# Notes: # /__w/openssl is the path that github bind-mounts into the container so the ci # filesystem for this job can be reached. Please note that any changes made to # this job involving file system paths should be made prefixed with, or relative # to that directory name: Interoperability tests with GnuTLS and NSS on: schedule: - cron: '55 02 * * *' workflow_dispatch: jobs: test: runs-on: ubuntu-22.04 container: image: docker.io/fedora:40 options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 timeout-minutes: 90 strategy: fail-fast: false matrix: COMPONENT: [gnutls, nss] env: COMPONENT: ${{ matrix.COMPONENT }} steps: - uses: actions/checkout@v4 - name: Display environment run: export - name : Install needed tools run: | dnf -y install perl gcc rpmdevtools dnf-utils make tmt-all beakerlib \ fips-mode-setup crypto-policies-scripts - name: install interop tests run: | cd ${GITHUB_WORKSPACE} git clone --branch=openssl-v0.1 --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git - name: build openssl as an rpm run: | mkdir -p /build/SPECS && cd /build && echo -e "%_topdir /build\n%_lto_cflags %{nil}" >~/.rpmmacros && rpmdev-setuptree cd /build && cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.spec SPECS/ && \ cd SPECS/ && source ${GITHUB_WORKSPACE}/VERSION.dat && \ sed -i "s/^Version: .*\$/Version: $MAJOR.$MINOR.$PATCH/" openssl.spec && \ sed -i 's/^Release: .*$/Release: dev/' openssl.spec yum-builddep -y /build/SPECS/openssl.spec # just for sure nothing is missing mkdir -p /build/SOURCES tar --transform "s/^__w\/openssl\/openssl/openssl-$MAJOR.$MINOR.$PATCH/" -czf /build/SOURCES/openssl-$MAJOR.$MINOR.$PATCH.tar.gz /__w/openssl/openssl/ rpmbuild -bb /build/SPECS/openssl.spec dnf install -y /build/RPMS/x86_64/openssl-* cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.cnf /etc/pki/tls/openssl.cnf - name: Run interop tests run: | cd interop tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local --feeling-safe execute -h tmt --interactive openssl version echo "Finished - important to prevent unwanted output truncating"