WolfSSLEngine ByteBuffer offset/bounds fixes and JNI arrayOffset honoring #265
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Patched JNI CI | |
| # This workflow attempts to build and test the wolfSSL JNI library with all | |
| # available wolfSSL PR patches applied, eg WOLFSSL_PR*_PATCH_APPLIED defines. | |
| # It currently only supports a single open PR patch at a time. If all patches | |
| # are merged, it builds against master with all patch defines enabled. | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ 'master' ] | |
| jobs: | |
| resolve_wolfssl_ref: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| should_run: ${{ steps.eval_prs.outputs.should_run }} | |
| wolfssl_repo: ${{ steps.eval_prs.outputs.wolfssl_repo }} | |
| wolfssl_ref: ${{ steps.eval_prs.outputs.wolfssl_ref }} | |
| patch_defines: ${{ steps.eval_prs.outputs.patch_defines }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install prerequisites | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y jq curl | |
| - name: Find patch defines | |
| id: find_defines | |
| run: | | |
| set -euo pipefail | |
| defines="" | |
| if ! defines="$(./scripts/find-wolfssl-pr-patch-defines.sh)"; then | |
| echo "::warning::find-wolfssl-pr-patch-defines.sh failed; skipping patched CI." | |
| echo "should_run=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| if [ -z "$defines" ]; then | |
| echo "::warning::No WOLFSSL_PR*_PATCH_APPLIED defines found; skipping patched CI." | |
| echo "should_run=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| echo "Found patch defines:" | |
| printf "%s\n" "$defines" | |
| { | |
| echo "should_run=true" | |
| echo "defines<<EOF" | |
| printf "%s\n" "$defines" | |
| echo "EOF" | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Evaluate PR statuses | |
| id: eval_prs | |
| if: steps.find_defines.outputs.should_run == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| defines="${{ steps.find_defines.outputs.defines }}" | |
| should_run=true | |
| wolfssl_repo="wolfSSL/wolfssl" | |
| wolfssl_ref="master" | |
| found_open=false | |
| patch_defines="" | |
| echo "Evaluating patch defines:" | |
| printf "%s\n" "$defines" | |
| while read -r define; do | |
| define="$(printf "%s" "$define" | tr -d '\r' | xargs)" | |
| [ -z "$define" ] && continue | |
| pr_number="$(printf "%s" "$define" | sed -E 's/^WOLFSSL_PR([0-9]+)_PATCH_APPLIED$/\1/')" | |
| if [ -z "$pr_number" ] || [ "$pr_number" = "$define" ]; then | |
| echo "::warning::Failed to derive PR number from define $define; skipping patched CI." | |
| echo "should_run=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| pr_info="" | |
| if ! pr_info="$(./scripts/find-pr-info.sh "$pr_number" --repo wolfSSL/wolfssl)"; then | |
| echo "::warning::find-pr-info.sh failed for PR #$pr_number; skipping patched CI." | |
| echo "should_run=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| if [ -z "$pr_info" ]; then | |
| echo "::warning::Unable to resolve PR #$pr_number info; skipping patched CI." | |
| echo "should_run=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| echo "PR #$pr_number raw info:" | |
| printf "%s\n" "$pr_info" | |
| info_repo="$(printf "%s\n" "$pr_info" | sed -n 's/^repo://p')" | |
| info_branch="$(printf "%s\n" "$pr_info" | sed -n 's/^branch://p')" | |
| info_commit="$(printf "%s\n" "$pr_info" | sed -n 's/^commit://p')" | |
| info_status="$(printf "%s\n" "$pr_info" | sed -n 's/^status://p')" | |
| if [ -z "$info_repo" ] || [ -z "$info_branch" ] || [ -z "$info_commit" ] || [ -z "$info_status" ]; then | |
| echo "::warning::Missing expected PR info fields for PR #$pr_number; skipping patched CI." | |
| echo "should_run=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| case "$info_status" in | |
| merged) | |
| continue | |
| ;; | |
| open) | |
| if [ "$found_open" = "false" ]; then | |
| wolfssl_repo="$info_repo" | |
| wolfssl_ref="$info_commit" | |
| found_open=true | |
| patch_defines="WOLFSSL_PR${pr_number}_PATCH_APPLIED" | |
| echo "PR #$pr_number is open; using repo $wolfssl_repo" | |
| echo "PR #$pr_number is open; using branch $info_branch" | |
| echo "PR #$pr_number is open; using commit $wolfssl_ref" | |
| else | |
| echo "::warning::Found multiple PRs with patch defines; unable to determine which one to use; skipping patched CI." | |
| should_run=false | |
| break | |
| fi | |
| ;; | |
| *) | |
| echo "::warning::PR #$pr_number is in unexpected state: $info_status; skipping patched CI." | |
| should_run=false | |
| break | |
| ;; | |
| esac | |
| done <<EOF | |
| $defines | |
| EOF | |
| echo "should_run=$should_run" >> "$GITHUB_OUTPUT" | |
| echo "wolfssl_repo=$wolfssl_repo" >> "$GITHUB_OUTPUT" | |
| echo "wolfssl_ref=$wolfssl_ref" >> "$GITHUB_OUTPUT" | |
| echo "patch_defines=$patch_defines" >> "$GITHUB_OUTPUT" | |
| echo "Using: " | |
| echo "repo : $wolfssl_repo" | |
| echo "ref : $wolfssl_ref" | |
| echo "branch : $info_branch" | |
| echo "defines: $patch_defines" | |
| patched_jni_build: | |
| needs: resolve_wolfssl_ref | |
| if: needs.resolve_wolfssl_ref.outputs.should_run == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache JUnit dependencies | |
| uses: actions/cache@v4 | |
| id: cache-junit | |
| with: | |
| path: junit | |
| key: junit-jars-v1 | |
| - name: Download junit-4.13.2.jar | |
| if: steps.cache-junit.outputs.cache-hit != 'true' | |
| run: curl -fsSL -o "$GITHUB_WORKSPACE/junit/junit-4.13.2.jar" https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar | |
| - name: Download hamcrest-all-1.3.jar | |
| if: steps.cache-junit.outputs.cache-hit != 'true' | |
| run: curl -fsSL -o "$GITHUB_WORKSPACE/junit/hamcrest-all-1.3.jar" https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar | |
| - name: Build native wolfSSL | |
| uses: wolfSSL/actions-build-autotools-project@v1 | |
| with: | |
| repository: ${{ needs.resolve_wolfssl_ref.outputs.wolfssl_repo }} | |
| ref: ${{ needs.resolve_wolfssl_ref.outputs.wolfssl_ref }} | |
| path: wolfssl | |
| configure: --enable-jni | |
| check: false | |
| install: true | |
| - name: Setup java | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: zulu | |
| java-version: '21' | |
| - name: Set JUNIT_HOME | |
| run: | | |
| echo "JUNIT_HOME=$GITHUB_WORKSPACE/junit" >> "$GITHUB_ENV" | |
| - name: Set LD_LIBRARY_PATH | |
| run: | | |
| echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV" | |
| - name: Build and test JNI library with all patches enabled | |
| run: | | |
| make build check PREFIX=$GITHUB_WORKSPACE/build-dir ENABLE_PATCHES=1 PATCH_DEFINES="${{ needs.resolve_wolfssl_ref.outputs.patch_defines }}" | |
| - name: Show logs on failure | |
| if: failure() || cancelled() | |
| run: | | |
| cat build/reports/*.txt |