romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-07 12:27:28 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/.github/workflows/linux.yml
Viktor Szakats 44341e736a
runtests: generate certs dynamically, bump to EC-256, tidy up 
Before this patch the curl repository and source tarball distribution
contained test certificates as binary blobs. Used by runtests.

Drop these certificates in favor of generating them dynamically as
part of the build process. Both via autotools and CMake.

As part of this, improve certificates, the generator script and process,
file layout, and fix any issue to make it work fast and smooth both in
CI and local builds.

Note, cert generator scripts require OpenSSL >=1.0.2
(or LibreSSL >=3.1.0). Generation requires POSIX shell, also with CMake.
Without a POSIX shell tests relying on TLS (and stunnel) will fail.

Details:

- build: generate certs as part of the test run process.
- build, tests: generate certs in the build directory.
- binarycheck: drop concept of known binary files with hashes.
- binarycheck: move binary check logic into spacecheck and drop this
  separate checker tool.
- build: fix to clean all cert files.
- autotools: fix to not run leaf cert generators in parallel. To avoid
  confusion when updating the revocation database and counter.
- scripts: drop `scripts` subdir, merge two scripts into one,
  auto-generate root cert, allow generating multiple leafs at once.
- scripts: switch to EC-256 keys (was: RSA-2048). For key size and perf.
- scripts: drop `-x` echo, text dumps, most other output. To avoid log
  noise and make it quicker in CI.
- scripts: make it non-RSA-specific.
- scripts: delete unused code.
- scripts: use POSIX shell shebang. Some envs don't have bash (Alpine).
- scripts: pass test pseudo-secrets via the command-line. To avoid:
  ```
  + openssl genrsa -out test-ca.key -passout fd:0 2048
  Invalid password argument, starting with "fd:"
  ```
- cmake: fix to launch generator scripts via the detected POSIX shell.
- cmake: fix `build-certs` rule to not depend on `SRPFILES`
  (`srp-verifier-*`).
- cmake: drop `EXCLUDE_FROM_ALL` for the cert subdir. It makes
  the Visual Studio generator miss to create the `clean-certs`,
  `build-certs` targets. No target depend on them, so they don't execute
  implicitly anyway. Fixes:
  ```
  MSBUILD : error MSB1009: Project file does not exist.
  Switch: clean-certs.vcxproj
  ```
- cmake: add `VERBATIM USES_TERMINAL` to `build-certs` target.
- GHA/linux: install openssl on Alpine, for the cert generator scripts.

Follow-up to 556f722fe3 #16593
Follow-up to fa461b4eff #14486

Closes #16824
2025-03-27 10:21:57 +01:00

707 lines
32 KiB
YAML
Raw Blame History

# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
#
# SPDX-License-Identifier: curl
name: Linux
'on':
push:
branches:
- master
- '*/ci'
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
pull_request:
branches:
- master
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
permissions: {}
env:
MAKEFLAGS: -j 5
CURL_CLANG_TIDYFLAGS: '-checks=-clang-analyzer-security.insecureAPI.strcpy,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-valist.Uninitialized'
# unhandled
bearssl-version: 0.6
# renovate: datasource=github-tags depName=libressl-portable/portable versioning=semver registryUrl=https://github.com
libressl-version: 4.0.0
# renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
wolfssl-version: 5.7.6
# renovate: datasource=github-tags depName=wolfSSL/wolfssh versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
wolfssh-version: 1.4.19
# renovate: datasource=github-tags depName=Mbed-TLS/mbedtls versioning=semver registryUrl=https://github.com
mbedtls-version: 3.6.3
# renovate: datasource=github-tags depName=nibanks/msh3 versioning=semver registryUrl=https://github.com
msh3-version: 0.6.0
# renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
awslc-version: 1.47.0
# handled in renovate.json
openssl-version: 3.4.1
# handled in renovate.json
quictls-version: 3.3.0
# renovate: datasource=github-tags depName=rustls/rustls-ffi versioning=semver registryUrl=https://github.com
rustls-version: 0.15.0
jobs:
linux:
name: ${{ matrix.build.generate && 'CM' || 'AM' }} ${{ matrix.build.name }}
runs-on: ${{ matrix.build.image || 'ubuntu-latest' }}
container: ${{ matrix.build.container }}
timeout-minutes: 45
strategy:
fail-fast: false
matrix:
build:
- name: bearssl
install_packages: zlib1g-dev
install_steps: bearssl pytest
configure: LDFLAGS="-Wl,-rpath,$HOME/bearssl/lib" --with-bearssl=$HOME/bearssl --enable-debug
- name: bearssl clang
install_packages: zlib1g-dev clang
install_steps: bearssl
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/bearssl/lib" --with-bearssl=$HOME/bearssl --enable-debug
- name: libressl heimdal
install_packages: zlib1g-dev heimdal-dev
install_steps: libressl pytest
configure: LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --with-gssapi --enable-debug
- name: libressl heimdal valgrind
install_packages: zlib1g-dev heimdal-dev valgrind
install_steps: libressl pytest
generate: -DOPENSSL_ROOT_DIR=$HOME/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON
- name: libressl clang
install_packages: zlib1g-dev clang
install_steps: libressl
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --enable-debug
- name: wolfssl-all
install_packages: zlib1g-dev
install_steps: wolfssl-all wolfssh
configure: LDFLAGS="-Wl,-rpath,$HOME/wolfssl-all/lib" --with-wolfssl=$HOME/wolfssl-all --with-wolfssh=$HOME/wolfssh --enable-ech --enable-debug
- name: wolfssl-opensslextra valgrind
install_packages: zlib1g-dev valgrind
install_steps: wolfssl-opensslextra
configure: LDFLAGS="-Wl,-rpath,$HOME/wolfssl-opensslextra/lib" --with-wolfssl=$HOME/wolfssl-opensslextra --enable-ech --enable-debug
- name: mbedtls valgrind
install_packages: libnghttp2-dev valgrind
install_steps: mbedtls pytest
configure: LDFLAGS="-Wl,-rpath,$HOME/mbedtls/lib" --with-mbedtls=$HOME/mbedtls --enable-debug
- name: mbedtls clang
install_packages: libnghttp2-dev clang
install_steps: mbedtls
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/mbedtls/lib" --with-mbedtls=$HOME/mbedtls --enable-debug
- name: mbedtls
install_packages: libnghttp2-dev
install_steps: mbedtls
PKG_CONFIG_PATH: '$HOME/mbedtls/lib/pkgconfig' # Requires v3.6.0 or v2.28.8
generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON
- name: mbedtls-pkg
install_packages: libnghttp2-dev libmbedtls-dev
generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF
- name: mbedtls-pkg !pc
install_packages: libnghttp2-dev libmbedtls-dev
install_steps: skipall
generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_USE_PKGCONFIG=OFF
- name: msh3
install_packages: zlib1g-dev
install_steps: quictls msh3
configure: LDFLAGS="-Wl,-rpath,$HOME/msh3/lib -Wl,-rpath,$HOME/quictls/lib" --with-msh3=$HOME/msh3 --with-openssl=$HOME/quictls --enable-debug
- name: msh3
install_packages: zlib1g-dev
install_steps: quictls msh3 skipall
PKG_CONFIG_PATH: '$HOME/msh3/lib/pkgconfig' # Broken as of v0.6.0
generate: -DOPENSSL_ROOT_DIR=$HOME/quictls -DUSE_MSH3=ON -DMSH3_INCLUDE_DIR=$HOME/msh3/include -DMSH3_LIBRARY=$HOME/msh3/lib/libmsh3.so -DENABLE_DEBUG=ON
- name: awslc
install_packages: zlib1g-dev
install_steps: awslc
configure: LDFLAGS="-Wl,-rpath,$HOME/awslc/lib" --with-openssl=$HOME/awslc --enable-ech
- name: awslc
install_packages: zlib1g-dev
install_steps: awslc
generate: -DOPENSSL_ROOT_DIR=$HOME/awslc -DUSE_ECH=ON -DCMAKE_UNITY_BUILD=OFF
- name: openssl default
install_steps: pytest
configure: --with-openssl --enable-debug --disable-unity
- name: openssl libssh2 sync-resolver valgrind
install_packages: zlib1g-dev libssh2-1-dev valgrind
install_steps: pytest
configure: --with-openssl --enable-debug --disable-threaded-resolver --with-libssh2
- name: openssl
install_packages: zlib1g-dev
install_steps: pytest
configure: CFLAGS=-std=gnu89 --with-openssl --enable-debug
- name: openssl -O3 valgrind
install_packages: zlib1g-dev valgrind
configure: CFLAGS=-O3 --with-openssl --enable-debug
- name: openssl clang krb5
install_packages: zlib1g-dev libkrb5-dev clang
configure: CC=clang --with-openssl --with-gssapi --enable-debug --disable-docs --disable-manual
- name: openssl clang krb5 LTO
install_packages: zlib1g-dev libkrb5-dev clang
install_steps: skipall
generate: -DCURL_USE_OPENSSL=ON -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LTO=ON
- name: openssl !ipv6 !--libcurl
configure: --with-openssl --disable-ipv6 --enable-debug --disable-unity --disable-libcurl-option
- name: openssl https-only
configure: >-
--with-openssl --enable-debug --disable-unity
--disable-dict --disable-gopher --disable-ldap --disable-telnet
--disable-imap --disable-pop3 --disable-smtp
--without-librtmp --disable-rtsp
--without-libssh2 --without-libssh --without-wolfssh
--disable-tftp --disable-ftp --disable-file --disable-smb
- name: openssl torture !FTP
install_packages: zlib1g-dev libnghttp2-dev libssh2-1-dev libc-ares-dev
generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON
tflags: -t --shallow=25 !FTP
torture: true
- name: openssl torture FTP
install_packages: zlib1g-dev libnghttp2-dev libssh2-1-dev libc-ares-dev
generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON
tflags: -t --shallow=20 FTP
torture: true
- name: openssl i686
install_packages: gcc-14-i686-linux-gnu libssl-dev:i386 librtmp-dev:i386 libssh2-1-dev:i386 libidn2-0-dev:i386 libc-ares-dev:i386 zlib1g-dev:i386
configure: >-
PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig
CC=i686-linux-gnu-gcc-14
CPPFLAGS=-I/usr/include/i386-linux-gnu
LDFLAGS=-L/usr/lib/i386-linux-gnu
--host=i686-linux-gnu
--with-openssl --with-librtmp --with-libssh2 --with-libidn2 --enable-ares --enable-debug
- name: '!ssl !http !smtp !imap'
configure: --without-ssl --enable-debug --disable-http --disable-smtp --disable-imap --disable-unity
- name: clang-tidy
install_packages: clang-tidy zlib1g-dev libssl-dev libkrb5-dev
install_steps: skipall wolfssl-opensslextra wolfssh
configure: LDFLAGS="-Wl,-rpath,$HOME/wolfssl-opensslextra/lib" --with-wolfssl=$HOME/wolfssl-opensslextra --with-wolfssh=$HOME/wolfssh --with-openssl --enable-ech --with-gssapi --enable-ssls-export
make-custom-target: tidy
- name: scanbuild
install_packages: clang-tools clang libssl-dev libssh2-1-dev
install_steps: skipall
configure: --with-openssl --enable-debug --with-libssh2 --disable-unity
configure-prefix: CC=clang scan-build
make-prefix: scan-build --status-bugs
- name: address-sanitizer
install_packages: zlib1g-dev libssh2-1-dev clang libssl-dev libubsan1 libasan8 libtsan2
install_steps: pytest
configure: >-
CC=clang
CFLAGS="-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g"
LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer"
LIBS="-ldl -lubsan"
--with-openssl --enable-debug
- name: thread-sanitizer
install_packages: zlib1g-dev clang libtsan2
install_steps: pytest openssl-tsan
configure: >-
CC=clang
CFLAGS="-fsanitize=thread -g"
LDFLAGS="-fsanitize=thread -Wl,-rpath,$HOME/openssl/lib"
--with-openssl=$HOME/openssl --enable-debug
- name: memory-sanitizer
install_packages: clang
configure: >-
CC=clang
CFLAGS="-fsanitize=memory -Wformat -Werror=format-security -Werror=array-bounds -g"
LDFLAGS="-fsanitize=memory"
LIBS="-ldl"
--without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug
- name: event-based
install_packages: libssh-dev
configure: --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
tflags: -n --test-event '!TLS-SRP'
- name: duphandle
install_packages: libssh-dev
configure: --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
tflags: -n --test-duphandle '!TLS-SRP'
- name: rustls valgrind
install_packages: valgrind
install_steps: rust rustls pytest
configure: --with-rustls --enable-debug
- name: rustls
install_steps: rust rustls skipall
generate: -DCURL_USE_RUSTLS=ON -DENABLE_DEBUG=ON
- name: IntelC openssl
install_packages: zlib1g-dev libssl-dev
install_steps: intel
configure: CC=icc --enable-debug --with-openssl
- name: Slackware openssl gssapi gcc
# These are essentially the same flags used to build the curl Slackware package
# https://ftpmirror.infania.net/slackware/slackware64-current/source/n/curl/curl.SlackBuild
configure: --with-openssl --with-libssh2 --with-gssapi --enable-ares --enable-static=no --without-ca-bundle --with-ca-path=/etc/ssl/certs
# Docker Hub image that `container-job` executes in
container: 'andy5995/slackware-build-essential:15.0'
- name: Alpine MUSL https-rr
configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl --enable-threaded-resolver --enable-ares --enable-httpsrr
container: 'alpine:3.20'
- name: Alpine MUSL c-ares https-rr
configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl --disable-threaded-resolver --enable-ares --enable-httpsrr --disable-unity
container: 'alpine:3.20'
steps:
- name: 'install prereqs'
if: matrix.build.container == null && !contains(matrix.build.name, 'i686')
run: |
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo apt-get -o Dpkg::Use-Pty=0 update
sudo apt-get -o Dpkg::Use-Pty=0 install \
libtool autoconf automake pkgconf ninja-build \
${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'stunnel4' || '' }} \
libpsl-dev libbrotli-dev libzstd-dev \
${{ matrix.build.install_packages }} \
${{ contains(matrix.build.install_steps, 'pytest') && 'apache2 apache2-dev libnghttp2-dev vsftpd' || '' }}
python3 -m venv $HOME/venv
- name: 'install prereqs'
if: contains(matrix.build.name, 'i686')
run: |
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo dpkg --add-architecture i386
sudo apt-get -o Dpkg::Use-Pty=0 update
sudo apt-get -o Dpkg::Use-Pty=0 install \
libtool autoconf automake pkgconf stunnel4 \
libpsl-dev:i386 libbrotli-dev:i386 libzstd-dev:i386 \
${{ matrix.build.install_packages }}
python3 -m venv $HOME/venv
- name: 'install dependencies'
if: startsWith(matrix.build.container, 'alpine')
run: |
apk add --no-cache build-base autoconf automake libtool perl openssl-dev \
libssh2-dev zlib-dev brotli-dev zstd-dev libidn2-dev openldap-dev \
heimdal-dev libpsl-dev c-ares-dev \
py3-impacket py3-asn1 py3-six py3-pycryptodomex \
perl-time-hires openssh stunnel sudo git openssl
- name: 'cache bearssl'
if: contains(matrix.build.install_steps, 'bearssl')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-bearssl
env:
cache-name: cache-bearssl
with:
path: ~/bearssl
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.bearssl-version }}
- name: 'build bearssl'
if: contains(matrix.build.install_steps, 'bearssl') && steps.cache-bearssl.outputs.cache-hit != 'true'
run: |
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \
https://bearssl.org/bearssl-${{ env.bearssl-version }}.tar.gz
tar -xzf bearssl-${{ env.bearssl-version }}.tar.gz
cd bearssl-${{ env.bearssl-version }}
make
mkdir -p $HOME/bearssl/lib $HOME/bearssl/include
cp inc/*.h $HOME/bearssl/include
cp build/libbearssl.* $HOME/bearssl/lib
- name: 'cache libressl'
if: contains(matrix.build.install_steps, 'libressl')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-libressl
env:
cache-name: cache-libressl
with:
path: ~/libressl
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.libressl-version }}
- name: 'build libressl'
if: contains(matrix.build.install_steps, 'libressl') && steps.cache-libressl.outputs.cache-hit != 'true'
run: |
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \
https://github.com/libressl/portable/releases/download/v${{ env.libressl-version }}/libressl-${{ env.libressl-version }}.tar.gz
tar -xzf libressl-${{ env.libressl-version }}.tar.gz
cd libressl-${{ env.libressl-version }}
./configure --disable-dependency-tracking --prefix=$HOME/libressl
make install
- name: 'cache wolfssl (all)'
if: contains(matrix.build.install_steps, 'wolfssl-all')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-wolfssl-all
env:
cache-name: cache-wolfssl-all
with:
path: ~/wolfssl-all
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.wolfssl-version }}
- name: 'build wolfssl (all)'
if: contains(matrix.build.install_steps, 'wolfssl-all') && steps.cache-wolfssl-all.outputs.cache-hit != 'true'
run: |
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \
https://github.com/wolfSSL/wolfssl/archive/v${{ env.wolfssl-version }}-stable.tar.gz
tar -xzf v${{ env.wolfssl-version }}-stable.tar.gz
cd wolfssl-${{ env.wolfssl-version }}-stable
./autogen.sh
./configure --disable-dependency-tracking --enable-tls13 --enable-harden --enable-all \
--disable-benchmark --disable-crypttests --disable-examples --prefix=$HOME/wolfssl-all
make install
- name: 'cache wolfssl (opensslextra)'
if: contains(matrix.build.install_steps, 'wolfssl-opensslextra')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-wolfssl-opensslextra
env:
cache-name: cache-wolfssl-opensslextra
with:
path: ~/wolfssl-opensslextra
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.wolfssl-version }}
- name: 'build wolfssl (opensslextra)'
if: contains(matrix.build.install_steps, 'wolfssl-opensslextra') && steps.cache-wolfssl-opensslextra.outputs.cache-hit != 'true'
run: |
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \
https://github.com/wolfSSL/wolfssl/archive/v${{ env.wolfssl-version }}-stable.tar.gz
tar -xzf v${{ env.wolfssl-version }}-stable.tar.gz
cd wolfssl-${{ env.wolfssl-version }}-stable
./autogen.sh
./configure --disable-dependency-tracking --enable-tls13 --enable-harden --enable-ech --enable-opensslextra \
--disable-benchmark --disable-crypttests --disable-examples --prefix=$HOME/wolfssl-opensslextra
make install
- name: 'cache wolfssh'
if: contains(matrix.build.install_steps, 'wolfssl')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-wolfssh
env:
cache-name: cache-wolfssh
with:
path: ~/wolfssh
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.wolfssh-version }}-${{ env.wolfssl-version }}
- name: 'build wolfssh'
if: contains(matrix.build.install_steps, 'wolfssh') && steps.cache-wolfssh.outputs.cache-hit != 'true'
run: |
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \
https://github.com/wolfSSL/wolfssh/archive/v${{ env.wolfssh-version }}-stable.tar.gz
tar -xzf v${{ env.wolfssh-version }}-stable.tar.gz
cd wolfssh-${{ env.wolfssh-version }}-stable
./autogen.sh
./configure --disable-dependency-tracking --with-wolfssl=$HOME/wolfssl-all --enable-scp --enable-sftp --disable-term \
--disable-examples --prefix=$HOME/wolfssh
make install
- name: 'cache mbedtls'
if: contains(matrix.build.install_steps, 'mbedtls')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-mbedtls
env:
cache-name: cache-mbedtls-threadsafe
with:
path: ~/mbedtls
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.mbedtls-version }}
- name: 'build mbedtls'
if: contains(matrix.build.install_steps, 'mbedtls') && steps.cache-mbedtls.outputs.cache-hit != 'true'
run: |
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \
https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${{ env.mbedtls-version }}/mbedtls-${{ env.mbedtls-version }}.tar.bz2
tar -xjf mbedtls-${{ env.mbedtls-version }}.tar.bz2
cd mbedtls-${{ env.mbedtls-version }}
./scripts/config.py set MBEDTLS_THREADING_C
./scripts/config.py set MBEDTLS_THREADING_PTHREAD
cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=$HOME/mbedtls \
-DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF
cmake --build .
cmake --install .
- name: 'cache openssl (thread sanitizer)'
if: contains(matrix.build.install_steps, 'openssl-tsan')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-openssl-tsan
env:
cache-name: cache-openssl-tsan
with:
path: ~/openssl
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.openssl-version }}
- name: 'build openssl (thread sanitizer)'
if: contains(matrix.build.install_steps, 'openssl-tsan') && steps.cache-openssl-tsan.outputs.cache-hit != 'true'
run: |
git clone --quiet --depth=1 -b openssl-${{ env.openssl-version }} https://github.com/openssl/openssl
cd openssl
CC="clang" CFLAGS="-fsanitize=thread" LDFLAGS="-fsanitize=thread" ./config --prefix=$HOME/openssl --libdir=lib no-makedepend no-apps no-docs no-tests
make
make -j1 install_sw
- name: 'cache quictls'
if: contains(matrix.build.install_steps, 'quictls')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-quictls
env:
cache-name: cache-quictls
with:
path: ~/quictls
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.quictls-version }}-quic1
- name: 'build quictls'
if: contains(matrix.build.install_steps, 'quictls') && steps.cache-quictls.outputs.cache-hit != 'true'
run: |
git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }}-quic1 https://github.com/quictls/openssl
cd openssl
./config --prefix=$HOME/quictls --libdir=lib no-makedepend no-apps no-docs no-tests
make
make -j1 install_sw
- name: 'cache msh3'
if: contains(matrix.build.install_steps, 'msh3')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-msh3
env:
cache-name: cache-msh3
with:
path: ~/msh3
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.msh3-version }}
- name: 'build msh3'
if: contains(matrix.build.install_steps, 'msh3') && steps.cache-msh3.outputs.cache-hit != 'true'
run: |
git clone --quiet --depth=1 -b v${{ env.msh3-version }} --recursive https://github.com/nibanks/msh3
cd msh3
cmake -B . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=$HOME/msh3
cmake --build .
cmake --install .
- name: 'cache awslc'
if: contains(matrix.build.install_steps, 'awslc')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-awslc
env:
cache-name: cache-awslc
with:
path: ~/awslc
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.awslc-version }}
- name: 'build awslc'
if: contains(matrix.build.install_steps, 'awslc') && steps.cache-awslc.outputs.cache-hit != 'true'
run: |
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \
https://github.com/awslabs/aws-lc/archive/refs/tags/v${{ env.awslc-version }}.tar.gz
tar xzf v${{ env.awslc-version }}.tar.gz
mkdir aws-lc-${{ env.awslc-version }}-build
cd aws-lc-${{ env.awslc-version }}-build
cmake -G Ninja -DCMAKE_INSTALL_PREFIX=$HOME/awslc ../aws-lc-${{ env.awslc-version }} -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF
cmake --build .
cmake --install .
- name: 'cache rustls'
if: contains(matrix.build.install_steps, 'rustls')
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
id: cache-rustls
env:
cache-name: cache-rustls
with:
path: ~/rustls
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.rustls-version }}
- name: 'fetch rustls deb'
if: contains(matrix.build.install_steps, 'rustls') && steps.cache-rustls.outputs.cache-hit != 'true'
run: |
mkdir -p ~/rustls
curl -L https://github.com/rustls/rustls-ffi/releases/download/v${{ env.rustls-version }}/librustls_${{ env.rustls-version }}_amd64.deb.zip -o ~/rustls/librustls.zip
unzip ~/rustls/librustls.zip -d ~/rustls
rm ~/rustls/librustls.zip
- name: 'build rustls'
# Note: we don't check cache-hit here. If the cache is hit, we still need to dpkg install the deb.
if: contains(matrix.build.install_steps, 'rustls')
run: |
sudo dpkg -i ~/rustls/librustls_${{ env.rustls-version }}_amd64.deb
- name: 'install Intel compilers'
if: contains(matrix.build.install_steps, 'intel')
run: |
curl -sSf --compressed https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | sudo tee /etc/apt/trusted.gpg.d/intel-sw.asc >/dev/null
sudo add-apt-repository "deb https://apt.repos.intel.com/oneapi all main"
sudo apt-get -o Dpkg::Use-Pty=0 install intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic
source /opt/intel/oneapi/setvars.sh
printenv >> $GITHUB_ENV
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: 'autoreconf'
if: ${{ matrix.build.configure }}
run: autoreconf -fi
- name: 'configure'
run: |
[[ '${{ matrix.build.install_steps }}' = *'awslc'* ]] && sudo apt-get -o Dpkg::Use-Pty=0 purge libssl-dev
if [ -n '${{ matrix.build.PKG_CONFIG_PATH }}' ]; then
export PKG_CONFIG_PATH="${{ matrix.build.PKG_CONFIG_PATH }}"
fi
if [ -n '${{ matrix.build.generate }}' ]; then
cmake -B bld -G Ninja \
-DCMAKE_INSTALL_PREFIX="$HOME/curl" \
-DCMAKE_C_COMPILER_TARGET=$(uname -m)-pc-linux-gnu -DBUILD_STATIC_LIBS=ON \
-DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON -DCURL_WERROR=ON \
${{ matrix.build.generate }}
else
mkdir bld && cd bld && \
${{ matrix.build.configure-prefix }} \
../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \
--disable-dependency-tracking \
${{ matrix.build.configure }}
fi
- name: 'configure log'
if: ${{ !cancelled() }}
run: cat bld/config.log bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true
- name: 'curl_config.h'
run: |
echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::'
grep -F '#define' bld/lib/curl_config.h | sort || true
- name: 'test configs'
run: grep -H -v '^#' bld/tests/config bld/tests/http/config.ini || true
- name: 'build'
run: |
if [ -n '${{ matrix.build.generate }}' ]; then
${{ matrix.build.make-prefix }} cmake --build bld --verbose
else
${{ matrix.build.make-prefix }} make -C bld V=1 ${{ matrix.build.make-custom-target }}
fi
- name: 'single-use function check'
if: ${{ contains(matrix.build.configure, '--disable-unity') || contains(matrix.build.generate, '-DCMAKE_UNITY_BUILD=OFF') }}
run: |
git config --global --add safe.directory "*"
if [ -n '${{ matrix.build.generate }}' ]; then
libcurla=bld/lib/libcurl.a
else
libcurla=bld/lib/.libs/libcurl.a
fi
./scripts/singleuse.pl --unit ${libcurla}
- name: 'check curl -V output'
if: ${{ matrix.build.make-custom-target != 'tidy' }}
run: bld/src/curl -V
- name: 'cmake install'
if: ${{ matrix.build.generate }}
run: cmake --install bld --strip
- name: 'build tests'
if: ${{ !contains(matrix.build.install_steps, 'skipall') }}
run: |
if [ -n '${{ matrix.build.generate }}' ]; then
cmake --build bld --verbose --target testdeps
else
make -C bld V=1 -C tests
fi
- name: 'install test prereqs'
if: ${{ !contains(matrix.build.install_steps, 'skipall') && matrix.build.container == null }}
run: |
[ -x "$HOME/venv/bin/activate" ] && source $HOME/venv/bin/activate
python3 -m pip install -r tests/requirements.txt
- name: 'run tests'
if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }}
timeout-minutes: ${{ contains(matrix.build.install_packages, 'valgrind') && 30 || 15 }}
run: |
export TFLAGS='${{ matrix.build.tflags }}'
if [ -z '${{ matrix.build.torture }}' ]; then
if [[ '${{ matrix.build.install_steps }}' = *'wolfssh'* ]]; then
TFLAGS+=' ~SFTP' # curl: (79) wolfssh SFTP connect error -1051 / WS_MATCH_KEY_ALGO_E / cannot match key algo with peer
fi
if [[ '${{ matrix.build.install_packages }}' = *'valgrind'* ]]; then
TFLAGS+=' -j6'
fi
if [[ '${{ matrix.build.install_packages }}' = *'heimdal-dev'* ]]; then
TFLAGS+=' ~2077 ~2078' # valgrind errors
fi
fi
[ -x "$HOME/venv/bin/activate" ] && source $HOME/venv/bin/activate
if [ -n '${{ matrix.build.generate }}' ]; then
cmake --build bld --verbose --target ${{ matrix.build.torture && 'test-torture' || 'test-ci' }}
else
make -C bld V=1 ${{ matrix.build.torture && 'test-torture' || 'test-ci' }}
fi
- name: 'install pytest prereqs'
if: contains(matrix.build.install_steps, 'pytest')
run: |
[ -x "$HOME/venv/bin/activate" ] && source $HOME/venv/bin/activate
python3 -m pip install -r tests/http/requirements.txt
- name: 'run pytest'
if: contains(matrix.build.install_steps, 'pytest')
env:
CURL_CI: github
PYTEST_ADDOPTS: '--color=yes'
run: |
[ -x "$HOME/venv/bin/activate" ] && source $HOME/venv/bin/activate
if [ -n '${{ matrix.build.generate }}' ]; then
cmake --build bld --verbose --target curl-pytest-ci
else
make -C bld V=1 pytest-ci
fi
- name: 'build examples'
if: ${{ matrix.build.make-custom-target != 'tidy' }}
run: |
if [ -n '${{ matrix.build.generate }}' ]; then
${{ matrix.build.make-prefix }} cmake --build bld --verbose --target curl-examples
else
${{ matrix.build.make-prefix }} make -C bld V=1 examples
fi
Reference in a new issue View git blame Copy permalink