Skip to content
PPP Tests

Optimize CI for wolfProvider #1321

Sign in to view logs

Optimize CI for wolfProvider

Optimize CI for wolfProvider #1321

Workflow file for this run

.github/workflows/ppp.yml at b9adb95
name: PPP Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
types: [opened, synchronize, reopened, ready_for_review]
paths-ignore:
- '**.md'
- 'docs/**'
- 'LICENSE*'
- '.github/ISSUE_TEMPLATE/**'
- '.github/dependabot.yml'
- '.gitignore'
- 'AUTHORS'
- 'COPYING'
- 'README*'
- 'CHANGELOG*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
wait_for_smoke:
name: Wait for smoke
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
runs-on: ubuntu-22.04
timeout-minutes: 35
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: ./.github/actions/wait-for-smoke
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
build_wolfprovider:
needs: wait_for_smoke
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
uses: ./.github/workflows/build-wolfprovider.yml
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
fips_ref: ${{ matrix.fips_ref }}
replace_default: ${{ matrix.replace_default }}
strategy:
fail-fast: false
matrix:
wolfssl_ref: [ 'v5.8.4-stable' ]
openssl_ref: [ 'openssl-3.5.4' ]
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true ]
test_ppp:
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
runs-on: ubuntu-22.04
needs: build_wolfprovider
container:
image: ghcr.io/${{ github.event.pull_request && github.event.pull_request.head.repo.owner.login || github.repository_owner }}/wolfprovider-test-deps:bookworm
env:
DEBIAN_FRONTEND: noninteractive
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
# Switched to v2.5.2 due to significant limitations with v2.4.9,
# specifically the lack of a test suite, necessary configure options,
# and compatibility with newer versions of openssl
ppp_ref: [ 'v2.5.2' ]
wolfssl_ref: [ 'v5.8.4-stable' ]
openssl_ref: [ 'openssl-3.5.4' ]
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
# Checkout the source so we can run the check-workflow-result script
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Download packages from build job
uses: actions/download-artifact@v4
with:
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
path: /tmp
- name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
# Prevent later 'apt-get install' of test dependencies from
# replacing the wolfprov-patched libssl3, which breaks
# replace-default mode.
apt-mark hold libssl3 libssl-dev openssl libwolfssl libwolfprov
- name: Verify wolfProvider is properly installed
run: |
$GITHUB_WORKSPACE/scripts/verify-install.sh \
${{ matrix.replace_default && '--replace-default' || '' }} \
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
- name: Checkout PPP
uses: actions/checkout@v4
with:
repository: ppp-project/ppp
path: ppp_repo
ref: ${{ matrix.ppp_ref }}
fetch-depth: 1
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
fetch-depth: 1
- run: |
cd ppp_repo
if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then
patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/ppp/ppp-FIPS-${{ matrix.ppp_ref }}-wolfprov.patch
else
patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/ppp/ppp-${{ matrix.ppp_ref }}-wolfprov.patch
fi
- name: Build and install PPP
working-directory: ppp_repo
run: |
if [ -f ./autogen.sh ]; then
./autogen.sh
elif [ ! -f ./configure ]; then
autoreconf -fiv
fi
if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then
./configure --prefix=$GITHUB_WORKSPACE/ppp-install --disable-microsoft-extensions --enable-wolfprov-fips
else
./configure --prefix=$GITHUB_WORKSPACE/ppp-install --disable-microsoft-extensions
fi
make -j$(nproc)
make install
- name: Run PPP tests
working-directory: ppp_repo
shell: bash
run: |
set +o pipefail # ignore errors from make check
# --- normal mode ---
# Run tests
make check 2>&1 | tee ppp-test.log
# Check test results directly in YAML
if grep -q "# FAIL: 0" pppd/test-suite.log; then
TEST_RESULT=0
else
TEST_RESULT=1
fi
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT "" ppp
# --- force-fail mode ---
export WOLFPROV_FORCE_FAIL=1
# Run tests
make check 2>&1 | tee ppp-test.log
# Check test results directly in YAML
if grep -q "# FAIL: 0" pppd/test-suite.log; then
TEST_RESULT=0
else
TEST_RESULT=1
fi
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT "WOLFPROV_FORCE_FAIL=1" ppp