xref: /curl/.github/workflows/http3-linux.yml (revision b723f6a4)
1# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
2#
3# SPDX-License-Identifier: curl
4
5name: Linux HTTP/3
6
7'on':
8  push:
9    branches:
10      - master
11      - '*/ci'
12    paths-ignore:
13      - '**/*.md'
14      - '**/CMakeLists.txt'
15      - '.circleci/**'
16      - 'appveyor.*'
17      - 'CMake/**'
18      - 'packages/**'
19      - 'plan9/**'
20      - 'projects/**'
21      - 'winbuild/**'
22  pull_request:
23    branches:
24      - master
25    paths-ignore:
26      - '**/*.md'
27      - '**/CMakeLists.txt'
28      - '.circleci/**'
29      - 'appveyor.*'
30      - 'CMake/**'
31      - 'packages/**'
32      - 'plan9/**'
33      - 'projects/**'
34      - 'winbuild/**'
35
36concurrency:
37  # Hardcoded workflow filename as workflow name above is just Linux again
38  group: http3-${{ github.event.pull_request.number || github.sha }}
39  cancel-in-progress: true
40
41permissions: {}
42
43env:
44  MAKEFLAGS: -j 5
45  # handled in renovate.json
46  openssl-version: 3.4.0
47  # handled in renovate.json
48  quictls-version: 3.3.0
49  # renovate: datasource=github-tags depName=gnutls/gnutls versioning=semver registryUrl=https://github.com
50  gnutls-version: 3.8.8
51  wolfssl-version: master
52  # renovate: datasource=github-tags depName=ngtcp2/nghttp3 versioning=semver registryUrl=https://github.com
53  nghttp3-version: 1.6.0
54  # renovate: datasource=github-tags depName=ngtcp2/ngtcp2 versioning=semver registryUrl=https://github.com
55  ngtcp2-version: 1.8.1
56  # renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com
57  nghttp2-version: 1.64.0
58  # renovate: datasource=github-tags depName=cloudflare/quiche versioning=semver registryUrl=https://github.com
59  quiche-version: 0.22.0
60
61jobs:
62  setup:
63    runs-on: ubuntu-latest
64    outputs:
65      wolfssl-version: ${{ steps.wolfssl-version.outputs.result }}
66
67    steps:
68      - id: wolfssl-version
69        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
70        with:
71          result-encoding: string
72          script: |
73            let version = '${{ env.wolfssl-version }}'
74
75            if (version != 'master') {
76                return version
77            }
78
79            let { data: commits } = await github.rest.repos.listCommits({
80                owner: 'wolfSSL',
81                repo: 'wolfssl',
82            })
83
84            return commits[0].sha
85
86  build-cache:
87    needs:
88      - setup
89    runs-on: ubuntu-latest
90
91    steps:
92      - name: cache quictls
93        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
94        id: cache-quictls-no-deprecated
95        env:
96          cache-name: cache-quictls-no-deprecated
97        with:
98          path: /home/runner/quictls/build
99          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quictls-version }}-quic1
100
101      - name: cache gnutls
102        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
103        id: cache-gnutls
104        env:
105          cache-name: cache-gnutls
106        with:
107          path: /home/runner/gnutls/build
108          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.gnutls-version }}
109
110      - name: cache wolfssl
111        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
112        id: cache-wolfssl
113        env:
114          cache-name: cache-wolfssl
115          wolfssl-version: ${{ needs.setup.outputs.wolfssl-version }}
116        with:
117          path: /home/runner/wolfssl/build
118          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.wolfssl-version }}
119
120      - name: cache nghttp3
121        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
122        id: cache-nghttp3
123        env:
124          cache-name: cache-nghttp3
125        with:
126          path: /home/runner/nghttp3/build
127          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp3-version }}
128
129      - name: cache ngtcp2
130        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
131        id: cache-ngtcp2
132        env:
133          cache-name: cache-ngtcp2
134        with:
135          path: /home/runner/ngtcp2/build
136          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.ngtcp2-version }}
137
138      - name: cache nghttp2
139        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
140        id: cache-nghttp2
141        env:
142          cache-name: cache-nghttp2
143        with:
144          path: /home/runner/nghttp2/build
145          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp2-version }}
146
147      - id: settings
148        if: |
149          steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' ||
150          steps.cache-gnutls.outputs.cache-hit != 'true' ||
151          steps.cache-wolfssl.outputs.cache-hit != 'true' ||
152          steps.cache-nghttp3.outputs.cache-hit != 'true' ||
153          steps.cache-ngtcp2.outputs.cache-hit != 'true' ||
154          steps.cache-nghttp2.outputs.cache-hit != 'true'
155        run: |
156          echo 'needs-build=true' >> $GITHUB_OUTPUT
157
158      - name: install build prereqs
159        if: steps.settings.outputs.needs-build == 'true'
160        run: |
161          sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
162          sudo apt-get update -y
163          sudo apt-get install -y --no-install-suggests --no-install-recommends \
164            libtool autoconf automake pkgconf stunnel4 \
165            libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libev-dev libc-ares-dev \
166            nettle-dev libp11-kit-dev libtspi-dev libunistring-dev guile-2.2-dev libtasn1-bin \
167            libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \
168            texinfo texlive texlive-extra-utils autopoint libev-dev \
169            apache2 apache2-dev libnghttp2-dev
170          echo 'CC=gcc-12' >> $GITHUB_ENV
171          echo 'CXX=g++-12' >> $GITHUB_ENV
172
173      - if: steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true'
174        run: |
175          cd $HOME
176          git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }}-quic1 https://github.com/quictls/openssl quictls
177          cd quictls
178          ./config no-deprecated --prefix=$PWD/build --libdir=lib
179          make
180          make -j1 install_sw
181        name: 'build quictls'
182
183      - if: steps.cache-gnutls.outputs.cache-hit != 'true'
184        run: |
185          cd $HOME
186          git clone --quiet --depth=1 -b ${{ env.gnutls-version }} https://github.com/gnutls/gnutls.git
187          cd gnutls
188          ./bootstrap
189          ./configure --disable-dependency-tracking --prefix=$PWD/build \
190            LDFLAGS="-Wl,-rpath,$PWD/build/lib -L$PWD/build/lib" \
191            --with-included-libtasn1 --with-included-unistring \
192            --disable-guile --disable-doc --disable-tests --disable-tools
193          make
194          make install
195        name: 'build gnutls'
196
197      - if: steps.cache-wolfssl.outputs.cache-hit != 'true'
198        env:
199          wolfssl-version: ${{ needs.setup.outputs.wolfssl-version }}
200        run: |
201          cd $HOME
202          mkdir wolfssl
203          cd wolfssl
204          git init
205          git remote add origin https://github.com/wolfSSL/wolfssl.git
206          git fetch origin --depth=1 ${{ env.wolfssl-version }}
207          git checkout ${{ env.wolfssl-version }}
208          ./autogen.sh
209          ./configure --disable-dependency-tracking --enable-all --enable-quic --prefix=$PWD/build
210          make
211          make install
212        name: 'build wolfssl'
213
214      - if: steps.cache-nghttp3.outputs.cache-hit != 'true'
215        run: |
216          cd $HOME
217          git clone --quiet --depth=1 -b v${{ env.nghttp3-version }} https://github.com/ngtcp2/nghttp3
218          cd nghttp3
219          git submodule update --init --depth=1
220          autoreconf -fi
221          ./configure --disable-dependency-tracking --prefix=$PWD/build PKG_CONFIG_PATH="$PWD/build/lib/pkgconfig" --enable-lib-only
222          make
223          make install
224        name: 'build nghttp3'
225
226      - if: steps.cache-ngtcp2.outputs.cache-hit != 'true'
227        run: |
228          cd $HOME
229          git clone --quiet --depth=1 -b v${{ env.ngtcp2-version }} https://github.com/ngtcp2/ngtcp2
230          cd ngtcp2
231          autoreconf -fi
232          ./configure --disable-dependency-tracking --prefix=$PWD/build \
233            PKG_CONFIG_PATH="$PWD/build/lib/pkgconfig:$HOME/quictls/build/lib/pkgconfig:$HOME/gnutls/build/lib/pkgconfig:$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig" \
234            --enable-lib-only --with-openssl --with-gnutls --with-wolfssl
235          make install
236        name: 'build ngtcp2'
237
238      - if: steps.cache-nghttp2.outputs.cache-hit != 'true'
239        run: |
240          cd $HOME
241          git clone --quiet --depth=1 -b v${{ env.nghttp2-version }} https://github.com/nghttp2/nghttp2
242          cd nghttp2
243          autoreconf -fi
244          ./configure --disable-dependency-tracking --prefix=$PWD/build \
245            PKG_CONFIG_PATH="$HOME/build/lib/pkgconfig:$HOME/quictls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig" \
246            LDFLAGS="-Wl,-rpath,$HOME/quictls/build/lib" \
247            --enable-http3
248          make install
249        name: 'build nghttp2'
250
251  linux:
252    name: ${{ matrix.build.generate && 'CM' || 'AM' }} ${{ matrix.build.name }}
253    needs:
254      - setup
255      - build-cache
256    runs-on: 'ubuntu-24.04'
257    timeout-minutes: 45
258    strategy:
259      fail-fast: false
260      matrix:
261        build:
262          - name: quictls
263            PKG_CONFIG_PATH: '$HOME/quictls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig'
264            configure: >-
265              LDFLAGS="-Wl,-rpath,$HOME/quictls/build/lib"
266              --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug --disable-ntlm
267              --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx"
268              --with-openssl=$HOME/quictls/build
269
270          - name: gnutls
271            PKG_CONFIG_PATH: '$HOME/gnutls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig'
272            configure: >-
273              LDFLAGS="-Wl,-rpath,$HOME/gnutls/build/lib"
274              --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug
275              --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx"
276              --with-gnutls=$HOME/gnutls/build
277
278          - name: wolfssl
279            PKG_CONFIG_PATH: '$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig'
280            configure: >-
281              LDFLAGS="-Wl,-rpath,$HOME/wolfssl/build/lib"
282              --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug
283              --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx"
284              --with-wolfssl=$HOME/wolfssl/build
285
286          - name: wolfssl
287            PKG_CONFIG_PATH: '$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig'
288            generate: >-
289              -DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON -DENABLE_DEBUG=ON
290              -DTEST_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx"
291              -DHTTPD_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx"
292
293          - name: openssl-quic
294            PKG_CONFIG_PATH: '$HOME/openssl/build/lib64/pkgconfig'
295            configure: >-
296              LDFLAGS="-Wl,-rpath,$HOME/openssl/build/lib64"
297              --enable-warnings --enable-werror --enable-debug --disable-ntlm
298              --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx"
299              --with-openssl=$HOME/openssl/build --with-openssl-quic
300              --with-nghttp3=$HOME/nghttp3/build
301
302          - name: quiche
303            configure: >-
304              LDFLAGS="-Wl,-rpath,$HOME/quiche/target/release"
305              --with-openssl=$HOME/quiche/quiche/deps/boringssl/src
306              --enable-warnings --enable-werror --enable-debug
307              --with-quiche=$HOME/quiche/target/release
308              --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx"
309              --with-ca-fallback
310
311          - name: quiche
312            PKG_CONFIG_PATH: '$HOME/quiche/target/release'
313            generate: >-
314              -DOPENSSL_ROOT_DIR=$HOME/quiche/quiche/deps/boringssl/src -DENABLE_DEBUG=ON
315              -DUSE_QUICHE=ON
316              -DTEST_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx"
317              -DHTTPD_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx"
318              -DCURL_CA_FALLBACK=ON
319
320    steps:
321      - run: |
322          sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
323          sudo apt-get update -y
324          sudo apt-get install -y --no-install-suggests --no-install-recommends \
325            libtool autoconf automake ninja-build pkgconf stunnel4 \
326            libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libev-dev libc-ares-dev \
327            nettle-dev libp11-kit-dev libtspi-dev libunistring-dev guile-2.2-dev libtasn1-bin \
328            libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \
329            texinfo texlive texlive-extra-utils autopoint libev-dev \
330            apache2 apache2-dev libnghttp2-dev vsftpd
331          echo 'CC=gcc-12' >> $GITHUB_ENV
332          echo 'CXX=g++-12' >> $GITHUB_ENV
333        name: 'install prereqs'
334
335      - name: cache quictls
336        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
337        id: cache-quictls-no-deprecated
338        env:
339          cache-name: cache-quictls-no-deprecated
340        with:
341          path: /home/runner/quictls/build
342          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quictls-version }}
343          fail-on-cache-miss: true
344
345      - name: cache gnutls
346        if: matrix.build.name == 'gnutls'
347        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
348        id: cache-gnutls
349        env:
350          cache-name: cache-gnutls
351        with:
352          path: /home/runner/gnutls/build
353          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.gnutls-version }}
354          fail-on-cache-miss: true
355
356      - name: cache wolfssl
357        if: matrix.build.name == 'wolfssl'
358        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
359        id: cache-wolfssl
360        env:
361          cache-name: cache-wolfssl
362          wolfssl-version: ${{ needs.setup.outputs.wolfssl-version }}
363        with:
364          path: /home/runner/wolfssl/build
365          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.wolfssl-version }}
366          fail-on-cache-miss: true
367
368      - name: cache nghttp3
369        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
370        id: cache-nghttp3
371        env:
372          cache-name: cache-nghttp3
373        with:
374          path: /home/runner/nghttp3/build
375          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp3-version }}
376          fail-on-cache-miss: true
377
378      - name: cache ngtcp2
379        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
380        id: cache-ngtcp2
381        env:
382          cache-name: cache-ngtcp2
383        with:
384          path: /home/runner/ngtcp2/build
385          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.ngtcp2-version }}
386          fail-on-cache-miss: true
387
388      - name: cache nghttp2
389        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
390        id: cache-nghttp2
391        env:
392          cache-name: cache-nghttp2
393        with:
394          path: /home/runner/nghttp2/build
395          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp2-version }}
396          fail-on-cache-miss: true
397
398      - name: cache openssl
399        if: matrix.build.name == 'openssl-quic'
400        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
401        id: cache-openssl
402        env:
403          cache-name: cache-openssl
404        with:
405          path: /home/runner/openssl/build
406          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.openssl-version }}
407
408      - name: 'install openssl'
409        if: matrix.build.name == 'openssl-quic' && steps.cache-openssl.outputs.cache-hit != 'true'
410        run: |
411          git clone --quiet --depth=1 -b openssl-${{ env.openssl-version }} https://github.com/openssl/openssl
412          cd openssl
413          ./config --prefix=$HOME/openssl/build
414          make -j1 install_sw
415          cat exporters/openssl.pc
416
417      - name: cache quiche
418        if: matrix.build.name == 'quiche'
419        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
420        id: cache-quiche
421        env:
422          cache-name: cache-quiche
423        with:
424          path: /home/runner/quiche
425          key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quiche-version }}
426
427      - if: matrix.build.name == 'quiche' && steps.cache-quiche.outputs.cache-hit != 'true'
428        run: |
429          cd $HOME
430          git clone --quiet --depth=1 -b ${{ env.quiche-version }} --recursive https://github.com/cloudflare/quiche.git
431          cd quiche
432          #### Work-around https://github.com/curl/curl/issues/7927 #######
433          #### See https://github.com/alexcrichton/cmake-rs/issues/131 ####
434          sed -i -e 's/cmake = "0.1"/cmake = "=0.1.45"/' quiche/Cargo.toml
435
436          cargo build -v --package quiche --release --features ffi,pkg-config-meta,qlog --verbose
437          ln -s libquiche.so target/release/libquiche.so.0
438          mkdir -v quiche/deps/boringssl/src/lib
439          ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/
440
441          # include dir
442          # $HOME/quiche/quiche/deps/boringssl/src/include
443          # lib dir
444          # $HOME/quiche/quiche/deps/boringssl/src/lib
445        name: 'build quiche and boringssl'
446
447      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
448
449      - run: autoreconf -fi
450        if: ${{ matrix.build.configure }}
451        name: 'autoreconf'
452
453      - name: 'configure'
454        run: |
455          if [ -n '${{ matrix.build.PKG_CONFIG_PATH }}' ]; then
456            export PKG_CONFIG_PATH="${{ matrix.build.PKG_CONFIG_PATH }}"
457          fi
458          if [ -n '${{ matrix.build.generate }}' ]; then
459            cmake -B . -G Ninja \
460              -DCMAKE_C_COMPILER_TARGET=$(uname -m)-pc-linux-gnu -DBUILD_STATIC_LIBS=ON \
461              -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON -DCURL_WERROR=ON \
462              -DCURL_BROTLI=ON -DCURL_ZSTD=ON \
463              ${{ matrix.build.generate }}
464          else
465            ./configure --disable-dependency-tracking --enable-unity --enable-test-bundles --enable-warnings --enable-werror \
466              ${{ matrix.build.configure }}
467          fi
468
469      - name: 'configure log'
470        if: ${{ !cancelled() }}
471        run: cat config.log CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true
472
473      - name: 'curl_config.h'
474        run: |
475          echo '::group::raw'; cat lib/curl_config.h || true; echo '::endgroup::'
476          grep -F '#define' lib/curl_config.h | sort || true
477
478      - name: 'test configs'
479        run: |
480          cat tests/config || true
481          cat tests/http/config.ini || true
482
483      - name: 'build'
484        run: |
485          if [ -n '${{ matrix.build.generate }}' ]; then
486            cmake --build . --verbose
487          else
488            make V=1
489          fi
490
491      - run: ./src/curl -V
492        name: 'check curl -V output'
493
494      - name: 'build tests'
495        run: |
496          if [ -n '${{ matrix.build.generate }}' ]; then
497            cmake --build . --verbose --target testdeps
498          else
499            make V=1 -C tests
500          fi
501
502      - name: 'install test prereqs'
503        run: |
504          sudo python3 -m pip install --break-system-packages -r tests/requirements.txt
505
506      - name: 'run tests'
507        env:
508          TFLAGS: "${{ matrix.build.tflags }}"
509        run: |
510          if [ -n '${{ matrix.build.generate }}' ]; then
511            cmake --build . --verbose --target test-ci
512          else
513            make V=1 test-ci
514          fi
515
516      - name: 'install pytest prereqs'
517        run: |
518          sudo python3 -m pip install --break-system-packages -r tests/http/requirements.txt
519
520      - name: 'run pytest'
521        env:
522          TFLAGS: "${{ matrix.build.tflags }}"
523          CURL_CI: github
524        run: |
525          if [ -n '${{ matrix.build.generate }}' ]; then
526            cmake --build . --verbose --target curl-pytest-ci
527          else
528            make V=1 pytest-ci
529          fi
530
531      - name: 'build examples'
532        run: |
533          if [ -n '${{ matrix.build.generate }}' ]; then
534            cmake --build . --verbose --target curl-examples
535          else
536            make V=1 examples
537          fi
538