1# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. 2# 3# Licensed under the Apache License 2.0 (the "License"). You may not use 4# this file except in compliance with the License. You can obtain a copy 5# in the file LICENSE in the source distribution or at 6# https://www.openssl.org/source/license.html 7 8name: GitHub CI 9 10on: [pull_request, push] 11 12# for some reason, this does not work: 13# variables: 14# BUILDOPTS: "-j4" 15# HARNESS_JOBS: "${HARNESS_JOBS:-4}" 16 17# for some reason, this does not work: 18# before_script: 19# - make="make -s" 20 21permissions: 22 contents: read 23 24env: 25 OSSL_RUN_CI_TESTS: 1 26 27jobs: 28 check_update: 29 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 30 steps: 31 - name: install unifdef 32 run: | 33 sudo apt-get update 34 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef 35 - uses: actions/checkout@v4 36 with: 37 fetch-depth: 0 38 - name: config 39 run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump 40 - name: make build_generated 41 run: make -s build_generated 42 - name: make update 43 run: make update 44 - name: git diff 45 run: git diff --exit-code 46 47 check_docs: 48 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 49 steps: 50 - uses: actions/checkout@v4 51 - name: config 52 run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump 53 - name: make build_generated 54 run: make -s build_generated 55 - name: make doc-nits 56 run: make doc-nits 57 - name: make help 58 run: make help 59 - name: make md-nits 60 run: | 61 sudo gem install mdl 62 make md-nits 63 64 # This checks that we use ANSI C language syntax and semantics. 65 # We are not as strict with libraries, but rather adapt to what's 66 # expected to be available in a certain version of each platform. 67 check-ansi: 68 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 69 steps: 70 - uses: actions/checkout@v4 71 - name: config 72 run: CPPFLAGS='-ansi -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --banner=Configured enable-sslkeylog no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips --strict-warnings && perl configdata.pm --dump 73 - name: make 74 run: make -s -j4 75 76 basic_gcc: 77 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 78 steps: 79 - uses: actions/checkout@v4 80 - name: checkout fuzz/corpora submodule 81 run: git submodule update --init --depth 1 fuzz/corpora 82 - name: localegen 83 run: sudo locale-gen tr_TR.UTF-8 84 - name: fipsvendor 85 # Make one fips build use a customized FIPS vendor 86 run: echo "FIPS_VENDOR=CI" >> VERSION.dat 87 - name: config 88 # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere 89 run: CC=gcc ./config --banner=Configured enable-demos enable-h3demo enable-sslkeylog enable-fips enable-quic --strict-warnings && perl configdata.pm --dump 90 - name: make 91 run: make -s -j4 92 - name: get cpu info 93 run: | 94 cat /proc/cpuinfo 95 ./util/opensslwrap.sh version -c 96 - name: make test 97 run: .github/workflows/make-test 98 - name: check fipsvendor 99 run: | 100 util/wrap.pl -fips apps/openssl list -providers | grep 'name: CI FIPS Provider for OpenSSL$' 101 - name: save artifacts 102 uses: actions/upload-artifact@v3 103 with: 104 name: "ci@basic-gcc" 105 path: artifacts.tar.gz 106 107 basic_clang: 108 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 109 steps: 110 - uses: actions/checkout@v4 111 - name: checkout fuzz/corpora submodule 112 run: git submodule update --init --depth 1 fuzz/corpora 113 - name: config 114 run: CC=clang ./config --banner=Configured enable-demos enable-h3demo no-fips --strict-warnings && perl configdata.pm --dump 115 - name: make 116 run: make -s -j4 117 - name: get cpu info 118 run: | 119 cat /proc/cpuinfo 120 ./util/opensslwrap.sh version -c 121 - name: make test 122 run: .github/workflows/make-test 123 - name: save artifacts 124 uses: actions/upload-artifact@v3 125 with: 126 name: "ci@basic-clang" 127 path: artifacts.tar.gz 128 129 self-hosted: 130 if: github.repository == 'openssl/openssl' 131 strategy: 132 matrix: 133 os: [freebsd-13.2, ubuntu-arm64-22.04] 134 runs-on: ${{ matrix.os }}-self-hosted 135 continue-on-error: true 136 steps: 137 - uses: actions/checkout@v4 138 - name: config 139 run: ./config enable-demos enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace 140 - name: config dump 141 run: ./configdata.pm --dump 142 - name: make 143 run: make -j4 144 - name: get cpu info 145 run: ./util/opensslwrap.sh version -c 146 - name: make test 147 run: .github/workflows/make-test 148 - name: save artifacts 149 uses: actions/upload-artifact@v3 150 with: 151 name: "ci@self-hosted-${{ matrix.os }}" 152 path: artifacts.tar.gz 153 154 minimal: 155 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 156 steps: 157 - uses: actions/checkout@v4 158 - name: checkout fuzz/corpora submodule 159 run: git submodule update --init --depth 1 fuzz/corpora 160 - name: config 161 run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump 162 - name: make 163 run: make -j4 # verbose, so no -s here 164 - name: get cpu info 165 run: | 166 cat /proc/cpuinfo 167 ./util/opensslwrap.sh version -c 168 - name: make test 169 run: .github/workflows/make-test 170 - name: save artifacts 171 uses: actions/upload-artifact@v3 172 with: 173 name: "ci@minimal" 174 path: artifacts.tar.gz 175 176 no-deprecated: 177 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 178 steps: 179 - uses: actions/checkout@v4 180 - name: checkout fuzz/corpora submodule 181 run: git submodule update --init --depth 1 fuzz/corpora 182 - name: config 183 run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-deprecated enable-fips && perl configdata.pm --dump 184 - name: make 185 run: make -s -j4 186 - name: get cpu info 187 run: | 188 cat /proc/cpuinfo 189 ./util/opensslwrap.sh version -c 190 - name: make test 191 run: .github/workflows/make-test 192 - name: save artifacts 193 uses: actions/upload-artifact@v3 194 with: 195 name: "ci@no-deprecated" 196 path: artifacts.tar.gz 197 198 no-shared-ubuntu: 199 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 200 steps: 201 - uses: actions/checkout@v4 202 - name: checkout fuzz/corpora submodule 203 run: git submodule update --init --depth 1 fuzz/corpora 204 - name: config 205 run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump 206 - name: make 207 run: make -s -j4 208 - name: get cpu info 209 run: | 210 cat /proc/cpuinfo 211 ./util/opensslwrap.sh version -c 212 - name: make test 213 run: .github/workflows/make-test 214 - name: save artifacts 215 uses: actions/upload-artifact@v3 216 with: 217 name: "ci@no-shared-ubuntu" 218 path: artifacts.tar.gz 219 220 no-shared-macos: 221 strategy: 222 fail-fast: false 223 matrix: 224 os: [macos-13, macos-14] 225 if: github.server_url == 'https://github.com' 226 runs-on: ${{ matrix.os }} 227 steps: 228 - uses: actions/checkout@v4 229 - name: checkout fuzz/corpora submodule 230 run: git submodule update --init --depth 1 fuzz/corpora 231 - name: config 232 run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump 233 - name: make 234 run: make -s -j4 235 - name: get cpu info 236 run: | 237 sysctl machdep.cpu 238 ./util/opensslwrap.sh version -c 239 - name: make test 240 run: .github/workflows/make-test 241 - name: save artifacts 242 uses: actions/upload-artifact@v3 243 with: 244 name: "ci@no-shared-${{ matrix.os }}" 245 path: artifacts.tar.gz 246 247 non-caching: 248 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 249 steps: 250 - uses: actions/checkout@v4 251 - name: checkout fuzz/corpora submodule 252 run: git submodule update --init --depth 1 fuzz/corpora 253 - name: Adjust ASLR for sanitizer 254 run: | 255 sudo cat /proc/sys/vm/mmap_rnd_bits 256 sudo sysctl -w vm.mmap_rnd_bits=28 257 - name: config 258 run: ./config --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump 259 - name: make 260 run: make -s -j4 261 - name: get cpu info 262 run: | 263 cat /proc/cpuinfo 264 ./util/opensslwrap.sh version -c 265 - name: make test 266 run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]" 267 - name: save artifacts 268 uses: actions/upload-artifact@v3 269 with: 270 name: "ci@non-caching" 271 path: artifacts.tar.gz 272 273 address_ub_sanitizer: 274 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 275 steps: 276 - uses: actions/checkout@v4 277 - name: checkout fuzz/corpora submodule 278 run: git submodule update --init --depth 1 fuzz/corpora 279 - name: Adjust ASLR for sanitizer 280 run: | 281 sudo cat /proc/sys/vm/mmap_rnd_bits 282 sudo sysctl -w vm.mmap_rnd_bits=28 283 - name: config 284 run: ./config --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump 285 - name: make 286 run: make -s -j4 287 - name: get cpu info 288 run: | 289 cat /proc/cpuinfo 290 ./util/opensslwrap.sh version -c 291 - name: make test 292 run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 293 - name: save artifacts 294 uses: actions/upload-artifact@v3 295 with: 296 name: "ci@address_ub_sanitizer" 297 path: artifacts.tar.gz 298 299 fuzz_tests: 300 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 301 steps: 302 - uses: actions/checkout@v4 303 - name: checkout fuzz/corpora submodule 304 run: git submodule update --init --depth 1 fuzz/corpora 305 - name: Adjust ASLR for sanitizer 306 run: | 307 sudo cat /proc/sys/vm/mmap_rnd_bits 308 sudo sysctl -w vm.mmap_rnd_bits=28 309 - name: config 310 run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump 311 - name: make 312 run: make -s -j4 313 - name: get cpu info 314 run: | 315 cat /proc/cpuinfo 316 ./util/opensslwrap.sh version -c 317 - name: make test 318 run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*" 319 - name: save artifacts 320 uses: actions/upload-artifact@v3 321 with: 322 name: "ci@fuzz_tests" 323 path: artifacts.tar.gz 324 if-no-files-found: ignore 325 326 memory_sanitizer: 327 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 328 steps: 329 - uses: actions/checkout@v4 330 - name: checkout fuzz/corpora submodule 331 run: git submodule update --init --depth 1 fuzz/corpora 332 - name: Adjust ASLR for sanitizer 333 run: | 334 sudo cat /proc/sys/vm/mmap_rnd_bits 335 sudo sysctl -w vm.mmap_rnd_bits=28 336 - name: config 337 # --debug -O1 is to produce a debug build that runs in a reasonable amount of time 338 run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump 339 - name: make 340 run: make -s -j4 341 - name: get cpu info 342 run: | 343 cat /proc/cpuinfo 344 ./util/opensslwrap.sh version -c 345 - name: make test 346 run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 347 - name: save artifacts 348 uses: actions/upload-artifact@v3 349 with: 350 name: "ci@memory_sanitizer" 351 path: artifacts.tar.gz 352 353 threads_sanitizer: 354 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 355 steps: 356 - uses: actions/checkout@v4 357 - name: checkout fuzz/corpora submodule 358 run: git submodule update --init --depth 1 fuzz/corpora 359 - name: Adjust ASLR for sanitizer 360 run: | 361 sudo cat /proc/sys/vm/mmap_rnd_bits 362 sudo sysctl -w vm.mmap_rnd_bits=28 363 - name: config 364 run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump 365 - name: make 366 run: make -s -j4 367 - name: get cpu info 368 run: | 369 cat /proc/cpuinfo 370 ./util/opensslwrap.sh version -c 371 - name: make test 372 run: .github/workflows/make-test V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*" 373 - name: save artifacts 374 uses: actions/upload-artifact@v3 375 with: 376 name: "ci@threads_sanitizer" 377 path: artifacts.tar.gz 378 379 enable_non-default_options: 380 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 381 steps: 382 - uses: actions/checkout@v4 383 - name: checkout fuzz/corpora submodule 384 run: git submodule update --init --depth 1 fuzz/corpora 385 - name: modprobe tls 386 run: sudo modprobe tls 387 - name: config 388 run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump 389 - name: make 390 run: make -s -j4 391 - name: get cpu info 392 run: | 393 cat /proc/cpuinfo 394 ./util/opensslwrap.sh version -c 395 - name: make test 396 run: .github/workflows/make-test 397 - name: save artifacts 398 uses: actions/upload-artifact@v3 399 with: 400 name: "ci@enable_non-default_options" 401 path: artifacts.tar.gz 402 403 full_featured: 404 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 405 steps: 406 - uses: actions/checkout@v4 407 - name: checkout fuzz/corpora submodule 408 run: git submodule update --init --depth 1 fuzz/corpora 409 - name: modprobe tls 410 run: sudo modprobe tls 411 - name: Enable sctp 412 run: sudo modprobe sctp 413 - name: Enable auth in sctp 414 run: sudo sysctl -w net.sctp.auth_enable=1 415 - name: install extra config support 416 run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd 417 - name: config 418 run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump 419 - name: make 420 run: make -s -j4 421 - name: get cpu info 422 run: | 423 cat /proc/cpuinfo 424 ./util/opensslwrap.sh version -c 425 - name: make test 426 run: .github/workflows/make-test 427 - name: save artifacts 428 uses: actions/upload-artifact@v3 429 with: 430 name: "ci@full_featured" 431 path: artifacts.tar.gz 432 433 no-legacy: 434 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 435 steps: 436 - uses: actions/checkout@v4 437 - name: checkout fuzz/corpora submodule 438 run: git submodule update --init --depth 1 fuzz/corpora 439 - name: config 440 run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-legacy enable-fips && perl configdata.pm --dump 441 - name: make 442 run: make -s -j4 443 - name: get cpu info 444 run: | 445 cat /proc/cpuinfo 446 ./util/opensslwrap.sh version -c 447 - name: make test 448 run: .github/workflows/make-test 449 - name: save artifacts 450 uses: actions/upload-artifact@v3 451 with: 452 name: "ci@no-legacy" 453 path: artifacts.tar.gz 454 455 legacy: 456 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 457 steps: 458 - uses: actions/checkout@v4 459 - name: checkout fuzz/corpora submodule 460 run: git submodule update --init --depth 1 fuzz/corpora 461 - name: config 462 run: ./config --banner=Configured -Werror --debug no-afalgeng enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump 463 - name: make 464 run: make -s -j4 465 - name: get cpu info 466 run: | 467 cat /proc/cpuinfo 468 ./util/opensslwrap.sh version -c 469 - name: make test 470 run: .github/workflows/make-test 471 - name: save artifacts 472 uses: actions/upload-artifact@v3 473 with: 474 name: "ci@legacy" 475 path: artifacts.tar.gz 476 477 # out-of-source-and-install checks multiple things at the same time: 478 # - That building, testing and installing works from an out-of-source 479 # build tree 480 # - That building, testing and installing works with a read-only source 481 # tree 482 out-of-readonly-source-and-install-ubuntu: 483 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 484 steps: 485 - uses: actions/checkout@v4 486 with: 487 path: ./source 488 - name: checkout fuzz/corpora submodule 489 run: git submodule update --init --depth 1 fuzz/corpora 490 working-directory: ./source 491 - name: make source read-only 492 run: chmod -R a-w ./source 493 - name: create build and install directories 494 run: | 495 mkdir ./build 496 mkdir ./install 497 - name: config 498 run: | 499 ../source/config --banner=Configured enable-demos enable-h3demo enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) 500 perl configdata.pm --dump 501 working-directory: ./build 502 - name: make 503 run: make -s -j4 504 working-directory: ./build 505 - name: get cpu info 506 run: | 507 cat /proc/cpuinfo 508 ./util/opensslwrap.sh version -c 509 working-directory: ./build 510 - name: make test 511 run: ../source/.github/workflows/make-test 512 working-directory: ./build 513 - name: save artifacts 514 uses: actions/upload-artifact@v3 515 with: 516 name: "ci@out-of-readonly-source-and-install-ubuntu" 517 path: build/artifacts.tar.gz 518 - name: make install 519 run: make install 520 working-directory: ./build 521 522 out-of-readonly-source-and-install-macos: 523 strategy: 524 fail-fast: false 525 matrix: 526 os: [macos-13, macos-14] 527 runs-on: ${{ matrix.os }} 528 if: github.server_url == 'https://github.com' 529 steps: 530 - uses: actions/checkout@v4 531 with: 532 path: ./source 533 - name: checkout fuzz/corpora submodule 534 run: git submodule update --init --depth 1 fuzz/corpora 535 working-directory: ./source 536 - name: make source read-only 537 run: chmod -R a-w ./source 538 - name: create build and install directories 539 run: | 540 mkdir ./build 541 mkdir ./install 542 - name: config 543 run: | 544 ../source/config --banner=Configured enable-fips enable-demos enable-h3demo enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) 545 perl configdata.pm --dump 546 working-directory: ./build 547 - name: make 548 run: make -s -j4 549 working-directory: ./build 550 - name: get cpu info 551 run: | 552 sysctl machdep.cpu 553 ./util/opensslwrap.sh version -c 554 working-directory: ./build 555 - name: make test 556 run: ../source/.github/workflows/make-test 557 working-directory: ./build 558 - name: save artifacts 559 uses: actions/upload-artifact@v3 560 with: 561 name: "ci@out-of-readonly-source-and-install-${{ matrix.os }}" 562 path: build/artifacts.tar.gz 563 - name: make install 564 run: make install 565 working-directory: ./build 566 567 external-tests-misc: 568 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 569 steps: 570 - uses: actions/checkout@v4 571 with: 572 submodules: recursive 573 - name: package installs 574 run: | 575 sudo apt-get update 576 sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy gdb 577 - name: install cpanm and Test2::V0 for gost_engine testing 578 uses: perl-actions/install-with-cpanm@stable 579 with: 580 install: Test2::V0 581 - name: setup hostname workaround 582 run: sudo hostname localhost 583 - name: config 584 run: ./config --banner=Configured --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump 585 - name: make 586 run: make -s -j4 587 - uses: dtolnay/rust-toolchain@stable 588 - name: get cpu info 589 run: | 590 cat /proc/cpuinfo 591 ./util/opensslwrap.sh version -c 592 - name: test external gost-engine 593 run: make test TESTS="test_external_gost_engine" 594 - name: test external krb5 595 run: make test TESTS="test_external_krb5" 596 - name: test external tlsfuzzer 597 run: make test TESTS="test_external_tlsfuzzer" 598 - name: test external Cloudflare quiche 599 run: make test TESTS="test_external_cf_quiche" VERBOSE=1 600 - name: test ability to produce debuginfo files 601 run: | 602 make debuginfo 603 gdb < <(echo -e "file ./libcrypto.so.3\nquit") > ./results 604 grep -q "Reading symbols from.*libcrypto\.so\.3\.debug" results 605 606 external-tests-providers: 607 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 608 steps: 609 - uses: actions/checkout@v4 610 with: 611 submodules: recursive 612 - name: package installs 613 run: | 614 sudo apt-get update 615 sudo apt-get -yq install meson pkg-config gnutls-bin libnss3-tools libnss3-dev libsofthsm2 opensc expect 616 - name: config 617 run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump 618 - name: make 619 run: make -s -j4 620 - name: get cpu info 621 run: | 622 cat /proc/cpuinfo 623 ./util/opensslwrap.sh version -c 624 - name: test external oqs-provider 625 run: make test TESTS="test_external_oqsprovider" 626 - name: test external pkcs11-provider 627 run: make test TESTS="test_external_pkcs11_provider" VERBOSE=1 628 629 external-tests-pyca: 630 runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} 631 strategy: 632 matrix: 633 RUST: 634 - 1.51.0 635 PYTHON: 636 - 3.9 637 steps: 638 - uses: actions/checkout@v4 639 with: 640 submodules: recursive 641 - name: Configure OpenSSL 642 run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump 643 - name: make 644 run: make -s -j4 645 - name: Setup Python 646 uses: actions/setup-python@v5.3.0 647 with: 648 python-version: ${{ matrix.PYTHON }} 649 - uses: dtolnay/rust-toolchain@master 650 with: 651 toolchain: ${{ matrix.RUST }} 652 - name: get cpu info 653 run: | 654 cat /proc/cpuinfo 655 ./util/opensslwrap.sh version -c 656 - name: test external pyca 657 run: make test TESTS="test_external_pyca" VERBOSE=1 658
