Structural Refactor #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Comprehensive Cipher Suite Matrix Tests | ||
| on: | ||
| pull_request: | ||
| paths-ignore: | ||
| - README.md | ||
| push: | ||
| branches: [master] | ||
| paths-ignore: | ||
| - README.md | ||
| workflow_dispatch: | ||
| inputs: | ||
| aead: | ||
| description: 'AEAD algorithm to test (optional)' | ||
| required: false | ||
| type: string | ||
| hash: | ||
| description: 'Hash algorithm to test (optional)' | ||
| required: false | ||
| type: string | ||
| verify: | ||
| description: 'Verify algorithm to test (optional)' | ||
| required: false | ||
| type: string | ||
| sign: | ||
| description: 'Sign algorithm to test (optional)' | ||
| required: false | ||
| type: string | ||
| kx: | ||
| description: 'Key exchange algorithm to test (optional)' | ||
| required: false | ||
| type: string | ||
| permissions: | ||
| contents: read | ||
| env: | ||
| RUSTFLAGS: "-Dwarnings" | ||
| jobs: | ||
| test-cipher-suite-matrix: | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| # Complete Cartesian product of all cipher suite components | ||
| aead: ["aead-aes-gcm", "aead-aes-ccm", "aead-chacha20poly1305"] | ||
| hash: ["hash-sha224", "hash-sha256", "hash-sha384", "hash-sha512"] | ||
| verify: [ | ||
| "verify-ecdsa-p256-sha256", "verify-ecdsa-p256-sha384", "verify-ecdsa-p256-sha512", | ||
| "verify-ecdsa-p384-sha256", "verify-ecdsa-p384-sha384", "verify-ecdsa-p384-sha512", | ||
| "verify-ecdsa-p521-sha256", "verify-ecdsa-p521-sha384", "verify-ecdsa-p521-sha512", | ||
| "verify-eddsa-ed25519", | ||
| "verify-rsa-pkcs1-sha256", "verify-rsa-pkcs1-sha384", "verify-rsa-pkcs1-sha512", | ||
| "verify-rsa-pss-sha256", "verify-rsa-pss-sha384", "verify-rsa-pss-sha512" | ||
| ] | ||
| sign: [ | ||
| "sign-ecdsa-p256", "sign-ecdsa-p384", "sign-ecdsa-p521", | ||
| "sign-eddsa-ed25519", | ||
| "sign-rsa-pkcs1", "sign-rsa-pss" | ||
| ] | ||
| kx: ["kx-p256", "kx-p384", "kx-p521", "kx-x25519", "kx-x448"] | ||
| # Allow failures for incompatible combinations | ||
| fail-fast: false | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: dtolnay/rust-toolchain@master | ||
| with: | ||
| toolchain: stable | ||
| - uses: mozilla-actions/[email protected] | ||
| - uses: Swatinem/rust-cache@v2 | ||
| - name: Test cipher suite combination | ||
| run: | | ||
| echo "Testing cipher suite combination:" | ||
| echo " AEAD: ${{ matrix.aead }}" | ||
| echo " Hash: ${{ matrix.hash }}" | ||
| echo " Verify: ${{ matrix.verify }}" | ||
| echo " Sign: ${{ matrix.sign }}" | ||
| echo " KX: ${{ matrix.kx }}" | ||
| echo "" | ||
| # Build the feature string | ||
| FEATURES="tls12,${{ matrix.aead }},${{ matrix.hash }},${{ matrix.verify }},${{ matrix.sign }},${{ matrix.kx }}" | ||
| echo "Features: $FEATURES" | ||
| # Test the combination (allow failures for incompatible combinations) | ||
| if cargo test --features "$FEATURES" 2>/dev/null; then | ||
| echo "✅ PASSED: $FEATURES" | ||
| else | ||
| echo "❌ FAILED: $FEATURES (likely incompatible combination)" | ||
| fi | ||
| env: | ||
| SCCACHE_GHA_ENABLED: "true" | ||
| RUSTC_WRAPPER: "sccache" | ||
| - name: Build verification (optional) | ||
| run: | | ||
| FEATURES="tls12,${{ matrix.aead }},${{ matrix.hash }},${{ matrix.verify }},${{ matrix.sign }},${{ matrix.kx }}" | ||
| if cargo build --features "$FEATURES" 2>/dev/null; then | ||
| echo "✅ BUILD OK: $FEATURES" | ||
| else | ||
| echo "❌ BUILD FAILED: $FEATURES" | ||
| fi | ||
| env: | ||
| SCCACHE_GHA_ENABLED: "true" | ||
| RUSTC_WRAPPER: "sccache" | ||
| continue-on-error: true | ||
| test-specific-combination: | ||
| if: github.event_name == 'workflow_dispatch' && (github.event.inputs.aead != '' || github.event.inputs.hash != '' || github.event.inputs.verify != '' || github.event.inputs.sign != '' || github.event.inputs.kx != '') | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: dtolnay/rust-toolchain@master | ||
| with: | ||
| toolchain: stable | ||
| - uses: mozilla-actions/[email protected] | ||
| - uses: Swatinem/rust-cache@v2 | ||
| - name: Test specific combination | ||
| run: | | ||
| # Use provided inputs or defaults | ||
| AEAD="${{ github.event.inputs.aead }}" | ||
| HASH="${{ github.event.inputs.hash }}" | ||
| VERIFY="${{ github.event.inputs.verify }}" | ||
| SIGN="${{ github.event.inputs.sign }}" | ||
| KX="${{ github.event.inputs.kx }}" | ||
| # Set defaults if not provided | ||
| [ -z "$AEAD" ] && AEAD="aead-aes-gcm" | ||
| [ -z "$HASH" ] && HASH="hash-sha256" | ||
| [ -z "$VERIFY" ] && VERIFY="verify-rsa-pkcs1-sha256" | ||
| [ -z "$SIGN" ] && SIGN="sign-rsa-pkcs1" | ||
| [ -z "$KX" ] && KX="kx-p256" | ||
| echo "Testing specific combination:" | ||
| echo " AEAD: $AEAD" | ||
| echo " Hash: $HASH" | ||
| echo " Verify: $VERIFY" | ||
| echo " Sign: $SIGN" | ||
| echo " KX: $KX" | ||
| FEATURES="tls12,$AEAD,$HASH,$VERIFY,$SIGN,$KX" | ||
| echo "Features: $FEATURES" | ||
| cargo test --features "$FEATURES" | ||
| env: | ||
| SCCACHE_GHA_ENABLED: "true" | ||
| RUSTC_WRAPPER: "sccache" | ||
