From e4ea2a5ac10f983d3e9ffb393d52348ca3a74060 Mon Sep 17 00:00:00 2001 From: Paul Adelsbach Date: Wed, 18 Jun 2025 21:59:22 +0000 Subject: [PATCH] Reduce the size of the github action caches --- .github/scripts/check-workflow-result.sh | 3 + .github/workflows/build-wolfprovider.yml | 88 +++++++----------------- .github/workflows/cjose.yml | 11 ++- .github/workflows/curl.yml | 9 ++- .github/workflows/grpc.yml | 7 +- .github/workflows/iperf.yml | 7 +- .github/workflows/ipmitool.yml | 7 +- .github/workflows/libfido2.yml | 7 +- .github/workflows/liboauth2.yml | 7 +- .github/workflows/libwebsockets.yml | 12 ++-- .github/workflows/multi-compiler.yml | 78 ++++++++++++++------- .github/workflows/net-snmp.yml | 7 +- .github/workflows/nginx.yml | 7 +- .github/workflows/openldap.yml | 7 +- .github/workflows/openssh.yml | 7 +- .github/workflows/openvpn.yml | 7 +- .github/workflows/simple.yml | 20 +----- .github/workflows/socat.yml | 7 +- .github/workflows/sssd.yml | 6 +- .github/workflows/stunnel.yml | 7 +- .github/workflows/tcpdump.yml | 7 +- scripts/resolve-ref.sh | 27 ++++++++ 22 files changed, 165 insertions(+), 180 deletions(-) create mode 100755 scripts/resolve-ref.sh diff --git a/.github/scripts/check-workflow-result.sh b/.github/scripts/check-workflow-result.sh index c25bb277..4f10a900 100755 --- a/.github/scripts/check-workflow-result.sh +++ b/.github/scripts/check-workflow-result.sh @@ -54,6 +54,9 @@ if [ "$WOLFPROV_FORCE_FAIL" = "WOLFPROV_FORCE_FAIL=1" ]; then # Define expected failures based on curl version case "$CURL_VERSION" in + "curl-7_88_1") + EXPECTED_FAILS="9 39 41 44 64 65 70 71 72 88 153 154 158 163 166 167 168 169 170 173 186 206 245 246 258 259 273 277 327 335 388 540 551 552 554 565 579 584 643 645 646 647 648 649 650 651 652 653 654 666 667 668 669 670 671 672 673 1001 1002 1030 1053 1060 1061 1071 1072 1079 1095 1133 1136 1158 1186 1187 1189 1190 1191 1192 1193 1194 1195 1196 1198 1199 1229 1284 1285 1286 1293 1315 1404 1412 1418 1437 1568 1905 1916 1917 2024 2026 2027 2028 2030 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2073 2076 2200 2201 2202 2203 2204 3017 3018" + ;; "curl-8_4_0") EXPECTED_FAILS="9 31 39 41 44 46 61 64 65 70 71 72 73 88 153 154 158 163 166 167 168 169 170 171 173 186 206 245 246 258 259 273 277 327 335 388 420 444 540 551 552 554 565 579 584 643 645 646 647 648 649 650 651 652 653 654 666 667 668 669 670 671 672 673 977 1001 1002 1030 1053 1060 1061 1071 1072 1079 1095 1105 1133 1136 1151 1155 1158 1160 1161 1186 1187 1189 1190 1191 1192 1193 1194 1195 1196 1198 1199 1229 1284 1285 1286 1293 1315 1404 1412 1415 1418 1437 1568 1903 1905 1916 1917 1964 2024 2026 2027 2028 2030 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2073 2076 2200 2201 2202 2203 2204 3017 3018" ;; diff --git a/.github/workflows/build-wolfprovider.yml b/.github/workflows/build-wolfprovider.yml index 68bbc0bd..4589eac3 100644 --- a/.github/workflows/build-wolfprovider.yml +++ b/.github/workflows/build-wolfprovider.yml @@ -22,110 +22,70 @@ jobs: outputs: cache_key: wolfprov-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }} steps: - # Check if this version of wolfssl/wolfprovider has already been built, - # mark to cache these items on post if we do end up building - # On a push, the first workflow(s) will complete the build and cache it - # and any delayed workflow will be able to utilize it. - # This is not designed to cache builds across commits. - - name: Checking wolfSSL/wolfProvider in cache - uses: actions/cache@v4 - id: wolfprov-cache - with: - path: | - scripts - wolfssl-source - wolfssl-install - wolfprov-install - openssl-install - provider.conf - - key: wolfprov-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }} - lookup-only: true - - # if cache hit, exit the workflow - - name: Exit workflow if cache hit - if: steps.wolfprov-cache.outputs.cache-hit == 'true' + - name: Install build dependencies run: | - echo "Found cached build, exiting workflow" - exit 0 + sudo apt-get update + sudo apt-get install -y build-essential autoconf libtool pkg-config - name: Checkout wolfProvider - if: steps.wolfprov-cache.outputs.cache-hit != 'true' uses: actions/checkout@v4 with: fetch-depth: 1 - # Convert OpenSSL branch name to commit hash if needed - name: Get OpenSSL commit hash - if: steps.wolfprov-cache.outputs.cache-hit != 'true' id: openssl-ref run: | - if [[ "${{ inputs.openssl_ref }}" =~ ^[0-9a-f]{40}$ ]]; then - echo "ref=${{ inputs.openssl_ref }}" >> $GITHUB_OUTPUT - else - sha=$(curl -s "https://api.github.com/repos/openssl/openssl/commits/${{ inputs.openssl_ref }}" | jq -r '.sha') - echo "ref=$sha" >> $GITHUB_OUTPUT - echo "OpenSSL ref ${{ inputs.openssl_ref }} is commit $sha" - fi + sha=$(./scripts/resolve-ref.sh "${{ inputs.openssl_ref }}" "openssl/openssl") + echo "ref=$sha" >> "$GITHUB_OUTPUT" + env: + # Used token to bypass rate limits + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get WolfSSL commit hash + id: wolfssl-ref + run: | + sha=$(./scripts/resolve-ref.sh "${{ inputs.wolfssl_ref }}" "wolfssl/wolfssl") + echo "ref=$sha" >> "$GITHUB_OUTPUT" + env: + # Used token to bypass rate limits + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Look for a cached version of OpenSSL - name: Checking OpenSSL in cache - if: steps.wolfprov-cache.outputs.cache-hit != 'true' uses: actions/cache/restore@v4 id: openssl-cache with: path: | - openssl-source openssl-install - key: ossl-depends-${{ steps.openssl-ref.outputs.ref }} lookup-only: false - # Convert WolfSSL branch name to commit hash if needed - - name: Get WolfSSL commit hash - if: steps.wolfprov-cache.outputs.cache-hit != 'true' - id: wolfssl-ref - run: | - if [[ "${{ inputs.wolfssl_ref }}" =~ ^[0-9a-f]{40}$ ]]; then - echo "ref=${{ inputs.wolfssl_ref }}" >> $GITHUB_OUTPUT - else - sha=$(curl -s "https://api.github.com/repos/wolfssl/wolfssl/commits/${{ inputs.wolfssl_ref }}" | jq -r '.sha') - echo "ref=$sha" >> $GITHUB_OUTPUT - echo "WolfSSL ref ${{ inputs.wolfssl_ref }} is commit $sha" - fi - # Look for a cached version of WolfSSL - name: Checking WolfSSL in cache - if: steps.wolfprov-cache.outputs.cache-hit != 'true' uses: actions/cache/restore@v4 id: wolfssl-cache with: path: | - wolfssl-source wolfssl-install - key: wolfssl-depends-${{ steps.wolfssl-ref.outputs.ref }} lookup-only: false - name: Build wolfProvider - if: steps.wolfprov-cache.outputs.cache-hit != 'true' run: | OPENSSL_TAG=${{ inputs.openssl_ref }} WOLFSSL_TAG=${{ inputs.wolfssl_ref }} ./scripts/build-wolfprovider.sh - # This is potentially chewing up a lot of cache space. - # Could investigate reducing the size of this cache. - # Note that we use actions/cache/save and actions/cache/restore instead of - # actions/cache to reduce the chance of a cache lock issue. + # Save the wolfProvider outputs for use by the parent jobs. + # Note that we don't try to restore since it will likely always + # be a cache miss. - name: Save wolfProvider into cache - if: steps.wolfprov-cache.outputs.cache-hit != 'true' uses: actions/cache/save@v4 with: path: | - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }} # If openssl cache miss, save it to the cache @@ -134,7 +94,6 @@ jobs: uses: actions/cache/save@v4 with: path: | - openssl-source openssl-install key: ossl-depends-${{ steps.openssl-ref.outputs.ref }} @@ -143,7 +102,6 @@ jobs: uses: actions/cache/save@v4 with: path: | - wolfssl-source wolfssl-install key: wolfssl-depends-${{ steps.wolfssl-ref.outputs.ref }} diff --git a/.github/workflows/cjose.yml b/.github/workflows/cjose.yml index de825c77..534a67b3 100644 --- a/.github/workflows/cjose.yml +++ b/.github/workflows/cjose.yml @@ -45,21 +45,18 @@ jobs: id: wolfprov-cache-restore with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install cjose dependencies run: | - sudo apt-get update - sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev - sudo apt-get install libjansson-dev check + sudo apt-get install -y libjansson-dev check - name: Download cjose uses: actions/checkout@v4 diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index c570ef7d..4c5a457e 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -30,7 +30,7 @@ jobs: timeout-minutes: 20 strategy: matrix: - curl_ref: [ 'master', 'curl-8_4_0' ] + curl_ref: [ 'master', 'curl-8_4_0', 'curl-7_88_1' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] @@ -48,12 +48,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml index 729da246..fbe4e88b 100644 --- a/.github/workflows/grpc.yml +++ b/.github/workflows/grpc.yml @@ -52,12 +52,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/iperf.yml b/.github/workflows/iperf.yml index 126f2594..c9528ab9 100644 --- a/.github/workflows/iperf.yml +++ b/.github/workflows/iperf.yml @@ -45,12 +45,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml index 7f0acc65..10159abc 100644 --- a/.github/workflows/ipmitool.yml +++ b/.github/workflows/ipmitool.yml @@ -45,12 +45,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/libfido2.yml b/.github/workflows/libfido2.yml index e05005c0..153b1064 100644 --- a/.github/workflows/libfido2.yml +++ b/.github/workflows/libfido2.yml @@ -40,12 +40,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install test dependencies diff --git a/.github/workflows/liboauth2.yml b/.github/workflows/liboauth2.yml index 35acc55a..280c9554 100644 --- a/.github/workflows/liboauth2.yml +++ b/.github/workflows/liboauth2.yml @@ -44,12 +44,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/libwebsockets.yml b/.github/workflows/libwebsockets.yml index b0660381..624a1886 100644 --- a/.github/workflows/libwebsockets.yml +++ b/.github/workflows/libwebsockets.yml @@ -42,19 +42,18 @@ jobs: - name: Checkout wolfProvider uses: actions/checkout@v4 with: - sparse-checkout: | - .github + fetch-depth: 1 + - name: Retrieving wolfProvider from cache uses: actions/cache/restore@v4 id: wolfprov-cache-restore with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true @@ -77,6 +76,7 @@ jobs: cmake .. make -j$(nproc) sudo make install + - name: Run libwebsockets tests working-directory: libwebsockets run: | diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml index 2ecc5e56..8619977f 100644 --- a/.github/workflows/multi-compiler.yml +++ b/.github/workflows/multi-compiler.yml @@ -14,7 +14,7 @@ concurrency: jobs: build_wolfprovider: - name: Build with ${{ matrix.CC }} + name: Build with compiler ${{ matrix.CC }}, wolfssl ${{ matrix.wolfssl_ref }}, OpenSSL ${{ matrix.openssl_ref }} runs-on: ${{ matrix.OS }} timeout-minutes: 20 strategy: @@ -25,84 +25,112 @@ jobs: CXX: g++-9 OS: ubuntu-latest wolfssl_ref: master + openssl_ref: master - CC: gcc-10 CXX: g++-10 OS: ubuntu-latest wolfssl_ref: master + openssl_ref: master - CC: gcc-10 CXX: g++-10 OS: ubuntu-latest wolfssl_ref: v5.8.0-stable + openssl_ref: master - CC: gcc-11 CXX: g++-11 OS: ubuntu-latest wolfssl_ref: master + openssl_ref: master - CC: gcc-12 CXX: g++-12 OS: ubuntu-latest wolfssl_ref: master + openssl_ref: master + - CC: gcc-13 + CXX: g++-13 + OS: ubuntu-latest + wolfssl_ref: master + openssl_ref: master + - CC: gcc-14 + CXX: g++-14 + OS: ubuntu-latest + wolfssl_ref: master + openssl_ref: master - CC: clang-12 CXX: clang++-12 OS: ubuntu-22.04 wolfssl_ref: master + openssl_ref: master - CC: clang-13 CXX: clang++-13 OS: ubuntu-22.04 wolfssl_ref: master + openssl_ref: master - CC: clang-14 CXX: clang++-14 OS: ubuntu-latest wolfssl_ref: master + openssl_ref: master - CC: clang-15 CXX: clang++-15 OS: ubuntu-latest wolfssl_ref: master + openssl_ref: master steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - - name: Install dependencies run: | sudo apt-get update sudo apt-get install -y ${{ matrix.CC }} ${{ matrix.CXX }} automake libtool - # Check if this version of wolfssl/wolfprovider has already been built, - # mark to cache these items on post if we do end up building - - name: Checking wolfSSL/wolfProvider in cache - uses: actions/cache@v4 - id: wolfprov-cache + - name: Checkout wolfProvider + uses: actions/checkout@v4 with: - path: | - scripts - wolfssl-source - wolfssl-install - wolfprov-install - provider.conf + fetch-depth: 1 - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.CC }}-${{ github.sha }} - lookup-only: true + - name: Get OpenSSL commit hash + id: openssl-ref + run: | + sha=$(./scripts/resolve-ref.sh "${{ matrix.openssl_ref }}" "openssl/openssl") + echo "ref=$sha" >> "$GITHUB_OUTPUT" + env: + # Used token to bypass rate limits + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get WolfSSL commit hash + id: wolfssl-ref + run: | + sha=$(./scripts/resolve-ref.sh "${{ matrix.wolfssl_ref }}" "wolfssl/wolfssl") + echo "ref=$sha" >> "$GITHUB_OUTPUT" + env: + # Used token to bypass rate limits + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + # Look for a cached version of OpenSSL -- with this compiler version - name: Checking OpenSSL in cache - if: steps.wolfprov-cache.outputs.cache-hit != 'true' uses: actions/cache@v4 id: openssl-cache with: path: | - openssl-source openssl-install + key: openssl-depends-${{ matrix.CC }}-${{ steps.openssl-ref.outputs.ref }} + lookup-only: false - key: ossl-depends-${{ matrix.wolfssl_ref }}-${{ matrix.CC }}-${{ github.sha }} - lookup-only: true + # Look for a cached version of WolfSSL -- with this compiler version + - name: Checking WolfSSL in cache + uses: actions/cache@v4 + id: wolfssl-cache + with: + path: | + wolfssl-install + key: wolfssl-depends-${{ matrix.CC }}-${{ steps.wolfssl-ref.outputs.ref }} + lookup-only: false - # If not yet built this version, build it now - name: Build wolfProvider - if: steps.wolfprov-cache.outputs.cache-hit != 'true' env: CC: ${{ matrix.CC }} CXX: ${{ matrix.CXX }} run: | - WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh - name: Print errors if: ${{ failure() }} diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml index 0ae7f3cc..50e7cbfa 100644 --- a/.github/workflows/net-snmp.yml +++ b/.github/workflows/net-snmp.yml @@ -46,12 +46,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 80ad1fb1..04f29c96 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -48,12 +48,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml index 81ea6357..211240c9 100644 --- a/.github/workflows/openldap.yml +++ b/.github/workflows/openldap.yml @@ -45,12 +45,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 9c5492b3..ed506407 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -48,12 +48,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index b5e72ba0..791be8da 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -48,12 +48,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/simple.yml b/.github/workflows/simple.yml index 41e6665d..af8ea327 100644 --- a/.github/workflows/simple.yml +++ b/.github/workflows/simple.yml @@ -34,29 +34,15 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} lookup-only: true - # If wolfssl/wolfprovider have not yet been built, pull ossl from cache - - name: Checking OpenSSL in cache - if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' - uses: actions/cache@v4 - id: openssl-cache - with: - path: | - openssl-source - openssl-install - - key: ossl-depends-${{ matrix.openssl_ref }}-${{ github.sha }} - lookup-only: true - # If not yet built this version, build it now - name: Build wolfProvider if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml index edf1e98b..d2e63d7b 100644 --- a/.github/workflows/socat.yml +++ b/.github/workflows/socat.yml @@ -43,12 +43,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml index eb9f9ea7..ea2d511d 100644 --- a/.github/workflows/sssd.yml +++ b/.github/workflows/sssd.yml @@ -43,11 +43,11 @@ jobs: id: wolfprov-cache with: path: | - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} lookup-only: true diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index cd946044..fe540b68 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -48,12 +48,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/.github/workflows/tcpdump.yml b/.github/workflows/tcpdump.yml index 06347929..faec0bba 100644 --- a/.github/workflows/tcpdump.yml +++ b/.github/workflows/tcpdump.yml @@ -45,12 +45,11 @@ jobs: id: wolfprov-cache with: path: | - scripts - wolfssl-source wolfssl-install wolfprov-install - openssl-install - provider.conf + openssl-install/lib64 + openssl-install/include + openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true diff --git a/scripts/resolve-ref.sh b/scripts/resolve-ref.sh new file mode 100755 index 00000000..6f55d4b9 --- /dev/null +++ b/scripts/resolve-ref.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Converts a git tag or branch name to a commit SHA. +# Usage: ./resolve-ref.sh +# Example: ./resolve-ref.sh master openssl/openssl + +if [[ $# -ne 2 ]]; then + echo "Usage: $0 " >&2 + exit 1 +fi + +REF="$1" # e.g., "master" +REPO="$2" # e.g., "openssl/openssl" + +if [[ "$REF" =~ ^[0-9a-f]{40}$ ]]; then + echo "$REF" +else + api_url="https://api.github.com/repos/$REPO/commits/$REF" + + if [[ -n "${GITHUB_TOKEN:-}" ]]; then + sha=$(curl -fsSL -H "Authorization: Bearer $GITHUB_TOKEN" -H "Accept: application/vnd.github+json" "$api_url" | jq -r .sha) + else + sha=$(curl -fsSL "$api_url" | jq -r .sha) + fi + echo "$sha" +fi