1# Notes:
2# /__w/openssl is the path that github bind-mounts into the container so the ci
3# filesystem for this job can be reached.  Please note that any changes made to
4# this job involving file system paths should be made prefixed with, or relative
5# to that directory
6name: Interoperability tests with GnuTLS and NSS
7on:
8  schedule:
9    - cron: '0 6 * * *'
10jobs:
11  test:
12    runs-on: ubuntu-22.04
13    container:
14      image: docker.io/fedora:39
15      options: --sysctl net.ipv6.conf.lo.disable_ipv6=0
16    timeout-minutes: 90
17    strategy:
18      fail-fast: false
19      matrix:
20        COMPONENT: [gnutls, nss]
21    env:
22      COMPONENT: ${{ matrix.COMPONENT }}
23    steps:
24      - uses: actions/checkout@v4
25      - name: Display environment
26        run: export
27      - name : Install needed tools
28        run: |
29          dnf -y install perl gcc rpmdevtools dnf-utils make tmt-all beakerlib \
30                 fips-mode-setup crypto-policies-scripts
31      - name: install interop tests
32        run: |
33          cd ${GITHUB_WORKSPACE}
34          git clone --branch=openssl-v0.1 --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git
35      - name: build openssl as an rpm
36        run: |
37          mkdir -p /build/SPECS && cd /build && echo -e "%_topdir /build\n%_lto_cflags %{nil}" >~/.rpmmacros && rpmdev-setuptree
38          cd /build && cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.spec SPECS/ && \
39          cd SPECS/ && source ${GITHUB_WORKSPACE}/VERSION.dat && \
40          sed -i "s/^Version: .*\$/Version: $MAJOR.$MINOR.$PATCH/" openssl.spec && \
41          sed -i 's/^Release: .*$/Release: dev/' openssl.spec
42          yum-builddep -y /build/SPECS/openssl.spec # just for sure nothing is missing
43          mkdir -p /build/SOURCES
44          tar --transform "s/^__w\/openssl\/openssl/openssl-$MAJOR.$MINOR.$PATCH/" -czf /build/SOURCES/openssl-$MAJOR.$MINOR.$PATCH.tar.gz /__w/openssl/openssl/
45          rpmbuild -bb /build/SPECS/openssl.spec
46          dnf install -y /build/RPMS/x86_64/openssl-*
47          cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.cnf /etc/pki/tls/openssl.cnf
48      - name: Run interop tests
49        run: |
50          cd interop
51          tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local execute -h tmt --interactive
52          openssl version
53          echo "Finished - important to prevent unwanted output truncating"
54