summaryrefslogtreecommitdiffstats
path: root/.github
diff options
context:
space:
mode:
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/centos-and-fedora.yml317
-rw-r--r--.github/workflows/coverity.yml63
-rw-r--r--.github/workflows/debian.yml92
-rw-r--r--.github/workflows/fuzzing.yml2
-rw-r--r--.github/workflows/macos.yml26
-rw-r--r--.github/workflows/nix.yml2
-rw-r--r--.github/workflows/opensuse.yml96
-rw-r--r--.github/workflows/ubuntu.yml78
-rw-r--r--.github/workflows/windows-native.yml46
9 files changed, 429 insertions, 293 deletions
diff --git a/.github/workflows/centos-and-fedora.yml b/.github/workflows/centos-and-fedora.yml
index ad4e6c1..6577da3 100644
--- a/.github/workflows/centos-and-fedora.yml
+++ b/.github/workflows/centos-and-fedora.yml
@@ -1,5 +1,4 @@
name: centos-and-fedora
-
on:
push:
branches:
@@ -34,162 +33,208 @@ concurrency:
cancel-in-progress: true
env:
+ CORES: 2
+ RNP_LOG_CONSOLE: 1
CODECOV_TOKEN: dbecf176-ea3f-4832-b743-295fd71d0fad
-#
-# Dependencies that are created during packaging
-#
-# OS botan botan repository json-c json-c repository
-# ----------------------------------------------------------------------------
-# CentOS 7 2.16.0 ribose json-c12 (0.12.1) ribose
-# CentOS 8 2.16.0 ribose 0.13.1 el8
-# CentOS 9 2.19.3 el9 0.14 el9
-# Fedora 35 2.18.2 fc35 0.15 fc35
-# Fedora 36 2.19.1 fc36 0.15 fc36
-#
jobs:
tests:
+ name: ${{ matrix.image.name }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }} ${{ matrix.image.botan_ver }}; gpg ${{ matrix.image.gpg_ver }}; build ${{ matrix.env.BUILD_MODE }}; SM2 ${{ matrix.image.sm2 }}; IDEA ${{ matrix.image.idea }}]
runs-on: ubuntu-latest
- if: "!contains(github.event.head_commit.message, 'skip ci')"
- container: ${{ matrix.image.container }}
- timeout-minutes: 70
+ timeout-minutes: 120
strategy:
fail-fast: false
matrix:
env:
- - { CC: gcc, CXX: g++, BUILD_MODE: normal, USE_STATIC_DEPENDENCIES: yes }
+ - { CC: gcc, CXX: g++, BUILD_MODE: normal, SHARED_LIBS: on }
# normal --> Release build; sanitize --> Debug build so theoretically test conditions are different
-# - { CC: clang, CXX: clang++, BUILD_MODE: normal, USE_STATIC_DEPENDENCIES: yes }
- - { CC: clang, CXX: clang++, BUILD_MODE: sanitize, USE_STATIC_DEPENDENCIES: yes }
-
-# Should you add a new OS/version please consider adding its default version of botan2 and json-c to this test matrix
+# - { CC: clang, CXX: clang++, BUILD_MODE: normal }
+ - { CC: clang, CXX: clang++, BUILD_MODE: sanitize, SHARED_LIBS: on }
+
+# All cotainers have gpg stable and lts installed
+# centos-8-amd64 has botan 2.18.2 installed
+# fedora-35-amd64 has botan 3.1.1 installed
+# Any other version has to be built explicitly !
+# Pls refer to https://github.com/rnpgp/rnp-ci-containers#readme for more image details
image:
- - { name: 'CentOS 7', container: 'centos:7', gpg_ver: stable, backend: Botan, botan_ver: 2.16.0, locale: en_US.UTF-8 }
- - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, botan_ver: 2.16.0, locale: C.UTF-8 }
- - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: Botan, botan_ver: 2.19.3, locale: C.UTF-8 }
- - { name: 'Fedora 35', container: 'fedora:35', gpg_ver: stable, backend: Botan, botan_ver: 2.18.2, locale: C.UTF-8 }
- - { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: Botan, botan_ver: 2.19.1, locale: C.UTF-8 }
- - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: lts, backend: Botan, sm2: On, locale: C.UTF-8 }
- - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, sm2: Off, locale: C.UTF-8 }
- - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: lts, backend: OpenSSL, locale: C.UTF-8 }
- - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: beta, backend: Botan, sm2: On, locale: C.UTF-8 }
- - { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: 2.3.1, backend: Botan, sm2: On, locale: C.UTF-8 }
- - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: OpenSSL, idea: On, locale: C.UTF-8 }
- - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: OpenSSL, idea: Off, locale: C.UTF-8 }
- - { name: 'Fedora 35', container: 'fedora:35', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 }
- - { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 }
-
-
+ - { name: 'CentOS 7', container: 'centos-7-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'stable' }
+ - { name: 'CentOS 8', container: 'centos-8-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'system' }
+ - { name: 'CentOS 8', container: 'centos-8-amd64', backend: 'Botan', botan_ver: '2.18.2', sm2: On, gpg_ver: 'lts' }
+ - { name: 'CentOS 8', container: 'centos-8-amd64', backend: 'Botan', botan_ver: '2.18.2', sm2: Off, gpg_ver: 'stable' }
+ - { name: 'CentOS 9', container: 'centos-9-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'stable' }
+ - { name: 'Fedora 35', container: 'fedora-35-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'system' }
+ - { name: 'Fedora 36', container: 'fedora-36-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'system' }
+ - { name: 'Fedora 36', container: 'fedora-36-amd64', backend: 'Botan', botan_ver: '3.1.1', gpg_ver: 'system' }
+# Tests against gpg head fails
+# - { name: 'Fedora 36', container: 'fedora-36-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'head' }
+ - { name: 'Fedora 36', container: 'fedora-36-amd64', backend: 'Botan', botan_ver: 'head', gpg_ver: 'system' }
+ - { name: 'CentOS 8', container: 'centos-8-amd64', backend: 'OpenSSL', gpg_ver: 'lts' }
+ - { name: 'CentOS 9', container: 'centos-9-amd64', backend: 'OpenSSL', idea: On, gpg_ver: 'stable' }
+ - { name: 'CentOS 9', container: 'centos-9-amd64', backend: 'OpenSSL', idea: Off,gpg_ver: 'stable' }
+ - { name: 'Fedora 35', container: 'fedora-35-amd64', backend: 'OpenSSL', gpg_ver: 'system' }
+ - { name: 'Fedora 36', container: 'fedora-36-amd64', backend: 'OpenSSL', gpg_ver: 'system' }
+
+# There is some ABI incompatibility between llvm-7, bitan shared library from ribose repo and sanitizer
+# So we are enforving static lib for sanitizers on CentOS 7
+ exclude:
+ - image: { name: 'CentOS 7', container: 'centos-7-amd64', gpg_ver: stable, backend: Botan, botan_ver: 'system' }
+ env: { CC: clang, CXX: clang++, BUILD_MODE: sanitize, SHARED_LIBS: on }
include:
- # Coverage report for Botan backend
- - image: { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, sm2: On, locale: C.UTF-8 }
- env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes }
+ - image: { name: 'CentOS 7', container: 'centos-7-amd64', gpg_ver: stable, backend: Botan, botan_ver: 'system' }
+ env: { CC: clang, CXX: clang++, BUILD_MODE: sanitize, SHARED_LIBS: off }
+ # Coverage report for Botan 2.x backend
+ - image: { name: 'CentOS 8', container: 'centos-8-amd64', gpg_ver: stable, backend: Botan, botan_ver: '2.18.2' }
+ env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on }
+ # Coverage report for Botan 3.x backend
+ - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: Botan, botan_ver: '3.1.1' }
+ env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on }
# Coverage report for OpenSSL 1.1.1 backend
- - image: { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 }
- env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes }
+ - image: { name: 'CentOS 8', container: 'centos-8-amd64', gpg_ver: stable, backend: OpenSSL }
+ env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on }
# Coverage report for OpenSSL 3.0 backend
- - image: { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 }
- env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes }
+ - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: OpenSSL }
+ env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on }
+ # Coverage report for OpenSSL 3.0 backend with disabled algos
+ - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: OpenSSL, idea: Off, sm2: Off, two: Off, blow: Off, rmd: Off, bp: Off }
+ env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on }
+ # Coverage report for Botan backend with disabled algos
+ - image: { name: 'Fedora 36', container: 'fedora-36-amd64', gpg_ver: stable, backend: Botan, idea: Off, sm2: Off, two: Off, blow: Off, rmd: Off, bp: Off }
+ env: { CC: gcc, CXX: g++, BUILD_MODE: coverage, SHARED_LIBS: on }
+ # Fedora 38
+ - image: { name: 'Fedora 38', container: 'fedora-38-amd64', gpg_ver: system, backend: Botan, botan_ver: 'system' }
+ env: { CC: gcc, CXX: g++, BUILD_MODE: normal, SHARED_LIBS: on }
+ # Fedora 39
+ - image: { name: 'Fedora 38', container: 'fedora-39-amd64', gpg_ver: system, backend: Botan, botan_ver: 'system' }
+ env: { CC: gcc, CXX: g++, BUILD_MODE: normal, SHARED_LIBS: on }
+
+ container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }}
env: ${{ matrix.env }}
- name: ${{ matrix.image.name }} ${{ matrix.image.backend }} [test mode ${{ matrix.env.BUILD_MODE }}; CC ${{ matrix.env.CC }}; GnuPG ${{ matrix.image.gpg_ver }}; SM2 ${{ matrix.image.sm2 }}; IDEA ${{ matrix.image.idea }}]
steps:
- - name: Install prerequisites for prerequisites
- if: matrix.image.container == 'centos:7'
- run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm
-
- - name: Install prerequisites
- run: yum -y install git sudo
+ - name: Checkout
+ uses: actions/checkout@v3
+ with:
+ submodules: true
- name: Setup environment
run: |
set -o errexit -o pipefail -o noclobber -o nounset
- echo LANG=${{ matrix.image.locale }} >> $GITHUB_ENV
- echo LC_ALL=${{ matrix.image.locale }} >> $GITHUB_ENV
- echo LC_LANG=${{ matrix.image.locale }} >> $GITHUB_ENV
- echo GPG_VERSION=${{ matrix.image.gpg_ver }} >> $GITHUB_ENV
- echo ENABLE_SM2=${{ matrix.image.sm2 }} >> $GITHUB_ENV
- echo ENABLE_IDEA=${{ matrix.image.idea }} >> $GITHUB_ENV
- backend=${{ matrix.image.backend }}
- backend="$(echo "${backend:-}" | tr '[:upper:]' '[:lower:]')"
- echo CRYPTO_BACKEND="$backend" >> $GITHUB_ENV
- echo BOTAN_VERSION=${{ matrix.image.botan_ver }} >> $GITHUB_ENV
+
+ /opt/tools/tools.sh select_crypto_backend_for_gha ${{ matrix.image.backend }}
+ /opt/tools/tools.sh select_gpg_version_for_gha ${{ matrix.image.gpg_ver }}
+ /opt/tools/tools.sh select_botan_version_for_gha ${{ matrix.image.botan_ver }}
+
+ echo "ENABLE_SM2=${{ matrix.image.sm2 }}" >> $GITHUB_ENV
+ echo "ENABLE_IDEA=${{ matrix.image.idea }}" >> $GITHUB_ENV
+ echo "ENABLE_TWOFISH=${{ matrix.image.two }}" >> $GITHUB_ENV
+ echo "ENABLE_BLOWFISH=${{ matrix.image.blow }}" >> $GITHUB_ENV
+ echo "ENABLE_RIPEMD160=${{ matrix.image.rmd }}" >> $GITHUB_ENV
+ echo "ENABLE_BRAINPOOL=${{ matrix.image.bp }}" >> $GITHUB_ENV
+
+ echo CORES="$(nproc --all)" >> $GITHUB_ENV
+
useradd rnpuser
- echo -e "rnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser
- echo -e "rnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf
+ printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser
+ printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf
- - name: Checkout
- uses: actions/checkout@v3
- with:
- submodules: true
+ # Need to build HEAD version since it is always different
+ - name: Build gpg head
+ if: matrix.image.gpg_ver == 'head'
+ run: /opt/tools/tools.sh build_and_install_gpg head
- - name: Setup noncacheable dependencies
+ - name: Build botan head
+ if: matrix.image.botan_ver == 'head'
+ # Botan's head renamed curve25519 module to x25519, however this didn't get to 3.5.0 release yet
run: |
- . ci/gha/setup-env.inc.sh
- exec su rnpuser -c ci/install_noncacheable_dependencies.sh
+ sed -i 's/curve25519/x25519/g' /opt/tools/botan3-modules /opt/tools/botan3-pqc-modules
+ /opt/tools/tools.sh build_and_install_botan head
- - name: Cache
- id: cache
- uses: actions/cache@v3
- with:
- path: ${{ env.CACHE_DIR }}
- key: ${{ matrix.image.container }}-${{ matrix.image.backend }}-${{ matrix.env.BUILD_MODE }}-${{ matrix.env.CC }}-${{ matrix.image.gpg_ver }}-${{ matrix.image.sm2 }}-${{ matrix.image.idea }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/centos-and-fedora.yml') }}
-
- - name: Adjust folder ownership
+ - name: Configure
run: |
set -o errexit -o pipefail -o noclobber -o nounset
- chown -R rnpuser:rnpuser $PWD
- - name: Setup cacheable dependencies
- if: steps.cache.outputs.cache-hit != 'true'
- run: exec su rnpuser -c ci/install_cacheable_dependencies.sh
+ [[ "${{ env.BUILD_MODE }}" = "coverage" ]] && cov_opt=(-DENABLE_COVERAGE=yes)
+ [[ "${{ env.BUILD_MODE }}" = "sanitize" ]] && san_opt=(-DENABLE_SANITIZERS=yes)
- - name: Build and Test
- run: exec su rnpuser -c ci/run.sh
+ [ -n "$ENABLE_SM2" ] && sm2_opt=(-DENABLE_SM2="$ENABLE_SM2")
+ [ -n "$ENABLE_IDEA" ] && idea_opt=(-DENABLE_IDEA="$ENABLE_IDEA")
+ [ -n "$ENABLE_TWOFISH" ] && two_opt=(-DENABLE_TWOFISH="$ENABLE_TWOFISH")
+ [ -n "$ENABLE_BLOWFISH" ] && blow_opt=(-DENABLE_BLOWFISH="$ENABLE_BLOWFISH")
+ [ -n "$ENABLE_RIPEMD160" ] && rmd_opt=(-DENABLE_RIPEMD160="$ENABLE_RIPEMD160")
+ [ -n "$ENABLE_BRAINPOOL" ] && bp_opt=(-DENABLE_BRAINPOOL="$ENABLE_BRAINPOOL")
+
+ cmake -B build \
+ -DBUILD_SHARED_LIBS=${{ env.SHARED_LIBS }} \
+ -DDOWNLOAD_GTEST=ON \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DCRYPTO_BACKEND=${{ matrix.image.backend }} \
+ ${sm2_opt:-} ${idea_opt:-} ${two_opt:-} ${blow_opt:-} ${rmd_opt:-} ${bp_opt:-} ${cov_opt:-} ${san_opt:-} .
+
+ - name: Build
+ run: cmake --build build --parallel ${{ env.CORES }}
+
+ - name: Test
+ run: |
+ mkdir -p "build/Testing/Temporary"
+ cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
+ export PATH="$PWD/build/src/lib:$PATH"
+ chown -R rnpuser:rnpuser $PWD
+ exec su rnpuser -c "ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure"
+
+ - name: Coverage
+ if: env.BUILD_MODE == 'coverage'
+ run: |
+ curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --keyring trustedkeys.gpg --import # One-time step
+ curl -Os https://uploader.codecov.io/latest/linux/codecov
+ curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM
+ curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM.sig
+ gpgv codecov.SHA256SUM.sig codecov.SHA256SUM
+ shasum -a 256 -c codecov.SHA256SUM
+ chmod +x codecov
+ find "build" -type f -name '*.gcno' -exec gcov -p {} +
+ ./codecov
+
+ - name: Install
+ if: env.BUILD_MODE != 'coverage' && env.SHARED_LIBS == 'on'
+ run: cmake --install build
- name: Checkout shell test framework
+ if: env.BUILD_MODE != 'coverage' && env.SHARED_LIBS == 'on'
uses: actions/checkout@v3
with:
repository: kward/shunit2
path: ci/tests/shunit2
- name: Run additional ci tests
- run: ci/tests/ci-tests.sh
+ if: env.BUILD_MODE != 'coverage' && env.SHARED_LIBS == 'on'
+ run: RNP_INSTALL=/usr/local ci/tests/ci-tests.sh
package-source:
runs-on: ubuntu-latest
- container: ${{ matrix.env.container }}
+ container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }}
timeout-minutes: 30
+# needs: tests
strategy:
fail-fast: false
matrix:
- env:
- - { name: 'CentOS 7', container: 'centos:7', LC_ALL: en_US.UTF-8 }
- - { name: 'CentOS 8', container: 'tgagor/centos:stream8', LC_ALL: C.UTF-8 }
- - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', LC_ALL: C.UTF-8 }
- - { name: 'Fedora 35', container: 'fedora:35', LC_ALL: C.UTF-8 }
- - { name: 'Fedora 36', container: 'fedora:36', LC_ALL: C.UTF-8 }
- name: Package ${{ matrix.env.name }} SRPM
- env: ${{ matrix.env }}
+ image:
+ - { name: 'CentOS 7', container: 'centos-7-amd64' }
+ - { name: 'CentOS 8', container: 'centos-8-amd64' }
+ - { name: 'CentOS 9', container: 'centos-9-amd64' }
+ - { name: 'Fedora 35', container: 'fedora-35-amd64' }
+ - { name: 'Fedora 36', container: 'fedora-36-amd64' }
- steps:
- - name: Install prerequisites for prerequisites
- if: matrix.env.container == 'centos:7'
- run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm
+ name: Package ${{ matrix.image.name }} SRPM
- - name: Install prerequisites
- run: yum -y install git sudo rpm-build
+ steps:
+ - name: Install rpm tools
+ run: yum -y install rpm-build
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
- - name: Setup noncacheable dependencies
- run: |
- . ci/gha/setup-env.inc.sh
- ci/install_noncacheable_dependencies.sh
-
- name: Configure
run: cmake -B build -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF
@@ -199,7 +244,7 @@ jobs:
- name: Upload SRPM
uses: actions/upload-artifact@v3
with:
- name: 'SRPM ${{ matrix.env.name }}'
+ name: 'SRPM ${{ matrix.image.name }}'
path: 'build/SRPM/*.src.rpm'
retention-days: 5
@@ -212,34 +257,28 @@ jobs:
package:
runs-on: ubuntu-latest
- needs: package-source
- container: ${{ matrix.env.container }}
+ container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }}
timeout-minutes: 30
+ needs: package-source
strategy:
fail-fast: false
matrix:
- env:
- - { name: 'CentOS 7', container: 'centos:7', LC_ALL: en_US.UTF-8 }
-# CXXFLAGS environment setting resolves dual ABI issues caused by BOTAN libraries with the version of GCC installed at 'tgagor/centos:stream8'
-# https://gcc.gnu.org/onlinedocs/gcc-5.2.0/libstdc++/manual/manual/using_dual_abi.html
- - { name: 'CentOS 8', container: 'tgagor/centos:stream8', CXXFLAGS: -D_GLIBCXX_USE_CXX11_ABI=0, LC_ALL: C.UTF-8 }
- - { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', LC_ALL: C.UTF-8 }
- - { name: 'Fedora 35', container: 'fedora:35', LC_ALL: C.UTF-8 }
- - { name: 'Fedora 36', container: 'fedora:36', LC_ALL: C.UTF-8 }
- name: Package ${{ matrix.env.name }} RPM
- env: ${{ matrix.env }}
- steps:
- - name: Install prerequisites for prerequisites
- if: matrix.env.container == 'centos:7'
- run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm
+ image:
+ - { name: 'CentOS 7', container: 'centos-7-amd64' }
+ - { name: 'CentOS 8', container: 'centos-8-amd64' }
+ - { name: 'CentOS 9', container: 'centos-9-amd64' }
+ - { name: 'Fedora 35', container: 'fedora-35-amd64' }
+ - { name: 'Fedora 36', container: 'fedora-36-amd64' }
- - name: Install prerequisites
- run: yum -y install git sudo tar cpio rpm-build
+ name: Package ${{ matrix.image.name }} RPM
+ steps:
+ - name: Install rpm tools
+ run: yum -y install rpm-build
- name: Download SRPM
uses: actions/download-artifact@v3
with:
- name: 'SRPM ${{ matrix.env.name }}'
+ name: 'SRPM ${{ matrix.image.name }}'
path: ~/rpmbuild/SRPMS
- name: Extract SRPM
@@ -247,16 +286,6 @@ jobs:
rpm -i -v ~/rpmbuild/SRPMS/*.src.rpm
tar xzf ~/rpmbuild/SOURCES/*.tar.gz --strip 1 -C ~/rpmbuild/SOURCES
- - name: Setup noncacheable dependencies
- run: |
- cd ~/rpmbuild/SOURCES/
- . ci/gha/setup-env.inc.sh
- ci/install_noncacheable_dependencies.sh
-
- - name: Permanently enable rh-ruby30
- if: matrix.env.container == 'centos:7'
- run: bash -c "echo \"$(cut -f 2- -d ' ' /opt/rh/rh-ruby30/enable)\"">> $GITHUB_ENV
-
- name: Build rnp
run: |
cmake ~/rpmbuild/SOURCES -B ~/rpmbuild/SOURCES/BUILD -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF \
@@ -269,7 +298,7 @@ jobs:
- name: Upload Artifact
uses: actions/upload-artifact@v3
with:
- name: 'RPM ${{ matrix.env.name}}'
+ name: 'RPM ${{ matrix.image.name}}'
path: '~/rpmbuild/SOURCES/RPMS/*.rpm'
retention-days: 5
@@ -280,18 +309,18 @@ jobs:
rpm-tests:
runs-on: ubuntu-latest
needs: package
- container: ${{ matrix.env.container }}
+ container: ${{ matrix.image.container }}
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
- env:
+ image:
- { name: 'CentOS 7', container: 'centos:7' }
- { name: 'CentOS 8', container: 'tgagor/centos:stream8' }
- { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9' }
- { name: 'Fedora 35', container: 'fedora:35' }
- { name: 'Fedora 36', container: 'fedora:36' }
- name: RPM test on ${{ matrix.env.name }}
+ name: RPM test on ${{ matrix.image.name }}
steps:
- name: Install prerequisites
@@ -303,26 +332,26 @@ jobs:
# ribose repo is also a source of json-c (v12 aka json-c12) for CentOS 7
- name: Install ribose-packages
- if: matrix.env.container == 'centos:7' || matrix.env.container == 'tgagor/centos:stream8'
+ if: matrix.image.container == 'centos:7' || matrix.image.container == 'tgagor/centos:stream8'
run: |
sudo rpm --import https://github.com/riboseinc/yum/raw/master/ribose-packages-next.pub
sudo wget https://github.com/riboseinc/yum/raw/master/ribose.repo -O /etc/yum.repos.d/ribose.repo
- name: Install epel-release
- if: matrix.env.container == 'quay.io/centos/centos:stream9'
+ if: matrix.image.container == 'quay.io/centos/centos:stream9'
run: |
sudo dnf -y install 'dnf-command(config-manager)'
sudo dnf config-manager --set-enabled crb
sudo dnf -y install epel-release
- name: Install xargs
- if: matrix.env.container == 'fedora:35'
+ if: matrix.image.container == 'fedora:35'
run: sudo yum -y install findutils
- name: Download rnp rpms
uses: actions/download-artifact@v3
with:
- name: 'RPM ${{ matrix.env.name}}'
+ name: 'RPM ${{ matrix.image.name}}'
- name: Checkout shell test framework
uses: actions/checkout@v3
@@ -362,11 +391,11 @@ jobs:
# Ribose repo provides json-c12-devel for CentOS7;
# el8, el9, fr35, fr36 provide json-c-devel (version 12+)
- name: Setup json-c12
- if: matrix.env.container == 'centos:7'
+ if: matrix.image.container == 'centos:7'
run: sudo yum -y install json-c12-devel
- name: Setup json-c
- if: matrix.env.container != 'centos:7'
+ if: matrix.image.container != 'centos:7'
run: sudo yum -y install json-c-devel
- name: Run packaging tests
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 35f1ea5..3e16728 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -5,13 +5,6 @@ on:
# every day at 9:00 UTC
- cron: '0 9 * * *'
-env:
- CORES: 2
- BUILD_MODE: normal
- GPG_VERSION: stable
- RNP_TESTS: ''
- USE_STATIC_DEPENDENCIES: yes
-
jobs:
scan:
runs-on: ubuntu-latest
@@ -21,43 +14,23 @@ jobs:
with:
fetch-depth: 1
submodules: true
- - name: Setup environment
- run: |
- . ci/gha/setup-env.inc.sh
- ci/install_noncacheable_dependencies.sh
- - name: Cache
- id: cache
- uses: actions/cache@v3
- with:
- path: ${{ env.CACHE_DIR }}
- key: ${{ github.workflow }}-${{ runner.os }}-${{ env.BUILD_MODE }}-gpg-${{ env.GPG_VERSION }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/**') }}
- - name: Build cache
- if: steps.cache.outputs.cache-hit != 'true'
- run: |
- set -x
- ci/install_cacheable_dependencies.sh botan jsonc
- - name: Download Coverity
- env:
- TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
- run: |
- wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=$GITHUB_REPOSITORY" -O cov-analysis-linux64.tar.gz
- mkdir cov-analysis-linux64
- tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
- - name: Build
+
+ - name: Install dependencies
run: |
- set -x
- export PATH="$PWD/cov-analysis-linux64/bin:$PATH"
- cov-build --dir cov-int ci/main.sh
- - name: Submit
- env:
- TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ sudo apt-get -y update
+ sudo apt-get -y install cmake libjson-c-dev libbotan-2-dev asciidoctor
+
+ - name: Configure
run: |
- tar czvf results.tgz cov-int
- curl \
- --form project=$GITHUB_REPOSITORY \
- --form token=$TOKEN \
- --form email=packaging@ribose.com \
- --form file=@results.tgz \
- --form version=$GITHUB_REF \
- --form description=$GITHUB_SHA \
- https://scan.coverity.com/builds?project=$GITHUB_REPOSITORY
+ echo CORES="$(nproc --all)" >> $GITHUB_ENV
+ cmake -B build -DBUILD_SHARED_LIBS=ON \
+ -DCRYPTO_BACKEND=botan \
+ -DDOWNLOAD_GTEST=ON \
+ -DCMAKE_BUILD_TYPE=Release .
+
+ - name: Coverity Scan
+ uses: vapier/coverity-scan-action@v1
+ with:
+ email: packaging@ribose.com
+ token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ command: cmake --build build --parallel $CORES
diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml
index 30991fc..e5bcc97 100644
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -38,16 +38,11 @@ env:
LANG: C.UTF-8
LC_ALL: C.UTF-8
LC_LANG: C.UTF-8
- CMAKE_VER: '3.20.6-2'
- BUILD_MODE: normal
- GPG_VERSION: stable
- SUDO: ""
- USE_STATIC_DEPENDENCIES: yes
RNP_LOG_CONSOLE: 1
jobs:
tests:
- name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }}; GnuPG stable]
+ name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }}; GnuPG system-shipped]
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, 'skip ci')"
timeout-minutes: 120
@@ -55,84 +50,59 @@ jobs:
fail-fast: false
matrix:
image:
- - { container: 'i386/debian:11', cpu: 'i386', arch: 'ia32', backend: 'botan' }
- - { container: 'i386/debian:11', cpu: 'i386', arch: 'ia32', backend: 'openssl' }
- - { container: 'amd64/debian:11', cpu: 'x86_64', arch: 'x64', backend: 'botan' }
- - { container: 'amd64/debian:11', cpu: 'x86_64', arch: 'x64', backend: 'openssl' }
- - { container: 'i386/debian:10', cpu: 'i386', arch: 'ia32', backend: 'botan' }
+ - { container: 'debian-11-i386', cpu: 'i386', backend: 'botan' }
+ - { container: 'debian-11-i386', cpu: 'i386', backend: 'openssl' }
+ - { container: 'debian-11-amd64', cpu: 'x86_64', backend: 'botan' }
+ - { container: 'debian-11-amd64', cpu: 'x86_64', backend: 'openssl' }
+ - { container: 'debian-12-amd64', cpu: 'x86_64', backend: 'botan' }
+ - { container: 'debian-12-amd64', cpu: 'x86_64', backend: 'openssl' }
+ - { container: 'debian-10-i386', cpu: 'i386', backend: 'botan' }
env:
- { CC: 'gcc', CXX: 'g++' }
- { CC: 'clang', CXX: 'clang++' }
- container: ${{ matrix.image.container }}
+ container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }}
env: ${{ matrix.env }}
steps:
- - name: Install prerequisites
- run: |
- apt update
- apt -y install git sudo wget
-
- - name: Setup environment
- shell: bash
- # rnpuser is only needed for rnpkeys_generatekey_verifykeyHomeDirNoPermission test
- run: |
- set -x
- echo IMAGE=${{ matrix.image.container }} >> $GITHUB_ENV
- echo CPU=${{ matrix.image.cpu }} >> $GITHUB_ENV
- echo CRYPTO_BACKEND=${{ matrix.image.backend }} >> $GITHUB_ENV
- echo "SUDO=sudo" >> $GITHUB_ENV
- useradd rnpuser
- printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser
- printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf
-
- name: Checkout on x86_x64
- if: env.CPU == 'x86_64'
+ if: matrix.image.cpu == 'x86_64'
uses: actions/checkout@v3
with:
submodules: true
- name: Checkout on i386
- if: env.CPU == 'i386'
+ if: matrix.image.cpu == 'i386'
uses: actions/checkout@v1
with:
submodules: true
- - name: Install cmake
- run: |
- wget -nv https://github.com/xpack-dev-tools/cmake-xpack/releases/download/v${{ env.CMAKE_VER }}/xpack-cmake-${{ env.CMAKE_VER }}-linux-${{ matrix.image.arch }}.tar.gz
- tar -zxf xpack-cmake-${{ env.CMAKE_VER }}-linux-${{ matrix.image.arch }}.tar.gz --directory /usr/local --strip-components=1 --skip-old-files
-
- - name: Setup noncacheable dependencies
+ - name: Setup environment
shell: bash
+ # rnpuser is only needed for rnpkeys_generatekey_verifykeyHomeDirNoPermission test
run: |
- . ci/gha/setup-env.inc.sh
- ci/install_noncacheable_dependencies.sh
-
- - name: Cache
- id: cache
- uses: actions/cache@v3
- if: env.CPU == 'x86_64'
- with:
- path: ${{github.workspace}}/${{ env.CACHE_DIR }}
- key: ${{ matrix.image.container }}-${{ matrix.env.CC }}-${{ matrix.image.backend }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/debian.yml') }}
+ useradd rnpuser
+ printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser
+ printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf
- - name: Setup cacheable dependencies
- if: steps.cache.outputs.cache-hit != 'true'
- shell: bash
+ - name: Configure
run: |
- set -euxo pipefail
- ci/install_cacheable_dependencies.sh
+ cmake -B build \
+ -DBUILD_SHARED_LIBS=ON \
+ -DCRYPTO_BACKEND=${{ matrix.image.backend }} \
+ -DDOWNLOAD_GTEST=ON \
+ -DCMAKE_BUILD_TYPE=Release .
- - name: Build and Test
- shell: bash
+ - name: Build
+ run: cmake --build build --parallel ${{ env.CORES }}
+
+ - name: Test
run: |
- set -x
+ mkdir -p "build/Testing/Temporary"
+ cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
+ export PATH="$PWD/build/src/lib:$PATH"
chown -R rnpuser:rnpuser $PWD
- exec su rnpuser -c ci/run.sh
+ exec su rnpuser -c "ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure"
- name: Package
- run: |
- set -x
- cd ${LOCAL_BUILDS}/rnp-build
- cpack -G DEB -D CPACK_DEBIAN_PACKAGE_SHLIBDEPS_PRIVATE_DIRS="${BOTAN_INSTALL}/lib;${JSONC_INSTALL}/lib;${GPG_INSTALL}/lib"
+ run: cpack -G DEB -B debian --config build/CPackConfig.cmake
diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml
index 81336ec..c51260a 100644
--- a/.github/workflows/fuzzing.yml
+++ b/.github/workflows/fuzzing.yml
@@ -31,7 +31,7 @@ jobs:
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'rnp'
- fuzz-seconds: 1800
+ fuzz-seconds: 300
dry-run: false
- name: Upload Crash
uses: actions/upload-artifact@v2
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 0cfea7e..42aef30 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 [Ribose Inc](https://www.ribose.com).
+# Copyright (c) 2023-2024 [Ribose Inc](https://www.ribose.com).
# All rights reserved.
# This file is a part of rnp
#
@@ -57,7 +57,8 @@ concurrency:
cancel-in-progress: true
env:
- BOTAN_VERSION: 2.19.3
+ BOTAN_VERSION: 2.19.4
+ CORES: 3
jobs:
tests:
@@ -67,13 +68,14 @@ jobs:
fail-fast: false
matrix:
# On MacOS gcc is alias of clang these days
- os: [ macos-11, macos-12 ]
+ os: [ macos-12, macos-13, macos-14 ]
backend: [ 'botan' ]
shared_libs: [ 'on' ]
include:
- { os: 'macos-11', backend: 'openssl@1.1', shared_libs: 'on' }
- - { os: 'macos-12', backend: 'openssl@3', shared_libs: 'on' }
- - { os: 'macos-12', backend: 'botan', shared_libs: 'off' }
+ - { os: 'macos-14', backend: 'openssl@3', shared_libs: 'on' }
+ - { os: 'macos-14', backend: 'botan', shared_libs: 'off' }
+ - { os: 'macos-14', backend: 'botan3', shared_libs: 'on' }
if: "!contains(github.event.head_commit.message, 'skip ci')"
timeout-minutes: 250
@@ -98,14 +100,6 @@ jobs:
echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl@3)" >> $GITHUB_ENV
echo "CRYPTO_BACKEND=openssl" >> $GITHUB_ENV
-# Brew installs Botan3 now and it is not supported yet
-#
-# - name: Configure botan backend
-# if: ${{ matrix.backend == 'botan' }}
-# run: |
-# echo "brew \"botan\"" >> Brewfile
-# echo "CRYPTO_BACKEND=botan" >> $GITHUB_ENV
-
- name: Install dependencies
run: brew bundle
@@ -133,6 +127,11 @@ jobs:
sudo make install
cd ..
+ - name: Install Botan3
+ if: matrix.backend == 'botan3'
+ run: |
+ brew install botan
+
- name: Configure
run: |
echo "CORES=$(sysctl -n hw.ncpu)" >> $GITHUB_ENV
@@ -141,6 +140,7 @@ jobs:
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX="$PWD/rnp-install" \
-DDOWNLOAD_GTEST=OFF \
+ -DCMAKE_CXX_FLAGS="-DS2K_MINIMUM_TUNING_RATIO=4"\
-DCRYPTO_BACKEND=${{ env.CRYPTO_BACKEND }} .
- name: Build
diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
index e71ee51..c5bbcfd 100644
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -39,7 +39,7 @@ jobs:
with:
fetch-depth: 1
submodules: true
- - uses: cachix/install-nix-action@v15
+ - uses: cachix/install-nix-action@v22
with:
nix_path: nixpkgs=channel:nixos-unstable
- run: nix build .?submodules=1
diff --git a/.github/workflows/opensuse.yml b/.github/workflows/opensuse.yml
new file mode 100644
index 0000000..d02381c
--- /dev/null
+++ b/.github/workflows/opensuse.yml
@@ -0,0 +1,96 @@
+name: opensuse
+
+on:
+ push:
+ branches:
+ - main
+ - 'release/**'
+ paths-ignore:
+ - '/*.sh'
+ - '/.*'
+ - '/_*'
+ - 'Brewfile'
+ - 'docs/**'
+ - '**.adoc'
+ - '**.md'
+ - '**.nix'
+ - 'flake.lock'
+ - '.github/workflows/*.yml'
+ - '!.github/workflows/opensuse.yml'
+ pull_request:
+ paths-ignore:
+ - '/*.sh'
+ - '/.*'
+ - '/_*'
+ - 'Brewfile'
+ - 'docs/**'
+ - '**.adoc'
+ - '**.md'
+ - '**.nix'
+ - 'flake.lock'
+
+concurrency:
+ group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}'
+ cancel-in-progress: true
+
+env:
+ CORES: 2
+ LANG: C.UTF-8
+ LC_ALL: C.UTF-8
+ LC_LANG: C.UTF-8
+ RNP_LOG_CONSOLE: 1
+
+jobs:
+ tests:
+ name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }}; GnuPG system-shipped]
+ runs-on: ubuntu-latest
+ if: "!contains(github.event.head_commit.message, 'skip ci')"
+ timeout-minutes: 120
+ strategy:
+ fail-fast: false
+ matrix:
+ image:
+ - { container: 'opensuse-leap', backend: 'botan' }
+ - { container: 'opensuse-tumbleweed', backend: 'openssl' }
+ env:
+ - { CC: 'gcc', CXX: 'g++' }
+ - { CC: 'clang', CXX: 'clang++' }
+
+ container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }}
+
+ env: ${{ matrix.env }}
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ submodules: true
+
+ - name: Setup environment
+ shell: bash
+ # rnpuser is only needed for rnpkeys_generatekey_verifykeyHomeDirNoPermission test
+ run: |
+ groupadd rnpuser
+ useradd -g rnpuser -m rnpuser
+ printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser
+ if [ -d /etc/security/limits.d ]; then
+ printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf
+ fi
+
+ - name: Configure
+ run: |
+ cmake -B build \
+ -DBUILD_SHARED_LIBS=ON \
+ -DCRYPTO_BACKEND=${{ matrix.image.backend }} \
+ -DDOWNLOAD_GTEST=Off \
+ -DCMAKE_BUILD_TYPE=Release .
+
+ - name: Build
+ run: cmake --build build --parallel ${{ env.CORES }}
+
+ - name: Test
+ run: |
+ mkdir -p "build/Testing/Temporary"
+ cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
+ export PATH="$PWD/build/src/lib:$PATH"
+ chown -R rnpuser:rnpuser $PWD
+ exec su rnpuser -c "ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure"
diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml
index 51fd0c3..a7931d1 100644
--- a/.github/workflows/ubuntu.yml
+++ b/.github/workflows/ubuntu.yml
@@ -110,14 +110,14 @@ jobs:
-DCMAKE_BUILD_TYPE=Release .
- name: Build
- run: cmake --build build --config "Release" --parallel ${{ env.CORES }}
+ run: cmake --build build --parallel ${{ env.CORES }}
- name: Test
run: |
mkdir -p "build/Testing/Temporary"
cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
export PATH="$PWD/build/src/lib:$PATH"
- ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure
+ ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure
cmake-offline-googletest-src:
runs-on: ubuntu-latest
@@ -145,14 +145,14 @@ jobs:
-DCMAKE_BUILD_TYPE=Release .
- name: Build
- run: cmake --build build --config "Release" --parallel ${{ env.CORES }}
+ run: cmake --build build --parallel ${{ env.CORES }}
- name: Test
run: |
mkdir -p "build/Testing/Temporary"
cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
export PATH="$PWD/build/src/lib:$PATH"
- ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure
+ ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure
- name: Check googletest
run: |
@@ -191,14 +191,14 @@ jobs:
-DCMAKE_BUILD_TYPE=Release .
- name: Build
- run: cmake --build build --config "Release" --parallel ${{ env.CORES }}
+ run: cmake --build build --parallel ${{ env.CORES }}
- name: Test
run: |
mkdir -p "build/Testing/Temporary"
cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
export PATH="$PWD/build/src/lib:$PATH"
- ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure
+ ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure
- name: Check googletest
run: |
@@ -206,6 +206,72 @@ jobs:
[ ! -d "build/src/tests/googletest-build" ]
[ ! -d "build/src/tests/googletest-src" ]
+ cmake-system-sexpp:
+ name: system-sexpp, sexpp shared libs ${{ matrix.sexpp_shared_libs }}, rnp shared libs ${{ matrix.rnp_shared_libs }}
+ runs-on: ubuntu-latest
+ if: "!contains(github.event.head_commit.message, 'skip ci')"
+ timeout-minutes: 30
+ strategy:
+ fail-fast: false
+ matrix:
+ sexpp_shared_libs: [ 'on', 'off' ]
+ rnp_shared_libs: ['on', 'off']
+
+ steps:
+ - name: Install dependencies
+ run: |
+ sudo apt-get -y update
+ sudo apt-get -y install cmake libjson-c-dev libbotan-2-dev asciidoctor
+
+ - name: Checkout sexpp
+ uses: actions/checkout@v3
+ with:
+ repository: rnpgp/sexpp
+ path: sexpp
+
+ - name: Configure sexpp
+ run: |
+ echo CORES="$(nproc --all)" >> $GITHUB_ENV
+ cmake -S sexpp -B sexpp/build \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DDOWNLOAD_GTEST=OFF \
+ -DWITH_SEXP_TESTS=OFF \
+ -DBUILD_SHARED_LIBS=${{ matrix.sexpp_shared_libs}}
+
+ - name: Build sexpp
+ run: cmake --build sexpp/build --parallel ${{ env.CORES }}
+
+ - name: Install sexpp
+ run: sudo cmake --install sexpp/build
+
+ - name: Clean sexpp
+ run: rm -rf sexpp
+
+ - name: Checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 1
+ submodules: false
+
+ - name: Configure
+ run: |
+ cmake -B build \
+ -DBUILD_SHARED_LIBS=${{ matrix.rnp_shared_libs }} \
+ -DCRYPTO_BACKEND=botan \
+ -DDOWNLOAD_GTEST=ON \
+ -DSYSTEM_LIBSEXPP=ON \
+ -DCMAKE_BUILD_TYPE=Release .
+
+ - name: Build
+ run: cmake --build build --parallel ${{ env.CORES }}
+
+ - name: Test
+ run: |
+ mkdir -p "build/Testing/Temporary"
+ cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
+ export PATH="$PWD/build/src/lib:$PATH"
+ ctest --parallel ${{ env.CORES }} --test-dir build -R rnp_tests --output-on-failure
+
package-source:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, 'skip ci')"
diff --git a/.github/workflows/windows-native.yml b/.github/workflows/windows-native.yml
index 87c37ac..afed7e7 100644
--- a/.github/workflows/windows-native.yml
+++ b/.github/workflows/windows-native.yml
@@ -72,24 +72,14 @@ jobs:
arch: [ { name: 'x64', triplet: 'x64-windows' } ]
toolset: [ 'v142', 'ClangCL' ]
backend: [ 'botan', 'openssl' ]
- shared_libs: [ 'on', 'off']
- use_cmake_prefix_path: [ 'off' ]
+ shared_libs: [ 'off']
+ use_cmake_prefix_path: [ 'on', 'off' ]
include:
- - arch: { name: 'x64', triplet: 'x64-windows' }
- toolset: 'ClangCL'
- backend: 'openssl'
- use_cmake_prefix_path: 'on'
- shared_libs: 'on'
- - arch: { name: 'x64', triplet: 'x64-windows' }
- toolset: 'ClangCL'
- backend: 'openssl'
- use_cmake_prefix_path: 'on'
- shared_libs: 'off'
- arch: { name: 'Win32', triplet: 'x86-windows' }
toolset: 'ClangCL'
backend: 'botan'
- use_cmake_prefix_path: 'off'
- shared_libs: 'on'
+ use_cmake_prefix_path: 'on'
+ shared_libs: 'off'
- arch: { name: 'Win32', triplet: 'x86-windows' }
toolset: 'v142'
backend: 'openssl'
@@ -117,14 +107,21 @@ jobs:
- name: vcpkg packages
shell: bash
- run: vcpkg install --triplet ${{ matrix.arch.triplet }} bzip2 zlib json-c getopt dirent ${{ matrix.backend }}
+ run: |
+ dir_u=$(cygpath -u ${{ env.VCPKG_DIR }})
+ echo "VCPKG_DIR_U=$dir_u" >> $GITHUB_ENV
+ vcpkg install --triplet ${{ matrix.arch.triplet }} bzip2 zlib json-c getopt dirent ${{ matrix.backend }}
- name: Set OPENSSL_ROOT_DIR
# Ensure consistent access to openssl installation for test_backend_version test
# There is another one instance of ssl at /mingw and /mingw/bin is always at the first position at PATH
+ # So we have to adjust PATH for each step below; changing $GITHUB_PATH does not work
if: matrix.backend == 'openssl'
shell: bash
- run: echo OPENSSL_ROOT_DIR=${{ env.VCPKG_DIR }}/installed >> $GITHUB_ENV
+ run: |
+ echo OPENSSL_ROOT_DIR=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }} >> $GITHUB_ENV
+ echo OPENSSL_MODULES=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }}/bin >> $GITHUB_ENV
+ echo RNP_TESTS_OPENSSL_ROOT=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }} >> $GITHUB_ENV
- name: Adjust settings for s2k_iteration_tuning test
# This step adjusts s2k_iteration_tuning threshold for
@@ -139,10 +136,11 @@ jobs:
shell: bash
run: |
echo CORES="$(nproc --all)" >> $GITHUB_ENV
+ export PATH=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }}/bin:$PATH
cmake -B build -G "Visual Studio 16 2019" \
-A ${{ matrix.arch.name }} \
-T ${{ matrix.toolset }} \
- -DBUILD_SHARED_LIBS=${{ matrix.shared_lib}} \
+ -DBUILD_SHARED_LIBS=${{ matrix.shared_libs}} \
-DCRYPTO_BACKEND=${{ matrix.backend }} \
-DCMAKE_TOOLCHAIN_FILE=${{ env.VCPKG_DIR }}/scripts/buildsystems/vcpkg.cmake .
@@ -151,24 +149,28 @@ jobs:
shell: bash
run: |
echo CORES="$(nproc --all)" >> $GITHUB_ENV
+ export PATH=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }}/bin:$PATH
cmake -B build -G "Visual Studio 16 2019" \
-A ${{ matrix.arch.name }} \
-T ${{ matrix.toolset }} \
- -DBUILD_SHARED_LIBS=${{ matrix.shared_lib}} \
+ -DBUILD_SHARED_LIBS=${{ matrix.shared_libs}} \
-DCRYPTO_BACKEND=${{ matrix.backend }} \
-DCMAKE_PREFIX_PATH=${{ env.VCPKG_DIR }}/installed/${{ matrix.arch.triplet }} .
- echo ${{ env.VCPKG_DIR }}/installed/${{ matrix.arch.triplet }}/bin >> $GITHUB_PATH
- - name: Compile
+ - name: Build
shell: bash
- run: cmake --build build --config "Release" --parallel ${{ env.CORES }}
+ run: |
+ export PATH=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }}/bin:$PATH
+ cmake --build build --config "Release" --parallel ${{ env.CORES }}
- name: Test
shell: bash
# Sometimes running cli_tests in parallel causes instability [???]
# ctest --test-dir build -R cli_tests -C Debug --output-on-failure
# ctest --parallel ${{ env.CORES }} --test-dir build -R rnp_tests -C Debug --output-on-failure
+ # ctest --parallel ${{ env.CORES }} --test-dir build -C Release --output-on-failure
run: |
+ export PATH=${{ env.VCPKG_DIR_U }}/installed/${{ matrix.arch.triplet }}/bin:$PATH
mkdir -p "build/Testing/Temporary"
cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
- ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure
+ ctest --parallel ${{ env.CORES }} --test-dir build -C Release --output-on-failure
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 18:27:38 +0000