Skip to content
gRPC Tests

Optimize CI for wolfProvider #1869

Sign in to view logs

Optimize CI for wolfProvider

Optimize CI for wolfProvider #1869

Workflow file for this run

.github/workflows/grpc.yml at b9adb95
name: gRPC Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
types: [opened, synchronize, reopened, ready_for_review]
paths-ignore:
- '**.md'
- 'docs/**'
- 'LICENSE*'
- '.github/ISSUE_TEMPLATE/**'
- '.github/dependabot.yml'
- '.gitignore'
- 'AUTHORS'
- 'COPYING'
- 'README*'
- 'CHANGELOG*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
wait_for_smoke:
name: Wait for smoke
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
runs-on: ubuntu-22.04
timeout-minutes: 35
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: ./.github/actions/wait-for-smoke
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
build_wolfprovider:
needs: wait_for_smoke
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
uses: ./.github/workflows/build-wolfprovider.yml
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
fips_ref: ${{ matrix.fips_ref }}
replace_default: ${{ matrix.replace_default }}
strategy:
fail-fast: false
matrix:
wolfssl_ref: [ 'v5.8.4-stable' ]
openssl_ref: [ 'openssl-3.5.4' ]
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true ]
test_grpc:
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
runs-on: ubuntu-22.04
needs: build_wolfprovider
container:
image: ghcr.io/${{ github.event.pull_request && github.event.pull_request.head.repo.owner.login || github.repository_owner }}/wolfprovider-test-deps:bookworm
env:
DEBIAN_FRONTEND: noninteractive
# This should be a safe limit for the tests to run.
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
include:
- grpc_ref: v1.60.0 # TODO: Add master
tests: >-
bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
crl_ssl_transport_security_test server_ssl_test
ssl_transport_security_test ssl_transport_security_utils_test
test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
h2_ssl_cert_test h2_ssl_session_reuse_test
wolfssl_ref: [ 'v5.8.4-stable' ]
openssl_ref: [ 'openssl-3.5.4' ]
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true ]
# force_fail collapsed into sequential runs in the test step
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Download packages from build job
uses: actions/download-artifact@v4
with:
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
path: /tmp
- name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
# Prevent later 'apt-get install' of test dependencies from
# replacing the wolfprov-patched libssl3, which breaks
# replace-default mode.
apt-mark hold libssl3 libssl-dev openssl libwolfssl libwolfprov
- name: Verify wolfProvider is properly installed
run: |
$GITHUB_WORKSPACE/scripts/verify-install.sh \
${{ matrix.replace_default && '--replace-default' || '' }} \
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
- name: Confirm IPv4 and IPv6 support
run: |
ip addr list lo | grep 'inet '
ip addr list lo | grep 'inet6 '
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: Checkout grpc
uses: actions/checkout@v4
with:
repository: grpc/grpc
path: grpc
ref: ${{ matrix.grpc_ref }}
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
fetch-depth: 1
- run: |
cd grpc
# Apply the wolfProvider patch
patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/grpc/grpc-FIPS-${{ matrix.grpc_ref }}-wolfprov.patch
- name: Build grpc with wolfProvider
working-directory: ./grpc
run: |
# Initialize submodules
git submodule update --init
# Build
mkdir -p cmake/build
cd cmake/build
# Configure with OpenSSL and wolfProvider
cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=package ../..
# Build the tests
make -j $(nproc) ${{ matrix.tests }}
- name: Run grpc tests with wolfProvider
working-directory: ./grpc
run: |
# Start the port server
./tools/run_tests/start_port_server.py
run_grpc_round() {
local mode_label="$1"
local ff_arg="$2"
local all_passed=1
set +e
for t in ${{ matrix.tests }} ; do
echo "==================================="
echo "Running test: $t (mode: $mode_label)"
echo "==================================="
./cmake/build/$t
local exit_code=$?
if [ $exit_code -ne 0 ]; then
echo "Test $t FAILED with exit code $exit_code (mode: $mode_label)"
all_passed=0
fi
done
set -e
local result
if [ $all_passed -eq 1 ]; then
result=0
echo "ALL TESTS PASSED (mode: $mode_label)"
else
result=1
echo "SOME TESTS FAILED (mode: $mode_label)"
fi
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $result "$ff_arg" grpc
}
# --- normal mode ---
run_grpc_round normal ""
# --- force-fail mode ---
export WOLFPROV_FORCE_FAIL=1
run_grpc_round ff "WOLFPROV_FORCE_FAIL=1"