Prevent ECC tmp key leak and UB #436
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SE050 simulator test | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| # Build the SE050 software simulator (https://github.com/wolfSSL/simulators, | |
| # SE050Sim/ subdirectory), build wolfSSL against its NXP Plug&Trust SDK + | |
| # simulator bridge, and run the wolfCrypt SE050 test binary against the | |
| # simulator TCP server. | |
| # | |
| # The simulator's own Dockerfile (Dockerfile.wolfcrypt) clones wolfSSL master. | |
| # We patch it to COPY the PR checkout instead so CI reflects the PR's source. | |
| env: | |
| SIMULATORS_REF: 745893640e21a15b7df8c70567c522953aba2f2c | |
| jobs: | |
| se050_sim: | |
| name: wolfCrypt against SE050 simulator | |
| if: github.repository_owner == 'wolfssl' | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout wolfSSL (PR source) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: wolfssl-src | |
| - name: Clone SE050 simulator | |
| run: | | |
| git clone https://github.com/wolfSSL/simulators simulators | |
| cd simulators && git checkout "$SIMULATORS_REF" | |
| - name: Stage PR wolfSSL into simulator build context | |
| run: mv wolfssl-src simulators/SE050Sim/wolfssl | |
| - name: Patch Dockerfile to use PR wolfSSL instead of upstream master | |
| working-directory: simulators/SE050Sim | |
| run: | | |
| sed -i 's|^RUN git clone --depth 1 https://github.com/wolfSSL/wolfssl.git /app/wolfssl$|COPY wolfssl /app/wolfssl|' Dockerfile.wolfcrypt | |
| # Fail fast if the pattern drifted upstream -- better a clear error | |
| # than a CI run that silently tests master. | |
| grep -q '^COPY wolfssl /app/wolfssl$' Dockerfile.wolfcrypt | |
| ! grep -q 'git clone .*wolfssl\.git' Dockerfile.wolfcrypt | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Build wolfCrypt-SE050 test image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: simulators/SE050Sim | |
| file: simulators/SE050Sim/Dockerfile.wolfcrypt | |
| push: false | |
| load: true | |
| tags: wolfssl-se050-sim:ci | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Run wolfCrypt tests against simulator | |
| run: docker run --rm wolfssl-se050-sim:ci |