diff options
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/ci.yml | 41 | ||||
-rw-r--r-- | .github/workflows/coveralls.yml | 4 | ||||
-rw-r--r-- | .github/workflows/cross-compiles.yml | 6 | ||||
-rwxr-xr-x | .github/workflows/make-test | 3 | ||||
-rw-r--r-- | .github/workflows/provider-compatibility.yml | 13 | ||||
-rw-r--r-- | .github/workflows/run-checker-merge.yml | 2 | ||||
-rw-r--r-- | .github/workflows/static-analysis-on-prem.yml | 39 | ||||
-rw-r--r-- | .github/workflows/windows.yml | 2 |
8 files changed, 82 insertions, 28 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b8b8f2ec3c..8c1fed8f97 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,7 +69,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: config - run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump + run: CPPFLAGS='-ansi -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --banner=Configured no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips --strict-warnings && perl configdata.pm --dump - name: make run: make -s -j4 @@ -96,7 +96,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@basic-gcc" - path: artifacts/ + path: artifacts.tar.gz basic_clang: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -118,7 +118,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@basic-clang" - path: artifacts/ + path: artifacts.tar.gz self-hosted: if: github.repository == 'openssl/openssl' @@ -143,7 +143,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@self-hosted-${{ matrix.os }}" - path: artifacts/ + path: artifacts.tar.gz minimal: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -165,8 +165,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@minimal" - path: artifacts/ - if-no-files-found: ignore + path: artifacts.tar.gz no-deprecated: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -188,7 +187,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@no-deprecated" - path: artifacts/ + path: artifacts.tar.gz no-shared-ubuntu: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -210,7 +209,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@no-shared-ubuntu" - path: artifacts/ + path: artifacts.tar.gz no-shared-macos: strategy: @@ -237,7 +236,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@no-shared-${{ matrix.os }}" - path: artifacts/ + path: artifacts.tar.gz non-caching: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -263,7 +262,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@non-caching" - path: artifacts/ + path: artifacts.tar.gz address_ub_sanitizer: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -289,7 +288,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@address_ub_sanitizer" - path: artifacts/ + path: artifacts.tar.gz fuzz_tests: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -315,7 +314,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@fuzz_tests" - path: artifacts/ + path: artifacts.tar.gz if-no-files-found: ignore memory_sanitizer: @@ -343,7 +342,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@memory_sanitizer" - path: artifacts/ + path: artifacts.tar.gz threads_sanitizer: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -369,7 +368,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@threads_sanitizer" - path: artifacts/ + path: artifacts.tar.gz enable_non-default_options: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -393,7 +392,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@enable_non-default_options" - path: artifacts/ + path: artifacts.tar.gz full_featured: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -423,7 +422,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@full_featured" - path: artifacts/ + path: artifacts.tar.gz no-legacy: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -445,7 +444,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@no-legacy" - path: artifacts/ + path: artifacts.tar.gz legacy: runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} @@ -467,7 +466,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@legacy" - path: artifacts/ + path: artifacts.tar.gz # out-of-source-and-install checks multiple things at the same time: # - That building, testing and installing works from an out-of-source @@ -509,7 +508,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@out-of-readonly-source-and-install-ubuntu" - path: build/artifacts/ + path: build/artifacts.tar.gz - name: make install run: make install working-directory: ./build @@ -554,7 +553,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: "ci@out-of-readonly-source-and-install-${{ matrix.os }}" - path: build/artifacts/ + path: build/artifacts.tar.gz - name: make install run: make install working-directory: ./build @@ -570,7 +569,7 @@ jobs: sudo apt-get update sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy - name: install cpanm and Test2::V0 for gost_engine testing - uses: perl-actions/install-with-cpanm@v1 + uses: perl-actions/install-with-cpanm@stable with: install: Test2::V0 - name: setup hostname workaround diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index aae4fbf4f8..b738f89c66 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -56,7 +56,7 @@ jobs: sudo apt-get -yq install lcov sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy - name: install Test2::V0 for gost_engine testing - uses: perl-actions/install-with-cpanm@v1 + uses: perl-actions/install-with-cpanm@stable with: install: Test2::V0 - name: setup hostname workaround @@ -82,7 +82,7 @@ jobs: --exclude "/usr/include/*" -o ./lcov.info - name: Coveralls upload - uses: coverallsapp/github-action@v2.2.3 + uses: coverallsapp/github-action@v2.3.0 with: github-token: ${{ secrets.github_token }} git-branch: ${{ matrix.branches.branch }} diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index 4e5dfa45f2..0d0384c8e5 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -66,9 +66,11 @@ jobs: target: linux-armv4, tests: -test_includes -test_store -test_x509_store }, { + # gcc hppa seems to have some potential compiler issues + # with -O2 on this platform, reduce optimization to -01 arch: hppa-linux-gnu, libs: libc6-dev-hppa-cross, - target: -static linux-generic32, + target: -static -O1 linux-generic32, fips: no, tests: -test_includes -test_store -test_x509_store }, { @@ -220,5 +222,5 @@ jobs: uses: actions/upload-artifact@v3 with: name: "cross-compiles@${{ matrix.platform.arch }}" - path: artifacts/ + path: artifacts.tar.gz if-no-files-found: ignore diff --git a/.github/workflows/make-test b/.github/workflows/make-test index 247b4c61bd..195928e786 100755 --- a/.github/workflows/make-test +++ b/.github/workflows/make-test @@ -37,4 +37,7 @@ echo "Test suite exited with $RESULT, artifacts path is $OSSL_CI_ARTIFACTS_PATH" (cd "$OSSL_CI_ARTIFACTS_PATH"; find . -type f | sort) echo "::endgroup::" +echo "Archive artifacts" +tar -czvf artifacts.tar.gz $OSSL_CI_ARTIFACTS_PATH + exit $RESULT diff --git a/.github/workflows/provider-compatibility.yml b/.github/workflows/provider-compatibility.yml index 75e8404e12..3fca2f9699 100644 --- a/.github/workflows/provider-compatibility.yml +++ b/.github/workflows/provider-compatibility.yml @@ -117,6 +117,14 @@ jobs: dir: branch-3.1, tgz: branch-3.1.tar.gz, }, { + name: openssl-3.2, + dir: branch-3.2, + tgz: branch-3.2.tar.gz, + }, { + name: openssl-3.3, + dir: branch-3.3, + tgz: branch-3.3.tar.gz, + }, { name: master, dir: branch-master, tgz: branch-master.tar.gz, @@ -187,9 +195,10 @@ jobs: # Note that releases are not used as a test environment for # later providers. Problems in these situations ought to be # caught by cross branch testing before the release. - tree_a: [ branch-master, branch-3.1, branch-3.0, + tree_a: [ branch-master, branch-3.3, branch-3.2, branch-3.1, branch-3.0, openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ] - tree_b: [ branch-master, branch-3.1, branch-3.0 ] + tree_b: [ branch-master, branch-3.3, branch-3.2, branch-3.1, + branch-3.0 ] steps: - name: early exit checks id: early_exit diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index e5746d75bd..98dcde18b9 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -33,8 +33,10 @@ jobs: no-srp, no-srtp, no-ts, + no-integrity-only-ciphers, enable-weak-ssl-ciphers, enable-zlib, + enable-pie, ] runs-on: ubuntu-latest steps: diff --git a/.github/workflows/static-analysis-on-prem.yml b/.github/workflows/static-analysis-on-prem.yml new file mode 100644 index 0000000000..4c920fcad4 --- /dev/null +++ b/.github/workflows/static-analysis-on-prem.yml @@ -0,0 +1,39 @@ +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +name: Static Analysis On Prem + +on: + schedule: + - cron: '20 0 * * *' + workflow_dispatch: + +permissions: + contents: read + +jobs: + coverity-analysis: + runs-on: ubuntu-latest + container: quay.io/openssl-ci/coverity-analysis:2024.3.1 + steps: + - name: Put license + run: echo ${{ secrets.COVERITY_LICENSE }} | base64 -d > /opt/coverity-analysis/bin/license.dat + - name: Put auth key file + run: | + echo ${{ secrets.COVERITY_AUTH_KEY }} | base64 -d > /auth_key_file.txt + chmod 0600 /auth_key_file.txt + - uses: actions/checkout@v4 + - name: Config + run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC + - name: Config dump + run: ./configdata.pm --dump + - name: Make + run: cov-build --dir cov-int make -s -j4 + - name: Analyze + run: cov-analyze --dir cov-int --strip-path $(pwd) + - name: Commit defects + run: cov-commit-defects --url https://coverity.openssl.org:443 --stream OpenSSL --dir cov-int --auth-key-file /auth_key_file.txt diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 1df44c4f00..c24e7f894d 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -66,7 +66,7 @@ jobs: run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 - name: install # Run on 64 bit only as 32 bit is slow enough already - if: $${{ matrix.platform.arch == 'win64' }} + if: ${{ matrix.platform.arch == 'win64' }} run: | mkdir _dest nmake install DESTDIR=_dest |