1# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 2# 3# SPDX-License-Identifier: curl 4 5name: Linux HTTP/3 6 7'on': 8 push: 9 branches: 10 - master 11 - '*/ci' 12 paths-ignore: 13 - '**/*.md' 14 - '**/CMakeLists.txt' 15 - '.circleci/**' 16 - 'appveyor.*' 17 - 'CMake/**' 18 - 'packages/**' 19 - 'plan9/**' 20 - 'projects/**' 21 - 'winbuild/**' 22 pull_request: 23 branches: 24 - master 25 paths-ignore: 26 - '**/*.md' 27 - '**/CMakeLists.txt' 28 - '.circleci/**' 29 - 'appveyor.*' 30 - 'CMake/**' 31 - 'packages/**' 32 - 'plan9/**' 33 - 'projects/**' 34 - 'winbuild/**' 35 36concurrency: 37 # Hardcoded workflow filename as workflow name above is just Linux again 38 group: http3-${{ github.event.pull_request.number || github.sha }} 39 cancel-in-progress: true 40 41permissions: {} 42 43env: 44 MAKEFLAGS: -j 5 45 # handled in renovate.json 46 openssl-version: 3.4.0 47 # handled in renovate.json 48 quictls-version: 3.3.0 49 # renovate: datasource=github-tags depName=gnutls/gnutls versioning=semver registryUrl=https://github.com 50 gnutls-version: 3.8.8 51 wolfssl-version: master 52 # renovate: datasource=github-tags depName=ngtcp2/nghttp3 versioning=semver registryUrl=https://github.com 53 nghttp3-version: 1.7.0 54 # renovate: datasource=github-tags depName=ngtcp2/ngtcp2 versioning=semver registryUrl=https://github.com 55 ngtcp2-version: 1.10.0 56 # renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com 57 nghttp2-version: 1.64.0 58 # renovate: datasource=github-tags depName=cloudflare/quiche versioning=semver registryUrl=https://github.com 59 quiche-version: 0.22.0 60 61jobs: 62 setup: 63 runs-on: ubuntu-latest 64 outputs: 65 wolfssl-version: ${{ steps.wolfssl-version.outputs.result }} 66 67 steps: 68 - id: wolfssl-version 69 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 70 with: 71 result-encoding: string 72 script: | 73 let version = '${{ env.wolfssl-version }}' 74 75 if (version != 'master') { 76 return version 77 } 78 79 let { data: commits } = await github.rest.repos.listCommits({ 80 owner: 'wolfSSL', 81 repo: 'wolfssl', 82 }) 83 84 return commits[0].sha 85 86 build-cache: 87 needs: 88 - setup 89 runs-on: ubuntu-latest 90 91 steps: 92 - name: cache quictls 93 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 94 id: cache-quictls-no-deprecated 95 env: 96 cache-name: cache-quictls-no-deprecated 97 with: 98 path: /home/runner/quictls/build 99 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quictls-version }}-quic1 100 101 - name: cache gnutls 102 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 103 id: cache-gnutls 104 env: 105 cache-name: cache-gnutls 106 with: 107 path: /home/runner/gnutls/build 108 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.gnutls-version }} 109 110 - name: cache wolfssl 111 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 112 id: cache-wolfssl 113 env: 114 cache-name: cache-wolfssl 115 wolfssl-version: ${{ needs.setup.outputs.wolfssl-version }} 116 with: 117 path: /home/runner/wolfssl/build 118 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.wolfssl-version }} 119 120 - name: cache nghttp3 121 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 122 id: cache-nghttp3 123 env: 124 cache-name: cache-nghttp3 125 with: 126 path: /home/runner/nghttp3/build 127 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp3-version }} 128 129 - name: cache ngtcp2 130 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 131 id: cache-ngtcp2 132 env: 133 cache-name: cache-ngtcp2 134 with: 135 path: /home/runner/ngtcp2/build 136 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.ngtcp2-version }} 137 138 - name: cache nghttp2 139 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 140 id: cache-nghttp2 141 env: 142 cache-name: cache-nghttp2 143 with: 144 path: /home/runner/nghttp2/build 145 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp2-version }} 146 147 - id: settings 148 if: | 149 steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' || 150 steps.cache-gnutls.outputs.cache-hit != 'true' || 151 steps.cache-wolfssl.outputs.cache-hit != 'true' || 152 steps.cache-nghttp3.outputs.cache-hit != 'true' || 153 steps.cache-ngtcp2.outputs.cache-hit != 'true' || 154 steps.cache-nghttp2.outputs.cache-hit != 'true' 155 run: | 156 echo 'needs-build=true' >> $GITHUB_OUTPUT 157 158 - name: install build prereqs 159 if: steps.settings.outputs.needs-build == 'true' 160 run: | 161 sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list 162 sudo apt-get update -y 163 sudo apt-get install -y --no-install-suggests --no-install-recommends \ 164 libtool autoconf automake pkgconf stunnel4 \ 165 libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libev-dev libc-ares-dev \ 166 nettle-dev libp11-kit-dev libtspi-dev libunistring-dev guile-2.2-dev libtasn1-bin \ 167 libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \ 168 texinfo texlive texlive-extra-utils autopoint libev-dev \ 169 apache2 apache2-dev libnghttp2-dev 170 echo 'CC=gcc-12' >> $GITHUB_ENV 171 echo 'CXX=g++-12' >> $GITHUB_ENV 172 173 - if: steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' 174 run: | 175 cd $HOME 176 git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }}-quic1 https://github.com/quictls/openssl quictls 177 cd quictls 178 ./config no-deprecated --prefix=$PWD/build --libdir=lib no-makedepend no-apps no-docs no-tests 179 make 180 make -j1 install_sw 181 name: 'build quictls' 182 183 - if: steps.cache-gnutls.outputs.cache-hit != 'true' 184 run: | 185 cd $HOME 186 git clone --quiet --depth=1 -b ${{ env.gnutls-version }} https://github.com/gnutls/gnutls.git 187 cd gnutls 188 ./bootstrap 189 ./configure --disable-dependency-tracking --prefix=$PWD/build \ 190 LDFLAGS="-Wl,-rpath,$PWD/build/lib -L$PWD/build/lib" \ 191 --with-included-libtasn1 --with-included-unistring \ 192 --disable-guile --disable-doc --disable-tests --disable-tools 193 make 194 make install 195 name: 'build gnutls' 196 197 - if: steps.cache-wolfssl.outputs.cache-hit != 'true' 198 env: 199 wolfssl-version: ${{ needs.setup.outputs.wolfssl-version }} 200 run: | 201 cd $HOME 202 mkdir wolfssl 203 cd wolfssl 204 git init 205 git remote add origin https://github.com/wolfSSL/wolfssl.git 206 git fetch origin --depth=1 ${{ env.wolfssl-version }} 207 git checkout ${{ env.wolfssl-version }} 208 ./autogen.sh 209 ./configure --disable-dependency-tracking --enable-all --enable-quic \ 210 --disable-benchmark --disable-crypttests --disable-examples --prefix=$PWD/build 211 make 212 make install 213 name: 'build wolfssl' 214 215 - if: steps.cache-nghttp3.outputs.cache-hit != 'true' 216 run: | 217 cd $HOME 218 git clone --quiet --depth=1 -b v${{ env.nghttp3-version }} https://github.com/ngtcp2/nghttp3 219 cd nghttp3 220 git submodule update --init --depth=1 221 autoreconf -fi 222 ./configure --disable-dependency-tracking --prefix=$PWD/build PKG_CONFIG_PATH="$PWD/build/lib/pkgconfig" --enable-lib-only 223 make 224 make install 225 name: 'build nghttp3' 226 227 - if: steps.cache-ngtcp2.outputs.cache-hit != 'true' 228 run: | 229 cd $HOME 230 git clone --quiet --depth=1 -b v${{ env.ngtcp2-version }} https://github.com/ngtcp2/ngtcp2 231 cd ngtcp2 232 autoreconf -fi 233 ./configure --disable-dependency-tracking --prefix=$PWD/build \ 234 PKG_CONFIG_PATH="$PWD/build/lib/pkgconfig:$HOME/quictls/build/lib/pkgconfig:$HOME/gnutls/build/lib/pkgconfig:$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig" \ 235 --enable-lib-only --with-openssl --with-gnutls --with-wolfssl 236 make install 237 name: 'build ngtcp2' 238 239 - if: steps.cache-nghttp2.outputs.cache-hit != 'true' 240 run: | 241 cd $HOME 242 git clone --quiet --depth=1 -b v${{ env.nghttp2-version }} https://github.com/nghttp2/nghttp2 243 cd nghttp2 244 autoreconf -fi 245 ./configure --disable-dependency-tracking --prefix=$PWD/build \ 246 PKG_CONFIG_PATH="$HOME/build/lib/pkgconfig:$HOME/quictls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig" \ 247 LDFLAGS="-Wl,-rpath,$HOME/quictls/build/lib" \ 248 --enable-http3 249 make install 250 name: 'build nghttp2' 251 252 linux: 253 name: ${{ matrix.build.generate && 'CM' || 'AM' }} ${{ matrix.build.name }} 254 needs: 255 - setup 256 - build-cache 257 runs-on: 'ubuntu-24.04' 258 timeout-minutes: 45 259 strategy: 260 fail-fast: false 261 matrix: 262 build: 263 - name: quictls 264 PKG_CONFIG_PATH: '$HOME/quictls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig' 265 configure: >- 266 LDFLAGS="-Wl,-rpath,$HOME/quictls/build/lib" 267 --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug --disable-ntlm 268 --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" 269 --with-openssl=$HOME/quictls/build 270 271 - name: gnutls 272 PKG_CONFIG_PATH: '$HOME/gnutls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig' 273 configure: >- 274 LDFLAGS="-Wl,-rpath,$HOME/gnutls/build/lib" 275 --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug 276 --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" 277 --with-gnutls=$HOME/gnutls/build 278 279 - name: wolfssl 280 PKG_CONFIG_PATH: '$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig' 281 configure: >- 282 LDFLAGS="-Wl,-rpath,$HOME/wolfssl/build/lib" 283 --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug 284 --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" 285 --with-wolfssl=$HOME/wolfssl/build 286 --enable-ech 287 288 - name: wolfssl 289 PKG_CONFIG_PATH: '$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig' 290 generate: >- 291 -DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON -DENABLE_DEBUG=ON 292 -DTEST_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx" 293 -DHTTPD_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx" 294 -DUSE_ECH=ON 295 296 - name: openssl-quic 297 PKG_CONFIG_PATH: '$HOME/openssl/build/lib64/pkgconfig' 298 configure: >- 299 LDFLAGS="-Wl,-rpath,$HOME/openssl/build/lib64" 300 --enable-warnings --enable-werror --enable-debug --disable-ntlm 301 --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" 302 --with-openssl=$HOME/openssl/build --with-openssl-quic 303 --with-nghttp3=$HOME/nghttp3/build 304 305 - name: quiche 306 configure: >- 307 LDFLAGS="-Wl,-rpath,$HOME/quiche/target/release" 308 --with-openssl=$HOME/quiche/quiche/deps/boringssl/src 309 --enable-warnings --enable-werror --enable-debug 310 --with-quiche=$HOME/quiche/target/release 311 --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" 312 --with-ca-fallback 313 314 - name: quiche 315 PKG_CONFIG_PATH: '$HOME/quiche/target/release' 316 generate: >- 317 -DOPENSSL_ROOT_DIR=$HOME/quiche/quiche/deps/boringssl/src -DENABLE_DEBUG=ON 318 -DUSE_QUICHE=ON 319 -DTEST_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx" 320 -DHTTPD_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx" 321 -DCURL_CA_FALLBACK=ON 322 323 steps: 324 - run: | 325 sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list 326 sudo apt-get update -y 327 sudo apt-get install -y --no-install-suggests --no-install-recommends \ 328 libtool autoconf automake ninja-build pkgconf stunnel4 \ 329 libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libev-dev libc-ares-dev \ 330 nettle-dev libp11-kit-dev libtspi-dev libunistring-dev guile-2.2-dev libtasn1-bin \ 331 libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \ 332 texinfo texlive texlive-extra-utils autopoint libev-dev \ 333 apache2 apache2-dev libnghttp2-dev vsftpd 334 python3 -m venv $HOME/venv 335 echo 'CC=gcc-12' >> $GITHUB_ENV 336 echo 'CXX=g++-12' >> $GITHUB_ENV 337 name: 'install prereqs' 338 339 - name: cache quictls 340 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 341 id: cache-quictls-no-deprecated 342 env: 343 cache-name: cache-quictls-no-deprecated 344 with: 345 path: /home/runner/quictls/build 346 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quictls-version }} 347 fail-on-cache-miss: true 348 349 - name: cache gnutls 350 if: matrix.build.name == 'gnutls' 351 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 352 id: cache-gnutls 353 env: 354 cache-name: cache-gnutls 355 with: 356 path: /home/runner/gnutls/build 357 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.gnutls-version }} 358 fail-on-cache-miss: true 359 360 - name: cache wolfssl 361 if: matrix.build.name == 'wolfssl' 362 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 363 id: cache-wolfssl 364 env: 365 cache-name: cache-wolfssl 366 wolfssl-version: ${{ needs.setup.outputs.wolfssl-version }} 367 with: 368 path: /home/runner/wolfssl/build 369 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.wolfssl-version }} 370 fail-on-cache-miss: true 371 372 - name: cache nghttp3 373 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 374 id: cache-nghttp3 375 env: 376 cache-name: cache-nghttp3 377 with: 378 path: /home/runner/nghttp3/build 379 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp3-version }} 380 fail-on-cache-miss: true 381 382 - name: cache ngtcp2 383 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 384 id: cache-ngtcp2 385 env: 386 cache-name: cache-ngtcp2 387 with: 388 path: /home/runner/ngtcp2/build 389 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.ngtcp2-version }} 390 fail-on-cache-miss: true 391 392 - name: cache nghttp2 393 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 394 id: cache-nghttp2 395 env: 396 cache-name: cache-nghttp2 397 with: 398 path: /home/runner/nghttp2/build 399 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp2-version }} 400 fail-on-cache-miss: true 401 402 - name: cache openssl 403 if: matrix.build.name == 'openssl-quic' 404 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 405 id: cache-openssl 406 env: 407 cache-name: cache-openssl 408 with: 409 path: /home/runner/openssl/build 410 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.openssl-version }} 411 412 - name: 'install openssl' 413 if: matrix.build.name == 'openssl-quic' && steps.cache-openssl.outputs.cache-hit != 'true' 414 run: | 415 git clone --quiet --depth=1 -b openssl-${{ env.openssl-version }} https://github.com/openssl/openssl 416 cd openssl 417 ./config --prefix=$HOME/openssl/build no-makedepend no-apps no-docs no-tests 418 make 419 make -j1 install_sw 420 cat exporters/openssl.pc 421 422 - name: cache quiche 423 if: matrix.build.name == 'quiche' 424 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 425 id: cache-quiche 426 env: 427 cache-name: cache-quiche 428 with: 429 path: /home/runner/quiche 430 key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quiche-version }} 431 432 - if: matrix.build.name == 'quiche' && steps.cache-quiche.outputs.cache-hit != 'true' 433 run: | 434 cd $HOME 435 git clone --quiet --depth=1 -b ${{ env.quiche-version }} --recursive https://github.com/cloudflare/quiche.git 436 cd quiche 437 #### Work-around https://github.com/curl/curl/issues/7927 ####### 438 #### See https://github.com/alexcrichton/cmake-rs/issues/131 #### 439 sed -i -e 's/cmake = "0.1"/cmake = "=0.1.45"/' quiche/Cargo.toml 440 441 cargo build -v --package quiche --release --features ffi,pkg-config-meta,qlog --verbose 442 ln -s libquiche.so target/release/libquiche.so.0 443 mkdir -v quiche/deps/boringssl/src/lib 444 ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/ 445 446 # include dir 447 # $HOME/quiche/quiche/deps/boringssl/src/include 448 # lib dir 449 # $HOME/quiche/quiche/deps/boringssl/src/lib 450 name: 'build quiche and boringssl' 451 452 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 453 with: 454 persist-credentials: false 455 456 - run: autoreconf -fi 457 if: ${{ matrix.build.configure }} 458 name: 'autoreconf' 459 460 - name: 'configure' 461 run: | 462 if [ -n '${{ matrix.build.PKG_CONFIG_PATH }}' ]; then 463 export PKG_CONFIG_PATH="${{ matrix.build.PKG_CONFIG_PATH }}" 464 fi 465 if [ -n '${{ matrix.build.generate }}' ]; then 466 cmake -B . -G Ninja \ 467 -DCMAKE_C_COMPILER_TARGET=$(uname -m)-pc-linux-gnu -DBUILD_STATIC_LIBS=ON \ 468 -DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON -DCURL_WERROR=ON \ 469 ${{ matrix.build.generate }} 470 else 471 ./configure --disable-dependency-tracking --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ 472 ${{ matrix.build.configure }} 473 fi 474 475 - name: 'configure log' 476 if: ${{ !cancelled() }} 477 run: cat config.log CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true 478 479 - name: 'curl_config.h' 480 run: | 481 echo '::group::raw'; cat lib/curl_config.h || true; echo '::endgroup::' 482 grep -F '#define' lib/curl_config.h | sort || true 483 484 - name: 'test configs' 485 run: | 486 cat tests/config || true 487 cat tests/http/config.ini || true 488 489 - name: 'build' 490 run: | 491 if [ -n '${{ matrix.build.generate }}' ]; then 492 cmake --build . --verbose 493 else 494 make V=1 495 fi 496 497 - run: ./src/curl -V 498 name: 'check curl -V output' 499 500 - name: 'build tests' 501 run: | 502 if [ -n '${{ matrix.build.generate }}' ]; then 503 cmake --build . --verbose --target testdeps 504 else 505 make V=1 -C tests 506 fi 507 508 - name: 'install test prereqs' 509 run: | 510 source $HOME/venv/bin/activate 511 python3 -m pip install -r tests/requirements.txt 512 513 - name: 'run tests' 514 env: 515 TFLAGS: "${{ matrix.build.tflags }}" 516 run: | 517 source $HOME/venv/bin/activate 518 if [ -n '${{ matrix.build.generate }}' ]; then 519 cmake --build . --verbose --target test-ci 520 else 521 make V=1 test-ci 522 fi 523 524 - name: 'install pytest prereqs' 525 run: | 526 source $HOME/venv/bin/activate 527 python3 -m pip install -r tests/http/requirements.txt 528 529 - name: 'run pytest' 530 env: 531 TFLAGS: "${{ matrix.build.tflags }}" 532 CURL_CI: github 533 run: | 534 source $HOME/venv/bin/activate 535 if [ -n '${{ matrix.build.generate }}' ]; then 536 cmake --build . --verbose --target curl-pytest-ci 537 else 538 make V=1 pytest-ci 539 fi 540 541 - name: 'build examples' 542 run: | 543 if [ -n '${{ matrix.build.generate }}' ]; then 544 cmake --build . --verbose --target curl-examples 545 else 546 make V=1 examples 547 fi 548