Mercurial > dropbear
view .github/workflows/build.yml @ 1845:b916f2661adb
fix github actions arguments
If only we could test this locally with the same setup....
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 18 Oct 2021 23:33:41 +0800 |
parents | 7a3cd7b598d8 |
children | 39a27a02f1ae |
line wrap: on
line source
# Can be used locally with https://github.com/nektos/act name: BuildTest on: pull_request: push: branches: - master jobs: build: runs-on: ${{ matrix.os || 'ubuntu-20.04' }} strategy: matrix: include: - name: plain linux - name: multi binary multi: 1 - name: bundled libtom, bionic , no writev() # test can use an older distro with bundled libtommath os: ubuntu-18.04 configure_flags: --enable-bundled-libtom # NOWRITEV is unrelated, test here to save a job nowritev: 1 # pytest relies on python3.7 skipcheck: True - name: linux clang cc: clang - name: macos 10.15 os: macos-10.15 cc: clang # OS X says daemon() and utmp are deprecated wextraflags: -Wno-deprecated-declarations -Werror skipcheck: True exoticos: True - name: macos 11 os: macos-11 cc: clang # OS X says daemon() and utmp are deprecated wextraflags: -Wno-deprecated-declarations -Werror skipcheck: True exoticos: True # Fuzzers run standalone. A bit superfluous with cifuzz, but # good to run the whole corpus to keep it working. - name: fuzzing with address sanitizer configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom ldflags: -fsanitize=address extracflags: -fsanitize=address fuzz: True cc: clang # Undefined Behaviour sanitizer - name: fuzzing with undefined behaviour sanitizer configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom ldflags: -fsanitize=undefined # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549 extracflags: -fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment fuzz: True cc: clang env: MULTI: ${{ matrix.multi }} WEXTRAFLAGS: ${{ matrix.wextraflags || '-Werror' }} CC: ${{ matrix.cc || 'gcc' }} LDFLAGS: ${{ matrix.ldflags }} EXTRACFLAGS: ${{ matrix.extracflags }} CONFIGURE_FLAGS: ${{ matrix.configure_flags }} # for fuzzing CXX: clang++ steps: - name: deps if: ${{ !matrix.exoticos }} run: | sudo apt-get -y update sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv socat $CC - uses: actions/[email protected] - name: cache pip uses: actions/[email protected] with: path: test/venv key: ${{ runner.os }}-pip-${{ hashFiles('test/requirements.txt') }} restore-keys: ${{ runner.os }}-pip- - name: cache fuzzcorpus uses: actions/[email protected] with: path: fuzzcorpus key: "hg.ucc/fuzzcorpus" - name: configure run: ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1) - name: nowritev if: ${{ matrix.nowritev }} run: sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h - name: make run: make -j3 - name: multilink if: ${{ matrix.multi }} run: make multilink - name: makefuzz run: make fuzzstandalone if: ${{ matrix.fuzz }} # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093) - name: make install run: make install - name: keys run: | mkdir -p ~/.ssh ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys - name: check if: ${{ !matrix.skipcheck }} # run in a TTY for some tests run: socat - EXEC:"make check",pty # Sanity check that the binary runs - name: genrsa run: ~/inst/bin/dropbearkey -t rsa -f testrsa - name: gendss run: ~/inst/bin/dropbearkey -t dss -f testdss - name: genecdsa256 run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256 - name: genecdsa384 run: ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384 - name: genecdsa521 run: ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521 - name: gened25519 run: ~/inst/bin/dropbearkey -t ed25519 -f tested25519 - name: fuzz if: ${{ matrix.fuzz }} run: ./fuzzers_test.sh