. make md-nits
  55. # This checks that we use ANSI C language syntax and semantics.
  56. # We are not as strict with libraries, but rather adapt to what's
  57. # expected to be available in a certain version of each platform.
  58. check-ansi:
  59. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  60. steps:
  61. - uses: actions/checkout@v4
  62. - name: config
  63. run: CPPFLAGS='-ansi -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --banner=Configured no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips --strict-warnings && perl configdata.pm --dump
  64. - name: make
  65. run: make -s -j4
  66. basic_gcc:
  67. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  68. steps:
  69. - uses: actions/checkout@v4
  70. - name: checkout fuzz/corpora submodule
  71. run: git submodule update --init --depth 1 fuzz/corpora
  72. - name: localegen
  73. run: sudo locale-gen tr_TR.UTF-8
  74. - name: config
  75. # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
  76. run: CC=gcc ./config --banner=Configured enable-demos enable-h3demo enable-fips enable-quic --strict-warnings && perl configdata.pm --dump
  77. - name: make
  78. run: make -s -j4
  79. - name: get cpu info
  80. run: |
  81. cat /proc/cpuinfo
  82. ./util/opensslwrap.sh version -c
  83. - name: make test
  84. run: .github/workflows/make-test
  85. - name: save artifacts
  86. uses: actions/upload-artifact@v3
  87. with:
  88. name: "ci@basic-gcc"
  89. path: artifacts.tar.gz
  90. basic_clang:
  91. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  92. steps:
  93. - uses: actions/checkout@v4
  94. - name: checkout fuzz/corpora submodule
  95. run: git submodule update --init --depth 1 fuzz/corpora
  96. - name: config
  97. run: CC=clang ./config --banner=Configured enable-demos enable-h3demo no-fips --strict-warnings && perl configdata.pm --dump
  98. - name: make
  99. run: make -s -j4
  100. - name: get cpu info
  101. run: |
  102. cat /proc/cpuinfo
  103. ./util/opensslwrap.sh version -c
  104. - name: make test
  105. run: .github/workflows/make-test
  106. - name: save artifacts
  107. uses: actions/upload-artifact@v3
  108. with:
  109. name: "ci@basic-clang"
  110. path: artifacts.tar.gz
  111. self-hosted:
  112. if: github.repository == 'openssl/openssl'
  113. strategy:
  114. matrix:
  115. os: [freebsd-13.2, ubuntu-arm64-22.04]
  116. runs-on: ${{ matrix.os }}-self-hosted
  117. continue-on-error: true
  118. steps:
  119. - uses: actions/checkout@v4
  120. - name: config
  121. run: ./config enable-demos enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
  122. - name: config dump
  123. run: ./configdata.pm --dump
  124. - name: make
  125. run: make -j4
  126. - name: get cpu info
  127. run: ./util/opensslwrap.sh version -c
  128. - name: make test
  129. run: .github/workflows/make-test
  130. - name: save artifacts
  131. uses: actions/upload-artifact@v3
  132. with:
  133. name: "ci@self-hosted-${{ matrix.os }}"
  134. path: artifacts.tar.gz
  135. minimal:
  136. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  137. steps:
  138. - uses: actions/checkout@v4
  139. - name: checkout fuzz/corpora submodule
  140. run: git submodule update --init --depth 1 fuzz/corpora
  141. - name: config
  142. run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
  143. - name: make
  144. run: make -j4 # verbose, so no -s here
  145. - name: get cpu info
  146. run: |
  147. cat /proc/cpuinfo
  148. ./util/opensslwrap.sh version -c
  149. - name: make test
  150. run: .github/workflows/make-test
  151. - name: save artifacts
  152. uses: actions/upload-artifact@v3
  153. with:
  154. name: "ci@minimal"
  155. path: artifacts.tar.gz
  156. no-deprecated:
  157. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  158. steps:
  159. - uses: actions/checkout@v4
  160. - name: checkout fuzz/corpora submodule
  161. run: git submodule update --init --depth 1 fuzz/corpora
  162. - name: config
  163. run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-deprecated enable-fips && perl configdata.pm --dump
  164. - name: make
  165. run: make -s -j4
  166. - name: get cpu info
  167. run: |
  168. cat /proc/cpuinfo
  169. ./util/opensslwrap.sh version -c
  170. - name: make test
  171. run: .github/workflows/make-test
  172. - name: save artifacts
  173. uses: actions/upload-artifact@v3
  174. with:
  175. name: "ci@no-deprecated"
  176. path: artifacts.tar.gz
  177. no-shared-ubuntu:
  178. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  179. steps:
  180. - uses: actions/checkout@v4
  181. - name: checkout fuzz/corpora submodule
  182. run: git submodule update --init --depth 1 fuzz/corpora
  183. - name: config
  184. run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
  185. - name: make
  186. run: make -s -j4
  187. - name: get cpu info
  188. run: |
  189. cat /proc/cpuinfo
  190. ./util/opensslwrap.sh version -c
  191. - name: make test
  192. run: .github/workflows/make-test
  193. - name: save artifacts
  194. uses: actions/upload-artifact@v3
  195. with:
  196. name: "ci@no-shared-ubuntu"
  197. path: artifacts.tar.gz
  198. no-shared-macos:
  199. strategy:
  200. fail-fast: false
  201. matrix:
  202. os: [macos-13, macos-14]
  203. if: github.server_url == 'https://github.com'
  204. runs-on: ${{ matrix.os }}
  205. steps:
  206. - uses: actions/checkout@v4
  207. - name: checkout fuzz/corpora submodule
  208. run: git submodule update --init --depth 1 fuzz/corpora
  209. - name: config
  210. run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
  211. - name: make
  212. run: make -s -j4
  213. - name: get cpu info
  214. run: |
  215. sysctl machdep.cpu
  216. ./util/opensslwrap.sh version -c
  217. - name: make test
  218. run: .github/workflows/make-test
  219. - name: save artifacts
  220. uses: actions/upload-artifact@v3
  221. with:
  222. name: "ci@no-shared-${{ matrix.os }}"
  223. path: artifacts.tar.gz
  224. non-caching:
  225. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  226. steps:
  227. - uses: actions/checkout@v4
  228. - name: checkout fuzz/corpora submodule
  229. run: git submodule update --init --depth 1 fuzz/corpora
  230. - name: Adjust ASLR for sanitizer
  231. run: |
  232. sudo cat /proc/sys/vm/mmap_rnd_bits
  233. sudo sysctl -w vm.mmap_rnd_bits=28
  234. - name: config
  235. run: ./config --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
  236. - name: make
  237. run: make -s -j4
  238. - name: get cpu info
  239. run: |
  240. cat /proc/cpuinfo
  241. ./util/opensslwrap.sh version -c
  242. - name: make test
  243. run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
  244. - name: save artifacts
  245. uses: actions/upload-artifact@v3
  246. with:
  247. name: "ci@non-caching"
  248. path: artifacts.tar.gz
  249. address_ub_sanitizer:
  250. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  251. steps:
  252. - uses: actions/checkout@v4
  253. - name: checkout fuzz/corpora submodule
  254. run: git submodule update --init --depth 1 fuzz/corpora
  255. - name: Adjust ASLR for sanitizer
  256. run: |
  257. sudo cat /proc/sys/vm/mmap_rnd_bits
  258. sudo sysctl -w vm.mmap_rnd_bits=28
  259. - name: config
  260. run: ./config --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
  261. - name: make
  262. run: make -s -j4
  263. - name: get cpu info
  264. run: |
  265. cat /proc/cpuinfo
  266. ./util/opensslwrap.sh version -c
  267. - name: make test
  268. run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
  269. - name: save artifacts
  270. uses: actions/upload-artifact@v3
  271. with:
  272. name: "ci@address_ub_sanitizer"
  273. path: artifacts.tar.gz
  274. fuzz_tests:
  275. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  276. steps:
  277. - uses: actions/checkout@v4
  278. - name: checkout fuzz/corpora submodule
  279. run: git submodule update --init --depth 1 fuzz/corpora
  280. - name: Adjust ASLR for sanitizer
  281. run: |
  282. sudo cat /proc/sys/vm/mmap_rnd_bits
  283. sudo sysctl -w vm.mmap_rnd_bits=28
  284. - name: config
  285. run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump
  286. - name: make
  287. run: make -s -j4
  288. - name: get cpu info
  289. run: |
  290. cat /proc/cpuinfo
  291. ./util/opensslwrap.sh version -c
  292. - name: make test
  293. run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*"
  294. - name: save artifacts
  295. uses: actions/upload-artifact@v3
  296. with:
  297. name: "ci@fuzz_tests"
  298. path: artifacts.tar.gz
  299. if-no-files-found: ignore
  300. memory_sanitizer:
  301. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  302. steps:
  303. - uses: actions/checkout@v4
  304. - name: checkout fuzz/corpora submodule
  305. run: git submodule update --init --depth 1 fuzz/corpora
  306. - name: Adjust ASLR for sanitizer
  307. run: |
  308. sudo cat /proc/sys/vm/mmap_rnd_bits
  309. sudo sysctl -w vm.mmap_rnd_bits=28
  310. - name: config
  311. # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
  312. run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
  313. - name: make
  314. run: make -s -j4
  315. - name: get cpu info
  316. run: |
  317. cat /proc/cpuinfo
  318. ./util/opensslwrap.sh version -c
  319. - name: make test
  320. run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
  321. - name: save artifacts
  322. uses: actions/upload-artifact@v3
  323. with:
  324. name: "ci@memory_sanitizer"
  325. path: artifacts.tar.gz
  326. threads_sanitizer:
  327. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  328. steps:
  329. - uses: actions/checkout@v4
  330. - name: checkout fuzz/corpora submodule
  331. run: git submodule update --init --depth 1 fuzz/corpora
  332. - name: Adjust ASLR for sanitizer
  333. run: |
  334. sudo cat /proc/sys/vm/mmap_rnd_bits
  335. sudo sysctl -w vm.mmap_rnd_bits=28
  336. - name: config
  337. run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
  338. - name: make
  339. run: make -s -j4
  340. - name: get cpu info
  341. run: |
  342. cat /proc/cpuinfo
  343. ./util/opensslwrap.sh version -c
  344. - name: make test
  345. run: .github/workflows/make-test V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
  346. - name: save artifacts
  347. uses: actions/upload-artifact@v3
  348. with:
  349. name: "ci@threads_sanitizer"
  350. path: artifacts.tar.gz
  351. enable_non-default_options:
  352. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  353. steps:
  354. - uses: actions/checkout@v4
  355. - name: checkout fuzz/corpora submodule
  356. run: git submodule update --init --depth 1 fuzz/corpora
  357. - name: modprobe tls
  358. run: sudo modprobe tls
  359. - name: config
  360. run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump
  361. - name: make
  362. run: make -s -j4
  363. - name: get cpu info
  364. run: |
  365. cat /proc/cpuinfo
  366. ./util/opensslwrap.sh version -c
  367. - name: make test
  368. run: .github/workflows/make-test
  369. - name: save artifacts
  370. uses: actions/upload-artifact@v3
  371. with:
  372. name: "ci@enable_non-default_options"
  373. path: artifacts.tar.gz
  374. full_featured:
  375. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  376. steps:
  377. - uses: actions/checkout@v4
  378. - name: checkout fuzz/corpora submodule
  379. run: git submodule update --init --depth 1 fuzz/corpora
  380. - name: modprobe tls
  381. run: sudo modprobe tls
  382. - name: Enable sctp
  383. run: sudo modprobe sctp
  384. - name: Enable auth in sctp
  385. run: sudo sysctl -w net.sctp.auth_enable=1
  386. - name: install extra config support
  387. run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
  388. - name: config
  389. run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
  390. - name: make
  391. run: make -s -j4
  392. - name: get cpu info
  393. run: |
  394. cat /proc/cpuinfo
  395. ./util/opensslwrap.sh version -c
  396. - name: make test
  397. run: .github/workflows/make-test
  398. - name: save artifacts
  399. uses: actions/upload-artifact@v3
  400. with:
  401. name: "ci@full_featured"
  402. path: artifacts.tar.gz
  403. no-legacy:
  404. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  405. steps:
  406. - uses: actions/checkout@v4
  407. - name: checkout fuzz/corpora submodule
  408. run: git submodule update --init --depth 1 fuzz/corpora
  409. - name: config
  410. run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-legacy enable-fips && perl configdata.pm --dump
  411. - name: make
  412. run: make -s -j4
  413. - name: get cpu info
  414. run: |
  415. cat /proc/cpuinfo
  416. ./util/opensslwrap.sh version -c
  417. - name: make test
  418. run: .github/workflows/make-test
  419. - name: save artifacts
  420. uses: actions/upload-artifact@v3
  421. with:
  422. name: "ci@no-legacy"
  423. path: artifacts.tar.gz
  424. legacy:
  425. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  426. steps:
  427. - uses: actions/checkout@v4
  428. - name: checkout fuzz/corpora submodule
  429. run: git submodule update --init --depth 1 fuzz/corpora
  430. - name: config
  431. run: ./config --banner=Configured -Werror --debug no-afalgeng enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
  432. - name: make
  433. run: make -s -j4
  434. - name: get cpu info
  435. run: |
  436. cat /proc/cpuinfo
  437. ./util/opensslwrap.sh version -c
  438. - name: make test
  439. run: .github/workflows/make-test
  440. - name: save artifacts
  441. uses: actions/upload-artifact@v3
  442. with:
  443. name: "ci@legacy"
  444. path: artifacts.tar.gz
  445. # out-of-source-and-install checks multiple things at the same time:
  446. # - That building, testing and installing works from an out-of-source
  447. # build tree
  448. # - That building, testing and installing works with a read-only source
  449. # tree
  450. out-of-readonly-source-and-install-ubuntu:
  451. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  452. steps:
  453. - uses: actions/checkout@v4
  454. with:
  455. path: ./source
  456. - name: checkout fuzz/corpora submodule
  457. run: git submodule update --init --depth 1 fuzz/corpora
  458. working-directory: ./source
  459. - name: make source read-only
  460. run: chmod -R a-w ./source
  461. - name: create build and install directories
  462. run: |
  463. mkdir ./build
  464. mkdir ./install
  465. - name: config
  466. run: |
  467. ../source/config --banner=Configured enable-demos enable-h3demo enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
  468. perl configdata.pm --dump
  469. working-directory: ./build
  470. - name: make
  471. run: make -s -j4
  472. working-directory: ./build
  473. - name: get cpu info
  474. run: |
  475. cat /proc/cpuinfo
  476. ./util/opensslwrap.sh version -c
  477. working-directory: ./build
  478. - name: make test
  479. run: ../source/.github/workflows/make-test
  480. working-directory: ./build
  481. - name: save artifacts
  482. uses: actions/upload-artifact@v3
  483. with:
  484. name: "ci@out-of-readonly-source-and-install-ubuntu"
  485. path: build/artifacts.tar.gz
  486. - name: make install
  487. run: make install
  488. working-directory: ./build
  489. out-of-readonly-source-and-install-macos:
  490. strategy:
  491. fail-fast: false
  492. matrix:
  493. os: [macos-13, macos-14]
  494. runs-on: ${{ matrix.os }}
  495. if: github.server_url == 'https://github.com'
  496. steps:
  497. - uses: actions/checkout@v4
  498. with:
  499. path: ./source
  500. - name: checkout fuzz/corpora submodule
  501. run: git submodule update --init --depth 1 fuzz/corpora
  502. working-directory: ./source
  503. - name: make source read-only
  504. run: chmod -R a-w ./source
  505. - name: create build and install directories
  506. run: |
  507. mkdir ./build
  508. mkdir ./install
  509. - name: config
  510. run: |
  511. ../source/config --banner=Configured enable-fips enable-demos enable-h3demo enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
  512. perl configdata.pm --dump
  513. working-directory: ./build
  514. - name: make
  515. run: make -s -j4
  516. working-directory: ./build
  517. - name: get cpu info
  518. run: |
  519. sysctl machdep.cpu
  520. ./util/opensslwrap.sh version -c
  521. working-directory: ./build
  522. - name: make test
  523. run: ../source/.github/workflows/make-test
  524. working-directory: ./build
  525. - name: save artifacts
  526. uses: actions/upload-artifact@v3
  527. with:
  528. name: "ci@out-of-readonly-source-and-install-${{ matrix.os }}"
  529. path: build/artifacts.tar.gz
  530. - name: make install
  531. run: make install
  532. working-directory: ./build
  533. external-tests:
  534. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  535. steps:
  536. - uses: actions/checkout@v4
  537. with:
  538. submodules: recursive
  539. - name: package installs
  540. run: |
  541. sudo apt-get update
  542. sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
  543. - name: install cpanm and Test2::V0 for gost_engine testing
  544. uses: perl-actions/install-with-cpanm@stable
  545. with:
  546. install: Test2::V0
  547. - name: setup hostname workaround
  548. run: sudo hostname localhost
  549. - name: config
  550. run: ./config --banner=Configured --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
  551. - name: make
  552. run: make -s -j4
  553. - name: get cpu info
  554. run: |
  555. cat /proc/cpuinfo
  556. ./util/opensslwrap.sh version -c
  557. - name: test external gost-engine
  558. run: make test TESTS="test_external_gost_engine"
  559. - name: test external krb5
  560. run: make test TESTS="test_external_krb5"
  561. - name: test external_tlsfuzzer
  562. run: make test TESTS="test_external_tlsfuzzer"
  563. - name: test external oqs-provider
  564. run: make test TESTS="test_external_oqsprovider"
  565. external-test-pyca:
  566. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  567. strategy:
  568. matrix:
  569. RUST:
  570. - 1.51.0
  571. PYTHON:
  572. - 3.9
  573. steps:
  574. - uses: actions/checkout@v4
  575. with:
  576. submodules: recursive
  577. - name: Configure OpenSSL
  578. run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
  579. - name: make
  580. run: make -s -j4
  581. - name: Setup Python
  582. uses: actions/setup-python@v5.1.0
  583. with:
  584. python-version: ${{ matrix.PYTHON }}
  585. - uses: dtolnay/rust-toolchain@master
  586. with:
  587. toolchain: ${{ matrix.RUST }}
  588. - name: get cpu info
  589. run: |
  590. cat /proc/cpuinfo
  591. ./util/opensslwrap.sh version -c
  592. - name: test external pyca
  593. run: make test TESTS="test_external_pyca" VERBOSE=1
  594. external-test-cf-quiche:
  595. runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
  596. steps:
  597. - uses: actions/checkout@v4
  598. with:
  599. submodules: recursive
  600. - name: Configure OpenSSL
  601. run: ./config --banner=Configured --strict-warnings enable-external-tests && perl configdata.pm --dump
  602. - name: make
  603. run: make -s -j4
  604. - uses: dtolnay/rust-toolchain@stable
  605. - name: get cpu info
  606. run: |
  607. cat /proc/cpuinfo
  608. ./util/opensslwrap.sh version -c
  609. - name: test external Cloudflare quiche
  610. run: make test TESTS="test_external_cf_quiche" VERBOSE=1