mirror of
https://github.com/openssl/openssl.git
synced 2026-01-18 17:11:31 +01:00
2bc0ee0400
New version is out. Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Dmitry Misharov <dmitry@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> (Merged from https://github.com/openssl/openssl/pull/29566)
344 lines
11 KiB
YAML
344 lines
11 KiB
YAML
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
name: OS Zoo CI
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '50 02 * * *'
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
alpine:
|
|
if: github.repository == 'openssl/openssl'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
tag: [edge, latest]
|
|
cc: [gcc, clang]
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: docker.io/library/alpine:${{ matrix.tag }}
|
|
env:
|
|
# See https://www.openwall.com/lists/musl/2022/02/16/14
|
|
# for the reason why -Wno-sign-compare is needed with clang
|
|
# -Wno-stringop-overflow is needed to silence a bogus
|
|
# warning on new fortify-headers with gcc
|
|
EXTRA_CFLAGS: ${{ matrix.cc == 'clang' && '-Wno-sign-compare' || matrix.tag == 'edge' && '-Wno-stringop-overflow' || '' }}
|
|
CC: ${{ matrix.cc }}
|
|
steps:
|
|
- name: install packages
|
|
run: apk --no-cache add build-base perl linux-headers ${{ matrix.cc }}
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: config
|
|
run: |
|
|
./config --strict-warnings --banner=Configured no-shared enable-fips \
|
|
${EXTRA_CFLAGS}
|
|
- name: config dump
|
|
run: ./configdata.pm --dump
|
|
- name: make
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} LHASH_WORKERS=${LHASH_WORKERS:-16}
|
|
|
|
linux:
|
|
if: github.repository == 'openssl/openssl'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
zoo:
|
|
- image: docker.io/library/debian:11
|
|
install: apt-get update && apt-get install -y gcc make perl
|
|
- image: docker.io/library/debian:12
|
|
install: apt-get update && apt-get install -y gcc make perl
|
|
- image: docker.io/library/debian:trixie
|
|
install: apt-get update && apt-get install -y gcc make perl
|
|
- image: docker.io/library/ubuntu:20.04
|
|
install: apt-get update && apt-get install -y gcc make perl
|
|
- image: docker.io/library/ubuntu:22.04
|
|
install: apt-get update && apt-get install -y gcc make perl
|
|
- image: docker.io/library/ubuntu:24.04
|
|
install: apt-get update && apt-get install -y gcc make perl
|
|
- image: docker.io/library/fedora:41
|
|
install: dnf install -y gcc make perl-core
|
|
- image: docker.io/library/fedora:42
|
|
install: dnf install -y gcc make perl-core
|
|
- image: docker.io/library/centos:8
|
|
install: |
|
|
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && \
|
|
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* && \
|
|
dnf install -y gcc make perl-core
|
|
- image: docker.io/library/rockylinux:8
|
|
install: dnf install -y gcc make perl-core
|
|
- image: docker.io/library/rockylinux:9
|
|
install: dnf install -y gcc make perl-core
|
|
runs-on: ubuntu-latest
|
|
container: ${{ matrix.zoo.image }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: install packages
|
|
run: ${{ matrix.zoo.install }}
|
|
- name: config
|
|
run: ./config
|
|
- name: config dump
|
|
run: ./configdata.pm --dump
|
|
- name: make
|
|
run: make -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} LHASH_WORKERS=${LHASH_WORKERS:-16}
|
|
|
|
macos:
|
|
if: github.repository == 'openssl/openssl'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [macos-14, macos-15, macos-15-intel]
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: config
|
|
run: ./config --strict-warnings --banner=Configured enable-fips enable-demos enable-h3demo
|
|
- name: config dump
|
|
run: ./configdata.pm --dump
|
|
- name: make
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: |
|
|
sysctl machdep.cpu
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} LHASH_WORKERS=${LHASH_WORKERS:-16}
|
|
|
|
windows:
|
|
if: github.repository == 'openssl/openssl'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
platform:
|
|
- os: windows-2022
|
|
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat
|
|
- os: windows-2025
|
|
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat
|
|
runs-on: ${{ matrix.platform.os }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: install nasm
|
|
run: |
|
|
choco install nasm
|
|
"C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
|
|
- name: prepare the build directory
|
|
run: mkdir _build
|
|
- name: config
|
|
working-directory: _build
|
|
shell: cmd
|
|
run: |
|
|
call "${{ matrix.platform.vcvars }}"
|
|
perl ..\Configure --banner=Configured --strict-warnings no-makedepend enable-fips
|
|
perl configdata.pm --dump
|
|
- name: build
|
|
working-directory: _build
|
|
shell: cmd
|
|
run: |
|
|
call "${{ matrix.platform.vcvars }}"
|
|
nmake /S
|
|
- name: download coreinfo
|
|
run: |
|
|
mkdir _build\coreinfo
|
|
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
|
|
- name: get cpu info
|
|
working-directory: _build
|
|
run: |
|
|
7z.exe x coreinfo/Coreinfo.zip
|
|
./Coreinfo64.exe -accepteula -f
|
|
apps/openssl.exe version -c
|
|
- name: test
|
|
working-directory: _build
|
|
shell: cmd
|
|
run: |
|
|
call "${{ matrix.platform.vcvars }}"
|
|
nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4 LHASH_WORKERS=16
|
|
|
|
linux-arm64:
|
|
runs-on: ubuntu-24.04-arm
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: config
|
|
run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace
|
|
- name: config dump
|
|
run: ./configdata.pm --dump
|
|
- name: make
|
|
run: make -j4
|
|
- name: get cpu info
|
|
run: ./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} LHASH_WORKERS=${LHASH_WORKERS:-16}
|
|
|
|
linux-x86:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: run container
|
|
run: |
|
|
CONTAINER_ID=$(podman run -d -v $(pwd):/mnt -w /mnt --platform=linux/i386 docker.io/i386/debian:13 sleep infinity)
|
|
echo "CONTAINER_ID=$CONTAINER_ID" >> "$GITHUB_ENV"
|
|
- name: install dependencies
|
|
run:
|
|
podman exec -t $CONTAINER_ID sh -c "apt-get update && apt-get install -y gcc perl make"
|
|
- name: config
|
|
run: |
|
|
podman exec -t $CONTAINER_ID sh -c \
|
|
"./config --strict-warnings linux-x86 enable-demos enable-fips enable-lms enable-md2 enable-rc5 enable-trace"
|
|
- name: config dump
|
|
run: |
|
|
podman exec -t $CONTAINER_ID sh -c \
|
|
"./configdata.pm --dump"
|
|
- name: make
|
|
run: |
|
|
podman exec -t $CONTAINER_ID sh -c \
|
|
"make -j"
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
podman exec -t $CONTAINER_ID sh -c \
|
|
"./util/opensslwrap.sh version -c"
|
|
- name: make test
|
|
run: |
|
|
podman exec -t $CONTAINER_ID sh -c \
|
|
".github/workflows/make-test"
|
|
- name: save artifacts
|
|
if: success() || failure()
|
|
uses: actions/upload-artifact@v5
|
|
with:
|
|
name: "ci@linux-x86"
|
|
path: artifacts.tar.gz
|
|
|
|
linux-ppc64le:
|
|
runs-on: linux-ppc64le
|
|
if: github.repository == 'openssl/openssl'
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: config
|
|
run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace
|
|
- name: config dump
|
|
run: ./configdata.pm --dump
|
|
- name: make
|
|
run: make -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} LHASH_WORKERS=${LHASH_WORKERS:-16}
|
|
|
|
linux-s390x:
|
|
runs-on: linux-s390x
|
|
if: github.repository == 'openssl/openssl'
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: config
|
|
run: ./config --strict-warnings enable-fips enable-md2 enable-rc5 enable-trace
|
|
- name: config dump
|
|
run: ./configdata.pm --dump
|
|
- name: make
|
|
run: make -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} LHASH_WORKERS=${LHASH_WORKERS:-16}
|
|
|
|
linux-riscv64:
|
|
runs-on: linux-riscv64
|
|
if: github.repository == 'openssl/openssl'
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: config
|
|
run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace
|
|
- name: config dump
|
|
run: ./configdata.pm --dump
|
|
- name: make
|
|
run: make -j8
|
|
- name: get cpu info
|
|
run: ./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
env:
|
|
OPENSSL_riscvcap: RV64GC_ZBA_ZBB_ZBC_ZBS_ZKT_V
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} LHASH_WORKERS=${LHASH_WORKERS:-16}
|
|
|
|
freebsd-x86_64:
|
|
runs-on: ubuntu-latest
|
|
if: github.repository == 'openssl/openssl'
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
persist-credentials: false
|
|
- name: config
|
|
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
|
|
with:
|
|
operating_system: freebsd
|
|
version: "13.4"
|
|
shutdown_vm: false
|
|
run: |
|
|
sudo pkg install -y gcc perl5
|
|
./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace
|
|
- name: config dump
|
|
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
|
|
with:
|
|
operating_system: freebsd
|
|
version: "13.4"
|
|
shutdown_vm: false
|
|
run: ./configdata.pm --dump
|
|
- name: make
|
|
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
|
|
with:
|
|
operating_system: freebsd
|
|
version: "13.4"
|
|
shutdown_vm: false
|
|
run: make -j4
|
|
- name: make test
|
|
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
|
|
with:
|
|
operating_system: freebsd
|
|
version: "13.4"
|
|
run: |
|
|
./util/opensslwrap.sh version -c
|
|
.github/workflows/make-test
|