Enable additional capabilities for AWS-LC #2534
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| push: | |
| branches: | |
| - master | |
| env: | |
| RUSTFLAGS: -Dwarnings | |
| RUST_BACKTRACE: 1 | |
| concurrency: | |
| group: ${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| jobs: | |
| rustfmt: | |
| name: rustfmt | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: sfackler/actions/rustup@master | |
| - uses: sfackler/actions/rustfmt@master | |
| clippy: | |
| name: clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: sfackler/actions/rustup@master | |
| - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT | |
| id: rust-version | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry/index | |
| key: index-${{ runner.os }}-${{ github.run_number }} | |
| restore-keys: | | |
| index-${{ runner.os }}- | |
| - run: cargo generate-lockfile | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry/cache | |
| key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
| - run: cargo fetch | |
| - uses: actions/cache@v4 | |
| with: | |
| path: target | |
| key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
| - run: cargo clippy --all --all-targets | |
| min-version: | |
| name: min-version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Remember to also update `--rust-target` in `openssl-sys/build/run_bindgen.rs` | |
| - uses: sfackler/actions/rustup@master | |
| with: | |
| version: 1.63.0 | |
| - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT | |
| id: rust-version | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry/index | |
| key: index-${{ runner.os }}-${{ github.run_number }} | |
| restore-keys: | | |
| index-${{ runner.os }}- | |
| - run: cargo generate-lockfile | |
| - run: | | |
| cargo update -p once_cell --precise 1.20.3 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry/cache | |
| key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
| - run: cargo fetch | |
| - uses: actions/cache@v4 | |
| with: | |
| path: target | |
| key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
| - run: cargo check -p openssl | |
| windows-vcpkg: | |
| name: windows-vcpkg | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: sfackler/actions/rustup@master | |
| - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT | |
| id: rust-version | |
| - run: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append | |
| - run: vcpkg install openssl:x64-windows-static-md | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry/index | |
| key: index-${{ runner.os }}-${{ github.run_number }} | |
| restore-keys: | | |
| index-${{ runner.os }}- | |
| - run: cargo generate-lockfile | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry/cache | |
| key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
| - run: cargo fetch | |
| - uses: actions/cache@v4 | |
| with: | |
| path: target | |
| key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
| # - run: cargo run -p systest | |
| - run: cargo test -p openssl | |
| - run: cargo test -p openssl-errors | |
| macos-homebrew: | |
| name: macos-homebrew | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: sfackler/actions/rustup@master | |
| - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT | |
| id: rust-version | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry/index | |
| key: index-${{ runner.os }}-${{ github.run_number }} | |
| restore-keys: | | |
| index-${{ runner.os }}- | |
| - run: cargo generate-lockfile | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry/cache | |
| key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
| - run: cargo fetch | |
| - run: cargo run -p systest | |
| - run: cargo test -p openssl | |
| - run: cargo test -p openssl-errors | |
| linux: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - x86_64-unknown-linux-gnu | |
| - i686-unknown-linux-gnu | |
| - arm-unknown-linux-gnueabihf | |
| bindgen: | |
| - true | |
| - false | |
| library: | |
| - name: aws-lc | |
| version: v1.48.2 | |
| - name: aws-lc | |
| version: vendored | |
| - name: boringssl | |
| version: e23fe9b6eecc10e4f9ea1f0027fea5eaee7bd6b6 | |
| - name: openssl | |
| version: vendored | |
| - name: openssl | |
| version: 3.4.0 | |
| - name: openssl | |
| version: 3.3.0 | |
| - name: openssl | |
| version: 3.2.0 | |
| - name: openssl | |
| old: true | |
| version: 1.1.1w | |
| - name: openssl | |
| version: 1.1.0l | |
| old: true | |
| dl-path: /old/1.1.0 | |
| - name: openssl | |
| version: 1.0.2u | |
| old: true | |
| dl-path: /old/1.0.2 | |
| - name: openssl | |
| version: 1.0.1u | |
| old: true | |
| dl-path: /old/1.0.1 | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| bindgen: true | |
| library: | |
| name: libressl | |
| version: 2.5.5 | |
| - target: x86_64-unknown-linux-gnu | |
| bindgen: true | |
| library: | |
| name: libressl | |
| version: 3.8.4 | |
| - target: x86_64-unknown-linux-gnu | |
| bindgen: true | |
| library: | |
| name: libressl | |
| version: 3.9.2 | |
| - target: x86_64-unknown-linux-gnu | |
| bindgen: true | |
| library: | |
| name: libressl | |
| version: 4.0.0 | |
| - target: x86_64-unknown-linux-gnu | |
| bindgen: false | |
| library: | |
| name: libressl | |
| version: 2.5.5 | |
| - target: x86_64-unknown-linux-gnu | |
| bindgen: false | |
| library: | |
| name: libressl | |
| version: 3.8.4 | |
| - target: x86_64-unknown-linux-gnu | |
| bindgen: false | |
| library: | |
| name: libressl | |
| version: 3.9.2 | |
| - target: x86_64-unknown-linux-gnu | |
| bindgen: false | |
| library: | |
| name: libressl | |
| version: 4.0.0 | |
| name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }} | |
| runs-on: ubuntu-22.04 | |
| env: | |
| OPENSSL_DIR: /opt/openssl | |
| CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc | |
| CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_AR: arm-linux-gnueabihf-ar | |
| CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER: qemu-arm -L /usr/arm-linux-gnueabihf | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: sfackler/actions/rustup@master | |
| - run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT | |
| id: rust-version | |
| - run: rustup target add ${{ matrix.target }} | |
| - name: Install packages | |
| run: | | |
| case "${{ matrix.target }}" in | |
| "x86_64-unknown-linux-gnu") | |
| exit 0 | |
| ;; | |
| "i686-unknown-linux-gnu") | |
| packages="gcc-multilib g++-multilib" | |
| ;; | |
| "arm-unknown-linux-gnueabihf") | |
| packages="gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf qemu-user" | |
| ;; | |
| esac | |
| sudo apt-get update | |
| sudo apt-get install -y $packages | |
| - run: sudo apt-get remove -y libssl-dev | |
| - uses: actions/cache@v4 | |
| with: | |
| path: /opt/openssl | |
| key: openssl-${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-7 | |
| if: matrix.library.version != 'vendored' | |
| id: openssl-cache | |
| - run: | | |
| echo "RUST_TEST_THREADS=1" >> $GITHUB_ENV | |
| echo BINDGEN_EXTRA_CLANG_ARGS="--sysroot /usr/arm-linux-gnueabihf" >> $GITHUB_ENV | |
| if: matrix.target == 'arm-unknown-linux-gnueabihf' | |
| - name: Build OpenSSL | |
| run: | | |
| case "${{ matrix.library.name }}" in | |
| "openssl") | |
| if [[ "${{ matrix.library.old }}" == "true" ]]; then | |
| url="https://www.openssl.org/source${{ matrix.library.dl-path }}/openssl-${{ matrix.library.version }}.tar.gz" | |
| else | |
| url="https://github.com/openssl/openssl/releases/download/openssl-${{ matrix.library.version }}/openssl-${{ matrix.library.version }}.tar.gz" | |
| fi | |
| tar_flags="--strip-components=1" | |
| ;; | |
| "libressl") | |
| url="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${{ matrix.library.version }}.tar.gz" | |
| tar_flags="--strip-components=1" | |
| ;; | |
| "boringssl") | |
| url="https://boringssl.googlesource.com/boringssl/+archive/${{ matrix.library.version }}.tar.gz" | |
| tar_flags="" | |
| ;; | |
| "aws-lc") | |
| url="https://github.com/aws/aws-lc/archive/refs/tags/${{ matrix.library.version }}.tar.gz" | |
| tar_flags="--strip-components=1" | |
| ;; | |
| esac | |
| case "${{ matrix.target}}" in | |
| "x86_64-unknown-linux-gnu") | |
| CPU=x86_64 | |
| OS_COMPILER=linux-x86_64 | |
| OS_FLAGS="" | |
| ;; | |
| "i686-unknown-linux-gnu") | |
| CPU=i686 | |
| OS_COMPILER=linux-elf | |
| OS_FLAGS="-m32 -msse2" | |
| ;; | |
| "arm-unknown-linux-gnueabihf") | |
| CPU=armv4 | |
| OS_COMPILER=linux-armv4 | |
| OS_FLAGS="" | |
| export AR=arm-linux-gnueabihf-ar | |
| export CC=arm-linux-gnueabihf-gcc | |
| export CXX=arm-linux-gnueabihf-g++ | |
| ;; | |
| esac | |
| mkdir /tmp/build | |
| cd /tmp/build | |
| curl -L $url | tar $tar_flags -xzf - | |
| case "${{ matrix.library.name }}" in | |
| "openssl") | |
| ./Configure --prefix=$OPENSSL_DIR --libdir=lib $OS_COMPILER -fPIC -g $OS_FLAGS no-shared | |
| make | |
| make install_sw | |
| ;; | |
| "libressl") | |
| ./configure --prefix=$OPENSSL_DIR --disable-shared --with-pic | |
| make | |
| make install_sw | |
| ;; | |
| "boringssl") | |
| mkdir build | |
| cd build | |
| echo "set(CMAKE_SYSTEM_NAME Linux)" > toolchain.cmake | |
| echo "set(CMAKE_SYSTEM_PROCESSOR $CPU)" >> toolchain.cmake | |
| echo "set(triple ${{ matrix.target }})" >> toolchain.cmake | |
| echo 'set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} '$OS_FLAGS '" CACHE STRING "c++ flags")' >> toolchain.cmake | |
| echo 'set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} '$OS_FLAGS '" CACHE STRING "c flags")' >> toolchain.cmake | |
| echo 'set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} '$OS_FLAGS '" CACHE STRING "asm flags")' >> toolchain.cmake | |
| cmake .. -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DRUST_BINDINGS="${{ matrix.target }}" -DCMAKE_INSTALL_PREFIX="${OPENSSL_DIR}" -DCMAKE_TOOLCHAIN_FILE=toolchain.cmake | |
| make -j "$(nproc)" | |
| make install | |
| # Copy stuff around so it's all as the build system expects. | |
| cp -r ../rust/ "$OPENSSL_DIR/rust" | |
| cp -r ./ "$OPENSSL_DIR/build" | |
| ;; | |
| "aws-lc") | |
| mkdir build | |
| cd build | |
| echo "set(CMAKE_SYSTEM_NAME Linux)" > toolchain.cmake | |
| echo "set(CMAKE_SYSTEM_PROCESSOR $CPU)" >> toolchain.cmake | |
| echo "set(triple ${{ matrix.target }})" >> toolchain.cmake | |
| echo 'set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} '$OS_FLAGS '" CACHE STRING "c++ flags")' >> toolchain.cmake | |
| echo 'set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} '$OS_FLAGS '" CACHE STRING "c flags")' >> toolchain.cmake | |
| echo 'set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} '$OS_FLAGS '" CACHE STRING "asm flags")' >> toolchain.cmake | |
| cmake .. -DCMAKE_INSTALL_PREFIX="${OPENSSL_DIR}" -DCMAKE_TOOLCHAIN_FILE=toolchain.cmake | |
| make -j "$(nproc)" | |
| make install | |
| ;; | |
| esac | |
| if: matrix.library.version != 'vendored' && !steps.openssl-cache.outputs.cache-hit | |
| - run: | | |
| mkdir -p .cargo | |
| echo '[patch.crates-io]' > .cargo/config.toml | |
| echo 'bssl-sys = { path = "'$OPENSSL_DIR'/rust/bssl-sys" }' >> .cargo/config.toml | |
| if: matrix.library.name == 'boringssl' && !matrix.bindgen | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry/index | |
| key: index-${{ runner.os }}-${{ github.run_number }} | |
| restore-keys: | | |
| index-${{ runner.os }}- | |
| - run: cargo generate-lockfile | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry/cache | |
| key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
| - run: cargo fetch | |
| - uses: actions/cache@v4 | |
| with: | |
| path: target | |
| key: target-${{ matrix.target }}-${{ matrix.bindgen }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
| - name: Run systest | |
| run: | | |
| if [[ "${{ matrix.library.version }}" == "vendored" ]]; then | |
| features="--features vendored" | |
| fi | |
| if [[ "${{ matrix.bindgen }}" == "true" ]]; then | |
| features="$features --features bindgen" | |
| fi | |
| cargo run --manifest-path=systest/Cargo.toml --target ${{ matrix.target }} $features | |
| if: ${{ !(matrix.library.name == 'boringssl' || matrix.library.name == 'aws-lc') }} | |
| - name: Test openssl | |
| run: | | |
| if [[ "${{ matrix.library.name }}" == "boringssl" && "${{ matrix.bindgen }}" != "true" ]]; then | |
| features="--features unstable_boringssl" | |
| BORINGSSL_BUILD_DIR="$OPENSSL_DIR/build/" | |
| fi | |
| if [[ "${{ matrix.library.version }}" == "vendored" ]]; then | |
| if [[ "${{ matrix.library.name }}" == "aws-lc" ]]; then | |
| features="--features aws-lc" | |
| else | |
| features="--features vendored" | |
| fi | |
| fi | |
| if [[ "${{ matrix.bindgen }}" == "true" ]]; then | |
| features="$features --features bindgen" | |
| fi | |
| cargo test --manifest-path=openssl/Cargo.toml --target ${{ matrix.target }} $features | |
| - name: Test openssl-errors | |
| run: | | |
| if [[ "${{ matrix.library.version }}" == "vendored" ]]; then | |
| features="--features openssl-sys/vendored" | |
| fi | |
| if [[ "${{ matrix.bindgen }}" == "true" ]]; then | |
| features="$features --features openssl-sys/bindgen" | |
| fi | |
| cargo test --manifest-path=openssl-errors/Cargo.toml --target ${{ matrix.target }} $features | |
| if: ${{ !(matrix.library.name == 'boringssl' || matrix.library.name == 'aws-lc') }} |