Optimize CI for wolfProvider #1386
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tnftp Tests | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| paths-ignore: | |
| - '**.md' | |
| - 'docs/**' | |
| - 'LICENSE*' | |
| - '.github/ISSUE_TEMPLATE/**' | |
| - '.github/dependabot.yml' | |
| - '.gitignore' | |
| - 'AUTHORS' | |
| - 'COPYING' | |
| - 'README*' | |
| - 'CHANGELOG*' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| wait_for_smoke: | |
| name: Wait for smoke | |
| if: github.event_name != 'pull_request' || github.event.pull_request.draft == false | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 35 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - uses: ./.github/actions/wait-for-smoke | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| build_wolfprovider: | |
| needs: wait_for_smoke | |
| if: github.event_name != 'pull_request' || github.event.pull_request.draft == false | |
| uses: ./.github/workflows/build-wolfprovider.yml | |
| with: | |
| wolfssl_ref: ${{ matrix.wolfssl_ref }} | |
| openssl_ref: ${{ matrix.openssl_ref }} | |
| fips_ref: ${{ matrix.fips_ref }} | |
| replace_default: ${{ matrix.replace_default }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.4-stable' ] | |
| openssl_ref: [ 'openssl-3.5.4' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true ] | |
| test_tnftp: | |
| if: github.event_name != 'pull_request' || github.event.pull_request.draft == false | |
| runs-on: ubuntu-22.04 | |
| needs: build_wolfprovider | |
| container: | |
| image: ghcr.io/${{ github.event.pull_request && github.event.pull_request.head.repo.owner.login || github.repository_owner }}/wolfprovider-test-deps:bookworm | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| # This should be a safe limit for the tests to run. | |
| timeout-minutes: 20 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tnftp_ref: [ 'tnftp-20210827' ] | |
| wolfssl_ref: [ 'v5.8.4-stable' ] | |
| openssl_ref: [ 'openssl-3.5.4' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true ] | |
| env: | |
| WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages | |
| OPENSSL_PACKAGES_PATH: /tmp/openssl-packages | |
| WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages | |
| steps: | |
| - name: Checkout wolfProvider | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download packages from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} | |
| path: /tmp | |
| - name: Install wolfSSL/OpenSSL/wolfprov packages | |
| run: | | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb | |
| # Prevent later 'apt-get install' of test dependencies from | |
| # replacing the wolfprov-patched libssl3, which breaks | |
| # replace-default mode. | |
| apt-mark hold libssl3 libssl-dev openssl libwolfssl libwolfprov | |
| - name: Verify wolfProvider is properly installed | |
| run: | | |
| $GITHUB_WORKSPACE/scripts/verify-install.sh \ | |
| ${{ matrix.replace_default && '--replace-default' || '' }} \ | |
| ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} | |
| - name: Download and extract tnftp | |
| run: | | |
| # Fetch from the Debian source archive rather than ftp.netbsd.org | |
| # or its CDN; both of those rate-limit or time-out requests from | |
| # GitHub Actions egress. Debian mirrors the identical upstream | |
| # tarball under a slightly different filename, and deb.debian.org | |
| # is already the reliable source used by other workflows here. | |
| # Translate 'tnftp-<date>' ref to Debian's 'tnftp_<date>.orig'. | |
| ref="${{ matrix.tnftp_ref }}" | |
| version="${ref#tnftp-}" | |
| wget -4 "https://deb.debian.org/debian/pool/main/t/tnftp/tnftp_${version}.orig.tar.gz" \ | |
| -O "${ref}.tar.gz" | |
| tar xvf ${ref}.tar.gz | |
| cd ${ref} | |
| - name: Build and test tnftp | |
| working-directory: ${{ matrix.tnftp_ref }} | |
| shell: bash | |
| run: | | |
| set +o pipefail # ignore errors from make check | |
| # --- normal mode --- | |
| # Configure with OpenSSL | |
| ./configure | |
| # Build tnftp | |
| make -j | |
| # Run all tests and capture output | |
| { | |
| echo "Testing tnftp basic functionality..." | |
| # Test help command | |
| if ./src/tnftp -? 2>&1 | grep -q "usage:"; then | |
| echo "tnftp help command works" | |
| else | |
| echo "tnftp help command failed" | |
| exit 1 | |
| fi | |
| # Test that tnftp can start (even if it fails to connect) | |
| echo "Testing tnftp connection attempt..." | |
| timeout 10 ./src/tnftp -n 192.0.2.1 2>&1 | head -10 | |
| echo "tnftp can attempt connections" | |
| # Test SSL/TLS functionality | |
| echo "Testing SSL/TLS connection..." | |
| timeout 15 ./src/tnftp -n https://httpbin.org/get 2>&1 | |
| echo "SSL/TLS test completed" | |
| } 2>&1 | tee tnftp-test.log | |
| # Capture result and check for expected failure | |
| TEST_RESULT=$(grep -q "SSL context creation failed" tnftp-test.log && echo "1" || echo "0") | |
| $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT "" tnftp | |
| # --- force-fail mode --- | |
| export WOLFPROV_FORCE_FAIL=1 | |
| # Configure with OpenSSL | |
| ./configure | |
| # Build tnftp | |
| make -j | |
| # Run all tests and capture output | |
| { | |
| echo "Testing tnftp basic functionality..." | |
| # Test help command | |
| if ./src/tnftp -? 2>&1 | grep -q "usage:"; then | |
| echo "tnftp help command works" | |
| else | |
| echo "tnftp help command failed" | |
| exit 1 | |
| fi | |
| # Test that tnftp can start (even if it fails to connect) | |
| echo "Testing tnftp connection attempt..." | |
| timeout 10 ./src/tnftp -n 192.0.2.1 2>&1 | head -10 | |
| echo "tnftp can attempt connections" | |
| # Test SSL/TLS functionality | |
| echo "Testing SSL/TLS connection..." | |
| timeout 15 ./src/tnftp -n https://httpbin.org/get 2>&1 | |
| echo "SSL/TLS test completed" | |
| } 2>&1 | tee tnftp-test.log | |
| # Capture result and check for expected failure | |
| TEST_RESULT=$(grep -q "SSL context creation failed" tnftp-test.log && echo "1" || echo "0") | |
| $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT "WOLFPROV_FORCE_FAIL=1" tnftp |