-
Notifications
You must be signed in to change notification settings - Fork 33
119 lines (103 loc) · 3.92 KB
/
cjose.yml
File metadata and controls
119 lines (103 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name: cjose Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfprovider:
uses: ./.github/workflows/build-wolfprovider.yml
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
fips_ref: ${{ matrix.fips_ref }}
replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
wolfssl_ref: [ 'v5.8.4-stable' ]
openssl_ref: [ 'openssl-3.5.4' ]
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true ]
test_cjose:
runs-on: ubuntu-22.04
needs: build_wolfprovider
# Run inside Debian Bookworm to match packaging environment
container:
image: debian:bookworm
env:
DEBIAN_FRONTEND: noninteractive
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
# Dont test osp master since it might be unstable
cjose_ref: [ 'v0.6.2.1' ]
wolfssl_ref: [ 'v5.8.4-stable' ]
openssl_ref: [ 'openssl-3.5.4' ]
fips_ref: [ 'FIPS', 'non-FIPS' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Install cjose dependencies
run: |
apt-get update
apt-get install -y git build-essential autoconf automake \
libtool pkg-config libjansson-dev check ca-certificates dpkg-dev
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Download packages from build job
uses: actions/download-artifact@v4
with:
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
path: /tmp
- name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
apt install --reinstall -y \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
# Prevent later 'apt-get install' of test dependencies from
# replacing the wolfprov-patched libssl3, which breaks
# replace-default mode.
apt-mark hold libssl3 libssl-dev openssl libwolfssl libwolfprov
- name: Verify wolfProvider is properly installed
run: |
$GITHUB_WORKSPACE/scripts/verify-install.sh \
${{ matrix.replace_default && '--replace-default' || '' }} \
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
- name: Download cjose
uses: actions/checkout@v4
with:
repository: OpenIDC/cjose
ref: ${{ matrix.cjose_ref }}
path: cjose
fetch-depth: 1
- name: Build cjose
working-directory: cjose
run: |
./configure CFLAGS="-Wno-error=deprecated-declarations"
# Build cjose
make
- name: Run cjose tests
working-directory: cjose
run: |
export ${{ matrix.force_fail }}
make test 2>&1 | tee cjose-test.log
TEST_RESULT=$(grep -q "FAIL: check_cjose" cjose-test.log && echo "1" || echo "0")
echo "TEST_RESULT = $TEST_RESULT"
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} cjose