1# Notes:
2# /__w/openssl is the path that github bind-mounts into the container so the ci
3# filesystem for this job can be reached.  Please note that any changes made to
4# this job involving file system paths should be made prefixed with, or relative
5# to that directory
6name: Interoperability tests with GnuTLS and NSS
7on:
8  schedule:
9    - cron: '55 02 * * *'
10  workflow_dispatch:
11
12jobs:
13  test:
14    runs-on: ubuntu-22.04
15    container:
16      image: docker.io/fedora:40
17      options: --sysctl net.ipv6.conf.lo.disable_ipv6=0
18    timeout-minutes: 90
19    strategy:
20      fail-fast: false
21      matrix:
22        COMPONENT: [gnutls, nss]
23    env:
24      COMPONENT: ${{ matrix.COMPONENT }}
25    steps:
26      - uses: actions/checkout@v4
27      - name: Display environment
28        run: export
29      - name : Install needed tools
30        run: |
31          dnf -y install perl gcc rpmdevtools dnf-utils make tmt-all beakerlib \
32                 fips-mode-setup crypto-policies-scripts
33      - name: install interop tests
34        run: |
35          cd ${GITHUB_WORKSPACE}
36          git clone --branch=openssl-v0.1 --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git
37      - name: build openssl as an rpm
38        run: |
39          mkdir -p /build/SPECS && cd /build && echo -e "%_topdir /build\n%_lto_cflags %{nil}" >~/.rpmmacros && rpmdev-setuptree
40          cd /build && cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.spec SPECS/ && \
41          cd SPECS/ && source ${GITHUB_WORKSPACE}/VERSION.dat && \
42          sed -i "s/^Version: .*\$/Version: $MAJOR.$MINOR.$PATCH/" openssl.spec && \
43          sed -i 's/^Release: .*$/Release: dev/' openssl.spec
44          yum-builddep -y /build/SPECS/openssl.spec # just for sure nothing is missing
45          mkdir -p /build/SOURCES
46          tar --transform "s/^__w\/openssl\/openssl/openssl-$MAJOR.$MINOR.$PATCH/" -czf /build/SOURCES/openssl-$MAJOR.$MINOR.$PATCH.tar.gz /__w/openssl/openssl/
47          rpmbuild -bb /build/SPECS/openssl.spec
48          dnf install -y /build/RPMS/x86_64/openssl-*
49          cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.cnf /etc/pki/tls/openssl.cnf
50      - name: Run interop tests
51        run: |
52          cd interop
53          tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local --feeling-safe execute -h tmt --interactive
54          openssl version
55          echo "Finished - important to prevent unwanted output truncating"
56