Refactor rnp_key_store_t to rnp::KeyStore. #659
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: centos-and-fedora | |
on: | |
push: | |
branches: | |
- main | |
- 'release/**' | |
paths-ignore: | |
- '/*.sh' | |
- '/.*' | |
- '/_*' | |
- 'Brewfile' | |
- 'docs/**' | |
- '**.adoc' | |
- '**.md' | |
- '**.nix' | |
- 'flake.lock' | |
- '.github/workflows/*.yml' | |
- '!.github/workflows/centos-and-fedora.yml' | |
pull_request: | |
paths-ignore: | |
- '/*.sh' | |
- '/.*' | |
- '/_*' | |
- 'Brewfile' | |
- 'docs/**' | |
- '**.adoc' | |
- '**.md' | |
- '**.nix' | |
- 'flake.lock' | |
concurrency: | |
group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' | |
cancel-in-progress: true | |
env: | |
CODECOV_TOKEN: dbecf176-ea3f-4832-b743-295fd71d0fad | |
# | |
# Dependencies that are created during packaging | |
# | |
# OS botan botan repository json-c json-c repository | |
# ---------------------------------------------------------------------------- | |
# CentOS 7 2.16.0 ribose json-c12 (0.12.1) ribose | |
# CentOS 8 2.16.0 ribose 0.13.1 el8 | |
# CentOS 9 2.19.3 el9 0.14 el9 | |
# Fedora 35 2.18.2 fc35 0.15 fc35 | |
# Fedora 36 2.19.1 fc36 0.15 fc36 | |
# | |
jobs: | |
tests: | |
runs-on: ubuntu-latest | |
if: "!contains(github.event.head_commit.message, 'skip ci')" | |
container: ${{ matrix.image.container }} | |
timeout-minutes: 70 | |
strategy: | |
fail-fast: false | |
matrix: | |
env: | |
- { CC: gcc, CXX: g++, BUILD_MODE: normal, USE_STATIC_DEPENDENCIES: yes } | |
# normal --> Release build; sanitize --> Debug build so theoretically test conditions are different | |
# - { CC: clang, CXX: clang++, BUILD_MODE: normal, USE_STATIC_DEPENDENCIES: yes } | |
- { CC: clang, CXX: clang++, BUILD_MODE: sanitize, USE_STATIC_DEPENDENCIES: yes } | |
# Should you add a new OS/version please consider adding its default version of botan2 and json-c to this test matrix | |
image: | |
- { name: 'CentOS 7', container: 'centos:7', gpg_ver: stable, backend: Botan, botan_ver: 2.16.0, locale: en_US.UTF-8 } | |
- { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, botan_ver: 2.16.0, locale: C.UTF-8 } | |
- { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: Botan, botan_ver: 2.19.3, locale: C.UTF-8 } | |
- { name: 'Fedora 35', container: 'fedora:35', gpg_ver: stable, backend: Botan, botan_ver: 2.18.2, locale: C.UTF-8 } | |
- { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: Botan, botan_ver: 2.19.1, locale: C.UTF-8 } | |
- { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: Botan, botan_ver: 3.0.0, locale: C.UTF-8 } | |
- { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: lts, backend: Botan, sm2: On, locale: C.UTF-8 } | |
- { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, sm2: Off, locale: C.UTF-8 } | |
- { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: lts, backend: OpenSSL, locale: C.UTF-8 } | |
- { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: beta, backend: Botan, sm2: On, locale: C.UTF-8 } | |
- { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: 2.3.1, backend: Botan, sm2: On, locale: C.UTF-8 } | |
- { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: OpenSSL, idea: On, locale: C.UTF-8 } | |
- { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', gpg_ver: stable, backend: OpenSSL, idea: Off, locale: C.UTF-8 } | |
- { name: 'Fedora 35', container: 'fedora:35', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } | |
- { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } | |
include: | |
# Coverage report for Botan backend | |
- image: { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: Botan, sm2: On, locale: C.UTF-8 } | |
env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } | |
# Coverage report for OpenSSL 1.1.1 backend | |
- image: { name: 'CentOS 8', container: 'tgagor/centos:stream8', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } | |
env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } | |
# Coverage report for OpenSSL 3.0 backend | |
- image: { name: 'Fedora 36', container: 'fedora:36', gpg_ver: stable, backend: OpenSSL, locale: C.UTF-8 } | |
env: { CC: gcc, CXX: g++, BUILD_MODE: coverage , RNP_TESTS: ".*", USE_STATIC_DEPENDENCIES: yes } | |
env: ${{ matrix.env }} | |
name: ${{ matrix.image.name }} ${{ matrix.image.backend }} [test mode ${{ matrix.env.BUILD_MODE }}; CC ${{ matrix.env.CC }}; GnuPG ${{ matrix.image.gpg_ver }}; SM2 ${{ matrix.image.sm2 }}; IDEA ${{ matrix.image.idea }}] | |
steps: | |
- name: Install prerequisites for prerequisites | |
if: matrix.image.container == 'centos:7' | |
run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm | |
- name: Install prerequisites | |
run: yum -y install git sudo | |
- name: Setup environment | |
run: | | |
set -o errexit -o pipefail -o noclobber -o nounset | |
echo LANG=${{ matrix.image.locale }} >> $GITHUB_ENV | |
echo LC_ALL=${{ matrix.image.locale }} >> $GITHUB_ENV | |
echo LC_LANG=${{ matrix.image.locale }} >> $GITHUB_ENV | |
echo GPG_VERSION=${{ matrix.image.gpg_ver }} >> $GITHUB_ENV | |
echo ENABLE_SM2=${{ matrix.image.sm2 }} >> $GITHUB_ENV | |
echo ENABLE_IDEA=${{ matrix.image.idea }} >> $GITHUB_ENV | |
backend=${{ matrix.image.backend }} | |
backend="$(echo "${backend:-}" | tr '[:upper:]' '[:lower:]')" | |
echo CRYPTO_BACKEND="$backend" >> $GITHUB_ENV | |
echo BOTAN_VERSION=${{ matrix.image.botan_ver }} >> $GITHUB_ENV | |
useradd rnpuser | |
echo -e "rnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser | |
echo -e "rnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Setup noncacheable dependencies | |
run: | | |
. ci/gha/setup-env.inc.sh | |
exec su rnpuser -c ci/install_noncacheable_dependencies.sh | |
- name: Cache | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: ${{ env.CACHE_DIR }} | |
key: ${{ matrix.image.container }}-${{ matrix.image.backend }}-${{ matrix.env.BUILD_MODE }}-${{ matrix.env.CC }}-${{ matrix.image.gpg_ver }}-${{ matrix.image.sm2 }}-${{ matrix.image.idea }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/centos-and-fedora.yml') }} | |
- name: Adjust folder ownership | |
run: | | |
set -o errexit -o pipefail -o noclobber -o nounset | |
chown -R rnpuser:rnpuser $PWD | |
- name: Setup cacheable dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: exec su rnpuser -c ci/install_cacheable_dependencies.sh | |
- name: Build and Test | |
run: exec su rnpuser -c ci/run.sh | |
- name: Checkout shell test framework | |
uses: actions/checkout@v3 | |
with: | |
repository: kward/shunit2 | |
path: ci/tests/shunit2 | |
- name: Run additional ci tests | |
run: ci/tests/ci-tests.sh | |
package-source: | |
runs-on: ubuntu-latest | |
container: ${{ matrix.env.container }} | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
env: | |
- { name: 'CentOS 7', container: 'centos:7', LC_ALL: en_US.UTF-8 } | |
- { name: 'CentOS 8', container: 'tgagor/centos:stream8', LC_ALL: C.UTF-8 } | |
- { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', LC_ALL: C.UTF-8 } | |
- { name: 'Fedora 35', container: 'fedora:35', LC_ALL: C.UTF-8 } | |
- { name: 'Fedora 36', container: 'fedora:36', LC_ALL: C.UTF-8 } | |
name: Package ${{ matrix.env.name }} SRPM | |
env: ${{ matrix.env }} | |
steps: | |
- name: Install prerequisites for prerequisites | |
if: matrix.env.container == 'centos:7' | |
run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm | |
- name: Install prerequisites | |
run: yum -y install git sudo rpm-build | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Setup noncacheable dependencies | |
run: | | |
. ci/gha/setup-env.inc.sh | |
ci/install_noncacheable_dependencies.sh | |
- name: Configure | |
run: cmake -B build -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF | |
- name: Package SRPM | |
run: cpack -B build/SRPM -G RPM --config build/CPackSourceConfig.cmake | |
- name: Upload SRPM | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'SRPM ${{ matrix.env.name }}' | |
path: 'build/SRPM/*.src.rpm' | |
retention-days: 5 | |
- name: Stash packaging tests | |
uses: actions/upload-artifact@v3 | |
with: | |
name: tests | |
path: 'ci/tests/**' | |
retention-days: 1 | |
package: | |
runs-on: ubuntu-latest | |
needs: package-source | |
container: ${{ matrix.env.container }} | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
env: | |
- { name: 'CentOS 7', container: 'centos:7', LC_ALL: en_US.UTF-8 } | |
# CXXFLAGS environment setting resolves dual ABI issues caused by BOTAN libraries with the version of GCC installed at 'tgagor/centos:stream8' | |
# https://gcc.gnu.org/onlinedocs/gcc-5.2.0/libstdc++/manual/manual/using_dual_abi.html | |
- { name: 'CentOS 8', container: 'tgagor/centos:stream8', CXXFLAGS: -D_GLIBCXX_USE_CXX11_ABI=0, LC_ALL: C.UTF-8 } | |
- { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9', LC_ALL: C.UTF-8 } | |
- { name: 'Fedora 35', container: 'fedora:35', LC_ALL: C.UTF-8 } | |
- { name: 'Fedora 36', container: 'fedora:36', LC_ALL: C.UTF-8 } | |
name: Package ${{ matrix.env.name }} RPM | |
env: ${{ matrix.env }} | |
steps: | |
- name: Install prerequisites for prerequisites | |
if: matrix.env.container == 'centos:7' | |
run: yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm | |
- name: Install prerequisites | |
run: yum -y install git sudo tar cpio rpm-build | |
- name: Download SRPM | |
uses: actions/download-artifact@v3 | |
with: | |
name: 'SRPM ${{ matrix.env.name }}' | |
path: ~/rpmbuild/SRPMS | |
- name: Extract SRPM | |
run: | | |
rpm -i -v ~/rpmbuild/SRPMS/*.src.rpm | |
tar xzf ~/rpmbuild/SOURCES/*.tar.gz --strip 1 -C ~/rpmbuild/SOURCES | |
- name: Setup noncacheable dependencies | |
run: | | |
cd ~/rpmbuild/SOURCES/ | |
. ci/gha/setup-env.inc.sh | |
ci/install_noncacheable_dependencies.sh | |
- name: Permanently enable rh-ruby30 | |
if: matrix.env.container == 'centos:7' | |
run: bash -c "echo \"$(cut -f 2- -d ' ' /opt/rh/rh-ruby30/enable)\"">> $GITHUB_ENV | |
- name: Build rnp | |
run: | | |
cmake ~/rpmbuild/SOURCES -B ~/rpmbuild/SOURCES/BUILD -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF \ | |
-DCMAKE_INSTALL_PREFIX=/usr | |
cmake --build ~/rpmbuild/SOURCES/BUILD --config Release | |
- name: Package rpm | |
run: cpack -G RPM -B ~/rpmbuild/SOURCES/RPMS --config ~/rpmbuild/SOURCES/BUILD/CPackConfig.cmake | |
- name: Upload Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'RPM ${{ matrix.env.name}}' | |
path: '~/rpmbuild/SOURCES/RPMS/*.rpm' | |
retention-days: 5 | |
# The main purpose of this step is to test the RPMS in a pristine environment (as for the end user). | |
# ci-scripts are deliberately not used, as they recreate the development environment, | |
# and this is something we proudly reject here | |
rpm-tests: | |
runs-on: ubuntu-latest | |
needs: package | |
container: ${{ matrix.env.container }} | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
env: | |
- { name: 'CentOS 7', container: 'centos:7' } | |
- { name: 'CentOS 8', container: 'tgagor/centos:stream8' } | |
- { name: 'CentOS 9', container: 'quay.io/centos/centos:stream9' } | |
- { name: 'Fedora 35', container: 'fedora:35' } | |
- { name: 'Fedora 36', container: 'fedora:36' } | |
name: RPM test on ${{ matrix.env.name }} | |
steps: | |
- name: Install prerequisites | |
run: yum -y install sudo wget binutils | |
# CentOS 7/8 packages depend on botan.so.16 that gets installed from ribose repo | |
# Fedora 35/36 packages depend on botan.so.19 that comes Fedora package, that is available by default | |
# CentOS 9 depend on botan.so.19 and needs EPEL9 repo that needs to be installed | |
# ribose repo is also a source of json-c (v12 aka json-c12) for CentOS 7 | |
- name: Install ribose-packages | |
if: matrix.env.container == 'centos:7' || matrix.env.container == 'tgagor/centos:stream8' | |
run: | | |
sudo rpm --import https://github.com/riboseinc/yum/raw/master/ribose-packages-next.pub | |
sudo wget https://github.com/riboseinc/yum/raw/master/ribose.repo -O /etc/yum.repos.d/ribose.repo | |
- name: Install epel-release | |
if: matrix.env.container == 'quay.io/centos/centos:stream9' | |
run: | | |
sudo dnf -y install 'dnf-command(config-manager)' | |
sudo dnf config-manager --set-enabled crb | |
sudo dnf -y install epel-release | |
- name: Install xargs | |
if: matrix.env.container == 'fedora:35' | |
run: sudo yum -y install findutils | |
- name: Download rnp rpms | |
uses: actions/download-artifact@v3 | |
with: | |
name: 'RPM ${{ matrix.env.name}}' | |
- name: Checkout shell test framework | |
uses: actions/checkout@v3 | |
with: | |
repository: kward/shunit2 | |
path: ci/tests/shunit2 | |
- name: Unstash tests | |
uses: actions/download-artifact@v3 | |
with: | |
name: tests | |
path: ci/tests | |
- name: Run rpm tests | |
# RPM tests | |
# - no source checkout or upload [we get only test scripts from the previous step using GHA artifacts] | |
# - no environment set up with rnp scripts | |
# - no dependencies setup, we test that yum can install whatever is required | |
run: | | |
chmod +x ci/tests/rpm-tests.sh | |
ci/tests/rpm-tests.sh | |
- name: Run symbol visibility tests | |
run: | | |
chmod +x ci/tests/ci-tests.sh | |
sudo yum -y localinstall librnp0-0*.*.rpm librnp0-devel-0*.*.rpm rnp0-0*.*.rpm | |
ci/tests/ci-tests.sh | |
sudo yum -y erase $(rpm -qa | grep rnp) | |
- name: Setup minimalistic build environment | |
run: | | |
sudo yum -y install make gcc gcc-c++ zlib-devel bzip2-devel botan2-devel | |
mkdir cmake | |
wget https://github.com/Kitware/CMake/releases/download/v3.12.0/cmake-3.12.0-Linux-x86_64.sh -O cmake/cmake.sh | |
sudo sh cmake/cmake.sh --skip-license --prefix=/usr/local | |
# Ribose repo provides json-c12-devel for CentOS7; | |
# el8, el9, fr35, fr36 provide json-c-devel (version 12+) | |
- name: Setup json-c12 | |
if: matrix.env.container == 'centos:7' | |
run: sudo yum -y install json-c12-devel | |
- name: Setup json-c | |
if: matrix.env.container != 'centos:7' | |
run: sudo yum -y install json-c-devel | |
- name: Run packaging tests | |
run: | | |
chmod +x ci/tests/pk-tests.sh | |
ci/tests/pk-tests.sh |