view .github/workflows/build.yml @ 1871:b89cf71ec40c

Fix accidentally commented out test matrix items
author Matt Johnston <matt@ucc.asn.au>
date Tue, 01 Feb 2022 22:25:51 +0800
parents 0dcc5b0d93fa
children 5d8dbb6fdab7
line wrap: on
line source
# Can be used locally with https://github.com/nektos/act

name: BuildTest
on:
  pull_request:
  push:
    branches:
      - master
jobs:
  build:
    runs-on: ${{ matrix.os || 'ubuntu-20.04' }}
    strategy:
      matrix:
        # Rather than a boolean False we use eg
        #   runcheck: 'no'
        # Otherwise GH expressions will make a None var
        # compare with False. We want an undefined default of True.

        # MULTI and NOWRITEV are passed as integers to the build
        include:
          - name: plain linux

          - name: multi binary
            multi: 1
            multilink: 1

          - name: multi binary, dropbearmulti argv0
            multi: 1
            multiwrapper: 1

          - name: bundled libtom, bionic , no writev()
            # test can use an older distro with bundled libtommath
            os: ubuntu-18.04
            configure_flags: --enable-bundled-libtom --enable-werror
            # NOWRITEV is unrelated, test here to save a job
            nowritev: 1
            # our tests expect >= python3.7
            runcheck: 'no'

          - name: linux clang
            cc: clang

          - name: macos 10.15
            os: macos-10.15
            cc: clang
            # OS X says daemon() and utmp are deprecated
            extracflags: -Wno-deprecated-declarations
            runcheck: 'no'
            apt: 'no'
            # fails with:
            # .../ranlib: file: libtomcrypt.a(cbc_setiv.o) has no symbols
            ranlib: ranlib -no_warning_for_no_symbols

          - name: macos 11
            os: macos-11
            cc: clang
            extracflags: -Wno-deprecated-declarations
            runcheck: 'no'
            apt: 'no'
            ranlib: ranlib -no_warning_for_no_symbols

          # # Fuzzers run standalone. A bit superfluous with cifuzz, but
          # # good to run the whole corpus to keep it working.
          # - name: fuzzing with address sanitizer
          #   configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom --enable-werror
          #   ldflags: -fsanitize=address
          #   extracflags: -fsanitize=address
          #   fuzz: True
          #   cc: clang

          # # Undefined Behaviour sanitizer
          # - name: fuzzing with undefined behaviour sanitizer
          #   configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom --enable-werror
          #   ldflags: -fsanitize=undefined
          #   # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549
          #   extracflags: -fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment
          #   fuzz: True
          #   cc: clang

    env:
      MULTI: ${{ matrix.multi }}
      CC: ${{ matrix.cc || 'gcc' }}
      LDFLAGS: ${{ matrix.ldflags }}
      EXTRACFLAGS: ${{ matrix.extracflags }}
      CONFIGURE_FLAGS: ${{ matrix.configure_flags || '--enable-werror' }}
      # for fuzzing
      CXX: clang++
      RANLIB: ${{ matrix.ranlib || 'ranlib' }}

    steps:
      - name: deps
        if: ${{ matrix.apt != 'no' }}
        run: |
          sudo apt-get -y update
          sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv $CC

      - uses: actions/[email protected]

      - name: configure
        run: ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1)

      - name: nowritev
        if: ${{ matrix.nowritev }}
        run: sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h

      - name: make
        run: make -j3

      - name: multilink
        if: ${{ matrix.multilink }}
        run: make multilink

      - name: multi wrapper script
        if: ${{ matrix.multiwrapper }}
        run: |
          cp .github/multiwrapper dropbear
          cp .github/multiwrapper dbclient
          cp .github/multiwrapper dropbearkey

      - name: makefuzz
        run: make fuzzstandalone
        if: ${{ matrix.fuzz }}

        # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093)
      - name: make install
        run: make install

      - name: keys
        run: |
          mkdir -p ~/.ssh
          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys
          chmod 700 ~ ~/.ssh ~/.ssh/authorized_keys
          ls -ld ~ ~/.ssh ~/.ssh/authorized_keys

        # upload config.log if something has failed
      - name: config.log
        if: ${{ !env.ACT && (failure() || cancelled()) }}
        uses: actions/[email protected]
        with:
          name: config.log
          path: config.log

      - name: check
        if: ${{ matrix.runcheck != 'no' }}
        run: make check

      # Sanity check that the binary runs
      - name: genrsa
        run: ~/inst/bin/dropbearkey -t rsa -f testrsa
      - name: gendss
        run: ~/inst/bin/dropbearkey -t dss -f testdss
      - name: genecdsa256
        run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
      - name: genecdsa384
        run: ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
      - name: genecdsa521
        run: ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
      - name: gened25519
        run: ~/inst/bin/dropbearkey -t ed25519 -f tested25519

      - name: fuzz
        if: ${{ matrix.fuzz }}
        run: ./fuzzers_test.sh