-
Notifications
You must be signed in to change notification settings - Fork 6
79 lines (68 loc) · 2.48 KB
/
Copy pathsanitizer.yml
File metadata and controls
79 lines (68 loc) · 2.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
name: wolfKeyMgr Sanitizer Build Workflow
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# Auto-resolve the latest wolfSSL -stable tag; refs = [ latest -stable, master ].
resolve:
uses: ./.github/workflows/_resolve-wolfssl.yml
sanitizer:
name: ${{ matrix.sanitizer.name }} (wolfSSL ${{ matrix.wolfssl-ref }})
needs: resolve
runs-on: ubuntu-latest
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
wolfssl-ref: ${{ fromJson(needs.resolve.outputs.refs) }}
sanitizer:
- name: ASan
cflags: "-fsanitize=address -fno-omit-frame-pointer -g -O1"
- name: UBSan
cflags: "-fsanitize=undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -g"
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y libevent-dev libpcap-dev autoconf automake libtool
- name: Checkout wolfKeyMgr
uses: actions/checkout@v4
- name: Build wolfSSL (${{ matrix.sanitizer.name }})
run: |
git clone --depth 1 --branch ${{ matrix.wolfssl-ref }} \
https://github.com/wolfSSL/wolfssl.git
cd wolfssl
./autogen.sh
./configure --enable-sniffer --enable-curve25519 --enable-curve448 \
--enable-enckeys --enable-opensslextra \
CFLAGS="-DWOLFSSL_DH_EXTRA ${{ matrix.sanitizer.cflags }}"
make -j"$(nproc)"
sudo make install
sudo ldconfig
- name: Build wolfKeyMgr (${{ matrix.sanitizer.name }})
run: |
./autogen.sh
./configure CFLAGS="${{ matrix.sanitizer.cflags }}"
make -j"$(nproc)"
- name: make check (${{ matrix.sanitizer.name }})
env:
# detect_leaks=0: catch overflows / use-after-free now; leak
# detection can flag library init allocations and is left to a
# follow-up.
ASAN_OPTIONS: detect_leaks=0
UBSAN_OPTIONS: halt_on_error=1:print_stacktrace=1
run: make check
- name: Upload failure logs
if: failure()
uses: actions/upload-artifact@v4
with:
name: wolfKeyMgr-${{ matrix.sanitizer.name }}-wolfssl-${{ matrix.wolfssl-ref }}-logs
path: |
test-suite.log
tests/*.log
retention-days: 5