From a941c92c1265ad9525d5c0562617aabae42f571f Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Fri, 22 Nov 2024 17:03:09 +0100 Subject: [PATCH] CI: github: add a WolfSSL job which tries the latest version Like the AWS-LC job, add a CI job which looks for the latest WolfSSL version and tries to build it. The patch adds a function which determines the latest version of WolfSSL from the github tag, and the yml which describes the job. --- .github/matrix.py | 15 ++++++++ .github/workflows/wolfssl.yml | 66 +++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 .github/workflows/wolfssl.yml diff --git a/.github/matrix.py b/.github/matrix.py index 130eda2265..20f714a603 100755 --- a/.github/matrix.py +++ b/.github/matrix.py @@ -67,6 +67,21 @@ def determine_latest_aws_lc(ssl): latest_tag = max(valid_tags, key=aws_lc_version_string_to_num) return "AWS_LC_VERSION={}".format(latest_tag[1:]) +def wolfssl_version_string_to_num(version_string): + return tuple(map(int, version_string[1:].removesuffix('-stable').split('.'))) + +def wolfssl_version_valid(version_string): + return re.match('^v[0-9]+(\.[0-9]+)*-stable$', version_string) + +@functools.lru_cache(5) +def determine_latest_wolfssl(ssl): + tags = get_all_github_tags("https://api.github.com/repos/wolfssl/wolfssl/tags") + if not tags: + return "WOLFSSL_VERSION=failed_to_detect" + valid_tags = list(filter(wolfssl_version_valid, tags)) + latest_tag = max(valid_tags, key=wolfssl_version_string_to_num) + return "WOLFSSL_VERSION={}".format(latest_tag[1:].removesuffix('-stable')) + @functools.lru_cache(5) def determine_latest_libressl(ssl): try: diff --git a/.github/workflows/wolfssl.yml b/.github/workflows/wolfssl.yml new file mode 100644 index 0000000000..c33e89e128 --- /dev/null +++ b/.github/workflows/wolfssl.yml @@ -0,0 +1,66 @@ +name: WolfSSL + +on: + schedule: + - cron: "0 0 * * 4" + workflow_dispatch: + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install VTest + run: | + scripts/build-vtest.sh + - name: Determine latest WolfSSL release + id: get_wolfssl_release + run: | + result=$(cd .github && python3 -c "from matrix import determine_latest_wolfssl; print(determine_latest_wolfssl(''))") + echo $result + echo "result=$result" >> $GITHUB_OUTPUT + - name: Cache WolfSSL + id: cache_wolfssl + uses: actions/cache@v4 + with: + path: '~/opt/' + key: ssl-${{ steps.get_wolfssl_release.outputs.result }}-Ubuntu-latest-gcc + - name: Install WolfSSL + if: ${{ steps.cache_ssl.outputs.cache-hit != 'true' }} + run: env ${{ steps.get_wolfssl_release.outputs.result }} scripts/build-ssl.sh + - name: Compile HAProxy + run: | + make -j$(nproc) ERR=1 CC=gcc TARGET=linux-glibc \ + USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 \ + SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include \ + DEBUG="-DDEBUG_POOL_INTEGRITY" \ + ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/" + sudo make install + - name: Show HAProxy version + id: show-version + run: | + ldd $(which haproxy) + haproxy -vv + echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT + - name: Install problem matcher for VTest + run: echo "::add-matcher::.github/vtest.json" + - name: Run VTest for HAProxy + id: vtest + run: | + # This is required for macOS which does not actually allow to increase + # the '-n' soft limit to the hard limit, thus failing to run. + ulimit -n 65536 + make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel + - name: Show VTest results + if: ${{ failure() && steps.vtest.outcome == 'failure' }} + run: | + for folder in ${TMPDIR}/haregtests-*/vtc.*; do + printf "::group::" + cat $folder/INFO + cat $folder/LOG + echo "::endgroup::" + done + exit 1