Skip to content
libfido2 Tests

Optimize CI for wolfProvider #1451

Sign in to view logs

Optimize CI for wolfProvider

Optimize CI for wolfProvider #1451

Workflow file for this run

.github/workflows/libfido2.yml at fddae3e
name: libfido2 Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
types: [opened, synchronize, reopened, ready_for_review]
paths-ignore:
- '**.md'
- 'docs/**'
- 'LICENSE*'
- '.github/ISSUE_TEMPLATE/**'
- '.github/dependabot.yml'
- '.gitignore'
- 'AUTHORS'
- 'COPYING'
- 'README*'
- 'CHANGELOG*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
wait_for_smoke:
name: Wait for smoke
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
runs-on: ubuntu-22.04
timeout-minutes: 35
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: ./.github/actions/wait-for-smoke
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
discover_versions:
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
uses: ./.github/workflows/_discover-versions.yml
build_wolfprovider:
needs: [wait_for_smoke, discover_versions]
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
uses: ./.github/workflows/build-wolfprovider.yml
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
fips_ref: ${{ matrix.fips_ref }}
replace_default: ${{ matrix.replace_default }}
strategy:
fail-fast: false
matrix:
wolfssl_ref: ${{ fromJson(needs.discover_versions.outputs.wolfssl_ref_array) }}
openssl_ref: ${{ fromJson(needs.discover_versions.outputs.openssl_ref_array) }}
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true ]
test_libfido2:
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
runs-on: ubuntu-22.04
needs: [build_wolfprovider, discover_versions]
container:
image: ghcr.io/${{ github.event.pull_request && github.event.pull_request.head.repo.owner.login || github.repository_owner }}/wolfprovider-test-deps:bookworm
env:
DEBIAN_FRONTEND: noninteractive
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
libfido2_ref: [ '1.15.0' ]
wolfssl_ref: ${{ fromJson(needs.discover_versions.outputs.wolfssl_ref_array) }}
openssl_ref: ${{ fromJson(needs.discover_versions.outputs.openssl_ref_array) }}
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Download packages from build job
uses: actions/download-artifact@v4
with:
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
path: /tmp
- name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
# Prevent later 'apt-get install' of test dependencies from
# replacing the wolfprov-patched libssl3, which breaks
# replace-default mode.
apt-mark hold libssl3 libssl-dev openssl libwolfssl libwolfprov
- name: Verify wolfProvider is properly installed
run: |
$GITHUB_WORKSPACE/scripts/verify-install.sh \
${{ matrix.replace_default && '--replace-default' || '' }} \
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
- name: Checkout libfido2
uses: actions/checkout@v4
with:
repository: Yubico/libfido2
path: libfido2_repo
ref: ${{ matrix.libfido2_ref }}
fetch-depth: 1
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
fetch-depth: 1
- run: |
cd libfido2_repo
# Apply the wolfProvider patch
if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then
patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/libfido2/libfido2-FIPS-${{ matrix.libfido2_ref }}-wolfprov.patch
else
patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/libfido2/libfido2-${{ matrix.libfido2_ref }}-wolfprov.patch
fi
- name: Build and install libfido2
working-directory: libfido2_repo
run: |
mkdir build
cd build
if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then
cmake -DHAVE_FIPS=ON -DCMAKE_INSTALL_PREFIX=$GITHUB_WORKSPACE/libfido2-install ..
else
cmake -DCMAKE_INSTALL_PREFIX=$GITHUB_WORKSPACE/libfido2-install ..
fi
make -j$(nproc)
make install
- name: Run libfido2 tests
working-directory: libfido2_repo/build
run: |
# --- normal mode ---
# Run tests, excluding regress_dev which requires hardware/fails in CI
ctest --exclude-regex "regress_dev" 2>&1 | tee libfido2-test.log
# Check test results directly in YAML
if grep -q "100% tests passed" libfido2-test.log; then
TEST_RESULT=0
else
TEST_RESULT=1
fi
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT "" libfido2
# --- force-fail mode ---
export WOLFPROV_FORCE_FAIL=1
# Run tests, excluding regress_dev which requires hardware/fails in CI
ctest --exclude-regex "regress_dev" 2>&1 | tee libfido2-test.log
# Check test results directly in YAML
if grep -q "100% tests passed" libfido2-test.log; then
TEST_RESULT=0
else
TEST_RESULT=1
fi
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT "WOLFPROV_FORCE_FAIL=1" libfido2