Skip to content

Fixing build parameters #21

Fixing build parameters

Fixing build parameters #21

name: centos-and-fedora
on:
push:
branches:
- main
- maxirmx-refactor-centos
- 'release/**'
paths-ignore:
- '/*.sh'
- '/.*'
- '/_*'
- 'Brewfile'
- 'docs/**'
- '**.adoc'
- '**.md'
- '**.nix'
- 'flake.lock'
- '.github/workflows/*.yml'
- '!.github/workflows/centos-and-fedora-new.yml'
pull_request:
paths-ignore:
- '/*.sh'
- '/.*'
- '/_*'
- 'Brewfile'
- 'docs/**'
- '**.adoc'
- '**.md'
- '**.nix'
- 'flake.lock'
concurrency:
group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}'
cancel-in-progress: true
env:
CORES: 2
RNP_LOG_CONSOLE: 1
CODECOV_TOKEN: dbecf176-ea3f-4832-b743-295fd71d0fad
jobs:
tests:
name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }} ${{ matrix.image.botan_ver }}; gpg ${{ matrix.image.gpg_ver }}; ${{ matrix.env.BUILD_MODE }}]
runs-on: ubuntu-latest
timeout-minutes: 120
strategy:
fail-fast: false
matrix:
env:
- { CC: gcc, CXX: g++, BUILD_MODE: normal }
# normal --> Release build; sanitize --> Debug build so theoretically test conditions are different
# - { CC: clang, CXX: clang++, BUILD_MODE: normal }
- { CC: clang, CXX: clang++, BUILD_MODE: sanitize }
# All cotainers have gpg stable and lts installed
# centos-8-amd64 has botan 2.18.2 installed
# fedora-35-amd64 has botan 3.1.1 installed
# Any other version has to be built explicitly !
# Pls refer to https://github.com/rnpgp/rnp-ci-containers#readme for more image details
image:
- { container: 'centos-7-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'stable' }
- { container: 'centos-8-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'system' }
- { container: 'centos-8-amd64', backend: 'Botan', botan_ver: '2.18.2', sm2: On, gpg_ver: 'lts' }
- { container: 'centos-8-amd64', backend: 'Botan', botan_ver: '2.18.2', sm2: Off, gpg_ver: 'stable' }
- { container: 'centos-9-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'stable' }
- { container: 'fedora-35-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'system' }
- { container: 'fedora-36-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'system' }
- { container: 'fedora-36-amd64', backend: 'Botan', botan_ver: '3.1.1', gpg_ver: 'system' }
# Tests against gpg head fails
# - { container: 'fedora-36-amd64', backend: 'Botan', botan_ver: 'system', gpg_ver: 'head' }
- { container: 'fedora-36-amd64', backend: 'Botan', botan_ver: 'head', gpg_ver: 'system' }
- { container: 'centos-8-amd64', backend: 'OpenSSL', gpg_ver: 'lts' }
- { container: 'centos-9-amd64', backend: 'OpenSSL', idea: On, gpg_ver: 'stable' }
- { container: 'centos-9-amd64', backend: 'OpenSSL', idea: Off,gpg_ver: 'stable' }
- { container: 'fedora-35-amd64', backend: 'OpenSSL', gpg_ver: 'system' }
- { container: 'fedora-36-amd64', backend: 'OpenSSL', gpg_ver: 'system' }
include:
# Coverage report for Botan backend
- image: { container: 'centos-8-amd64', gpg_ver: stable, backend: Botan, botan_ver: '2.18.2' }
env: { CC: gcc, CXX: g++, BUILD_MODE: coverage }
# Coverage report for OpenSSL 1.1.1 backend
- image: { container: 'centos-8-amd64', gpg_ver: stable, backend: OpenSSL }
env: { CC: gcc, CXX: g++, BUILD_MODE: coverage }
# Coverage report for OpenSSL 3.0 backend
- image: { container: 'fedora-36-amd64', gpg_ver: stable, backend: OpenSSL }
env: { CC: gcc, CXX: g++, BUILD_MODE: coverage }
container: ghcr.io/maxirmx/ci-rnp-${{ matrix.image.container }}
env: ${{ matrix.env }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
- name: Setup environment
run: |
set -o errexit -o pipefail -o noclobber -o nounset
backend=${{ matrix.image.backend }}
backend="$(echo "${backend:-}" | tr '[:upper:]' '[:lower:]')"
echo CRYPTO_BACKEND="$backend" >> $GITHUB_ENV
if [[ '${{ matrix.image.gpg_ver }}' != 'system' && '${{ matrix.image.gpg_ver }}' != '' ]]; then
echo "/opt/gpg/${{ matrix.image.gpg_ver }}/bin" >> $GITHUB_PATH
fi
if [[ '${{ matrix.image.botan_ver }}' != 'system' && '${{ matrix.image.botan_ver }}' != '' ]]; then
echo "/opt/botan/${{ matrix.image.botan_ver }}/bin" >> $GITHUB_PATH
echo BOTAN_ROOT_DIR="/opt/botan/${{ matrix.image.botan_ver }}" >> $GITHUB_ENV
echo LD_LIBRARY_PATH="/opt/botan/${{ matrix.image.botan_ver }}/lib${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}" >> $GITHUB_ENV
echo PKG_CONFIG_PATH="/opt/botan/${{ matrix.image.botan_ver }}/lib/pkgconfig${PKG_CONFIG_PATH:+:${PKG_CONFIG_PATH}}" >> $GITHUB_ENV
echo CPATH="/opt/botan/${{ matrix.image.botan_ver }}/include${CPATH:+:${CPATH}}" >> $GITHUB_ENV
fi
echo "ENABLE_SM2=${{ matrix.image.sm2 }}" >> $GITHUB_ENV
echo "ENABLE_IDEA=${{ matrix.image.idea }}" >> $GITHUB_ENV
useradd rnpuser
printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser
printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf
# Need to build HEAD version since it is always different
- name: Build gpg head
if: matrix.image.gpg_ver == 'head'
run: /opt/tools/tools.sh build_and_install_gpg head
- name: Build botan head
if: matrix.image.botan_ver == 'head'
run: /opt/tools/tools.sh build_and_install_botan head
- name: Configure
run: |
cmakeopts=(-DCRYPTO_BACKEND=${{ matrix.image.backend }})
[[ "${{ env.BUILD_MODE }}" = "coverage" ]] && cmakeopts+=(-DENABLE_COVERAGE=yes)
[[ "${{ env.BUILD_MODE }}" = "sanitize" ]] && cmakeopts+=(-DENABLE_SANITIZERS=yes)
[ -n "$ENABLE" ] && cmakeopts+=(-DENABLE_SM2="$ENABLE_SM2")
[ -n "$ENABLE_IDEA" ] && cmakeopts+=(-DENABLE_IDEA="$ENABLE_IDEA")
cmake -B build \
-DBUILD_SHARED_LIBS=ON \
-DDOWNLOAD_GTEST=ON \
-DCMAKE_BUILD_TYPE=Release \
-DENABLE_COVERAGE=${parameter:=word}
$cmakeopts .
- name: Build
run: cmake --build build --parallel ${{ env.CORES }}
- name: Test
run: |
mkdir -p "build/Testing/Temporary"
cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
export PATH="$PWD/build/src/lib:$PATH"
chown -R rnpuser:rnpuser $PWD
exec su rnpuser -c "ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure"
- name: Coverage
if: env.BUILD_MODE == 'coverage'
run: |
curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --keyring trustedkeys.gpg --import # One-time step
curl -Os https://uploader.codecov.io/latest/linux/codecov
curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM
curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM.sig
gpgv codecov.SHA256SUM.sig codecov.SHA256SUM
shasum -a 256 -c codecov.SHA256SUM
chmod +x codecov
find "build" -type f -name '*.gcno' -exec gcov -p {} +
./codecov
- name: Install
if: env.BUILD_MODE != 'coverage'
run: cmake --install build
- name: Checkout shell test framework
if: env.BUILD_MODE != 'coverage'
uses: actions/checkout@v3
with:
repository: kward/shunit2
path: ci/tests/shunit2
- name: Run additional ci tests
if: env.BUILD_MODE != 'coverage'
run: RNP_INSTALL=/usr/local ci/tests/ci-tests.sh