name: debian on: push: branches: - main - 'release/**' paths-ignore: - '/*.sh' - '/.*' - '/_*' - 'Brewfile' - 'docs/**' - '**.adoc' - '**.md' - '**.nix' - 'flake.lock' - '.github/workflows/*.yml' - '!.github/workflows/debian.yml' pull_request: paths-ignore: - '/*.sh' - '/.*' - '/_*' - 'Brewfile' - 'docs/**' - '**.adoc' - '**.md' - '**.nix' - 'flake.lock' concurrency: group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' cancel-in-progress: true env: CORES: 2 LANG: C.UTF-8 LC_ALL: C.UTF-8 LC_LANG: C.UTF-8 CMAKE_VER: '3.20.6-2' BUILD_MODE: normal GPG_VERSION: stable SUDO: "" USE_STATIC_DEPENDENCIES: yes RNP_LOG_CONSOLE: 1 jobs: tests: name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }}; GnuPG stable] runs-on: ubuntu-latest if: "!contains(github.event.head_commit.message, 'skip ci')" timeout-minutes: 120 strategy: fail-fast: false matrix: image: - { container: 'i386/debian:11', cpu: 'i386', arch: 'ia32', backend: 'botan' } - { container: 'i386/debian:11', cpu: 'i386', arch: 'ia32', backend: 'openssl' } - { container: 'amd64/debian:11', cpu: 'x86_64', arch: 'x64', backend: 'botan' } - { container: 'amd64/debian:11', cpu: 'x86_64', arch: 'x64', backend: 'openssl' } - { container: 'i386/debian:10', cpu: 'i386', arch: 'ia32', backend: 'botan' } env: - { CC: 'gcc', CXX: 'g++' } - { CC: 'clang', CXX: 'clang++' } container: ${{ matrix.image.container }} env: ${{ matrix.env }} steps: - name: Install prerequisites run: | apt update apt -y install git sudo wget - name: Setup environment shell: bash # rnpuser is only needed for rnpkeys_generatekey_verifykeyHomeDirNoPermission test run: | set -x echo IMAGE=${{ matrix.image.container }} >> $GITHUB_ENV echo CPU=${{ matrix.image.cpu }} >> $GITHUB_ENV echo CRYPTO_BACKEND=${{ matrix.image.backend }} >> $GITHUB_ENV echo "SUDO=sudo" >> $GITHUB_ENV useradd rnpuser printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf - name: Checkout on x86_x64 if: env.CPU == 'x86_64' uses: actions/checkout@v3 with: submodules: true - name: Checkout on i386 if: env.CPU == 'i386' uses: actions/checkout@v1 with: submodules: true - name: Install cmake run: | wget -nv https://github.com/xpack-dev-tools/cmake-xpack/releases/download/v${{ env.CMAKE_VER }}/xpack-cmake-${{ env.CMAKE_VER }}-linux-${{ matrix.image.arch }}.tar.gz tar -zxf xpack-cmake-${{ env.CMAKE_VER }}-linux-${{ matrix.image.arch }}.tar.gz --directory /usr/local --strip-components=1 --skip-old-files - name: Setup noncacheable dependencies shell: bash run: | . ci/gha/setup-env.inc.sh ci/install_noncacheable_dependencies.sh - name: Cache id: cache uses: actions/cache@v3 if: env.CPU == 'x86_64' with: path: ${{github.workspace}}/${{ env.CACHE_DIR }} key: ${{ matrix.image.container }}-${{ matrix.env.CC }}-${{ matrix.image.backend }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/debian.yml') }} - name: Setup cacheable dependencies if: steps.cache.outputs.cache-hit != 'true' shell: bash run: | set -euxo pipefail ci/install_cacheable_dependencies.sh - name: Build and Test shell: bash run: | set -x chown -R rnpuser:rnpuser $PWD exec su rnpuser -c ci/run.sh - name: Package run: | set -x cd ${LOCAL_BUILDS}/rnp-build cpack -G DEB -D CPACK_DEBIAN_PACKAGE_SHLIBDEPS_PRIVATE_DIRS="${BOTAN_INSTALL}/lib;${JSONC_INSTALL}/lib;${GPG_INSTALL}/lib"