From 09f4b84654b71099559492e9aed5e1a38bf24815 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Wed, 17 Feb 2021 18:41:30 +1100
Subject: Convert most github hosted tests to new config structure.

---
 .github/configs             | 31 +++++++++++++--
 .github/setup_ci.sh         | 22 ++++++-----
 .github/workflows/c-cpp.yml | 93 ++++++++++-----------------------------------
 3 files changed, 61 insertions(+), 85 deletions(-)

(limited to '.github')

diff --git a/.github/configs b/.github/configs
index 1cf80027..fa0ceff7 100755
--- a/.github/configs
+++ b/.github/configs
@@ -21,13 +21,38 @@ LIBCRYPTOFLAGS=""
 case "$config" in
     default|sol64)
 	;;
+    kitchensink)
+	CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam --with-security-key-builtin"
+	CONFIGFLAGS="${CONFIGFLAGS} --with-selinux"
+	;;
+    hardenedmalloc)
+	CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
+	;;
+    kerberos5)
+	CONFIGFLAGS="--with-kerberos5"
+	;;
+    libedit)
+	CONFIGFLAGS="--with-libedit"
+	;;
     *pam)
 	CONFIGFLAGS="--with-pam"
 	SSHD_CONFOPTS="UsePam yes"
 	;;
+    libressl-head)
+	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl/head --with-rpath=-Wl,-rpath,"
+	;;
+    openssl-head)
+	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl/head --with-rpath=-Wl,-rpath,"
+	;;
+    selinux)
+	CONFIGFLAGS="--with-selinux"
+	;;
+    sk)
+	CONFIGFLAGS="--with-security-key-builtin"
+        ;;
     without-openssl)
 	LIBCRYPTOFLAGS="--without-openssl"
-        TEST_TARGET=t-exec
+	TEST_TARGET=t-exec
 	;;
     *)
 	echo "Unknown configuration $config"
@@ -53,8 +78,8 @@ esac
 # If we have a local openssl/libressl, use that.
 if [ -z "${LIBCRYPTOFLAGS}" ]; then
 	# last-match
-	for i in /usr/local /usr/local/ssl; do
-		if [ -x ${i}/bin/openssl ]; then
+	for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
+		if [ -d ${i}/bin/openssl ]; then
 			LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
 		fi
 	done
diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index 187a4fad..16eca545 100755
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -18,35 +18,39 @@ set -ex
 
 lsb_release -a
 
+if [ "${TARGETS}" = "kitchensink" ]; then
+	TARGETS="kerberos5 libedit pam sk selinux"
+fi
+
 for TARGET in $TARGETS; do
     case $TARGET in
-    ""|--without-openssl|--without-zlib|--with-Werror|--with-rpath*|--with-ssl-dir=*|--with-zlib=*)
+    default|without-openssl|without-zlib)
         # nothing to do
         ;;
-    "--with-kerberos5")
+    kerberos5)
         PACKAGES="$PACKAGES heimdal-dev"
         #PACKAGES="$PACKAGES libkrb5-dev"
         ;;
-    "--with-libedit")
+    libedit)
         PACKAGES="$PACKAGES libedit-dev"
         ;;
-    "--with-pam")
+    *pam)
         PACKAGES="$PACKAGES libpam0g-dev"
         ;;
-    "--with-security-key-builtin")
+    sk)
         INSTALL_FIDO_PPA="yes"
         PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev"
         ;;
-    "--with-selinux")
+    selinux)
         PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
         ;;
-    "--with-ldflags=-lhardened_malloc")
+    hardenedmalloc)
         INSTALL_HARDENED_MALLOC=yes
        ;;
-    "--with-ssl-dir=/opt/openssl/head")
+    openssl-head)
         INSTALL_OPENSSL_HEAD=yes
        ;;
-    "--with-ssl-dir=/opt/libressl/head")
+    libressl-head)
         INSTALL_LIBRESSL_HEAD=yes
        ;;
     *) echo "Invalid option '${TARGET}'"
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
index 7d02bc31..fe910bb7 100644
--- a/.github/workflows/c-cpp.yml
+++ b/.github/workflows/c-cpp.yml
@@ -7,77 +7,27 @@ on:
     branches: [ master ]
 
 jobs:
-  ubuntu-20_04:
+  linux:
     if: github.repository != 'openssh/openssh-portable-selfhosted'
-    runs-on: ubuntu-20.04
     strategy:
+      fail-fast: false
       matrix:
-        configs:
-        - ""
-        - "--with-kerberos5 --with-libedit --with-pam --with-security-key-builtin --with-selinux --with-Werror"
-        - "--with-ldflags=-lhardened_malloc"
-        - "--with-ssl-dir=/opt/openssl/head --with-rpath=-Wl,-rpath,"
-        - "--with-ssl-dir=/opt/libressl/head --with-rpath=-Wl,-rpath,"
-    steps:
-    - uses: actions/checkout@v2
-    - name: setup CI system
-      run: ./.github/setup_ci.sh ${{ matrix.configs }}
-    - name: autoreconf
-      run: autoreconf
-    - name: configure
-      run: ./configure ${{ matrix.configs }}
-    - name: make
-      run: make -j2
-    - name: copy moduli
-      run: sudo cp moduli /usr/local/etc/
-    - name: make tests
-      run: ./.github/run_test.sh ${{ matrix.configs }}
-      env:
-        SUDO: sudo
-        TEST_SSH_UNSAFE_PERMISSIONS: 1
-
-
-  ubuntu-18_04:
-    if: github.repository != 'openssh/openssh-portable-selfhosted'
-    runs-on: ubuntu-18.04
-    strategy:
-      matrix:
-        configs:
-        - ""
-        - "--with-kerberos5"
-        - "--with-libedit"
-        - "--with-pam"
-        - "--with-security-key-builtin"
-        - "--with-selinux"
-        - "--with-kerberos5 --with-libedit --with-pam --with-security-key-builtin --with-selinux"
-        - "--without-openssl --without-zlib"
-    steps:
-    - uses: actions/checkout@v2
-    - name: setup CI system
-      run: ./.github/setup_ci.sh ${{ matrix.configs }}
-    - name: autoreconf
-      run: autoreconf
-    - name: configure
-      run: ./configure ${{ matrix.configs }}
-    - name: make
-      run: make -j2
-    - name: copy moduli
-      run: sudo cp moduli /usr/local/etc/
-    - name: make tests
-      run: ./.github/run_test.sh ${{ matrix.configs }}
-      env:
-        SUDO: sudo
-        TEST_SSH_UNSAFE_PERMISSIONS: 1
-
-
-  ubuntu-16_04:
-    if: github.repository != 'openssh/openssh-portable-selfhosted'
-    runs-on: ubuntu-16.04
-    strategy:
-      matrix:
-        configs:
-        - ""
-        - "--with-pam --with-selinux --with-libedit --with-kerberos5 "
+        os: [ubuntu-16_04, ubuntu-18_04, ubuntu-20.04]
+        configs: [default, pam]
+        # Then we include any extra configs we want to test for specific VMs.
+        include:
+          - { os: ubuntu-20.04, configs: kitchensink }
+          - { os: ubuntu-20.04, configs: hardenedmalloc }
+          - { os: ubuntu-20.04, configs: libressl-head }
+          - { os: ubuntu-20.04, configs: openssl-head }
+          - { os: ubuntu-18.04, configs: kerberos5 }
+          - { os: ubuntu-18.04, configs: libedit }
+          - { os: ubuntu-18.04, configs: sk }
+          - { os: ubuntu-18.04, configs: selinux }
+          - { os: ubuntu-18.04, configs: kitchensink }
+          - { os: ubuntu-18.04, configs: without-openssl }
+          - { os: ubuntu-16_04, configs: kitchensink }
+    runs-on: ${{ matrix.os }}
     steps:
     - uses: actions/checkout@v2
     - name: setup CI system
@@ -85,7 +35,7 @@ jobs:
     - name: autoreconf
       run: autoreconf
     - name: configure
-      run: ./configure ${{ matrix.configs }}
+      run: ./.github/configure.sh ${{ matrix.configs }}
     - name: make
       run: make -j2
     - name: copy moduli
@@ -96,15 +46,12 @@ jobs:
         SUDO: sudo
         TEST_SSH_UNSAFE_PERMISSIONS: 1
 
-
   macos:
     if: github.repository != 'openssh/openssh-portable-selfhosted'
     strategy:
       matrix:
         os: [ macos-10.15, macos-11.0 ]
-        configs:
-        - ""
-        - "--with-pam"
+        configs: [default, pam]
     runs-on: ${{ matrix.os }}
     steps:
     - uses: actions/checkout@v2
-- 
cgit v1.2.3