1# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. 2# 3# Licensed under the Apache License 2.0 (the "License"). You may not use 4# this file except in compliance with the License. You can obtain a copy 5# in the file LICENSE in the source distribution or at 6# https://www.openssl.org/source/license.html 7 8name: GitHub CI 9 10on: [pull_request, push] 11 12# for some reason, this does not work: 13# variables: 14# BUILDOPTS: "-j4" 15# HARNESS_JOBS: "${HARNESS_JOBS:-4}" 16 17# for some reason, this does not work: 18# before_script: 19# - make="make -s" 20 21permissions: 22 contents: read 23 24jobs: 25 check_update: 26 runs-on: ubuntu-latest 27 steps: 28 - name: install unifdef 29 run: | 30 sudo apt-get update 31 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef 32 - uses: actions/checkout@v2 33 with: 34 fetch-depth: 0 35 - name: config 36 run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump 37 - name: make build_generated 38 run: make -s build_generated 39 - name: make update 40 run: make update 41 - name: git diff 42 run: git diff --exit-code 43 44 check_docs: 45 runs-on: ubuntu-latest 46 steps: 47 - uses: actions/checkout@v2 48 - name: config 49 run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump 50 - name: make build_generated 51 run: make -s build_generated 52 - name: make doc-nits 53 run: make doc-nits 54 - name: make md-nits 55 run: | 56 sudo gem install mdl 57 make md-nits 58 59 # This checks that we use ANSI C language syntax and semantics. 60 # We are not as strict with libraries, but rather adapt to what's 61 # expected to be available in a certain version of each platform. 62 check-ansi: 63 runs-on: ubuntu-latest 64 steps: 65 - uses: actions/checkout@v2 66 - name: config 67 run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips enable-quic --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump 68 - name: make 69 run: make -s -j4 70 71 basic_gcc: 72 runs-on: ubuntu-latest 73 steps: 74 - uses: actions/checkout@v2 75 - name: localegen 76 run: sudo locale-gen tr_TR.UTF-8 77 - name: config 78 run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump 79 - name: make 80 run: make -s -j4 81 - name: make test 82 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 83 84 basic_clang: 85 runs-on: ubuntu-latest 86 steps: 87 - uses: actions/checkout@v2 88 - name: config 89 run: CC=clang ./config --banner=Configured no-fips --strict-warnings && perl configdata.pm --dump 90 - name: make 91 run: make -s -j4 92 - name: make test 93 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 94 95 minimal: 96 runs-on: ubuntu-latest 97 steps: 98 - uses: actions/checkout@v2 99 - name: config 100 run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump 101 - name: make 102 run: make -j4 # verbose, so no -s here 103 - name: make test 104 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 105 106 no-deprecated: 107 runs-on: ubuntu-latest 108 steps: 109 - uses: actions/checkout@v2 110 - name: config 111 run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips enable-quic && perl configdata.pm --dump 112 - name: make 113 run: make -s -j4 114 - name: make test 115 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 116 117 no-shared: 118 strategy: 119 matrix: 120 os: [ ubuntu-latest, macos-latest ] 121 runs-on: ${{matrix.os}} 122 steps: 123 - uses: actions/checkout@v2 124 - name: config 125 run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump 126 - name: make 127 run: make -s -j4 128 - name: make test 129 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 130 131 non-caching: 132 runs-on: ubuntu-latest 133 steps: 134 - uses: actions/checkout@v2 135 - name: config 136 run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump 137 - name: make 138 run: make -s -j4 139 - name: make test 140 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]" 141 142 address_ub_sanitizer: 143 runs-on: ubuntu-latest 144 steps: 145 - uses: actions/checkout@v2 146 - name: config 147 run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump 148 - name: make 149 run: make -s -j4 150 - name: make test 151 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 152 153 memory_sanitizer: 154 runs-on: ubuntu-latest 155 steps: 156 - uses: actions/checkout@v2 157 - name: config 158 # --debug -O1 is to produce a debug build that runs in a reasonable amount of time 159 run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic && perl configdata.pm --dump 160 - name: make 161 run: make -s -j4 162 - name: make test 163 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 164 165 threads_sanitizer: 166 runs-on: ubuntu-latest 167 steps: 168 - uses: actions/checkout@v2 169 - name: config 170 run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump 171 - name: make 172 run: make -s -j4 173 - name: make test 174 run: make V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp" test HARNESS_JOBS=${HARNESS_JOBS:-4} 175 176 enable_non-default_options: 177 runs-on: ubuntu-latest 178 steps: 179 - uses: actions/checkout@v2 180 - name: modprobe tls 181 run: sudo modprobe tls 182 - name: config 183 run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-quic && perl configdata.pm --dump 184 - name: make 185 run: make -s -j4 186 - name: make test 187 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 188 189 fips_and_ktls: 190 runs-on: ubuntu-latest 191 steps: 192 - uses: actions/checkout@v2 193 - name: modprobe tls 194 run: sudo modprobe tls 195 - name: config 196 run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-quic && perl configdata.pm --dump 197 - name: make 198 run: make -s -j4 199 - name: make test 200 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 201 202 no-legacy: 203 runs-on: ubuntu-latest 204 steps: 205 - uses: actions/checkout@v2 206 - name: config 207 run: ./config --banner=Configured --strict-warnings no-legacy enable-fips enable-quic && perl configdata.pm --dump 208 - name: make 209 run: make -s -j4 210 - name: make test 211 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 212 213 legacy: 214 runs-on: ubuntu-latest 215 steps: 216 - uses: actions/checkout@v2 217 - name: config 218 run: ./config --banner=Configured -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump 219 - name: make 220 run: make -s -j4 221 - name: make test 222 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 223 224 enable-tfo: 225 strategy: 226 matrix: 227 os: [ ubuntu-latest, macos-latest ] 228 runs-on: ${{matrix.os}} 229 steps: 230 - uses: actions/checkout@v2 231 - name: config 232 run: CC=gcc ./config --banner=Configured enable-tfo enable-quic --strict-warnings && perl configdata.pm --dump 233 - name: make 234 run: make -s -j4 235 - name: make test 236 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 237 238 buildtest: 239 runs-on: ubuntu-latest 240 steps: 241 - uses: actions/checkout@v2 242 - name: config 243 run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump 244 - name: make 245 run: make -s -j4 246 - name: make test 247 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 248 249 out-of-source-and-install: 250 strategy: 251 matrix: 252 os: [ubuntu-latest, macos-latest ] 253 runs-on: ${{matrix.os}} 254 steps: 255 - uses: actions/checkout@v2 256 - name: extra preparations 257 run: | 258 mkdir ./build 259 mkdir ./install 260 - name: config 261 run: ../config --banner=Configured enable-fips enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) && perl configdata.pm --dump 262 working-directory: ./build 263 - name: make 264 run: make -s -j4 265 working-directory: ./build 266 - name: make test 267 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 268 working-directory: ./build 269 - name: make install 270 run: make install 271 working-directory: ./build 272 273 external-tests: 274 runs-on: ubuntu-latest 275 steps: 276 - uses: actions/checkout@v2 277 with: 278 submodules: recursive 279 - name: package installs 280 run: | 281 sudo apt-get update 282 sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy 283 - name: install cpanm and Test2::V0 for gost_engine testing 284 uses: perl-actions/install-with-cpanm@v1 285 with: 286 install: Test2::V0 287 - name: setup hostname workaround 288 run: sudo hostname localhost 289 - name: config 290 run: ./config --banner=Configured --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump 291 - name: make 292 run: make -s -j4 293 - name: test external gost-engine 294 run: make test TESTS="test_external_gost_engine" 295 - name: test external krb5 296 run: make test TESTS="test_external_krb5" 297 - name: test external_tlsfuzzer 298 run: make test TESTS="test_external_tlsfuzzer" 299 - name: test external oqs-provider 300 run: make test TESTS="test_external_oqsprovider" 301 302 external-test-pyca: 303 runs-on: ubuntu-latest 304 strategy: 305 matrix: 306 RUST: 307 - 1.51.0 308 PYTHON: 309 - 3.9 310 steps: 311 - uses: actions/checkout@v2 312 with: 313 submodules: recursive 314 - name: Configure OpenSSL 315 run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump 316 - name: make 317 run: make -s -j4 318 - name: Setup Python 319 uses: actions/setup-python@v2.2.2 320 with: 321 python-version: ${{ matrix.PYTHON }} 322 - uses: actions-rs/toolchain@v1 323 with: 324 profile: minimal 325 toolchain: ${{ matrix.RUST }} 326 override: true 327 default: true 328 - name: test external pyca 329 run: make test TESTS="test_external_pyca" VERBOSE=1 330