diff options
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/centos-and-fedora.yml | 317 | ||||
-rw-r--r-- | .github/workflows/coverity.yml | 63 | ||||
-rw-r--r-- | .github/workflows/debian.yml | 92 | ||||
-rw-r--r-- | .github/workflows/fuzzing.yml | 2 | ||||
-rw-r--r-- | .github/workflows/macos.yml | 26 | ||||
-rw-r--r-- | .github/workflows/nix.yml | 2 | ||||
-rw-r--r-- | .github/workflows/opensuse.yml | 96 | ||||
-rw-r--r-- | .github/workflows/ubuntu.yml | 78 | ||||
-rw-r--r-- | .github/workflows/windows-native.yml | 46 |
9 files changed, 429 insertions, 293 deletions
diff --git a/.github/workflows/centos-and-fedora.yml b/.github/workflows/centos-and-fedora.yml index ad4e6c1..6577da3 100644 --- a/.github/workflows/centos-and-fedora.yml +++ b/.github/workflows/centos-and-fedora.yml @@ -1,5 +1,4 @@ name: centos-and-fedora - on: push: branches: @@ -34,162 +33,208 @@ concurrency: cancel-in-progress: true env: + CORES: 2 + RNP_LOG_CONSOLE: 1 CODECOV_TOKEN: dbecf176-ea3f-4832-b743-295fd71d0fad -# -# Dependencies that are created during packaging -# -# OS botan botan repository json-c json-c repository -# ---------------------------------------------------------------------------- -# CentOS 7 2.16.0 ribose json-c12 (0.12.1) ribose -# CentOS 8 2.16.0 ribose 0.13.1 el8 -# CentOS 9 2.19.3 el9 0.14 el9 -# Fedora 35 2.18.2 fc35 0.15 fc35 -# Fedora 36 2.19.1 fc36 0.15 fc36 -# jobs: tests: + name: ${{ matrix.image.name }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }} ${{ matrix.image.botan_ver }}; gpg ${{ matrix.image.gpg_ver }}; build ${{ matrix.env.BUILD_MODE }}; SM2 ${{ matrix.image.sm2 }}; IDEA ${{ matrix.image.idea }}] runs-on: ubuntu-latest - if: "!contains(github.event.head_commit.message, 'skip ci')" - container: ${{ matrix.image.container }} - timeout-minutes: 70 + timeout-minutes: 120 strategy: fail-fast: false matrix: env: - - { CC: gcc, CXX: g++, BUILD_MODE: normal, USE_STATIC_DEPENDENCIES: yes } + - { CC: gcc, CXX: g++, BUILD_MODE: normal, SHARED_LIBS: on } # normal --> Release build; sanitize --> Debug build so theoretically test conditions are different -# - { CC: clang, CXX: clang++, BUILD_MODE: normal, USE_STATIC_DEPENDENCIES: yes } - - { CC: clang, CXX: clang++, BUILD_MODE: sanitize, USE_STATIC_DEPENDENCIES: yes } - -# Should you add a new OS/version please consider adding its default version of botan2 and json-c to this test matrix +# - { CC: clang, CXX: clang++, BUILD_MODE: normal } + - { CC: clang, CXX: clang++, BUILD_MODE: sanitize, SHARED_LIBS: on } + +# All cotainers have gpg stable and lts installed +# centos-8-amd64 has botan 2.18.2 installed +# fedora-35-amd64 has botan 3.1.1 installed +# Any other version has to be built explicitly ! +# Pls refer to https://github.com/rnpgp/rnp-ci-containers#readme for more image details image: - - { name: 'CentOS 7', container: 'centos:7', gpg_ver: stable, backend: Botan, botan_ver: 2.16.0, locale: en_US.UTF-8 } - - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, botan_ver: 2.16.0, locale: C.UTF-8 } - - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: Botan, botan_ver: 2.19.3, locale: C.UTF-8 } - - { name: 'Fedora 35', container: 'fedora:35', gpg_ver: stable, backend: Botan, botan_ver: 2.18.2, locale: C.UTF-8 } - - { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: Botan, botan_ver: 2.19.1, locale: C.UTF-8 } - - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: lts, backend: Botan, sm2: On, locale: C.UTF-8 } - - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, sm2: Off, locale: C.UTF-8 } - - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: lts, backend: OpenSSL, locale: C.UTF-8 } - - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: beta, backend: Botan, sm2: On, locale: C.UTF-8 } - - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: 2.3.1, backend: Botan, sm2: On, locale: C.UTF-8 } - - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: OpenSSL, idea: On, locale: C.UTF-8 } - - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: OpenSSL, idea: Off, locale: C.UTF-8 } - - { name: 'Fedora 35', container: 'fedora:35', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } - - { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } - - + - { name: 'CentOS 7', container: 'centos-7-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'stable' } + - { name: 'CentOS 8', container: 'centos-8-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'system' } + - { name: 'CentOS 8', container: 'centos-8-amd64', backend: 'Botan', botan_ver: '2.18.2', sm2: On, gpg_ver: 'lts' } + - { name: 'CentOS 8', container: 'centos-8-amd64', backend: 'Botan', botan_ver: '2.18.2', sm2: Off, gpg_ver: 'stable' } + - { name: 'CentOS 9', container: 'centos-9-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'stable' } + - { name: 'Fedora 35', container: 'fedora-35-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'system' } + - { name: 'Fedora 36', container: 'fedora-36-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'system' } + - { name: 'Fedora 36', container: 'fedora-36-amd64', backend: 'Botan', botan_ver: '3.1.1', gpg_ver: 'system' } +# Tests against gpg head fails +# - { name: 'Fedora 36', container: 'fedora-36-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'head' } + - { name: 'Fedora 36', container: 'fedora-36-amd64', backend: 'Botan', botan_ver: 'head', gpg_ver: 'system' } + - { name: 'CentOS 8', container: 'centos-8-amd64', backend: 'OpenSSL', gpg_ver: 'lts' } + - { name: 'CentOS 9', container: 'centos-9-amd64', backend: 'OpenSSL', idea: On, gpg_ver: 'stable' } + - { name: 'CentOS 9', container: 'centos-9-amd64', backend: 'OpenSSL', idea: Off,gpg_ver: 'stable' } + - { name: 'Fedora 35', container: 'fedora-35-amd64', backend: 'OpenSSL', gpg_ver: 'system' } + - { name: 'Fedora 36', container: 'fedora-36-amd64', backend: 'OpenSSL', gpg_ver: 'system' } + +# There is some ABI incompatibility between llvm-7, bitan shared library from ribose repo and sanitizer +# So we are enforving static lib for sanitizers on CentOS 7 + exclude: + - image: { name: 'CentOS 7', container: 'centos-7-amd64', gpg_ver: stable, backend: Botan, botan_ver: 'system' } + env: { CC: clang, CXX: clang++, BUILD_MODE: sanitize, SHARED_LIBS: on } include: - # Coverage report for Botan backend - - image: { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, sm2: On, locale: C.UTF-8 } - env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } + - image: { name: 'CentOS 7', container: 'centos-7-amd64', gpg_ver: stable, backend: Botan, botan_ver: 'system' } + env: { CC: clang, CXX: clang++, BUILD_MODE: sanitize, SHARED_LIBS: off } + # Coverage report for Botan 2.x backend + - image: { name: 'CentOS 8', container: 'centos-8-amd64', gpg_ver: stable, backend: Botan, botan_ver: '2.18.2' } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on } + # Coverage report for Botan 3.x backend + - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: Botan, botan_ver: '3.1.1' } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on } # Coverage report for OpenSSL 1.1.1 backend - - image: { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } - env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } + - image: { name: 'CentOS 8', container: 'centos-8-amd64', gpg_ver: stable, backend: OpenSSL } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on } # Coverage report for OpenSSL 3.0 backend - - image: { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } - env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } + - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: OpenSSL } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on } + # Coverage report for OpenSSL 3.0 backend with disabled algos + - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: OpenSSL, idea: Off, sm2: Off, two: Off, blow: Off, rmd: Off, bp: Off } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on } + # Coverage report for Botan backend with disabled algos + - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: Botan, idea: Off, sm2: Off, two: Off, blow: Off, rmd: Off, bp: Off } + env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on } + # Fedora 38 + - image: { name: 'Fedora 38', container: 'fedora-38-amd64', gpg_ver: system, backend: Botan, botan_ver: 'system' } + env: { CC: gcc, CXX: g++, BUILD_MODE: normal, SHARED_LIBS: on } + # Fedora 39 + - image: { name: 'Fedora 38', container: 'fedora-39-amd64', gpg_ver: system, backend: Botan, botan_ver: 'system' } + env: { CC: gcc, CXX: g++, BUILD_MODE: normal, SHARED_LIBS: on } + + container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }} env: ${{ matrix.env }} - name: ${{ matrix.image.name }} ${{ matrix.image.backend }} [test mode ${{ matrix.env.BUILD_MODE }}; CC ${{ matrix.env.CC }}; GnuPG ${{ matrix.image.gpg_ver }}; SM2 ${{ matrix.image.sm2 }}; IDEA ${{ matrix.image.idea }}] steps: - - name: Install prerequisites for prerequisites - if: matrix.image.container == 'centos:7' - run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm - - - name: Install prerequisites - run: yum -y install git sudo + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true - name: Setup environment run: | set -o errexit -o pipefail -o noclobber -o nounset - echo LANG=${{ matrix.image.locale }} >> $GITHUB_ENV - echo LC_ALL=${{ matrix.image.locale }} >> $GITHUB_ENV - echo LC_LANG=${{ matrix.image.locale }} >> $GITHUB_ENV - echo GPG_VERSION=${{ matrix.image.gpg_ver }} >> $GITHUB_ENV - echo ENABLE_SM2=${{ matrix.image.sm2 }} >> $GITHUB_ENV - echo ENABLE_IDEA=${{ matrix.image.idea }} >> $GITHUB_ENV - backend=${{ matrix.image.backend }} - backend="$(echo "${backend:-}" | tr '[:upper:]' '[:lower:]')" - echo CRYPTO_BACKEND="$backend" >> $GITHUB_ENV - echo BOTAN_VERSION=${{ matrix.image.botan_ver }} >> $GITHUB_ENV + + /opt/tools/tools.sh select_crypto_backend_for_gha ${{ matrix.image.backend }} + /opt/tools/tools.sh select_gpg_version_for_gha ${{ matrix.image.gpg_ver }} + /opt/tools/tools.sh select_botan_version_for_gha ${{ matrix.image.botan_ver }} + + echo "ENABLE_SM2=${{ matrix.image.sm2 }}" >> $GITHUB_ENV + echo "ENABLE_IDEA=${{ matrix.image.idea }}" >> $GITHUB_ENV + echo "ENABLE_TWOFISH=${{ matrix.image.two }}" >> $GITHUB_ENV + echo "ENABLE_BLOWFISH=${{ matrix.image.blow }}" >> $GITHUB_ENV + echo "ENABLE_RIPEMD160=${{ matrix.image.rmd }}" >> $GITHUB_ENV + echo "ENABLE_BRAINPOOL=${{ matrix.image.bp }}" >> $GITHUB_ENV + + echo CORES="$(nproc --all)" >> $GITHUB_ENV + useradd rnpuser - echo -e "rnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser - echo -e "rnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf + printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser + printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf - - name: Checkout - uses: actions/checkout@v3 - with: - submodules: true + # Need to build HEAD version since it is always different + - name: Build gpg head + if: matrix.image.gpg_ver == 'head' + run: /opt/tools/tools.sh build_and_install_gpg head - - name: Setup noncacheable dependencies + - name: Build botan head + if: matrix.image.botan_ver == 'head' + # Botan's head renamed curve25519 module to x25519, however this didn't get to 3.5.0 release yet run: | - . ci/gha/setup-env.inc.sh - exec su rnpuser -c ci/install_noncacheable_dependencies.sh + sed -i 's/curve25519/x25519/g' /opt/tools/botan3-modules /opt/tools/botan3-pqc-modules + /opt/tools/tools.sh build_and_install_botan head - - name: Cache - id: cache - uses: actions/cache@v3 - with: - path: ${{ env.CACHE_DIR }} - key: ${{ matrix.image.container }}-${{ matrix.image.backend }}-${{ matrix.env.BUILD_MODE }}-${{ matrix.env.CC }}-${{ matrix.image.gpg_ver }}-${{ matrix.image.sm2 }}-${{ matrix.image.idea }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/centos-and-fedora.yml') }} - - - name: Adjust folder ownership + - name: Configure run: | set -o errexit -o pipefail -o noclobber -o nounset - chown -R rnpuser:rnpuser $PWD - - name: Setup cacheable dependencies - if: steps.cache.outputs.cache-hit != 'true' - run: exec su rnpuser -c ci/install_cacheable_dependencies.sh + [[ "${{ env.BUILD_MODE }}" = "coverage" ]] && cov_opt=(-DENABLE_COVERAGE=yes) + [[ "${{ env.BUILD_MODE }}" = "sanitize" ]] && san_opt=(-DENABLE_SANITIZERS=yes) - - name: Build and Test - run: exec su rnpuser -c ci/run.sh + [ -n "$ENABLE_SM2" ] && sm2_opt=(-DENABLE_SM2="$ENABLE_SM2") + [ -n "$ENABLE_IDEA" ] && idea_opt=(-DENABLE_IDEA="$ENABLE_IDEA") + [ -n "$ENABLE_TWOFISH" ] && two_opt=(-DENABLE_TWOFISH="$ENABLE_TWOFISH") + [ -n "$ENABLE_BLOWFISH" ] && blow_opt=(-DENABLE_BLOWFISH="$ENABLE_BLOWFISH") + [ -n "$ENABLE_RIPEMD160" ] && rmd_opt=(-DENABLE_RIPEMD160="$ENABLE_RIPEMD160") + [ -n "$ENABLE_BRAINPOOL" ] && bp_opt=(-DENABLE_BRAINPOOL="$ENABLE_BRAINPOOL") + + cmake -B build \ + -DBUILD_SHARED_LIBS=${{ env.SHARED_LIBS }} \ + -DDOWNLOAD_GTEST=ON \ + -DCMAKE_BUILD_TYPE=Release \ + -DCRYPTO_BACKEND=${{ matrix.image.backend }} \ + ${sm2_opt:-} ${idea_opt:-} ${two_opt:-} ${blow_opt:-} ${rmd_opt:-} ${bp_opt:-} ${cov_opt:-} ${san_opt:-} . + + - name: Build + run: cmake --build build --parallel ${{ env.CORES }} + + - name: Test + run: | + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + export PATH="$PWD/build/src/lib:$PATH" + chown -R rnpuser:rnpuser $PWD + exec su rnpuser -c "ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure" + + - name: Coverage + if: env.BUILD_MODE == 'coverage' + run: | + curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --keyring trustedkeys.gpg --import # One-time step + curl -Os https://uploader.codecov.io/latest/linux/codecov + curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM + curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM.sig + gpgv codecov.SHA256SUM.sig codecov.SHA256SUM + shasum -a 256 -c codecov.SHA256SUM + chmod +x codecov + find "build" -type f -name '*.gcno' -exec gcov -p {} + + ./codecov + + - name: Install + if: env.BUILD_MODE != 'coverage' && env.SHARED_LIBS == 'on' + run: cmake --install build - name: Checkout shell test framework + if: env.BUILD_MODE != 'coverage' && env.SHARED_LIBS == 'on' uses: actions/checkout@v3 with: repository: kward/shunit2 path: ci/tests/shunit2 - name: Run additional ci tests - run: ci/tests/ci-tests.sh + if: env.BUILD_MODE != 'coverage' && env.SHARED_LIBS == 'on' + run: RNP_INSTALL=/usr/local ci/tests/ci-tests.sh package-source: runs-on: ubuntu-latest - container: ${{ matrix.env.container }} + container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }} timeout-minutes: 30 +# needs: tests strategy: fail-fast: false matrix: - env: - - { name: 'CentOS 7', container: 'centos:7', LC_ALL: en_US.UTF-8 } - - { name: 'CentOS 8', container: 'tgagor/centos:stream8', LC_ALL: C.UTF-8 } - - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', LC_ALL: C.UTF-8 } - - { name: 'Fedora 35', container: 'fedora:35', LC_ALL: C.UTF-8 } - - { name: 'Fedora 36', container: 'fedora:36', LC_ALL: C.UTF-8 } - name: Package ${{ matrix.env.name }} SRPM - env: ${{ matrix.env }} + image: + - { name: 'CentOS 7', container: 'centos-7-amd64' } + - { name: 'CentOS 8', container: 'centos-8-amd64' } + - { name: 'CentOS 9', container: 'centos-9-amd64' } + - { name: 'Fedora 35', container: 'fedora-35-amd64' } + - { name: 'Fedora 36', container: 'fedora-36-amd64' } - steps: - - name: Install prerequisites for prerequisites - if: matrix.env.container == 'centos:7' - run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm + name: Package ${{ matrix.image.name }} SRPM - - name: Install prerequisites - run: yum -y install git sudo rpm-build + steps: + - name: Install rpm tools + run: yum -y install rpm-build - name: Checkout uses: actions/checkout@v3 with: submodules: true - - name: Setup noncacheable dependencies - run: | - . ci/gha/setup-env.inc.sh - ci/install_noncacheable_dependencies.sh - - name: Configure run: cmake -B build -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF @@ -199,7 +244,7 @@ jobs: - name: Upload SRPM uses: actions/upload-artifact@v3 with: - name: 'SRPM ${{ matrix.env.name }}' + name: 'SRPM ${{ matrix.image.name }}' path: 'build/SRPM/*.src.rpm' retention-days: 5 @@ -212,34 +257,28 @@ jobs: package: runs-on: ubuntu-latest - needs: package-source - container: ${{ matrix.env.container }} + container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }} timeout-minutes: 30 + needs: package-source strategy: fail-fast: false matrix: - env: - - { name: 'CentOS 7', container: 'centos:7', LC_ALL: en_US.UTF-8 } -# CXXFLAGS environment setting resolves dual ABI issues caused by BOTAN libraries with the version of GCC installed at 'tgagor/centos:stream8' -# https://gcc.gnu.org/onlinedocs/gcc-5.2.0/libstdc++/manual/manual/using_dual_abi.html - - { name: 'CentOS 8', container: 'tgagor/centos:stream8', CXXFLAGS: -D_GLIBCXX_USE_CXX11_ABI=0, LC_ALL: C.UTF-8 } - - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', LC_ALL: C.UTF-8 } - - { name: 'Fedora 35', container: 'fedora:35', LC_ALL: C.UTF-8 } - - { name: 'Fedora 36', container: 'fedora:36', LC_ALL: C.UTF-8 } - name: Package ${{ matrix.env.name }} RPM - env: ${{ matrix.env }} - steps: - - name: Install prerequisites for prerequisites - if: matrix.env.container == 'centos:7' - run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm + image: + - { name: 'CentOS 7', container: 'centos-7-amd64' } + - { name: 'CentOS 8', container: 'centos-8-amd64' } + - { name: 'CentOS 9', container: 'centos-9-amd64' } + - { name: 'Fedora 35', container: 'fedora-35-amd64' } + - { name: 'Fedora 36', container: 'fedora-36-amd64' } - - name: Install prerequisites - run: yum -y install git sudo tar cpio rpm-build + name: Package ${{ matrix.image.name }} RPM + steps: + - name: Install rpm tools + run: yum -y install rpm-build - name: Download SRPM uses: actions/download-artifact@v3 with: - name: 'SRPM ${{ matrix.env.name }}' + name: 'SRPM ${{ matrix.image.name }}' path: ~/rpmbuild/SRPMS - name: Extract SRPM @@ -247,16 +286,6 @@ jobs: rpm -i -v ~/rpmbuild/SRPMS/*.src.rpm tar xzf ~/rpmbuild/SOURCES/*.tar.gz --strip 1 -C ~/rpmbuild/SOURCES - - name: Setup noncacheable dependencies - run: | - cd ~/rpmbuild/SOURCES/ - . ci/gha/setup-env.inc.sh - ci/install_noncacheable_dependencies.sh - - - name: Permanently enable rh-ruby30 - if: matrix.env.container == 'centos:7' - run: bash -c "echo \"$(cut -f 2- -d ' ' /opt/rh/rh-ruby30/enable)\"">> $GITHUB_ENV - - name: Build rnp run: | cmake ~/rpmbuild/SOURCES -B ~/rpmbuild/SOURCES/BUILD -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF \ @@ -269,7 +298,7 @@ jobs: - name: Upload Artifact uses: actions/upload-artifact@v3 with: - name: 'RPM ${{ matrix.env.name}}' + name: 'RPM ${{ matrix.image.name}}' path: '~/rpmbuild/SOURCES/RPMS/*.rpm' retention-days: 5 @@ -280,18 +309,18 @@ jobs: rpm-tests: runs-on: ubuntu-latest needs: package - container: ${{ matrix.env.container }} + container: ${{ matrix.image.container }} timeout-minutes: 30 strategy: fail-fast: false matrix: - env: + image: - { name: 'CentOS 7', container: 'centos:7' } - { name: 'CentOS 8', container: 'tgagor/centos:stream8' } - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9' } - { name: 'Fedora 35', container: 'fedora:35' } - { name: 'Fedora 36', container: 'fedora:36' } - name: RPM test on ${{ matrix.env.name }} + name: RPM test on ${{ matrix.image.name }} steps: - name: Install prerequisites @@ -303,26 +332,26 @@ jobs: # ribose repo is also a source of json-c (v12 aka json-c12) for CentOS 7 - name: Install ribose-packages - if: matrix.env.container == 'centos:7' || matrix.env.container == 'tgagor/centos:stream8' + if: matrix.image.container == 'centos:7' || matrix.image.container == 'tgagor/centos:stream8' run: | sudo rpm --import https://github.com/riboseinc/yum/raw/master/ribose-packages-next.pub sudo wget https://github.com/riboseinc/yum/raw/master/ribose.repo -O /etc/yum.repos.d/ribose.repo - name: Install epel-release - if: matrix.env.container == 'quay.io/centos/centos:stream9' + if: matrix.image.container == 'quay.io/centos/centos:stream9' run: | sudo dnf -y install 'dnf-command(config-manager)' sudo dnf config-manager --set-enabled crb sudo dnf -y install epel-release - name: Install xargs - if: matrix.env.container == 'fedora:35' + if: matrix.image.container == 'fedora:35' run: sudo yum -y install findutils - name: Download rnp rpms uses: actions/download-artifact@v3 with: - name: 'RPM ${{ matrix.env.name}}' + name: 'RPM ${{ matrix.image.name}}' - name: Checkout shell test framework uses: actions/checkout@v3 @@ -362,11 +391,11 @@ jobs: # Ribose repo provides json-c12-devel for CentOS7; # el8, el9, fr35, fr36 provide json-c-devel (version 12+) - name: Setup json-c12 - if: matrix.env.container == 'centos:7' + if: matrix.image.container == 'centos:7' run: sudo yum -y install json-c12-devel - name: Setup json-c - if: matrix.env.container != 'centos:7' + if: matrix.image.container != 'centos:7' run: sudo yum -y install json-c-devel - name: Run packaging tests diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 35f1ea5..3e16728 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -5,13 +5,6 @@ on: # every day at 9:00 UTC - cron: '0 9 * * *' -env: - CORES: 2 - BUILD_MODE: normal - GPG_VERSION: stable - RNP_TESTS: '' - USE_STATIC_DEPENDENCIES: yes - jobs: scan: runs-on: ubuntu-latest @@ -21,43 +14,23 @@ jobs: with: fetch-depth: 1 submodules: true - - name: Setup environment - run: | - . ci/gha/setup-env.inc.sh - ci/install_noncacheable_dependencies.sh - - name: Cache - id: cache - uses: actions/cache@v3 - with: - path: ${{ env.CACHE_DIR }} - key: ${{ github.workflow }}-${{ runner.os }}-${{ env.BUILD_MODE }}-gpg-${{ env.GPG_VERSION }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/**') }} - - name: Build cache - if: steps.cache.outputs.cache-hit != 'true' - run: | - set -x - ci/install_cacheable_dependencies.sh botan jsonc - - name: Download Coverity - env: - TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} - run: | - wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=$GITHUB_REPOSITORY" -O cov-analysis-linux64.tar.gz - mkdir cov-analysis-linux64 - tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 - - name: Build + + - name: Install dependencies run: | - set -x - export PATH="$PWD/cov-analysis-linux64/bin:$PATH" - cov-build --dir cov-int ci/main.sh - - name: Submit - env: - TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + sudo apt-get -y update + sudo apt-get -y install cmake libjson-c-dev libbotan-2-dev asciidoctor + + - name: Configure run: | - tar czvf results.tgz cov-int - curl \ - --form project=$GITHUB_REPOSITORY \ - --form token=$TOKEN \ - --form email=packaging@ribose.com \ - --form file=@results.tgz \ - --form version=$GITHUB_REF \ - --form description=$GITHUB_SHA \ - https://scan.coverity.com/builds?project=$GITHUB_REPOSITORY + echo CORES="$(nproc --all)" >> $GITHUB_ENV + cmake -B build -DBUILD_SHARED_LIBS=ON \ + -DCRYPTO_BACKEND=botan \ + -DDOWNLOAD_GTEST=ON \ + -DCMAKE_BUILD_TYPE=Release . + + - name: Coverity Scan + uses: vapier/coverity-scan-action@v1 + with: + email: packaging@ribose.com + token: ${{ secrets.COVERITY_SCAN_TOKEN }} + command: cmake --build build --parallel $CORES diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 30991fc..e5bcc97 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -38,16 +38,11 @@ env: LANG: C.UTF-8 LC_ALL: C.UTF-8 LC_LANG: C.UTF-8 - CMAKE_VER: '3.20.6-2' - BUILD_MODE: normal - GPG_VERSION: stable - SUDO: "" - USE_STATIC_DEPENDENCIES: yes RNP_LOG_CONSOLE: 1 jobs: tests: - name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }}; GnuPG stable] + name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }}; GnuPG system-shipped] runs-on: ubuntu-latest if: "!contains(github.event.head_commit.message, 'skip ci')" timeout-minutes: 120 @@ -55,84 +50,59 @@ jobs: fail-fast: false matrix: image: - - { container: 'i386/debian:11', cpu: 'i386', arch: 'ia32', backend: 'botan' } - - { container: 'i386/debian:11', cpu: 'i386', arch: 'ia32', backend: 'openssl' } - - { container: 'amd64/debian:11', cpu: 'x86_64', arch: 'x64', backend: 'botan' } - - { container: 'amd64/debian:11', cpu: 'x86_64', arch: 'x64', backend: 'openssl' } - - { container: 'i386/debian:10', cpu: 'i386', arch: 'ia32', backend: 'botan' } + - { container: 'debian-11-i386', cpu: 'i386', backend: 'botan' } + - { container: 'debian-11-i386', cpu: 'i386', backend: 'openssl' } + - { container: 'debian-11-amd64', cpu: 'x86_64', backend: 'botan' } + - { container: 'debian-11-amd64', cpu: 'x86_64', backend: 'openssl' } + - { container: 'debian-12-amd64', cpu: 'x86_64', backend: 'botan' } + - { container: 'debian-12-amd64', cpu: 'x86_64', backend: 'openssl' } + - { container: 'debian-10-i386', cpu: 'i386', backend: 'botan' } env: - { CC: 'gcc', CXX: 'g++' } - { CC: 'clang', CXX: 'clang++' } - container: ${{ matrix.image.container }} + container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }} env: ${{ matrix.env }} steps: - - name: Install prerequisites - run: | - apt update - apt -y install git sudo wget - - - name: Setup environment - shell: bash - # rnpuser is only needed for rnpkeys_generatekey_verifykeyHomeDirNoPermission test - run: | - set -x - echo IMAGE=${{ matrix.image.container }} >> $GITHUB_ENV - echo CPU=${{ matrix.image.cpu }} >> $GITHUB_ENV - echo CRYPTO_BACKEND=${{ matrix.image.backend }} >> $GITHUB_ENV - echo "SUDO=sudo" >> $GITHUB_ENV - useradd rnpuser - printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser - printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf - - name: Checkout on x86_x64 - if: env.CPU == 'x86_64' + if: matrix.image.cpu == 'x86_64' uses: actions/checkout@v3 with: submodules: true - name: Checkout on i386 - if: env.CPU == 'i386' + if: matrix.image.cpu == 'i386' uses: actions/checkout@v1 with: submodules: true - - name: Install cmake - run: | - wget -nv https://github.com/xpack-dev-tools/cmake-xpack/releases/download/v${{ env.CMAKE_VER }}/xpack-cmake-${{ env.CMAKE_VER }}-linux-${{ matrix.image.arch }}.tar.gz - tar -zxf xpack-cmake-${{ env.CMAKE_VER }}-linux-${{ matrix.image.arch }}.tar.gz --directory /usr/local --strip-components=1 --skip-old-files - - - name: Setup noncacheable dependencies + - name: Setup environment shell: bash + # rnpuser is only needed for rnpkeys_generatekey_verifykeyHomeDirNoPermission test run: | - . ci/gha/setup-env.inc.sh - ci/install_noncacheable_dependencies.sh - - - name: Cache - id: cache - uses: actions/cache@v3 - if: env.CPU == 'x86_64' - with: - path: ${{github.workspace}}/${{ env.CACHE_DIR }} - key: ${{ matrix.image.container }}-${{ matrix.env.CC }}-${{ matrix.image.backend }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/debian.yml') }} + useradd rnpuser + printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser + printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf - - name: Setup cacheable dependencies - if: steps.cache.outputs.cache-hit != 'true' - shell: bash + - name: Configure run: | - set -euxo pipefail - ci/install_cacheable_dependencies.sh + cmake -B build \ + -DBUILD_SHARED_LIBS=ON \ + -DCRYPTO_BACKEND=${{ matrix.image.backend }} \ + -DDOWNLOAD_GTEST=ON \ + -DCMAKE_BUILD_TYPE=Release . - - name: Build and Test - shell: bash + - name: Build + run: cmake --build build --parallel ${{ env.CORES }} + + - name: Test run: | - set -x + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + export PATH="$PWD/build/src/lib:$PATH" chown -R rnpuser:rnpuser $PWD - exec su rnpuser -c ci/run.sh + exec su rnpuser -c "ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure" - name: Package - run: | - set -x - cd ${LOCAL_BUILDS}/rnp-build - cpack -G DEB -D CPACK_DEBIAN_PACKAGE_SHLIBDEPS_PRIVATE_DIRS="${BOTAN_INSTALL}/lib;${JSONC_INSTALL}/lib;${GPG_INSTALL}/lib" + run: cpack -G DEB -B debian --config build/CPackConfig.cmake diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index 81336ec..c51260a 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -31,7 +31,7 @@ jobs: uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master with: oss-fuzz-project-name: 'rnp' - fuzz-seconds: 1800 + fuzz-seconds: 300 dry-run: false - name: Upload Crash uses: actions/upload-artifact@v2 diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 0cfea7e..42aef30 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2023 [Ribose Inc](https://www.ribose.com). +# Copyright (c) 2023-2024 [Ribose Inc](https://www.ribose.com). # All rights reserved. # This file is a part of rnp # @@ -57,7 +57,8 @@ concurrency: cancel-in-progress: true env: - BOTAN_VERSION: 2.19.3 + BOTAN_VERSION: 2.19.4 + CORES: 3 jobs: tests: @@ -67,13 +68,14 @@ jobs: fail-fast: false matrix: # On MacOS gcc is alias of clang these days - os: [ macos-11, macos-12 ] + os: [ macos-12, macos-13, macos-14 ] backend: [ 'botan' ] shared_libs: [ 'on' ] include: - { os: 'macos-11', backend: 'openssl@1.1', shared_libs: 'on' } - - { os: 'macos-12', backend: 'openssl@3', shared_libs: 'on' } - - { os: 'macos-12', backend: 'botan', shared_libs: 'off' } + - { os: 'macos-14', backend: 'openssl@3', shared_libs: 'on' } + - { os: 'macos-14', backend: 'botan', shared_libs: 'off' } + - { os: 'macos-14', backend: 'botan3', shared_libs: 'on' } if: "!contains(github.event.head_commit.message, 'skip ci')" timeout-minutes: 250 @@ -98,14 +100,6 @@ jobs: echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl@3)" >> $GITHUB_ENV echo "CRYPTO_BACKEND=openssl" >> $GITHUB_ENV -# Brew installs Botan3 now and it is not supported yet -# -# - name: Configure botan backend -# if: ${{ matrix.backend == 'botan' }} -# run: | -# echo "brew \"botan\"" >> Brewfile -# echo "CRYPTO_BACKEND=botan" >> $GITHUB_ENV - - name: Install dependencies run: brew bundle @@ -133,6 +127,11 @@ jobs: sudo make install cd .. + - name: Install Botan3 + if: matrix.backend == 'botan3' + run: | + brew install botan + - name: Configure run: | echo "CORES=$(sysctl -n hw.ncpu)" >> $GITHUB_ENV @@ -141,6 +140,7 @@ jobs: -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_INSTALL_PREFIX="$PWD/rnp-install" \ -DDOWNLOAD_GTEST=OFF \ + -DCMAKE_CXX_FLAGS="-DS2K_MINIMUM_TUNING_RATIO=4"\ -DCRYPTO_BACKEND=${{ env.CRYPTO_BACKEND }} . - name: Build diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index e71ee51..c5bbcfd 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -39,7 +39,7 @@ jobs: with: fetch-depth: 1 submodules: true - - uses: cachix/install-nix-action@v15 + - uses: cachix/install-nix-action@v22 with: nix_path: nixpkgs=channel:nixos-unstable - run: nix build .?submodules=1 diff --git a/.github/workflows/opensuse.yml b/.github/workflows/opensuse.yml new file mode 100644 index 0000000..d02381c --- /dev/null +++ b/.github/workflows/opensuse.yml @@ -0,0 +1,96 @@ +name: opensuse + +on: + push: + branches: + - main + - 'release/**' + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + - '.github/workflows/*.yml' + - '!.github/workflows/opensuse.yml' + pull_request: + paths-ignore: + - '/*.sh' + - '/.*' + - '/_*' + - 'Brewfile' + - 'docs/**' + - '**.adoc' + - '**.md' + - '**.nix' + - 'flake.lock' + +concurrency: + group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' + cancel-in-progress: true + +env: + CORES: 2 + LANG: C.UTF-8 + LC_ALL: C.UTF-8 + LC_LANG: C.UTF-8 + RNP_LOG_CONSOLE: 1 + +jobs: + tests: + name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }}; GnuPG system-shipped] + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, 'skip ci')" + timeout-minutes: 120 + strategy: + fail-fast: false + matrix: + image: + - { container: 'opensuse-leap', backend: 'botan' } + - { container: 'opensuse-tumbleweed', backend: 'openssl' } + env: + - { CC: 'gcc', CXX: 'g++' } + - { CC: 'clang', CXX: 'clang++' } + + container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }} + + env: ${{ matrix.env }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: true + + - name: Setup environment + shell: bash + # rnpuser is only needed for rnpkeys_generatekey_verifykeyHomeDirNoPermission test + run: | + groupadd rnpuser + useradd -g rnpuser -m rnpuser + printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser + if [ -d /etc/security/limits.d ]; then + printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf + fi + + - name: Configure + run: | + cmake -B build \ + -DBUILD_SHARED_LIBS=ON \ + -DCRYPTO_BACKEND=${{ matrix.image.backend }} \ + -DDOWNLOAD_GTEST=Off \ + -DCMAKE_BUILD_TYPE=Release . + + - name: Build + run: cmake --build build --parallel ${{ env.CORES }} + + - name: Test + run: | + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + export PATH="$PWD/build/src/lib:$PATH" + chown -R rnpuser:rnpuser $PWD + exec su rnpuser -c "ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure" diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index 51fd0c3..a7931d1 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -110,14 +110,14 @@ jobs: -DCMAKE_BUILD_TYPE=Release . - name: Build - run: cmake --build build --config "Release" --parallel ${{ env.CORES }} + run: cmake --build build --parallel ${{ env.CORES }} - name: Test run: | mkdir -p "build/Testing/Temporary" cp "cmake/CTestCostData.txt" "build/Testing/Temporary" export PATH="$PWD/build/src/lib:$PATH" - ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure + ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure cmake-offline-googletest-src: runs-on: ubuntu-latest @@ -145,14 +145,14 @@ jobs: -DCMAKE_BUILD_TYPE=Release . - name: Build - run: cmake --build build --config "Release" --parallel ${{ env.CORES }} + run: cmake --build build --parallel ${{ env.CORES }} - name: Test run: | mkdir -p "build/Testing/Temporary" cp "cmake/CTestCostData.txt" "build/Testing/Temporary" export PATH="$PWD/build/src/lib:$PATH" - ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure + ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure - name: Check googletest run: | @@ -191,14 +191,14 @@ jobs: -DCMAKE_BUILD_TYPE=Release . - name: Build - run: cmake --build build --config "Release" --parallel ${{ env.CORES }} + run: cmake --build build --parallel ${{ env.CORES }} - name: Test run: | mkdir -p "build/Testing/Temporary" cp "cmake/CTestCostData.txt" "build/Testing/Temporary" export PATH="$PWD/build/src/lib:$PATH" - ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure + ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure - name: Check googletest run: | @@ -206,6 +206,72 @@ jobs: [ ! -d "build/src/tests/googletest-build" ] [ ! -d "build/src/tests/googletest-src" ] + cmake-system-sexpp: + name: system-sexpp, sexpp shared libs ${{ matrix.sexpp_shared_libs }}, rnp shared libs ${{ matrix.rnp_shared_libs }} + runs-on: ubuntu-latest + if: "!contains(github.event.head_commit.message, 'skip ci')" + timeout-minutes: 30 + strategy: + fail-fast: false + matrix: + sexpp_shared_libs: [ 'on', 'off' ] + rnp_shared_libs: ['on', 'off'] + + steps: + - name: Install dependencies + run: | + sudo apt-get -y update + sudo apt-get -y install cmake libjson-c-dev libbotan-2-dev asciidoctor + + - name: Checkout sexpp + uses: actions/checkout@v3 + with: + repository: rnpgp/sexpp + path: sexpp + + - name: Configure sexpp + run: | + echo CORES="$(nproc --all)" >> $GITHUB_ENV + cmake -S sexpp -B sexpp/build \ + -DCMAKE_BUILD_TYPE=Release \ + -DDOWNLOAD_GTEST=OFF \ + -DWITH_SEXP_TESTS=OFF \ + -DBUILD_SHARED_LIBS=${{ matrix.sexpp_shared_libs}} + + - name: Build sexpp + run: cmake --build sexpp/build --parallel ${{ env.CORES }} + + - name: Install sexpp + run: sudo cmake --install sexpp/build + + - name: Clean sexpp + run: rm -rf sexpp + + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: false + + - name: Configure + run: | + cmake -B build \ + -DBUILD_SHARED_LIBS=${{ matrix.rnp_shared_libs }} \ + -DCRYPTO_BACKEND=botan \ + -DDOWNLOAD_GTEST=ON \ + -DSYSTEM_LIBSEXPP=ON \ + -DCMAKE_BUILD_TYPE=Release . + + - name: Build + run: cmake --build build --parallel ${{ env.CORES }} + + - name: Test + run: | + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + export PATH="$PWD/build/src/lib:$PATH" + ctest --parallel ${{ env.CORES }} --test-dir build -R rnp_tests --output-on-failure + package-source: runs-on: ubuntu-latest if: "!contains(github.event.head_commit.message, 'skip ci')" diff --git a/.github/workflows/windows-native.yml b/.github/workflows/windows-native.yml index 87c37ac..afed7e7 100644 --- a/.github/workflows/windows-native.yml +++ b/.github/workflows/windows-native.yml @@ -72,24 +72,14 @@ jobs: arch: [ { name: 'x64', triplet: 'x64-windows' } ] toolset: [ 'v142', 'ClangCL' ] backend: [ 'botan', 'openssl' ] - shared_libs: [ 'on', 'off'] - use_cmake_prefix_path: [ 'off' ] + shared_libs: [ 'off'] + use_cmake_prefix_path: [ 'on', 'off' ] include: - - arch: { name: 'x64', triplet: 'x64-windows' } - toolset: 'ClangCL' - backend: 'openssl' - use_cmake_prefix_path: 'on' - shared_libs: 'on' - - arch: { name: 'x64', triplet: 'x64-windows' } - toolset: 'ClangCL' - backend: 'openssl' - use_cmake_prefix_path: 'on' - shared_libs: 'off' - arch: { name: 'Win32', triplet: 'x86-windows' } toolset: 'ClangCL' backend: 'botan' - use_cmake_prefix_path: 'off' - shared_libs: 'on' + use_cmake_prefix_path: 'on' + shared_libs: 'off' - arch: { name: 'Win32', triplet: 'x86-windows' } toolset: 'v142' backend: 'openssl' @@ -117,14 +107,21 @@ jobs: - name: vcpkg packages shell: bash - run: vcpkg install --triplet ${{ matrix.arch.triplet }} bzip2 zlib json-c getopt dirent ${{ matrix.backend }} + run: | + dir_u=$(cygpath -u ${{ env.VCPKG_DIR }}) + echo "VCPKG_DIR_U=$dir_u" >> $GITHUB_ENV + vcpkg install --triplet ${{ matrix.arch.triplet }} bzip2 zlib json-c getopt dirent ${{ matrix.backend }} - name: Set OPENSSL_ROOT_DIR # Ensure consistent access to openssl installation for test_backend_version test # There is another one instance of ssl at /mingw and /mingw/bin is always at the first position at PATH + # So we have to adjust PATH for each step below; changing $GITHUB_PATH does not work if: matrix.backend == 'openssl' shell: bash - run: echo OPENSSL_ROOT_DIR=${{ env.VCPKG_DIR }}/installed >> $GITHUB_ENV + run: | + echo OPENSSL_ROOT_DIR=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }} >> $GITHUB_ENV + echo OPENSSL_MODULES=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }}/bin >> $GITHUB_ENV + echo RNP_TESTS_OPENSSL_ROOT=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }} >> $GITHUB_ENV - name: Adjust settings for s2k_iteration_tuning test # This step adjusts s2k_iteration_tuning threshold for @@ -139,10 +136,11 @@ jobs: shell: bash run: | echo CORES="$(nproc --all)" >> $GITHUB_ENV + export PATH=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }}/bin:$PATH cmake -B build -G "Visual Studio 16 2019" \ -A ${{ matrix.arch.name }} \ -T ${{ matrix.toolset }} \ - -DBUILD_SHARED_LIBS=${{ matrix.shared_lib}} \ + -DBUILD_SHARED_LIBS=${{ matrix.shared_libs}} \ -DCRYPTO_BACKEND=${{ matrix.backend }} \ -DCMAKE_TOOLCHAIN_FILE=${{ env.VCPKG_DIR }}/scripts/buildsystems/vcpkg.cmake . @@ -151,24 +149,28 @@ jobs: shell: bash run: | echo CORES="$(nproc --all)" >> $GITHUB_ENV + export PATH=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }}/bin:$PATH cmake -B build -G "Visual Studio 16 2019" \ -A ${{ matrix.arch.name }} \ -T ${{ matrix.toolset }} \ - -DBUILD_SHARED_LIBS=${{ matrix.shared_lib}} \ + -DBUILD_SHARED_LIBS=${{ matrix.shared_libs}} \ -DCRYPTO_BACKEND=${{ matrix.backend }} \ -DCMAKE_PREFIX_PATH=${{ env.VCPKG_DIR }}/installed/${{ matrix.arch.triplet }} . - echo ${{ env.VCPKG_DIR }}/installed/${{ matrix.arch.triplet }}/bin >> $GITHUB_PATH - - name: Compile + - name: Build shell: bash - run: cmake --build build --config "Release" --parallel ${{ env.CORES }} + run: | + export PATH=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }}/bin:$PATH + cmake --build build --config "Release" --parallel ${{ env.CORES }} - name: Test shell: bash # Sometimes running cli_tests in parallel causes instability [???] # ctest --test-dir build -R cli_tests -C Debug --output-on-failure # ctest --parallel ${{ env.CORES }} --test-dir build -R rnp_tests -C Debug --output-on-failure + # ctest --parallel ${{ env.CORES }} --test-dir build -C Release --output-on-failure run: | + export PATH=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }}/bin:$PATH mkdir -p "build/Testing/Temporary" cp "cmake/CTestCostData.txt" "build/Testing/Temporary" - ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure + ctest --parallel ${{ env.CORES }} --test-dir build -C Release --output-on-failure |