-
Notifications
You must be signed in to change notification settings - Fork 25
159 lines (140 loc) · 5.58 KB
/
openjdk-integration.yml
File metadata and controls
159 lines (140 loc) · 5.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: OpenJDK Integration Tests
# Run OpenJDK tests listed in testdata/openjdk/openjdk-jtreg-tests.txt.
env:
OPENSSL_BRANCH: kryoptic_ossl40
# Keep jtreg_version, openjdk_feature, and openjdk_name in sync with
# testdata/openjdk/jtreg-kryoptic.sh.
jtreg_version: 8+2
openjdk_feature: 25
openjdk_name: jdk25u
on:
workflow_dispatch:
pull_request:
branches: ["main"]
push:
branches: ["main"]
jobs:
test-openjdk-integration:
name: OpenJDK Integration Tests
runs-on: ubuntu-22.04
container: quay.io/fedora/fedora:latest
steps:
- name: Install Dependencies
run: |
dnf --assumeyes --disable-repo=fedora-cisco-openh264 \
install git cargo clang-devel openssl-devel zlib-devel sed \
sqlite-devel openssl opensc unzip wget \
java-${{ env.openjdk_feature }}-openjdk-devel \
'perl(FindBin)' 'perl(lib)' 'perl(File::Compare)' \
'perl(File::Copy)' 'perl(bigint)' 'perl(Time::HiRes)' \
'perl(IPC::Cmd)' 'perl(Pod::Html)' 'perl(Digest::SHA)' \
'perl(Module::Load::Conditional)' 'perl(File::Temp)' \
'perl(Test::Harness)' 'perl(Test::More)' 'perl(Math::BigInt)' \
'perl(Time::Piece)'
# Kryoptic build steps; try to keep in sync with relevant build.yml steps.
- name: Checkout Repository
uses: actions/checkout@v6
- name: Setup OpenSSL
id: ossl-setup
run: |
git config --global --add safe.directory /__w/kryoptic
cd ..
git clone https://github.com/simo5/openssl.git \
--single-branch --branch $OPENSSL_BRANCH openssl
cd openssl
echo "KRYOPTIC_OPENSSL_SOURCES=$PWD" >> "$GITHUB_ENV"
echo "cacheid=${{ runner.os }}-ossl-$(git rev-parse HEAD)" \
>> "$GITHUB_OUTPUT"
- name: Restore OpenSSL build
uses: actions/cache/restore@v4
id: cache
with:
path: ${{ env.KRYOPTIC_OPENSSL_SOURCES }}
key: ${{ steps.ossl-setup.outputs.cacheid }}
- name: Restore Rust dependencies
uses: actions/cache/restore@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Generate lock file
run: cargo generate-lockfile
- name: Build Kryoptic
run: make fips && ./misc/hmacify.sh target/debug/libkryoptic_pkcs11.so
# OpenJDK steps.
- name: Get container OpenJDK version
id: get-openjdk-version
run: |
. /usr/lib/jvm/java-${{ env.openjdk_feature }}-openjdk/release && \
echo version=$JAVA_RUNTIME_VERSION >> $GITHUB_OUTPUT
- name: Clone and check out OpenJDK test cases
run: |
mkdir -p testdata/openjdk/deps
cd testdata/openjdk/deps
# Clone depth 10 for "git describe".
git clone --depth 10 \
--branch \
kryoptic-jdk-${{ env.openjdk_feature }} \
https://github.com/fitzsim/${{ env.openjdk_name }}
cd ../../..
- name: Compare container OpenJDK and test versions
run: |
CONTAINER_VERSION="${{ steps.get-openjdk-version.outputs.version }}"
cd testdata/openjdk/deps/${{ env.openjdk_name }}
OPENJDK_SOURCE_VERSION=$(git tag --contains $(git describe --abbrev=0) \
| head --lines 1 | sed 's/^jdk-//')
echo OpenJDK test cases are based on "${OPENJDK_SOURCE_VERSION}"
cd ../../../..
if test "${CONTAINER_VERSION}" != "${OPENJDK_SOURCE_VERSION}"
then
echo Warning: container/tests version mismatch:
echo "container: ${CONTAINER_VERSION}"
echo "source: ${OPENJDK_SOURCE_VERSION}"
BRANCH=kryoptic-jdk-${{ env.openjdk_feature }}
echo Please rebase "${BRANCH}" branch on jdk-${CONTAINER_VERSION}
fi
# Get pkcs11-provider for kryoptic.nss-init.sh used by jtreg-kryoptic.sh.
- name: Get pkcs11-provider
id: get-pkcs11-provider
run: |
mkdir -p testdata/openjdk/deps
cd testdata/openjdk/deps
git clone https://github.com/latchset/pkcs11-provider.git
cd ../../..
# JTReg archive.
- name: Restore JTReg binary from cache
uses: actions/cache/restore@v4
id: restore-jtreg-binary
with:
path: jtreg-${{ env.jtreg_version }}.zip
key: ${{ runner.os }}-jtreg-${{ env.jtreg_version }}
- if: ${{ steps.restore-jtreg-binary.outputs.cache-hit != 'true' }}
name: Download JTReg binary
id: download-jtreg-binary
run: |
wget --no-verbose \
https://builds.shipilev.net/jtreg/jtreg-${{ env.jtreg_version }}.zip
- if: ${{ steps.restore-jtreg-binary.outputs.cache-hit != 'true' }}
name: Cache JTReg binary
uses: actions/cache/save@v4
with:
path: jtreg-${{ env.jtreg_version }}.zip
key: ${{ runner.os }}-jtreg-${{ env.jtreg_version }}
# Extract JTReg.
- name: Extract JTReg binary
id: extract-jtreg-binary
run: |
mkdir -p testdata/openjdk/deps
cd testdata/openjdk/deps
unzip ../../../jtreg-${{ env.jtreg_version }}.zip
chmod +x jtreg/bin/jtreg
cd ../../..
# Run test suite.
- name: Run OpenJDK JTReg test cases
id: run-openjdk-jtreg-test-cases
run: |
testdata/openjdk/jtreg-kryoptic.sh check-jtreg