view .github/workflows/build.yml @ 1845:b916f2661adb

fix github actions arguments If only we could test this locally with the same setup....
author Matt Johnston <>
date Mon, 18 Oct 2021 23:33:41 +0800
parents 7a3cd7b598d8
children 39a27a02f1ae
line wrap: on
line source
# Can be used locally with

name: BuildTest
      - master
    runs-on: ${{ matrix.os || 'ubuntu-20.04' }}
          - name: plain linux

          - name: multi binary
            multi: 1

          - name: bundled libtom, bionic , no writev()
            # test can use an older distro with bundled libtommath
            os: ubuntu-18.04
            configure_flags: --enable-bundled-libtom
            # NOWRITEV is unrelated, test here to save a job
            nowritev: 1
            # pytest relies on python3.7
            skipcheck: True

          - name: linux clang
            cc: clang

          - name: macos 10.15
            os: macos-10.15
            cc: clang
            # OS X says daemon() and utmp are deprecated
            wextraflags: -Wno-deprecated-declarations -Werror
            skipcheck: True
            exoticos: True

          - name: macos 11
            os: macos-11
            cc: clang
            # OS X says daemon() and utmp are deprecated
            wextraflags: -Wno-deprecated-declarations -Werror
            skipcheck: True
            exoticos: True

          # Fuzzers run standalone. A bit superfluous with cifuzz, but
          # good to run the whole corpus to keep it working.
          - name: fuzzing with address sanitizer
            configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom
            ldflags: -fsanitize=address
            extracflags: -fsanitize=address
            fuzz: True
            cc: clang

          # Undefined Behaviour sanitizer
          - name: fuzzing with undefined behaviour sanitizer
            configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom
            ldflags: -fsanitize=undefined
            # don't fail with alignment due to
            extracflags: -fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment
            fuzz: True
            cc: clang

      MULTI: ${{ matrix.multi }}
      WEXTRAFLAGS: ${{ matrix.wextraflags || '-Werror' }}
      CC: ${{ || 'gcc' }}
      LDFLAGS: ${{ matrix.ldflags }}
      EXTRACFLAGS: ${{ matrix.extracflags }}
      CONFIGURE_FLAGS: ${{ matrix.configure_flags }}
      # for fuzzing
      CXX: clang++

      - name: deps
        if: ${{ !matrix.exoticos }}
        run: |
          sudo apt-get -y update
          sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv socat $CC

      - uses: actions/[email protected]

      - name: cache pip
        uses: actions/[email protected]
          path: test/venv
          key: ${{ runner.os }}-pip-${{ hashFiles('test/requirements.txt') }}
          restore-keys: ${{ runner.os }}-pip-

      - name: cache fuzzcorpus
        uses: actions/[email protected]
          path: fuzzcorpus
          key: "hg.ucc/fuzzcorpus"

      - name: configure
        run: ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1)

      - name: nowritev
        if: ${{ matrix.nowritev }}
        run: sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h

      - name: make
        run: make -j3

      - name: multilink
        if: ${{ matrix.multi }}
        run: make multilink

      - name: makefuzz
        run: make fuzzstandalone
        if: ${{ matrix.fuzz }}

        # avoid concurrent install, osx/freebsd is racey (
      - name: make install
        run: make install

      - name: keys
        run: |
          mkdir -p ~/.ssh
          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys

      - name: check
        if: ${{ !matrix.skipcheck }}
      # run in a TTY for some tests
        run: socat - EXEC:"make check",pty

      # Sanity check that the binary runs
      - name: genrsa
        run: ~/inst/bin/dropbearkey -t rsa -f testrsa
      - name: gendss
        run: ~/inst/bin/dropbearkey -t dss -f testdss
      - name: genecdsa256
        run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
      - name: genecdsa384
        run: ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
      - name: genecdsa521
        run: ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
      - name: gened25519
        run: ~/inst/bin/dropbearkey -t ed25519 -f tested25519

      - name: fuzz
        if: ${{ matrix.fuzz }}
        run: ./