Optimize CI for wolfProvider #678
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: FIPS Ready Bundle Test | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| paths-ignore: | |
| - '**.md' | |
| - 'docs/**' | |
| - 'LICENSE*' | |
| - '.github/ISSUE_TEMPLATE/**' | |
| - '.github/dependabot.yml' | |
| - '.gitignore' | |
| - 'AUTHORS' | |
| - 'COPYING' | |
| - 'README*' | |
| - 'CHANGELOG*' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| discover_versions: | |
| if: github.event_name != 'pull_request' || github.event.pull_request.draft == false | |
| uses: ./.github/workflows/_discover-versions.yml | |
| fips_ready_test: | |
| needs: discover_versions | |
| if: github.event_name != 'pull_request' || github.event.pull_request.draft == false | |
| name: FIPS Ready Bundle Test | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 20 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| wolfssl_bundle_ref: [ '5.8.2' ] | |
| openssl_ref: ${{ fromJson(needs.discover_versions.outputs.openssl_latest_ref_array) }} | |
| # force_fail collapsed into sequential runs in the test step | |
| steps: | |
| - name: Checkout wolfProvider | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download FIPS Ready Bundle | |
| run: | | |
| # Download FIPS ready bundle from wolfSSL website | |
| BUNDLE_URL="https://www.wolfssl.com/wolfssl-${{matrix.wolfssl_bundle_ref}}-gplv3-fips-ready.zip" | |
| wget -O wolfssl-fips-ready.zip "$BUNDLE_URL" | |
| unzip wolfssl-fips-ready.zip | |
| # Find the extracted directory (build script requires directory, not zip) | |
| BUNDLE_DIR=$(find . -maxdepth 1 -type d -name "*fips-ready*" | head -n 1) | |
| if [ -z "$BUNDLE_DIR" ]; then | |
| echo "ERROR: Could not find FIPS ready bundle directory after extraction" | |
| ls -la | |
| exit 1 | |
| fi | |
| echo "FIPS_BUNDLE_PATH=$(pwd)/$BUNDLE_DIR" >> $GITHUB_ENV | |
| echo "Found FIPS bundle directory at: $BUNDLE_DIR" | |
| - name: Build wolfProvider with FIPS Ready Bundle | |
| run: | | |
| ./scripts/build-wolfprovider.sh --fips-bundle="$FIPS_BUNDLE_PATH" \ | |
| --fips-check=ready --wolfssl-ver=v${{matrix.wolfssl_bundle_ref}}-stable | |
| - name: Run FIPS Command Tests | |
| run: | | |
| # Run cmd tests to verify functionality | |
| export WOLFSSL_ISFIPS=1 | |
| source scripts/env-setup | |
| # --- normal mode --- | |
| ./scripts/cmd_test/do-cmd-tests.sh | |
| # --- force-fail mode --- | |
| WOLFPROV_FORCE_FAIL=1 ./scripts/cmd_test/do-cmd-tests.sh |