run-checker-daily.yml 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346
  1. # Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
  2. #
  3. # Licensed under the Apache License 2.0 (the "License"). You may not use
  4. # this file except in compliance with the License. You can obtain a copy
  5. # in the file LICENSE in the source distribution or at
  6. # https://www.openssl.org/source/license.html
  7. name: Run-checker daily
  8. # Jobs run daily
  9. on:
  10. schedule:
  11. - cron: '0 6 * * *'
  12. permissions:
  13. contents: read
  14. jobs:
  15. run-checker:
  16. strategy:
  17. fail-fast: false
  18. matrix:
  19. opt: [
  20. 386,
  21. no-afalgeng,
  22. no-apps,
  23. no-aria,
  24. no-asan,
  25. no-asm,
  26. no-async,
  27. no-atexit,
  28. no-autoalginit,
  29. no-autoerrinit,
  30. no-autoload-config,
  31. no-bf,
  32. no-blake2,
  33. no-buildtest-c++,
  34. no-bulk,
  35. no-cached-fetch,
  36. no-camellia,
  37. no-capieng,
  38. no-cast,
  39. no-chacha,
  40. no-cmac,
  41. no-comp,
  42. enable-crypto-mdebug,
  43. no-crypto-mdebug,
  44. enable-crypto-mdebug-backtrace,
  45. no-crypto-mdebug-backtrace,
  46. no-deprecated,
  47. no-des,
  48. no-devcryptoeng,
  49. no-docs,
  50. no-dsa,
  51. no-dtls1,
  52. no-dtls1_2,
  53. no-dtls1_2-method,
  54. no-dtls1-method,
  55. no-ecdh,
  56. no-ecdsa,
  57. enable-ec_nistp_64_gcc_128,
  58. no-ec_nistp_64_gcc_128,
  59. enable-egd,
  60. no-egd,
  61. no-engine,
  62. no-external-tests,
  63. enable-fips,
  64. enable-fips enable-acvp-tests,
  65. enable-fips no-tls1_3,
  66. no-fuzz-afl,
  67. no-fuzz-libfuzzer,
  68. no-gost,
  69. enable-heartbeats,
  70. no-heartbeats,
  71. no-hw,
  72. no-hw-padlock,
  73. no-idea,
  74. no-makedepend,
  75. enable-md2,
  76. no-md2,
  77. no-md4,
  78. no-mdc2,
  79. no-msan,
  80. no-multiblock,
  81. no-nextprotoneg,
  82. no-ocb,
  83. no-padlockeng,
  84. no-pic,
  85. no-poly1305,
  86. no-posix-io,
  87. no-psk,
  88. no-rc2,
  89. no-rc4,
  90. enable-rc5,
  91. no-rc5,
  92. no-rdrand,
  93. no-rfc3779,
  94. no-ripemd,
  95. no-rmd160,
  96. no-scrypt,
  97. no-secure-memory,
  98. no-seed,
  99. no-shared,
  100. no-siphash,
  101. no-siv,
  102. no-sm2,
  103. no-sm2-precomp,
  104. no-sm3,
  105. no-sm4,
  106. no-sock,
  107. no-sse2,
  108. no-ssl,
  109. no-ssl3,
  110. no-ssl3-method,
  111. no-ssl-trace,
  112. no-static-engine no-shared,
  113. no-tests,
  114. enable-tfo,
  115. no-tls1,
  116. no-tls1_1,
  117. no-tls1_1-method,
  118. no-tls1_2-method,
  119. no-tls1-method,
  120. no-trace,
  121. no-ubsan,
  122. no-ui-console,
  123. no-unit-test,
  124. enable-unit-test,
  125. no-uplink,
  126. no-weak-ssl-ciphers,
  127. no-whirlpool,
  128. no-zlib,
  129. enable-zlib-dynamic,
  130. no-zlib-dynamic,
  131. -DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING,
  132. -DSSL3_ALIGN_PAYLOAD=4
  133. ]
  134. runs-on: ubuntu-latest
  135. steps:
  136. - uses: actions/checkout@v4
  137. - name: checkout fuzz/corpora submodule
  138. run: git submodule update --init --depth 1 fuzz/corpora
  139. - name: config
  140. run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
  141. - name: config dump
  142. run: ./configdata.pm --dump
  143. - name: make
  144. run: make -s -j4
  145. - name: get cpu info
  146. run: |
  147. cat /proc/cpuinfo
  148. if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
  149. - name: make test
  150. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
  151. run-checker-sctp:
  152. runs-on: ubuntu-latest
  153. steps:
  154. - uses: actions/checkout@v4
  155. - name: checkout fuzz/corpora submodule
  156. run: git submodule update --init --depth 1 fuzz/corpora
  157. - name: Install Dependencies for sctp option
  158. run: |
  159. sudo apt-get update
  160. sudo apt-get -yq install lksctp-tools libsctp-dev
  161. - name: Check SCTP and enable auth
  162. id: sctp_auth
  163. continue-on-error: true
  164. run: |
  165. checksctp
  166. sudo sysctl -w net.sctp.auth_enable=1
  167. - name: config
  168. if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
  169. run: CC=clang ./config --banner=Configured --strict-warnings enable-sctp
  170. - name: config dump
  171. if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
  172. run: ./configdata.pm --dump
  173. - name: make
  174. if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
  175. run: make -s -j4
  176. - name: get cpu info
  177. run: |
  178. cat /proc/cpuinfo
  179. ./util/opensslwrap.sh version -c
  180. - name: make test
  181. if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
  182. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
  183. enable_brotli_dynamic:
  184. runs-on: ubuntu-latest
  185. steps:
  186. - name: install brotli
  187. run: |
  188. sudo apt-get update
  189. sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
  190. - name: checkout openssl
  191. uses: actions/checkout@v4
  192. - name: checkout fuzz/corpora submodule
  193. run: git submodule update --init --depth 1 fuzz/corpora
  194. - name: config
  195. run: ./config enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump
  196. - name: make
  197. run: make -s -j4
  198. - name: get cpu info
  199. run: |
  200. cat /proc/cpuinfo
  201. ./util/opensslwrap.sh version -c
  202. - name: make test
  203. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
  204. enable_zstd_dynamic:
  205. runs-on: ubuntu-latest
  206. steps:
  207. - name: install zstd
  208. run: |
  209. sudo apt-get update
  210. sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
  211. - name: checkout openssl
  212. uses: actions/checkout@v4
  213. - name: checkout fuzz/corpora submodule
  214. run: git submodule update --init --depth 1 fuzz/corpora
  215. - name: config
  216. run: ./config enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
  217. - name: make
  218. run: make -s -j4
  219. - name: get cpu info
  220. run: |
  221. cat /proc/cpuinfo
  222. ./util/opensslwrap.sh version -c
  223. - name: make test
  224. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
  225. enable_brotli_and_zstd_dynamic:
  226. runs-on: ubuntu-latest
  227. steps:
  228. - name: install brotli and zstd
  229. run: |
  230. sudo apt-get update
  231. sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
  232. sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
  233. - name: checkout openssl
  234. uses: actions/checkout@v4
  235. - name: checkout fuzz/corpora submodule
  236. run: git submodule update --init --depth 1 fuzz/corpora
  237. - name: config
  238. run: ./config enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
  239. - name: make
  240. run: make -s -j4
  241. - name: get cpu info
  242. run: |
  243. cat /proc/cpuinfo
  244. ./util/opensslwrap.sh version -c
  245. - name: make test
  246. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
  247. enable_brotli_and_asan_ubsan:
  248. runs-on: ubuntu-latest
  249. steps:
  250. - name: install brotli
  251. run: |
  252. sudo apt-get update
  253. sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
  254. - name: checkout openssl
  255. uses: actions/checkout@v4
  256. - name: checkout fuzz/corpora submodule
  257. run: git submodule update --init --depth 1 fuzz/corpora
  258. - name: Adjust ASLR for sanitizer
  259. run: |
  260. sudo cat /proc/sys/vm/mmap_rnd_bits
  261. sudo sysctl -w vm.mmap_rnd_bits=28
  262. - name: config
  263. run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump
  264. - name: make
  265. run: make -s -j4
  266. - name: get cpu info
  267. run: |
  268. cat /proc/cpuinfo
  269. ./util/opensslwrap.sh version -c
  270. - name: make test
  271. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
  272. enable_zstd_and_asan_ubsan:
  273. runs-on: ubuntu-latest
  274. steps:
  275. - name: install zstd
  276. run: |
  277. sudo apt-get update
  278. sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
  279. - name: checkout openssl
  280. uses: actions/checkout@v4
  281. - name: checkout fuzz/corpora submodule
  282. run: git submodule update --init --depth 1 fuzz/corpora
  283. - name: Adjust ASLR for sanitizer
  284. run: |
  285. sudo cat /proc/sys/vm/mmap_rnd_bits
  286. sudo sysctl -w vm.mmap_rnd_bits=28
  287. - name: config
  288. run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump
  289. - name: make
  290. run: make -s -j4
  291. - name: get cpu info
  292. run: |
  293. cat /proc/cpuinfo
  294. ./util/opensslwrap.sh version -c
  295. - name: make test
  296. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
  297. enable_tfo:
  298. strategy:
  299. matrix:
  300. os: [ ubuntu-latest, macos-13, macos-14 ]
  301. runs-on: ${{matrix.os}}
  302. steps:
  303. - uses: actions/checkout@v4
  304. - name: checkout fuzz/corpora submodule
  305. run: git submodule update --init --depth 1 fuzz/corpora
  306. - name: config
  307. run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump
  308. - name: make
  309. run: make -s -j4
  310. - name: get cpu info
  311. run: ./util/opensslwrap.sh version -c
  312. - name: make test
  313. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
  314. enable_buildtest:
  315. runs-on: ubuntu-latest
  316. steps:
  317. - uses: actions/checkout@v4
  318. - name: checkout fuzz/corpora submodule
  319. run: git submodule update --init --depth 1 fuzz/corpora
  320. - name: config
  321. run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
  322. - name: make
  323. run: make -s -j4
  324. - name: get cpu info
  325. run: |
  326. cat /proc/cpuinfo
  327. ./util/opensslwrap.sh version -c
  328. - name: make test
  329. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}