-
Notifications
You must be signed in to change notification settings - Fork 82
135 lines (115 loc) · 3.73 KB
/
release-checks.yml
File metadata and controls
135 lines (115 loc) · 3.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Release Checks
# Gates intended to mirror the wolfTPM release procedure:
# - C++ build with CC=g++ (proves headers are C++-safe for consumers)
# - scan-build --status-bugs (Clang static analysis)
# Both run on every PR and every push to release branches so regressions are
# caught at PR time instead of during release prep.
on:
push:
branches: [ 'master', 'main', 'release/**', 'rel_v*_prep' ]
pull_request:
branches: [ '**' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build_wolfssl:
name: Build wolfSSL
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
repository: wolfssl/wolfssl
path: wolfssl
ref: master
- name: Build wolfSSL
working-directory: ./wolfssl
run: |
./autogen.sh
./configure --enable-wolftpm --enable-pkcallbacks --enable-keygen \
--prefix=/tmp/wolfssl-install \
CFLAGS="-DWC_RSA_NO_PADDING"
make -j$(nproc)
make install
- name: Tar install dir
run: tar -zcf wolfssl-install.tgz -C /tmp wolfssl-install
- name: Upload wolfSSL install
uses: actions/upload-artifact@v4
with:
name: wolfssl-release-checks
path: wolfssl-install.tgz
retention-days: 1
cxx_build:
name: C++ build (CC=g++)
runs-on: ubuntu-latest
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Checkout wolfTPM
uses: actions/checkout@v4
- name: Download wolfSSL
uses: actions/download-artifact@v4
with:
name: wolfssl-release-checks
- name: Install wolfSSL
run: |
sudo tar -xzf wolfssl-install.tgz -C /tmp
sudo ldconfig /tmp/wolfssl-install/lib
- name: Build wolfTPM with g++ (default config)
run: |
./autogen.sh
./configure CC=g++ \
--with-wolfcrypt=/tmp/wolfssl-install
make -j$(nproc)
- name: Build wolfTPM with g++ (--enable-fwtpm)
run: |
make distclean
./configure CC=g++ --enable-fwtpm \
--with-wolfcrypt=/tmp/wolfssl-install
make -j$(nproc)
- name: Show log on errors
if: failure()
run: cat config.log
scan_build:
name: scan-build (clang static analysis)
runs-on: ubuntu-latest
timeout-minutes: 15
needs: build_wolfssl
steps:
- name: Install clang tools
run: |
sudo apt-get update
sudo apt-get install -y clang-tools
- name: Checkout wolfTPM
uses: actions/checkout@v4
- name: Download wolfSSL
uses: actions/download-artifact@v4
with:
name: wolfssl-release-checks
- name: Install wolfSSL
run: |
sudo tar -xzf wolfssl-install.tgz -C /tmp
sudo ldconfig /tmp/wolfssl-install/lib
- name: scan-build default configuration
run: |
./autogen.sh
scan-build --status-bugs ./configure \
--with-wolfcrypt=/tmp/wolfssl-install
scan-build --status-bugs -o scan-results-default make -j$(nproc)
- name: scan-build with --enable-fwtpm
run: |
make distclean
scan-build --status-bugs ./configure --enable-fwtpm \
--with-wolfcrypt=/tmp/wolfssl-install
scan-build --status-bugs -o scan-results-fwtpm make -j$(nproc)
- name: Upload scan reports on failure
if: failure()
uses: actions/upload-artifact@v4
with:
name: scan-build-reports
path: |
scan-results-default/
scan-results-fwtpm/
retention-days: 7