mirror of
https://github.com/openssl/openssl.git
synced 2025-01-12 13:36:28 +08:00
456b32ba4f
Those less useful should be in daily or on-push runs. Those more likely triggering CI failure that do not take too much time should be in main on pull request CI. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22693)
337 lines
10 KiB
YAML
337 lines
10 KiB
YAML
# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
name: Run-checker daily
|
|
# Jobs run daily
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 6 * * *'
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
run-checker:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
opt: [
|
|
386,
|
|
no-afalgeng,
|
|
no-apps,
|
|
no-aria,
|
|
no-asan,
|
|
no-asm,
|
|
no-async,
|
|
no-autoalginit,
|
|
no-autoerrinit,
|
|
no-autoload-config,
|
|
no-bf,
|
|
no-blake2,
|
|
no-buildtest-c++,
|
|
no-bulk,
|
|
no-cached-fetch,
|
|
no-camellia,
|
|
no-capieng,
|
|
no-cast,
|
|
no-chacha,
|
|
no-cmac,
|
|
no-comp,
|
|
enable-crypto-mdebug,
|
|
no-crypto-mdebug,
|
|
enable-crypto-mdebug-backtrace,
|
|
no-crypto-mdebug-backtrace,
|
|
no-deprecated,
|
|
no-des,
|
|
no-devcryptoeng,
|
|
no-docs,
|
|
no-dsa,
|
|
no-dtls1,
|
|
no-dtls1_2,
|
|
no-dtls1_2-method,
|
|
no-dtls1-method,
|
|
no-ecdh,
|
|
no-ecdsa,
|
|
enable-ec_nistp_64_gcc_128,
|
|
no-ec_nistp_64_gcc_128,
|
|
enable-egd,
|
|
no-egd,
|
|
no-engine,
|
|
no-external-tests,
|
|
enable-fips,
|
|
enable-fips enable-acvp-tests,
|
|
enable-fips no-tls1_3,
|
|
no-fuzz-afl,
|
|
no-fuzz-libfuzzer,
|
|
no-gost,
|
|
enable-heartbeats,
|
|
no-heartbeats,
|
|
no-hw,
|
|
no-hw-padlock,
|
|
no-idea,
|
|
no-makedepend,
|
|
enable-md2,
|
|
no-md2,
|
|
no-md4,
|
|
no-mdc2,
|
|
no-msan,
|
|
no-multiblock,
|
|
no-nextprotoneg,
|
|
no-ocb,
|
|
no-padlockeng,
|
|
no-pic,
|
|
no-poly1305,
|
|
no-posix-io,
|
|
no-psk,
|
|
no-rc2,
|
|
no-rc4,
|
|
enable-rc5,
|
|
no-rc5,
|
|
no-rdrand,
|
|
no-rfc3779,
|
|
no-ripemd,
|
|
no-rmd160,
|
|
no-scrypt,
|
|
no-secure-memory,
|
|
no-seed,
|
|
no-shared,
|
|
no-siphash,
|
|
no-siv,
|
|
no-sm2,
|
|
no-sm2-precomp,
|
|
no-sm3,
|
|
no-sm4,
|
|
no-sock,
|
|
no-sse2,
|
|
no-ssl,
|
|
no-ssl3,
|
|
no-ssl3-method,
|
|
no-ssl-trace,
|
|
no-static-engine no-shared,
|
|
no-tests,
|
|
enable-tfo,
|
|
no-tls1,
|
|
no-tls1_1,
|
|
no-tls1_1-method,
|
|
no-tls1_2-method,
|
|
no-tls1-method,
|
|
no-trace,
|
|
no-ubsan,
|
|
no-ui-console,
|
|
no-unit-test,
|
|
enable-unit-test,
|
|
no-uplink,
|
|
no-weak-ssl-ciphers,
|
|
no-whirlpool,
|
|
no-zlib,
|
|
enable-zlib-dynamic,
|
|
no-zlib-dynamic,
|
|
-DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING
|
|
]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: config
|
|
run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
|
|
- name: config dump
|
|
run: ./configdata.pm --dump
|
|
- name: make
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
|
|
|
run-checker-sctp:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: Install Dependencies for sctp option
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -yq install lksctp-tools libsctp-dev
|
|
|
|
- name: Check SCTP and enable auth
|
|
id: sctp_auth
|
|
continue-on-error: true
|
|
run: |
|
|
checksctp
|
|
sudo sysctl -w net.sctp.auth_enable=1
|
|
|
|
- name: config
|
|
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
|
|
run: CC=clang ./config --banner=Configured --strict-warnings enable-sctp
|
|
|
|
- name: config dump
|
|
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
|
|
run: ./configdata.pm --dump
|
|
|
|
- name: make
|
|
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
|
|
run: make -s -j4
|
|
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
|
|
- name: make test
|
|
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
|
|
|
enable_brotli_dynamic:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: install brotli
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
|
|
- name: checkout openssl
|
|
uses: actions/checkout@v4
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: config
|
|
run: ./config enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump
|
|
- name: make
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
|
|
|
enable_zstd_dynamic:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: install zstd
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
|
|
- name: checkout openssl
|
|
uses: actions/checkout@v4
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: config
|
|
run: ./config enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
|
|
- name: make
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
|
|
|
enable_brotli_and_zstd_dynamic:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: install brotli and zstd
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
|
|
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
|
|
- name: checkout openssl
|
|
uses: actions/checkout@v4
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: config
|
|
run: ./config enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
|
|
- name: make
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
|
|
|
enable_brotli_and_asan_ubsan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: install brotli
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
|
|
- name: checkout openssl
|
|
uses: actions/checkout@v4
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: config
|
|
run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump
|
|
- name: make
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
|
|
|
|
enable_zstd_and_asan_ubsan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: install zstd
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
|
|
- name: checkout openssl
|
|
uses: actions/checkout@v4
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: config
|
|
run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump
|
|
- name: make
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
|
|
|
|
enable_tfo:
|
|
strategy:
|
|
matrix:
|
|
os: [ ubuntu-latest, macos-latest ]
|
|
runs-on: ${{matrix.os}}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: config
|
|
run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump
|
|
- name: make
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: ./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
|
|
|
enable_buildtest:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: checkout fuzz/corpora submodule
|
|
run: git submodule update --init --depth 1 fuzz/corpora
|
|
- name: config
|
|
run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
|
|
- name: make
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test
|
|
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|