Initial implementation of opensl FIPS baseline process #959
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: qtbase Network Tests | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build_wolfprovider: | |
| uses: ./.github/workflows/build-wolfprovider.yml | |
| with: | |
| wolfssl_ref: ${{ matrix.wolfssl_ref }} | |
| openssl_ref: ${{ matrix.openssl_ref }} | |
| fips_ref: ${{ matrix.fips_ref }} | |
| replace_default: ${{ matrix.replace_default }} | |
| strategy: | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.4-stable' ] | |
| openssl_ref: [ 'openssl-3.5.4' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true ] | |
| test_qtbase_network: | |
| runs-on: ubuntu-22.04 | |
| needs: build_wolfprovider | |
| container: | |
| image: debian:bookworm | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| timeout-minutes: 40 | |
| strategy: | |
| matrix: | |
| qt_ref: [ 'v5.15.8-lts-lgpl' ] | |
| wolfssl_ref: [ 'v5.8.4-stable' ] | |
| openssl_ref: [ 'openssl-3.5.4' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] | |
| replace_default: [ true ] | |
| env: | |
| WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages | |
| OPENSSL_PACKAGES_PATH: /tmp/openssl-packages | |
| WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages | |
| steps: | |
| - name: Checkout wolfProvider | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download packages from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} | |
| path: /tmp | |
| - name: Install wolfSSL/OpenSSL/wolfprov packages | |
| run: | | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb | |
| - name: Verify wolfProvider is properly installed | |
| run: | | |
| $GITHUB_WORKSPACE/scripts/verify-install.sh \ | |
| ${{ matrix.replace_default && '--replace-default' || '' }} \ | |
| ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} | |
| - name: Install Qt dependencies | |
| run: | | |
| apt-get update | |
| apt-get install -y build-essential pkg-config dpkg-dev \ | |
| python3 perl libpcre2-dev zlib1g-dev cmake ninja-build \ | |
| bison flex libpng-dev libjpeg-dev git ca-certificates | |
| - name: Checkout OSP | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: wolfssl/osp | |
| path: osp | |
| fetch-depth: 1 | |
| - name: Checkout Qt | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: qt/qtbase | |
| path: qt5_repo | |
| ref: ${{ matrix.qt_ref }} | |
| fetch-depth: 1 | |
| - run: | | |
| cd qt5_repo | |
| patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/qtbase/qtbase-${{ matrix.qt_ref }}-wolfprov.patch | |
| - name: Configure Qt | |
| working-directory: qt5_repo | |
| run: | | |
| # Configure Qt with GUI support to avoid test dependency issues | |
| # Build with GUI support but skip examples and DBus | |
| ./configure -opensource -confirm-license -developer-build \ | |
| -nomake examples -no-dbus -no-opengl \ | |
| -openssl-linked | |
| - name: Build Qt (v5.15.8 - qmake) | |
| if: matrix.qt_ref != 'dev' | |
| working-directory: qt5_repo | |
| run: | | |
| make -k -j$(nproc) | |
| - name: Add test server to hosts | |
| run: | | |
| sh -c 'echo "127.0.0.1 qt-test-server.qt-test-net" >> /etc/hosts' | |
| - name: Run QSSLSocket test | |
| working-directory: qt5_repo | |
| shell: bash | |
| run: | | |
| set +e | |
| export ${{ matrix.force_fail }} | |
| # Run the QSSLSocket test, the make check takes too long | |
| QTEST_ENVIRONMENT=ci ./tests/auto/network/ssl/qsslsocket/tst_qsslsocket 2>&1 | tee qsslsocket-test.log | |
| # Check test results based on qt_ref | |
| if grep -q "521 passed" qsslsocket-test.log; then | |
| TEST_RESULT=0 | |
| echo "SUCCESS: Found 521 passed tests as expected" | |
| else | |
| TEST_RESULT=1 | |
| echo "Tests failed unexpectedly for 'v5.15.8-lts-lgpl' branch." | |
| fi | |
| $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} qtbase-qsslsocket |