Commit Graph

81 Commits

Author SHA1 Message Date
Pauli
3614d94d5f ci: run the on pull request CIs on push to master
This will help catch problems caused by merging.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15711)
2021-06-12 23:06:22 +10:00
Richard Levitte
25eeab019c Windows GitHub CI: Introduce --strict-warnings
This involves making a more comprehensive matrix for the different
architectures we build for.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15709)
2021-06-12 14:41:51 +10:00
Richard Levitte
dd53c29793 Windows Github CI: test in Windows 2016 as well
This brings an older version of MSVC, which may bring some "interesting"
failures.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15709)
2021-06-12 14:41:51 +10:00
Tomas Mraz
451c2a95bd Windows CI: Enable fuzz test in plain build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15672)
2021-06-11 09:50:55 +02:00
Rich Salz
43c2456f0f Add md-nits task
Assumes that Ruby is installed

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15590)
2021-06-04 13:04:18 +10:00
Dr. David von Oheimb
d0196ddcba CI windows.yml: Silence 'nmake' builds except 'minimal'; ci.yml: make 'minimal' build verbose
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15594)
2021-06-04 09:39:09 +10:00
Jon Spillett
8a5bd05da8 Add enable-fips to CI configuration
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15537)
2021-06-03 07:33:13 +10:00
Tomas Mraz
86825c9917 Windows CI: enable fips on shared 64 bit build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15550)
2021-06-01 15:07:51 +02:00
Pauli
d11dd381c5 add some cross compilation builds
Add some cross compiling builds to test things aren't broken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15535)
2021-06-01 15:04:05 +10:00
Tomas Mraz
365d207faa FIPS Checksums: checkout the head of the base repo as pristine
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15503)
2021-05-28 09:11:18 +10:00
Tomas Mraz
07fb85cf61 FIPS Checksums CI: use separate directories for the checkouts
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15481)
2021-05-27 15:30:58 +02:00
Tomas Mraz
349fd92429 FIPS checksums CI: use merge checkout to compute the new checksums
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)
2021-05-25 11:53:36 +02:00
Tomas Mraz
057fc59a89 Windows CI: properly drop test_fuzz* tests to speed up things
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)
2021-05-25 11:53:36 +02:00
Tomas Mraz
3113192705 Windows CI: Add make install step on the shared 64 bit build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)
2021-05-25 11:53:36 +02:00
Tomas Mraz
69d8cf70ef Windows CI: use nasm on 32bit and 64bit shared builds
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15349)
2021-05-24 09:47:05 +02:00
Tomas Mraz
d7c18395bf Add some basic Windows builds to the Windows CI workflow
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15349)
2021-05-24 09:47:05 +02:00
Tomas Mraz
9ad400f788 FIPS label CI: Save PR number and use it
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15345)
2021-05-21 09:43:04 +02:00
Tomas Mraz
0a281eefb6 Exchange no-siv and no-ec2m between daily and ci workflows
The no-ec2m with ec enabled is much more likely to show
regressions such as #15170 than the no-siv build.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15355)
2021-05-21 10:03:07 +10:00
Dr. David von Oheimb
5bac37cb14 unix-Makefile.tmpl and ci.yml: Merge cmd-nits into doc-nits
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15329)
2021-05-19 14:13:12 +02:00
Pauli
c4fca3f705 fips: remove unnecessary commas to get CI working
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15337)
2021-05-19 13:15:14 +10:00
Tomas Mraz
753f1f24ac Avoid failing label removal if label is not there
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)
2021-05-19 13:08:27 +10:00
Tomas Mraz
a51ccd5be7 Separate FIPS checksum and labelling into different workflows
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)
2021-05-19 13:08:27 +10:00
Dr. David von Oheimb
4a14ae9dc8 ci.yml: Add cmd-nits to the doc-nits CI run
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)
2021-05-18 13:02:23 +02:00
Pauli
e2daf6f140 ci: remove the checksum CI script
This script introduces a security vulnerability where the OpenSSL github
repository can be modified which opens a window for an attacker.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

Reported-by: Nikita Stupin
2021-05-16 10:23:54 +10:00
Rich Salz
d0364dcc42 Add --banner config option
Use it in the automated workflows.

Fixes: #15247

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15248)
2021-05-14 08:35:11 +02:00
Tomas Mraz
ca6197ca3c Ensure the pristine checksums are not recomputed
When switching between the pristine and PR checkouts we must
ensure the pristine checksums are not recomputed.

Also ignore errors (such as trying to remove a label that
is not set) when setting or removing labels.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15266)
2021-05-13 12:05:36 +02:00
Tomas Mraz
9ce2ef9ba0 The FIPS Checksums job must be run on pull_request_target
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15265)
2021-05-13 11:41:56 +02:00
Tomas Mraz
16e00da2c9 Remove the severity: fips change label if fips checksum unchanged
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15229)
2021-05-13 10:24:33 +02:00
Tomas Mraz
220927071e Set the severity: fips change label if fips checksum changed
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15229)
2021-05-13 10:24:33 +02:00
Tomas Mraz
b17e799298 Add checksums github CI action
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15229)
2021-05-13 10:24:33 +02:00
Pauli
ab6db11e63 Run-checker converted to GitHub Actions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15129)
2021-05-12 17:12:16 +10:00
Pauli
4da44374d1 coveralls: fix comment to indicate daily not weekly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15129)
2021-05-12 17:12:16 +10:00
Tomas Mraz
e3188bae04 Run coveralls daily and not exactly at midnight
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15121)
2021-05-04 12:59:49 +02:00
Tomas Mraz
9deb202e6a coveralls: Enable fips as it is disabled by default
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15121)
2021-05-04 12:59:49 +02:00
Richard Levitte
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)
2021-05-04 11:32:16 +02:00
Richard Levitte
49f699b54d GitHub CI: ensure that unifdef is installed
This is required for 'make update' and fips checksums

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)
2021-05-04 11:32:16 +02:00
Tomas Mraz
50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15027)
2021-04-28 12:06:08 +02:00
Paul Kehrer
94471ccfda add verbosity for pyca job
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)
2021-04-27 19:09:03 +10:00
Paul Kehrer
a938f0045e re-add pyca/cryptography testing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)
2021-04-27 19:09:03 +10:00
Tomas Mraz
cd0aca5320 Update krb5 module to latest release
Fixes #14902

Also add workaround of `sudo hostname localhost` for the
intermittent test failures seen in CI.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14872)
2021-04-19 11:46:39 -07:00
Richard Levitte
4a95b70d1e Github workflows: re-implement a no-shared build
We do this both on Ubuntu and MacOS X

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14753)
2021-04-15 19:55:25 +02:00
Shane Lontis
9754665d6b Add macosx build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14738)
2021-04-01 16:46:42 +10:00
Shane Lontis
6ec37db540 Test miminal windows build using Github actions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14737)
2021-04-01 09:11:34 +10:00
Richard Levitte
a350e3ef38 Re-implement ANSI C building with a Github workflow
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14729)
2021-03-31 13:28:46 +10:00
Tomas Mraz
cede07dc51 Remove the external BoringSSL test
Fixes #14424

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14682)
2021-03-26 14:24:06 +01:00
Shane Lontis
1f085af02c Add coveralls to CI
Fixes #14013

Coverage reports were no longer generated when travis stopped being used.
This github action workflow schedules a coverage report once a week.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14526)
2021-03-24 18:31:11 +10:00
Pauli
11c7874d0c ci: add a no-legacy build
Fixes #12091

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14563)
2021-03-18 09:03:06 +10:00
Tomas Mraz
bd55a0be1b Use --debug with no-caching build as sanitizers need it
The memleak test otherwise fails.

Also disable async, dtls, and old tls versions to test some
different combination of disableables and speed up tests.

Fixes #14337

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14536)
2021-03-16 07:56:10 +10:00
Tomas Mraz
a7a041c230 CI external tests: separate each external test into its own phase
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
2021-03-05 14:27:46 +01:00
Tomas Mraz
1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests
The boringssl (https://github.com/openssl/openssl/issues/14424)
and pyca-cryptography (https://github.com/openssl/openssl/issues/14425)
tests are currently broken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
2021-03-05 14:27:46 +01:00