-
Notifications
You must be signed in to change notification settings - Fork 25
179 lines (159 loc) · 6 KB
/
openssl_versions.yml
File metadata and controls
179 lines (159 loc) · 6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
name: OpenSSL Versions
on:
pull_request:
branches: ["main"]
push:
branches: ["main"]
jobs:
build:
name: Versions
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
name: [ossl30, ossl32, ossl35, debian, centos10]
include:
- name: ossl30
build: true
version: "3.0"
repotype: "dnf"
repocachepath: "/var/cache/libdnf5"
container: quay.io/fedora/fedora:latest
- name: ossl32
build: true
version: "3.2"
repotype: "dnf"
repocachepath: "/var/cache/libdnf5"
container: quay.io/fedora/fedora:latest
- name: ossl35
build: true
version: "3.5"
repotype: "dnf"
repocachepath: "/var/cache/libdnf5"
container: quay.io/fedora/fedora:latest
- name: debian
build: false
version: "3.5"
repotype: "apt"
container: debian:testing
- name: centos10
build: false
version: "3.5"
repotype: "dnf"
repocachepath: "/var/cache/dnf"
container: quay.io/centos/centos:stream10
container: ${{ matrix.container }}
steps:
- name: Get Date for DNF cache entry
if: ${{ matrix.repotype == 'dnf' }}
id: get-date
run: |
echo "date=$(/bin/date -u "+%Y%V")" >> $GITHUB_OUTPUT
shell: bash
- name: Restore DNF cache
if: ${{ matrix.repotype == 'dnf' }}
uses: actions/cache/restore@v4
id: cache-dnf
with:
path: ${{ matrix.repocachepath }}
key: ${{ matrix.container }}-dnf-${{ steps.get-date.outputs.date }}
- name: Install Dependencies
run: |
if [ "${{ matrix.repotype }}" = "dnf" ]; then
if [ "${{ matrix.name }}" = "centos" ]; then
dnf_opts="--enablerepo=crb"
fi
dnf -y install git cargo clang-devel
if [ "${{ matrix.build }}" = "false" ]; then
dnf -y install openssl-devel sqlite-devel
else
dnf -y install openssl-devel sqlite-devel \
'perl(FindBin)' 'perl(lib)' 'perl(File::Compare)' \
'perl(File::Copy)' 'perl(bigint)' 'perl(Time::HiRes)' \
'perl(IPC::Cmd)' 'perl(Pod::Html)' 'perl(Digest::SHA)' \
'perl(Module::Load::Conditional)' 'perl(File::Temp)' \
'perl(Test::Harness)' 'perl(Test::More)' 'perl(Math::BigInt)' \
'perl(Time::Piece)' zlib-devel sed sqlite-devel
fi
elif [ "${{ matrix.repotype }}" = "apt" ]; then
apt-get -q update
apt-get -yq install git clang rustc libsqlite3-dev libssl-dev pkg-config
fi
- name: DNF cache
if: ${{ matrix.repotype == 'dnf' && steps.cache-dnf.outputs.cache-hit != 'true' }}
uses: actions/cache/save@v4
with:
path: ${{ matrix.repocachepath }}
key: ${{ matrix.container }}-dnf-${{ steps.get-date.outputs.date }}
- name: Checkout Repository
uses: actions/checkout@v6
- name: Setup OpenSSL ${{ matrix.version }}
if: ${{ matrix.build == true }}
id: ossl-setup
run: |
OPENSSL_BRANCH="openssl-${{ matrix.version }}"
git config --global --add safe.directory /__w/kryoptic
cd ..
git clone https://github.com/openssl/openssl.git \
--single-branch --branch $OPENSSL_BRANCH openssl
cd openssl
echo "KRYOPTIC_OPENSSL_SOURCES=$PWD" >> "$GITHUB_ENV"
echo "cacheid=${{ runner.os }}-ossl-$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
- name: Restore OpenSSL build if cached
if: ${{ matrix.build == true }}
uses: actions/cache/restore@v4
id: cache
with:
path: ${{ env.KRYOPTIC_OPENSSL_SOURCES }}
key: ${{ steps.ossl-setup.outputs.cacheid }}
- name: Build OpenSSL
if: ${{ matrix.build == true && steps.cache.outputs.cache-hit != 'true' }}
run: |
pushd ${{ env.KRYOPTIC_OPENSSL_SOURCES }}
./Configure
make
- name: Cache OpenSSL ${{ matrix.version }} build
if: ${{ matrix.build == true && steps.cache.outputs.cache-hit != 'true' }}
uses: actions/cache/save@v4
with:
path: ${{ env.KRYOPTIC_OPENSSL_SOURCES }}
key: ${{ steps.ossl-setup.outputs.cacheid }}
- name: Generate lock file
run: cargo generate-lockfile
- name: Cache Rust dependencies
uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ matrix.container }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Build & test
run: |
FEATURES="ossl/rfc9580"
OPTS="--no-default-features"
if [ "${{ matrix.version }}" = "3.0" ]; then
FEATURES="$FEATURES,minimal"
elif [ "${{ matrix.version }}" = "3.2" ]; then
FEATURES="$FEATURES,minimal,eddsa"
elif [ "${{ matrix.version }}" = "3.5" ]; then
FEATURES="$FEATURES,minimal,eddsa,mldsa,slhdsa,no_sha1"
fi
if [ "${{ matrix.build }}" = "false" ]; then
FEATURES="$FEATURES,dynamic"
fi
# create a bugus configuration file to make sure it is not used during tests
mkdir -p ~/.config/kryoptic/
cp testdata/test.conf ~/.config/kryoptic/token.conf
cargo build -vv $OPTS --features "$FEATURES"
TEST_PKCS11_MODULE="${PWD}/target/debug/libkryoptic_pkcs11.so"
export TEST_PKCS11_MODULE
cargo test -vv $OPTS --features "$FEATURES"
- uses: actions/upload-artifact@v4
if: failure()
with:
name: Build logs OpenSSL version ${{ matrix.name }}
path: |
target/debug/build/*/output