changeset 1842:827cee5feb46

Add github actions build workflow, remove travis CI
author Matt Johnston <matt@ucc.asn.au>
date Mon, 18 Oct 2021 23:21:52 +0800
parents d757f48ae29f
children 03dfecca99bd
files .github/workflows/build.yml .travis.yml
diffstat 2 files changed, 141 insertions(+), 76 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/.github/workflows/build.yml	Mon Oct 18 23:21:52 2021 +0800
@@ -0,0 +1,141 @@
+# Can be used locally with https://github.com/nektos/act
+
+name: BuildTest
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+jobs:
+  build:
+    runs-on: ${{ matrix.os || 'ubuntu-20.04' }}
+    strategy:
+      matrix:
+        include:
+          - name: plain linux
+
+          - name: multi binary
+            multi: 1
+
+          - name: bundled libtom, bionic , no writev()
+            # test can use an older distro with bundled libtommath
+            os: ubuntu-18.04
+            configure_flags: --enable-bundled-libtom
+            # NOWRITEV is unrelated, test here to save a job
+            nowritev: 1
+            # pytest relies on python3.7
+            skipcheck: True
+
+          - name: linux clang
+            cc: clang
+
+          - name: macos 10.15
+            os: macos-10.15
+            cc: clang
+            # OS X says daemon() and utmp are deprecated
+            wextraflags: -Wno-deprecated-declarations -Werror
+
+          - name: macos 11
+            os: macos-11
+            cc: clang
+            # OS X says daemon() and utmp are deprecated
+            wextraflags: -Wno-deprecated-declarations -Werror
+
+          # Fuzzers run standalone. A bit superfluous with cifuzz, but
+          # good to run the whole corpus to keep it working.
+          - name: fuzzing with address sanitizer
+            configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom
+            ldflags: -fsanitize=address
+            extracflags: -fsanitize=address
+            fuzz: True
+            cc: clang
+
+          # Undefined Behaviour sanitizer
+          - name: fuzzing with undefined behaviour sanitizer
+            configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom
+            ldflags: -fsanitize=undefined
+            # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549
+            extracflags: -fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment
+            fuzz: True
+            cc: clang
+
+    env:
+      MULTI: ${{ matrix.multi }}
+      WEXTRAFLAGS: ${{ matrix.wextraflags || '-Werror' }}
+      CC: ${{ matrix.cc || 'gcc' }}
+      LDFLAGS: ${{ matrix.ldflags }}
+      EXTRACFLAGS: ${{ matrix.extracflags }}
+      CONFIGURE_FLAGS: ${{ matrix.configure_flags }}
+      # for fuzzing
+      CXX: clang++
+
+    steps:
+      - name: deps
+        run: |
+          apt-get -y update
+          apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv socat $CC
+
+      - uses: actions/checkout@v2
+
+      - name: cache pip
+        uses: actions/cache@v2
+        with:
+          path: test/venv
+          key: ${{ runner.os }}-pip-${{ hashFiles('test/requirements.txt') }}
+          restore-keys: ${{ runner.os }}-pip-
+
+      - name: cache fuzzcorpus
+        uses: actions/cache@v2
+        with:
+          path: fuzzcorpus
+          key: "hg.ucc/fuzzcorpus"
+
+      - name: configure
+        run: ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1)
+
+      - name: nowritev
+        if: ${{ matrix.nowritev }}
+        run: sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h
+
+      - name: make
+        run: make -j3
+
+      - name: multilink
+        if: ${{ matrix.multi }}
+        run: make multilink
+
+      - name: makefuzz
+        run: make fuzzstandalone
+        if: ${{ matrix.fuzz }}
+
+        # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093)
+      - name: make install
+        run: make install
+
+      - name: keys
+        run: |
+          mkdir -p ~/.ssh
+          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys
+
+      - name: check
+        if: ${{ !matrix.skipcheck }}
+      # run in a TTY for some tests
+        run: socat - EXEC:"make check",pty
+
+      # Sanity check that the binary runs
+      - name: genrsa
+        run: ~/inst/bin/dropbearkey -t rsa -f testrsa
+      - name: gendss
+        run: ~/inst/bin/dropbearkey -t dss -f testdss
+      - name: genecdsa256
+        run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
+      - name: genecdsa384
+        run: ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
+      - name: genecdsa521
+        run: ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
+      - name: gened25519
+        run: ~/inst/bin/dropbearkey -t ed25519 -f tested25519
+
+      - name: fuzz
+        if: ${{ matrix.fuzz }}
+        run: ./fuzzers_test.sh
--- a/.travis.yml	Mon Oct 18 23:20:32 2021 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
-language: c
-
-git:
-  depth: 3
-
-# use focal which provides libtommath 1.20
-dist: focal
-
-matrix:
-  include:
-    - name: "plain linux"
-      compiler: gcc
-      env: WEXTRAFLAGS=-Werror
-    - name: "multi binary"
-      env: MULTI=1 WEXTRAFLAGS=-Werror
-    - name: "bundled libtom, xenial, no writev()"
-      # NOWRITEV is unrelated to libtom/xenial, test here to save a job
-      env: CONFIGURE_FLAGS=--enable-bundled-libtom WEXTRAFLAGS=-Werror NOWRITEV=1 
-      # can use an older distro with bundled libtom
-      dist: xenial
-    - name: "linux clang"
-      os: linux
-      compiler: clang
-      env: WEXTRAFLAGS=-Werror
-    - name: "osx"
-      os: osx
-      compiler: clang
-      # OS X says daemon() and utmp are deprecated
-      env: WEXTRAFLAGS="-Wno-deprecated-declarations -Werror"
-    # Note: the fuzzing malloc wrapper doesn't replace free() in system libtomcrypt, so need bundled.
-    # Address sanitizer
-    - name: "fuzz-asan"
-      env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS=-Werror LDFLAGS=-fsanitize=address EXTRACFLAGS=-fsanitize=address CXX=clang++
-      compiler: clang
-    # Undefined Behaviour sanitizer
-    - name: "fuzz-ubsan"
-      # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549
-      env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS=-Werror LDFLAGS=-fsanitize=undefined EXTRACFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment" CXX=clang++
-      compiler: clang
-
-# container-based builds
-addons:
-  apt:
-    packages:
-    # packages list: https://github.com/travis-ci/apt-package-whitelist/blob/master/ubuntu-precise
-    - zlib1g-dev
-    - libtomcrypt-dev
-    - libtommath-dev
-    - mercurial
-
-before_install:
-  - if [ "$CC" = "clang" ]; then WEXTRAFLAGS="$WEXTRAFLAGS -Wno-error=incompatible-library-redeclaration" ; fi  # workaround
-
-install:
-  - ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1)
-  - if [ "$NOWRITEV" = "1" ]; then sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h ; fi
-  - make lint
-  - make -j3 
-  - test -z $DO_FUZZ || make fuzzstandalone
-  # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093)
-  - make install 
-
-script:
-  - ~/inst/bin/dropbearkey -t rsa -f testrsa
-  - ~/inst/bin/dropbearkey -t dss -f testdss
-  - ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
-  - ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
-  - ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
-  - ~/inst/bin/dropbearkey -t ed25519 -f tested25519
-  - test -z $DO_FUZZ || ./fuzzers_test.sh
-
-branches:
-  only:
-    - master
-    - coverity
-