diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 03:32:49 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 03:32:49 +0000 |
| commit | 8053187731ae8e3eb368d8360989cf5fd6eed9f7 (patch) | |
| tree | 32bada84ff5d7460cdf3934fcbdbe770d6afe4cd /.github/workflows | |
| parent | Initial commit. (diff) | |
| download | rnp-8053187731ae8e3eb368d8360989cf5fd6eed9f7.tar.xz rnp-8053187731ae8e3eb368d8360989cf5fd6eed9f7.zip | |
Adding upstream version 0.17.0.upstream/0.17.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/centos-and-fedora.yml | 375 | ||||
| -rw-r--r-- | .github/workflows/codeql.yml | 75 | ||||
| -rw-r--r-- | .github/workflows/coverity.yml | 63 | ||||
| -rw-r--r-- | .github/workflows/debian.yml | 138 | ||||
| -rw-r--r-- | .github/workflows/dispatch.yml | 48 | ||||
| -rw-r--r-- | .github/workflows/fuzzing.yml | 41 | ||||
| -rw-r--r-- | .github/workflows/lint.yml | 61 | ||||
| -rw-r--r-- | .github/workflows/macos.yml | 168 | ||||
| -rw-r--r-- | .github/workflows/nix.yml | 45 | ||||
| -rw-r--r-- | .github/workflows/ubuntu.yml | 322 | ||||
| -rw-r--r-- | .github/workflows/windows-msys2.yml | 144 | ||||
| -rw-r--r-- | .github/workflows/windows-native.yml | 174 |
12 files changed, 1654 insertions, 0 deletions
diff --git a/.github/workflows/centos-and-fedora.yml b/.github/workflows/centos-and-fedora.yml new file mode 100644 index 0000000..ad4e6c1 --- /dev/null +++ b/.github/workflows/centos-and-fedora.yml @@ -0,0 +1,375 @@ +name: centos-and-fedora + +on: + push: + branches: + - main + - 'release/**' + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + - '.github/workflows/*.yml' + - '!.github/workflows/centos-and-fedora.yml' + pull_request: + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + +concurrency: + group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' + cancel-in-progress: true + +env: + CODECOV_TOKEN: dbecf176-ea3f-4832-b743-295fd71d0fad + +# +# Dependencies that are created during packaging +# +# OS botan botan repository json-c json-c repository +# ---------------------------------------------------------------------------- +# CentOS 7 2.16.0 ribose json-c12 (0.12.1) ribose +# CentOS 8 2.16.0 ribose 0.13.1 el8 +# CentOS 9 2.19.3 el9 0.14 el9 +# Fedora 35 2.18.2 fc35 0.15 fc35 +# Fedora 36 2.19.1 fc36 0.15 fc36 +# +jobs: + tests: + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, 'skip ci')" + container: ${{ matrix.image.container }} + timeout-minutes: 70 + strategy: + fail-fast: false + matrix: + env: + - { CC: gcc, CXX: g++, BUILD_MODE: normal, USE_STATIC_DEPENDENCIES: yes } +# normal --> Release build; sanitize --> Debug build so theoretically test conditions are different +# - { CC: clang, CXX: clang++, BUILD_MODE: normal, USE_STATIC_DEPENDENCIES: yes } + - { CC: clang, CXX: clang++, BUILD_MODE: sanitize, USE_STATIC_DEPENDENCIES: yes } + +# Should you add a new OS/version please consider adding its default version of botan2 and json-c to this test matrix + image: + - { name: 'CentOS 7', container: 'centos:7', gpg_ver: stable, backend: Botan, botan_ver: 2.16.0, locale: en_US.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, botan_ver: 2.16.0, locale: C.UTF-8 } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: Botan, botan_ver: 2.19.3, locale: C.UTF-8 } + - { name: 'Fedora 35', container: 'fedora:35', gpg_ver: stable, backend: Botan, botan_ver: 2.18.2, locale: C.UTF-8 } + - { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: Botan, botan_ver: 2.19.1, locale: C.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: lts, backend: Botan, sm2: On, locale: C.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, sm2: Off, locale: C.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: lts, backend: OpenSSL, locale: C.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: beta, backend: Botan, sm2: On, locale: C.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: 2.3.1, backend: Botan, sm2: On, locale: C.UTF-8 } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: OpenSSL, idea: On, locale: C.UTF-8 } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: OpenSSL, idea: Off, locale: C.UTF-8 } + - { name: 'Fedora 35', container: 'fedora:35', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } + - { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } + + + include: + # Coverage report for Botan backend + - image: { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, sm2: On, locale: C.UTF-8 } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } + # Coverage report for OpenSSL 1.1.1 backend + - image: { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } + # Coverage report for OpenSSL 3.0 backend + - image: { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } + + env: ${{ matrix.env }} + name: ${{ matrix.image.name }} ${{ matrix.image.backend }} [test mode ${{ matrix.env.BUILD_MODE }}; CC ${{ matrix.env.CC }}; GnuPG ${{ matrix.image.gpg_ver }}; SM2 ${{ matrix.image.sm2 }}; IDEA ${{ matrix.image.idea }}] + steps: + - name: Install prerequisites for prerequisites + if: matrix.image.container == 'centos:7' + run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm + + - name: Install prerequisites + run: yum -y install git sudo + + - name: Setup environment + run: | + set -o errexit -o pipefail -o noclobber -o nounset + echo LANG=${{ matrix.image.locale }} >> $GITHUB_ENV + echo LC_ALL=${{ matrix.image.locale }} >> $GITHUB_ENV + echo LC_LANG=${{ matrix.image.locale }} >> $GITHUB_ENV + echo GPG_VERSION=${{ matrix.image.gpg_ver }} >> $GITHUB_ENV + echo ENABLE_SM2=${{ matrix.image.sm2 }} >> $GITHUB_ENV + echo ENABLE_IDEA=${{ matrix.image.idea }} >> $GITHUB_ENV + backend=${{ matrix.image.backend }} + backend="$(echo "${backend:-}" | tr '[:upper:]' '[:lower:]')" + echo CRYPTO_BACKEND="$backend" >> $GITHUB_ENV + echo BOTAN_VERSION=${{ matrix.image.botan_ver }} >> $GITHUB_ENV + useradd rnpuser + echo -e "rnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser + echo -e "rnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf + + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Setup noncacheable dependencies + run: | + . ci/gha/setup-env.inc.sh + exec su rnpuser -c ci/install_noncacheable_dependencies.sh + + - name: Cache + id: cache + uses: actions/cache@v3 + with: + path: ${{ env.CACHE_DIR }} + key: ${{ matrix.image.container }}-${{ matrix.image.backend }}-${{ matrix.env.BUILD_MODE }}-${{ matrix.env.CC }}-${{ matrix.image.gpg_ver }}-${{ matrix.image.sm2 }}-${{ matrix.image.idea }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/centos-and-fedora.yml') }} + + - name: Adjust folder ownership + run: | + set -o errexit -o pipefail -o noclobber -o nounset + chown -R rnpuser:rnpuser $PWD + + - name: Setup cacheable dependencies + if: steps.cache.outputs.cache-hit != 'true' + run: exec su rnpuser -c ci/install_cacheable_dependencies.sh + + - name: Build and Test + run: exec su rnpuser -c ci/run.sh + + - name: Checkout shell test framework + uses: actions/checkout@v3 + with: + repository: kward/shunit2 + path: ci/tests/shunit2 + + - name: Run additional ci tests + run: ci/tests/ci-tests.sh + + package-source: + runs-on: ubuntu-latest + container: ${{ matrix.env.container }} + timeout-minutes: 30 + strategy: + fail-fast: false + matrix: + env: + - { name: 'CentOS 7', container: 'centos:7', LC_ALL: en_US.UTF-8 } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', LC_ALL: C.UTF-8 } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', LC_ALL: C.UTF-8 } + - { name: 'Fedora 35', container: 'fedora:35', LC_ALL: C.UTF-8 } + - { name: 'Fedora 36', container: 'fedora:36', LC_ALL: C.UTF-8 } + name: Package ${{ matrix.env.name }} SRPM + env: ${{ matrix.env }} + + steps: + - name: Install prerequisites for prerequisites + if: matrix.env.container == 'centos:7' + run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm + + - name: Install prerequisites + run: yum -y install git sudo rpm-build + + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Setup noncacheable dependencies + run: | + . ci/gha/setup-env.inc.sh + ci/install_noncacheable_dependencies.sh + + - name: Configure + run: cmake -B build -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF + + - name: Package SRPM + run: cpack -B build/SRPM -G RPM --config build/CPackSourceConfig.cmake + + - name: Upload SRPM + uses: actions/upload-artifact@v3 + with: + name: 'SRPM ${{ matrix.env.name }}' + path: 'build/SRPM/*.src.rpm' + retention-days: 5 + + - name: Stash packaging tests + uses: actions/upload-artifact@v3 + with: + name: tests + path: 'ci/tests/**' + retention-days: 1 + + package: + runs-on: ubuntu-latest + needs: package-source + container: ${{ matrix.env.container }} + timeout-minutes: 30 + strategy: + fail-fast: false + matrix: + env: + - { name: 'CentOS 7', container: 'centos:7', LC_ALL: en_US.UTF-8 } +# CXXFLAGS environment setting resolves dual ABI issues caused by BOTAN libraries with the version of GCC installed at 'tgagor/centos:stream8' +# https://gcc.gnu.org/onlinedocs/gcc-5.2.0/libstdc++/manual/manual/using_dual_abi.html + - { name: 'CentOS 8', container: 'tgagor/centos:stream8', CXXFLAGS: -D_GLIBCXX_USE_CXX11_ABI=0, LC_ALL: C.UTF-8 } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', LC_ALL: C.UTF-8 } + - { name: 'Fedora 35', container: 'fedora:35', LC_ALL: C.UTF-8 } + - { name: 'Fedora 36', container: 'fedora:36', LC_ALL: C.UTF-8 } + name: Package ${{ matrix.env.name }} RPM + env: ${{ matrix.env }} + steps: + - name: Install prerequisites for prerequisites + if: matrix.env.container == 'centos:7' + run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm + + - name: Install prerequisites + run: yum -y install git sudo tar cpio rpm-build + + - name: Download SRPM + uses: actions/download-artifact@v3 + with: + name: 'SRPM ${{ matrix.env.name }}' + path: ~/rpmbuild/SRPMS + + - name: Extract SRPM + run: | + rpm -i -v ~/rpmbuild/SRPMS/*.src.rpm + tar xzf ~/rpmbuild/SOURCES/*.tar.gz --strip 1 -C ~/rpmbuild/SOURCES + + - name: Setup noncacheable dependencies + run: | + cd ~/rpmbuild/SOURCES/ + . ci/gha/setup-env.inc.sh + ci/install_noncacheable_dependencies.sh + + - name: Permanently enable rh-ruby30 + if: matrix.env.container == 'centos:7' + run: bash -c "echo \"$(cut -f 2- -d ' ' /opt/rh/rh-ruby30/enable)\"">> $GITHUB_ENV + + - name: Build rnp + run: | + cmake ~/rpmbuild/SOURCES -B ~/rpmbuild/SOURCES/BUILD -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF \ + -DCMAKE_INSTALL_PREFIX=/usr + cmake --build ~/rpmbuild/SOURCES/BUILD --config Release + + - name: Package rpm + run: cpack -G RPM -B ~/rpmbuild/SOURCES/RPMS --config ~/rpmbuild/SOURCES/BUILD/CPackConfig.cmake + + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: 'RPM ${{ matrix.env.name}}' + path: '~/rpmbuild/SOURCES/RPMS/*.rpm' + retention-days: 5 + +# The main purpose of this step is to test the RPMS in a pristine environment (as for the end user). +# ci-scripts are deliberately not used, as they recreate the development environment, +# and this is something we proudly reject here + + rpm-tests: + runs-on: ubuntu-latest + needs: package + container: ${{ matrix.env.container }} + timeout-minutes: 30 + strategy: + fail-fast: false + matrix: + env: + - { name: 'CentOS 7', container: 'centos:7' } + - { name: 'CentOS 8', container: 'tgagor/centos:stream8' } + - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9' } + - { name: 'Fedora 35', container: 'fedora:35' } + - { name: 'Fedora 36', container: 'fedora:36' } + name: RPM test on ${{ matrix.env.name }} + + steps: + - name: Install prerequisites + run: yum -y install sudo wget binutils + +# CentOS 7/8 packages depend on botan.so.16 that gets installed from ribose repo +# Fedora 35/36 packages depend on botan.so.19 that comes Fedora package, that is available by default +# CentOS 9 depend on botan.so.19 and needs EPEL9 repo that needs to be installed +# ribose repo is also a source of json-c (v12 aka json-c12) for CentOS 7 + + - name: Install ribose-packages + if: matrix.env.container == 'centos:7' || matrix.env.container == 'tgagor/centos:stream8' + run: | + sudo rpm --import https://github.com/riboseinc/yum/raw/master/ribose-packages-next.pub + sudo wget https://github.com/riboseinc/yum/raw/master/ribose.repo -O /etc/yum.repos.d/ribose.repo + + - name: Install epel-release + if: matrix.env.container == 'quay.io/centos/centos:stream9' + run: | + sudo dnf -y install 'dnf-command(config-manager)' + sudo dnf config-manager --set-enabled crb + sudo dnf -y install epel-release + + - name: Install xargs + if: matrix.env.container == 'fedora:35' + run: sudo yum -y install findutils + + - name: Download rnp rpms + uses: actions/download-artifact@v3 + with: + name: 'RPM ${{ matrix.env.name}}' + + - name: Checkout shell test framework + uses: actions/checkout@v3 + with: + repository: kward/shunit2 + path: ci/tests/shunit2 + + - name: Unstash tests + uses: actions/download-artifact@v3 + with: + name: tests + path: ci/tests + + - name: Run rpm tests +# RPM tests +# - no source checkout or upload [we get only test scripts from the previous step using GHA artifacts] +# - no environment set up with rnp scripts +# - no dependencies setup, we test that yum can install whatever is required + run: | + chmod +x ci/tests/rpm-tests.sh + ci/tests/rpm-tests.sh + + - name: Run symbol visibility tests + run: | + chmod +x ci/tests/ci-tests.sh + sudo yum -y localinstall librnp0-0*.*.rpm librnp0-devel-0*.*.rpm rnp0-0*.*.rpm + ci/tests/ci-tests.sh + sudo yum -y erase $(rpm -qa | grep rnp) + + - name: Setup minimalistic build environment + run: | + sudo yum -y install make gcc gcc-c++ zlib-devel bzip2-devel botan2-devel + mkdir cmake + wget https://github.com/Kitware/CMake/releases/download/v3.12.0/cmake-3.12.0-Linux-x86_64.sh -O cmake/cmake.sh + sudo sh cmake/cmake.sh --skip-license --prefix=/usr/local + +# Ribose repo provides json-c12-devel for CentOS7; +# el8, el9, fr35, fr36 provide json-c-devel (version 12+) + - name: Setup json-c12 + if: matrix.env.container == 'centos:7' + run: sudo yum -y install json-c12-devel + + - name: Setup json-c + if: matrix.env.container != 'centos:7' + run: sudo yum -y install json-c-devel + + - name: Run packaging tests + run: | + chmod +x ci/tests/pk-tests.sh + ci/tests/pk-tests.sh diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..f4a5a24 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,75 @@ +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: "21 15 * * 6" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ python, cpp ] + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Install Packages (cpp) + if: ${{ matrix.language == 'cpp' }} + run: | + sudo apt-get update + sudo apt-get install --yes libjson-c-dev libgtest-dev + + - name: After Prepare (cpp) + if: ${{ matrix.language == 'cpp' }} + run: | + set -eux + mkdir botan_build + mkdir botan_install + export BOTAN_INSTALL=$(pwd)/botan_install && echo "BOTAN_INSTALL=$BOTAN_INSTALL" >> $GITHUB_ENV + export BOTAN_MODULES=$(<$(pwd)/ci/botan-modules tr '\n' ',') && echo "BOTAN_MODULES=$BOTAN_MODULES" >> $GITHUB_ENV + git clone --depth 1 --branch 2.17.3 https://github.com/randombit/botan botan_build + pushd botan_build + ./configure.py --prefix=${BOTAN_INSTALL} --with-debug-info --cxxflags="-fno-omit-frame-pointer" --without-documentation --without-openssl --build-targets=shared --minimized-build --enable-modules="$BOTAN_MODULES" + make -j2 install + popd + mkdir cmake314 + wget --quiet -O - https://cmake.org/files/v3.18/cmake-3.18.6-Linux-x86_64.tar.gz | tar --strip-components=1 -xz -C cmake314 + export PATH=$(pwd)/cmake314/bin:${PATH} && echo "PATH=$PATH" >> $GITHUB_ENV + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + if: ${{ matrix.language == 'python' }} + + - name: Build cpp + if: ${{ matrix.language == 'cpp' }} + run: | + pwd + mkdir rnp-build; pushd rnp-build + cmake $GITHUB_WORKSPACE -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_PREFIX_PATH="${BOTAN_INSTALL}" -DDOWNLOAD_GTEST=Off + make -j2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 0000000..35f1ea5 --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,63 @@ +name: coverity + +on: + schedule: + # every day at 9:00 UTC + - cron: '0 9 * * *' + +env: + CORES: 2 + BUILD_MODE: normal + GPG_VERSION: stable + RNP_TESTS: '' + USE_STATIC_DEPENDENCIES: yes + +jobs: + scan: + runs-on: ubuntu-latest + timeout-minutes: 20 + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: true + - name: Setup environment + run: | + . ci/gha/setup-env.inc.sh + ci/install_noncacheable_dependencies.sh + - name: Cache + id: cache + uses: actions/cache@v3 + with: + path: ${{ env.CACHE_DIR }} + key: ${{ github.workflow }}-${{ runner.os }}-${{ env.BUILD_MODE }}-gpg-${{ env.GPG_VERSION }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/**') }} + - name: Build cache + if: steps.cache.outputs.cache-hit != 'true' + run: | + set -x + ci/install_cacheable_dependencies.sh botan jsonc + - name: Download Coverity + env: + TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + run: | + wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=$GITHUB_REPOSITORY" -O cov-analysis-linux64.tar.gz + mkdir cov-analysis-linux64 + tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 + - name: Build + run: | + set -x + export PATH="$PWD/cov-analysis-linux64/bin:$PATH" + cov-build --dir cov-int ci/main.sh + - name: Submit + env: + TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + run: | + tar czvf results.tgz cov-int + curl \ + --form project=$GITHUB_REPOSITORY \ + --form token=$TOKEN \ + --form email=packaging@ribose.com \ + --form file=@results.tgz \ + --form version=$GITHUB_REF \ + --form description=$GITHUB_SHA \ + https://scan.coverity.com/builds?project=$GITHUB_REPOSITORY diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml new file mode 100644 index 0000000..30991fc --- /dev/null +++ b/.github/workflows/debian.yml @@ -0,0 +1,138 @@ +name: debian + +on: + push: + branches: + - main + - 'release/**' + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + - '.github/workflows/*.yml' + - '!.github/workflows/debian.yml' + pull_request: + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + +concurrency: + group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' + cancel-in-progress: true + +env: + CORES: 2 + LANG: C.UTF-8 + LC_ALL: C.UTF-8 + LC_LANG: C.UTF-8 + CMAKE_VER: '3.20.6-2' + BUILD_MODE: normal + GPG_VERSION: stable + SUDO: "" + USE_STATIC_DEPENDENCIES: yes + RNP_LOG_CONSOLE: 1 + +jobs: + tests: + name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }}; GnuPG stable] + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, 'skip ci')" + timeout-minutes: 120 + strategy: + fail-fast: false + matrix: + image: + - { container: 'i386/debian:11', cpu: 'i386', arch: 'ia32', backend: 'botan' } + - { container: 'i386/debian:11', cpu: 'i386', arch: 'ia32', backend: 'openssl' } + - { container: 'amd64/debian:11', cpu: 'x86_64', arch: 'x64', backend: 'botan' } + - { container: 'amd64/debian:11', cpu: 'x86_64', arch: 'x64', backend: 'openssl' } + - { container: 'i386/debian:10', cpu: 'i386', arch: 'ia32', backend: 'botan' } + env: + - { CC: 'gcc', CXX: 'g++' } + - { CC: 'clang', CXX: 'clang++' } + + container: ${{ matrix.image.container }} + + env: ${{ matrix.env }} + steps: + - name: Install prerequisites + run: | + apt update + apt -y install git sudo wget + + - name: Setup environment + shell: bash + # rnpuser is only needed for rnpkeys_generatekey_verifykeyHomeDirNoPermission test + run: | + set -x + echo IMAGE=${{ matrix.image.container }} >> $GITHUB_ENV + echo CPU=${{ matrix.image.cpu }} >> $GITHUB_ENV + echo CRYPTO_BACKEND=${{ matrix.image.backend }} >> $GITHUB_ENV + echo "SUDO=sudo" >> $GITHUB_ENV + useradd rnpuser + printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser + printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf + + - name: Checkout on x86_x64 + if: env.CPU == 'x86_64' + uses: actions/checkout@v3 + with: + submodules: true + + - name: Checkout on i386 + if: env.CPU == 'i386' + uses: actions/checkout@v1 + with: + submodules: true + + - name: Install cmake + run: | + wget -nv https://github.com/xpack-dev-tools/cmake-xpack/releases/download/v${{ env.CMAKE_VER }}/xpack-cmake-${{ env.CMAKE_VER }}-linux-${{ matrix.image.arch }}.tar.gz + tar -zxf xpack-cmake-${{ env.CMAKE_VER }}-linux-${{ matrix.image.arch }}.tar.gz --directory /usr/local --strip-components=1 --skip-old-files + + - name: Setup noncacheable dependencies + shell: bash + run: | + . ci/gha/setup-env.inc.sh + ci/install_noncacheable_dependencies.sh + + - name: Cache + id: cache + uses: actions/cache@v3 + if: env.CPU == 'x86_64' + with: + path: ${{github.workspace}}/${{ env.CACHE_DIR }} + key: ${{ matrix.image.container }}-${{ matrix.env.CC }}-${{ matrix.image.backend }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/debian.yml') }} + + - name: Setup cacheable dependencies + if: steps.cache.outputs.cache-hit != 'true' + shell: bash + run: | + set -euxo pipefail + ci/install_cacheable_dependencies.sh + + - name: Build and Test + shell: bash + run: | + set -x + chown -R rnpuser:rnpuser $PWD + exec su rnpuser -c ci/run.sh + + - name: Package + run: | + set -x + cd ${LOCAL_BUILDS}/rnp-build + cpack -G DEB -D CPACK_DEBIAN_PACKAGE_SHLIBDEPS_PRIVATE_DIRS="${BOTAN_INSTALL}/lib;${JSONC_INSTALL}/lib;${GPG_INSTALL}/lib" diff --git a/.github/workflows/dispatch.yml b/.github/workflows/dispatch.yml new file mode 100644 index 0000000..9206412 --- /dev/null +++ b/.github/workflows/dispatch.yml @@ -0,0 +1,48 @@ +# Copyright (c) 2023 Ribose Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +name: dispatch +on: + push: + branches: + - main + - 'release/**' + workflow_dispatch: + +jobs: + dispatch: + name: Dispatch dependent repositories + strategy: + fail-fast: false + matrix: + repo: [ 'ruby-rnp', 'php-rnp', 'py-rnp' ] + runs-on: ubuntu-latest + steps: + - name: Dispatch dependent repositories + uses: peter-evans/repository-dispatch@v2 + with: + token: ${{ secrets.RNP_CI_PAT_TOKEN }} + repository: rnpgp/${{ matrix.repo }} + event-type: 'rnp update' + client-payload: '{ "tag": "${{ github.ref_name }}" }' diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml new file mode 100644 index 0000000..81336ec --- /dev/null +++ b/.github/workflows/fuzzing.yml @@ -0,0 +1,41 @@ +name: fuzzing + +on: + pull_request: + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + +concurrency: + group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' + cancel-in-progress: true + +jobs: + fuzzing: + runs-on: ubuntu-latest + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'rnp' + dry-run: false + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'rnp' + fuzz-seconds: 1800 + dry-run: false + - name: Upload Crash + uses: actions/upload-artifact@v2 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..d6220ee --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,61 @@ +name: lint + +on: + push: + branches: + - main + pull_request: + paths-ignore: + - '/.*' + - '/_*' + - '!.clang-format' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + +jobs: + clang-format: + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, 'skip ci')" + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: true + - uses: DoozyX/clang-format-lint-action@v0.15 + with: + clangFormatVersion: 11.0.0 + shellcheck: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: true + - uses: ludeeus/action-shellcheck@master + with: + scandir: './ci' + env: + SHELLCHECK_OPTS: -x + version-cmake-up-to-date: + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, 'skip ci')" + timeout-minutes: 10 + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 1 + path: rnp + - name: Download latest version.cmake + uses: actions/checkout@v3 + with: + repository: rnpgp/cmake-versioning + fetch-depth: 1 + path: cmake-versioning + - name: Compare + run: | + set -x + diff "rnp/cmake/version.cmake" "cmake-versioning/version.cmake" diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml new file mode 100644 index 0000000..0cfea7e --- /dev/null +++ b/.github/workflows/macos.yml @@ -0,0 +1,168 @@ +# Copyright (c) 2023 [Ribose Inc](https://www.ribose.com). +# All rights reserved. +# This file is a part of rnp +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +name: macos + +on: + push: + branches: + - main + - 'release/**' + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + - '.github/workflows/*.yml' + - '!.github/workflows/macos.yml' + pull_request: + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + +concurrency: + group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' + cancel-in-progress: true + +env: + BOTAN_VERSION: 2.19.3 + +jobs: + tests: + name: ${{ matrix.os }} [ backend ${{ matrix.backend }}, shared libs ${{ matrix.shared_libs }} ] + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: +# On MacOS gcc is alias of clang these days + os: [ macos-11, macos-12 ] + backend: [ 'botan' ] + shared_libs: [ 'on' ] + include: + - { os: 'macos-11', backend: 'openssl@1.1', shared_libs: 'on' } + - { os: 'macos-12', backend: 'openssl@3', shared_libs: 'on' } + - { os: 'macos-12', backend: 'botan', shared_libs: 'off' } + + if: "!contains(github.event.head_commit.message, 'skip ci')" + timeout-minutes: 250 + + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: true + + - name: Configure openssl 1.1 backend + if: matrix.backend == 'openssl@1.1' + run: | + echo "brew \"openssl@1.1\"" >> Brewfile + echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl@1.1)" >> $GITHUB_ENV + echo "CRYPTO_BACKEND=openssl" >> $GITHUB_ENV + + - name: Configure openssl 3 backend + if: matrix.backend == 'openssl@3' + run: | + echo "brew \"openssl@3\"" >> Brewfile + echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl@3)" >> $GITHUB_ENV + echo "CRYPTO_BACKEND=openssl" >> $GITHUB_ENV + +# Brew installs Botan3 now and it is not supported yet +# +# - name: Configure botan backend +# if: ${{ matrix.backend == 'botan' }} +# run: | +# echo "brew \"botan\"" >> Brewfile +# echo "CRYPTO_BACKEND=botan" >> $GITHUB_ENV + + - name: Install dependencies + run: brew bundle + + - name: Botan2 cache + id: cache + uses: actions/cache@v3 + if: matrix.backend == 'botan' + with: + path: Botan-${{ env.BOTAN_VERSION }} + key: ${{ matrix.os }}-Botan-${{ env.BOTAN_VERSION }} + + - name: Build Botan2 + if: matrix.backend == 'botan' && steps.cache.outputs.cache-hit != 'true' + run: | + wget -qO- https://botan.randombit.net/releases/Botan-${{ env.BOTAN_VERSION }}.tar.xz | tar xvJ + cd Botan-${{ env.BOTAN_VERSION }} + ./configure.py --prefix=/usr/local + make + cd .. + + - name: Install Botan2 + if: matrix.backend == 'botan' + run: | + cd Botan-${{ env.BOTAN_VERSION }} + sudo make install + cd .. + + - name: Configure + run: | + echo "CORES=$(sysctl -n hw.ncpu)" >> $GITHUB_ENV + echo "RNP_INSTALL=$PWD/rnp-install" >> $GITHUB_ENV + cmake -B build -DBUILD_SHARED_LIBS=${{ matrix.shared_libs }} \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX="$PWD/rnp-install" \ + -DDOWNLOAD_GTEST=OFF \ + -DCRYPTO_BACKEND=${{ env.CRYPTO_BACKEND }} . + + - name: Build + run: cmake --build build --config Release --parallel ${{ env.CORES }} + + - name: Install + run: cmake --install build + + - name: Test + run: | + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + export PATH="$PWD/build/src/lib:$PATH" + ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure + + - name: Checkout shell test framework + if: matrix.shared_libs == 'on' + uses: actions/checkout@v3 + with: + repository: kward/shunit2 + path: ci/tests/shunit2 + + - name: Run additional ci tests + if: matrix.shared_libs == 'on' + run: zsh -o shwordsplit -- ci/tests/ci-tests.sh diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml new file mode 100644 index 0000000..e71ee51 --- /dev/null +++ b/.github/workflows/nix.yml @@ -0,0 +1,45 @@ +name: nix + +on: + push: + branches: + - main + - 'release/**' + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'docs/**' + - '**.adoc' + - '**.md' + - 'ci/**' + - '.github/workflows/*.yml' + - '!.github/workflows/nix.yml' + pull_request: + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'docs/**' + - '**.adoc' + - '**.md' + - 'ci/**' + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, macos-latest] + if: "!contains(github.event.head_commit.message, 'skip ci')" + + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: true + - uses: cachix/install-nix-action@v15 + with: + nix_path: nixpkgs=channel:nixos-unstable + - run: nix build .?submodules=1 diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml new file mode 100644 index 0000000..51fd0c3 --- /dev/null +++ b/.github/workflows/ubuntu.yml @@ -0,0 +1,322 @@ +# Copyright (c) 2023 [Ribose Inc](https://www.ribose.com). +# All rights reserved. +# This file is a part of rnp +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +name: ubuntu + +on: + push: + branches: + - main + - 'release/**' + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + - '.github/workflows/*.yml' + - '!.github/workflows/ubuntu.yml' + pull_request: + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + +concurrency: + group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' + cancel-in-progress: true + +jobs: + tests: + name: ${{ matrix.os }} [CC ${{ matrix.env.CC }}; ${{ matrix.backend.name }}; shared libs ${{ matrix.shared_libs }}; GnuPG stable] + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest ] + shared_libs: [ 'on' ] + backend: + - { name: 'botan', package: 'libbotan-2-dev' } + - { name: 'openssl', package: 'libssl-dev' } + env: + - { CC: gcc, CXX: g++ } + - { CC: clang, CXX: clang++ } + include: + # This implies openssl 1.1.1 as opposed to ubuntu-latest which is openssl 3 + - os: ubuntu-20.04 + shared_libs: 'on' + backend: { name: 'openssl', package: 'libssl-dev' } + env: { CC: gcc, CXX: g++ } + + - os: ubuntu-latest + shared_libs: 'off' + backend: { name: 'botan', package: 'libbotan-2-dev' } + env: { CC: gcc, CXX: g++ } + + if: "!contains(github.event.head_commit.message, 'skip ci')" + env: ${{ matrix.env }} + timeout-minutes: 50 + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: true + + - name: Install dependencies +# Already installed on GHA: build-essential libbz2-dev zlib1g-dev + run: | + sudo apt-get -y update + sudo apt-get -y install cmake libjson-c-dev ${{ matrix.backend.package }} asciidoctor + + - name: Configure + run: | + echo CORES="$(nproc --all)" >> $GITHUB_ENV + cmake -B build -DBUILD_SHARED_LIBS=${{ matrix.shared_libs}} \ + -DCRYPTO_BACKEND=${{ matrix.backend.name }} \ + -DDOWNLOAD_GTEST=ON \ + -DCMAKE_BUILD_TYPE=Release . + + - name: Build + run: cmake --build build --config "Release" --parallel ${{ env.CORES }} + + - name: Test + run: | + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + export PATH="$PWD/build/src/lib:$PATH" + ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure + + cmake-offline-googletest-src: + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, 'skip ci')" + timeout-minutes: 30 + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: true + + - name: Install dependencies + run: | + sudo apt-get -y update + sudo apt-get -y install cmake libjson-c-dev libbotan-2-dev asciidoctor googletest + + - name: Configure + run: | + echo CORES="$(nproc --all)" >> $GITHUB_ENV + cmake -B build -DBUILD_SHARED_LIBS=ON \ + -DCRYPTO_BACKEND=botan \ + -DDOWNLOAD_GTEST=OFF \ + -DGTEST_SOURCES=/usr/src/googletest \ + -DCMAKE_BUILD_TYPE=Release . + + - name: Build + run: cmake --build build --config "Release" --parallel ${{ env.CORES }} + + - name: Test + run: | + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + export PATH="$PWD/build/src/lib:$PATH" + ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure + + - name: Check googletest + run: | + [ -d "build/src/tests" ] + [ -d "build/src/tests/googletest-build" ] + [ ! -d "build/src/tests/googletest-src" ] + + cmake-offline-googletest: + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, 'skip ci')" + timeout-minutes: 30 + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: true + + - name: Install dependencies + run: | + sudo apt-get -y update + sudo apt-get -y install cmake libjson-c-dev libbotan-2-dev asciidoctor googletest + + - name: Build googletest + run: | + cmake -B googletest-build /usr/src/googletest + cmake --build googletest-build + sudo cmake --install googletest-build + + - name: Configure + run: | + echo CORES="$(nproc --all)" >> $GITHUB_ENV + cmake -B build -DBUILD_SHARED_LIBS=ON \ + -DCRYPTO_BACKEND=botan \ + -DDOWNLOAD_GTEST=OFF \ + -DCMAKE_BUILD_TYPE=Release . + + - name: Build + run: cmake --build build --config "Release" --parallel ${{ env.CORES }} + + - name: Test + run: | + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + export PATH="$PWD/build/src/lib:$PATH" + ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure + + - name: Check googletest + run: | + [ -d "build/src/tests" ] + [ ! -d "build/src/tests/googletest-build" ] + [ ! -d "build/src/tests/googletest-src" ] + + package-source: + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, 'skip ci')" + timeout-minutes: 30 + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: true + + - name: Install dependencies + run: | + sudo apt-get -y update + sudo apt-get -y install cmake libjson-c-dev libbotan-2-dev asciidoctor + + - name: Configure + run: | + cmake . -B build \ + -DBUILD_SHARED_LIBS=ON \ + -DBUILD_TESTING=OFF \ + -DCMAKE_BUILD_TYPE=Release \ + -DCRYPTO_BACKEND=botan \ + -DCMAKE_INSTALL_PREFIX=/usr + + - name: Package source + run: cpack -B build/source-deb -G DEB --config build/CPackSourceConfig.cmake + + - name: Upload source package + uses: actions/upload-artifact@v3 + with: + name: 'source-debian' + path: 'build/source-deb/*.deb' + retention-days: 5 + + - name: Stash packaging tests + uses: actions/upload-artifact@v3 + with: + name: tests + path: 'ci/tests/**' + retention-days: 1 + + package: + runs-on: ubuntu-latest + needs: package-source + if: "!contains(github.event.head_commit.message, 'skip ci')" + timeout-minutes: 30 + steps: + - name: Install dependencies + run: | + sudo apt-get -y update + sudo apt-get -y install cmake libjson-c-dev libbotan-2-dev asciidoctor + + - name: Download source package + uses: actions/download-artifact@v3 + with: + name: 'source-debian' + path: source-debian + + - name: Extract sources + run: dpkg-deb --extract source-debian/*.deb rnp + + - name: Configure + run: | + echo CORES="$(nproc --all)" >> $GITHUB_ENV + cmake rnp -B rnp/build \ + -DBUILD_SHARED_LIBS=ON \ + -DBUILD_TESTING=OFF \ + -DCMAKE_BUILD_TYPE=Release \ + -DCRYPTO_BACKEND=botan \ + -DCMAKE_INSTALL_PREFIX=/usr + + - name: Build + run: cmake --build rnp/build --config Release --parallel ${{ env.CORES }} + + - name: Create binary package + run: cpack -G DEB -B debian --config rnp/build/CPackConfig.cmake + + - name: Upload binary package + uses: actions/upload-artifact@v3 + with: + name: 'debian' + path: 'debian/*.deb' + retention-days: 5 + + debian-tests: + runs-on: ubuntu-latest + needs: package + timeout-minutes: 30 + steps: + - name: Download enp deb file + uses: actions/download-artifact@v3 + with: + name: 'debian' + + - name: Checkout shell test framework + uses: actions/checkout@v3 + with: + repository: kward/shunit2 + path: ci/tests/shunit2 + + - name: Unstash tests + uses: actions/download-artifact@v3 + with: + name: tests + path: ci/tests + + - name: Run debian tests +# - no source checkout or upload [we get only test scripts from the previous step using GHA artifacts] +# - no environment set up with rnp scripts +# - no dependencies setup, we test that apt can install whatever is required + run: | + chmod +x ci/tests/deb-tests.sh + ci/tests/deb-tests.sh diff --git a/.github/workflows/windows-msys2.yml b/.github/workflows/windows-msys2.yml new file mode 100644 index 0000000..017f0bb --- /dev/null +++ b/.github/workflows/windows-msys2.yml @@ -0,0 +1,144 @@ +# Copyright (c) 2023 [Ribose Inc](https://www.ribose.com). +# All rights reserved. +# This file is a part of rnp +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +name: windows-msys2 + +on: + workflow_dispatch: + push: + branches: + - main + - 'release/**' + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + - '.github/workflows/*.yml' + - '!.github/workflows/windows-msys2.yml' + pull_request: + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + +concurrency: + group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' + cancel-in-progress: true + +env: + RNP_INSTALL: /home/runneradmin/rnp-install + +jobs: + tests: + name: windows-latest msys2 [msystem ${{ matrix.msystem }}; backend ${{ matrix.backend.name }}; build shared libs ${{ matrix.shared_libs }}; GnuPG stable] + if: "!contains(github.event.head_commit.message, 'skip ci')" + timeout-minutes: 70 + runs-on: windows-latest + defaults: + run: + shell: msys2 {0} + strategy: + fail-fast: false + matrix: + msystem: [ 'ucrt64', 'mingw64', 'clang64' ] + shared_libs: [ 'on' ] + backend: + - { name: 'botan', lib: 'libbotan' } + - { name: 'openssl', lib: 'openssl' } + + include: + - msystem: 'ucrt64' + shared_libs: 'off' + backend: { name: 'botan', lib: 'libbotan' } + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: true + + - name: Install MSys + uses: msys2/setup-msys2@v2 + with: + msystem: ${{ matrix.msystem }} + update: true + install: >- + git + base-devel + p7zip + pacboy: >- + toolchain:p + cmake:p + ${{ matrix.backend.lib }}:p + json-c:p + asciidoctor:p + gtest:p + path-type: minimal + + - name: Configure + run: | + echo CORES="$(nproc --all)" >> $GITHUB_ENV + echo CRYPTO_BACKEND=${{ matrix.backend.name }} >> $GITHUB_ENV + cmake -B build -DBUILD_SHARED_LIBS=${{ matrix.shared_libs }} \ + -DCRYPTO_BACKEND=${{ matrix.backend.name }} \ + -DCMAKE_INSTALL_PREFIX=${{ env.RNP_INSTALL }} \ + -DDOWNLOAD_GTEST=OFF \ + -DCMAKE_BUILD_TYPE=Release . + + - name: Build + run: cmake --build build --config "Release" --parallel ${{ env.CORES }} + + - name: Test + run: | + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + export PATH="$PWD/build/src/lib:$PATH" + ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure + + - name: Install + run: cmake --install build + + - name: Checkout shell test framework + uses: actions/checkout@v3 + with: + repository: kward/shunit2 + path: ci/tests/shunit2 + + - name: Run additional ci tests + if: ${{ matrix.shared_libs == 'on' }} + run: ci/tests/ci-tests.sh diff --git a/.github/workflows/windows-native.yml b/.github/workflows/windows-native.yml new file mode 100644 index 0000000..87c37ac --- /dev/null +++ b/.github/workflows/windows-native.yml @@ -0,0 +1,174 @@ +# Copyright (c) 2023 Ribose Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +name: windows-native +on: + push: + branches: + - main + - 'release/**' + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + - '.github/workflows/*.yml' + - '!.github/workflows/windows-native.yml' + pull_request: + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + +concurrency: + group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' + cancel-in-progress: true + +env: + VCPKG_DIR: C:/vcpkg + VCPKG_DEFAULT_BINARY_CACHE: ${{github.workspace}}\cache + RNP_TEST_DATA: ${{github.workspace}}\src\tests\data + +jobs: + build_and_test: + name: Windows-2019 [arch ${{ matrix.arch.name }}, toolset ${{ matrix.toolset }}, backend ${{ matrix.backend }}, build shared libs ${{ matrix.shared_libs }}, use CMake prefix path ${{ matrix.use_cmake_prefix_path }}] + runs-on: windows-2019 + if: "!contains(github.event.head_commit.message, 'skip ci')" + strategy: + fail-fast: false + matrix: + arch: [ { name: 'x64', triplet: 'x64-windows' } ] + toolset: [ 'v142', 'ClangCL' ] + backend: [ 'botan', 'openssl' ] + shared_libs: [ 'on', 'off'] + use_cmake_prefix_path: [ 'off' ] + include: + - arch: { name: 'x64', triplet: 'x64-windows' } + toolset: 'ClangCL' + backend: 'openssl' + use_cmake_prefix_path: 'on' + shared_libs: 'on' + - arch: { name: 'x64', triplet: 'x64-windows' } + toolset: 'ClangCL' + backend: 'openssl' + use_cmake_prefix_path: 'on' + shared_libs: 'off' + - arch: { name: 'Win32', triplet: 'x86-windows' } + toolset: 'ClangCL' + backend: 'botan' + use_cmake_prefix_path: 'off' + shared_libs: 'on' + - arch: { name: 'Win32', triplet: 'x86-windows' } + toolset: 'v142' + backend: 'openssl' + use_cmake_prefix_path: 'off' + shared_libs: 'off' + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + lfs: true + fetch-depth: 1 + + - name: vcpkg parameters + run: | + vcpkg version >> vcpkg.version + mkdir -p ${{ env.VCPKG_DEFAULT_BINARY_CACHE }} + + - name: vcpkg cache + uses: actions/cache@v3 + with: + path: ${{ env.VCPKG_DEFAULT_BINARY_CACHE }} + key: vcpkg-${{ hashFiles('vcpkg.version') }}-${{ matrix.arch.triplet }}-${{ matrix.toolset }}-${{ matrix.backend }} + + - name: vcpkg packages + shell: bash + run: vcpkg install --triplet ${{ matrix.arch.triplet }} bzip2 zlib json-c getopt dirent ${{ matrix.backend }} + + - name: Set OPENSSL_ROOT_DIR + # Ensure consistent access to openssl installation for test_backend_version test + # There is another one instance of ssl at /mingw and /mingw/bin is always at the first position at PATH + if: matrix.backend == 'openssl' + shell: bash + run: echo OPENSSL_ROOT_DIR=${{ env.VCPKG_DIR }}/installed >> $GITHUB_ENV + + - name: Adjust settings for s2k_iteration_tuning test + # This step adjusts s2k_iteration_tuning threshold for + # s2k_iteration_tuning test (src/tests/cipher.cpp) + # It looks like cl on Win32 does not provide robust response + if: matrix.arch.name == 'Win32' && matrix.toolset == 'ClangCL' + shell: bash + run: echo CXXFLAGS="-DS2K_MINIMUM_TUNING_RATIO=4" >> $GITHUB_ENV + + - name: Configure using vpkg toolchain file + if: matrix.use_cmake_prefix_path != 'on' + shell: bash + run: | + echo CORES="$(nproc --all)" >> $GITHUB_ENV + cmake -B build -G "Visual Studio 16 2019" \ + -A ${{ matrix.arch.name }} \ + -T ${{ matrix.toolset }} \ + -DBUILD_SHARED_LIBS=${{ matrix.shared_lib}} \ + -DCRYPTO_BACKEND=${{ matrix.backend }} \ + -DCMAKE_TOOLCHAIN_FILE=${{ env.VCPKG_DIR }}/scripts/buildsystems/vcpkg.cmake . + + - name: Configure using CMake prefix path + if: matrix.use_cmake_prefix_path == 'on' + shell: bash + run: | + echo CORES="$(nproc --all)" >> $GITHUB_ENV + cmake -B build -G "Visual Studio 16 2019" \ + -A ${{ matrix.arch.name }} \ + -T ${{ matrix.toolset }} \ + -DBUILD_SHARED_LIBS=${{ matrix.shared_lib}} \ + -DCRYPTO_BACKEND=${{ matrix.backend }} \ + -DCMAKE_PREFIX_PATH=${{ env.VCPKG_DIR }}/installed/${{ matrix.arch.triplet }} . + echo ${{ env.VCPKG_DIR }}/installed/${{ matrix.arch.triplet }}/bin >> $GITHUB_PATH + + - name: Compile + shell: bash + run: cmake --build build --config "Release" --parallel ${{ env.CORES }} + + - name: Test + shell: bash + # Sometimes running cli_tests in parallel causes instability [???] + # ctest --test-dir build -R cli_tests -C Debug --output-on-failure + # ctest --parallel ${{ env.CORES }} --test-dir build -R rnp_tests -C Debug --output-on-failure + run: | + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure |