Run-checker daily #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. | |
# | |
# Licensed under the Apache License 2.0 (the "License"). You may not use | |
# this file except in compliance with the License. You can obtain a copy | |
# in the file LICENSE in the source distribution or at | |
# https://www.openssl.org/source/license.html | |
name: Run-checker daily | |
# Jobs run daily | |
on: | |
schedule: | |
- cron: '0 6 * * *' | |
permissions: | |
contents: read | |
jobs: | |
run-checker: | |
strategy: | |
fail-fast: false | |
matrix: | |
opt: [ | |
386, | |
no-afalgeng, | |
no-apps, | |
no-aria, | |
no-asan, | |
no-asm, | |
no-async, | |
no-atexit, | |
no-autoalginit, | |
no-autoerrinit, | |
no-autoload-config, | |
no-bf, | |
no-blake2, | |
no-buildtest-c++, | |
no-bulk, | |
no-cached-fetch, | |
no-camellia, | |
no-capieng, | |
no-cast, | |
no-chacha, | |
no-cmac, | |
no-comp, | |
enable-crypto-mdebug, | |
no-crypto-mdebug, | |
enable-crypto-mdebug-backtrace, | |
no-crypto-mdebug-backtrace, | |
no-deprecated, | |
no-des, | |
no-devcryptoeng, | |
no-docs, | |
no-dsa, | |
no-dtls1, | |
no-dtls1_2, | |
no-dtls1_2-method, | |
no-dtls1-method, | |
no-ecdh, | |
no-ecdsa, | |
enable-ec_nistp_64_gcc_128, | |
no-ec_nistp_64_gcc_128, | |
enable-egd, | |
no-egd, | |
no-engine, | |
no-external-tests, | |
enable-fips, | |
enable-fips enable-acvp-tests, | |
enable-fips no-tls1_3, | |
no-fuzz-afl, | |
no-fuzz-libfuzzer, | |
no-gost, | |
enable-heartbeats, | |
no-heartbeats, | |
no-hw, | |
no-hw-padlock, | |
no-idea, | |
no-makedepend, | |
enable-md2, | |
no-md2, | |
no-md4, | |
no-mdc2, | |
no-msan, | |
no-multiblock, | |
no-nextprotoneg, | |
no-ocb, | |
no-padlockeng, | |
no-pic, | |
no-poly1305, | |
no-posix-io, | |
no-psk, | |
no-rc2, | |
no-rc4, | |
enable-rc5, | |
no-rc5, | |
no-rdrand, | |
no-rfc3779, | |
no-ripemd, | |
no-rmd160, | |
no-scrypt, | |
no-secure-memory, | |
no-seed, | |
no-shared, | |
no-siphash, | |
no-siv, | |
no-sm2, | |
no-sm2-precomp, | |
no-sm3, | |
no-sm4, | |
no-sock, | |
no-sse2, | |
no-ssl, | |
no-ssl3, | |
no-ssl3-method, | |
no-ssl-trace, | |
no-static-engine no-shared, | |
no-tests, | |
enable-tfo, | |
no-tls1, | |
no-tls1_1, | |
no-tls1_1-method, | |
no-tls1_2-method, | |
no-tls1-method, | |
no-trace, | |
no-ubsan, | |
no-ui-console, | |
no-unit-test, | |
enable-unit-test, | |
no-uplink, | |
no-weak-ssl-ciphers, | |
no-whirlpool, | |
no-zlib, | |
enable-zlib-dynamic, | |
no-zlib-dynamic, | |
-DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING, | |
-DSSL3_ALIGN_PAYLOAD=4 | |
] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- name: config | |
run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} | |
- name: config dump | |
run: ./configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: get cpu info | |
run: | | |
cat /proc/cpuinfo | |
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi | |
- name: make test | |
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} | |
run-checker-sctp: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- name: Install Dependencies for sctp option | |
run: | | |
sudo apt-get update | |
sudo apt-get -yq install lksctp-tools libsctp-dev | |
- name: Check SCTP and enable auth | |
id: sctp_auth | |
continue-on-error: true | |
run: | | |
checksctp | |
sudo sysctl -w net.sctp.auth_enable=1 | |
- name: config | |
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' | |
run: CC=clang ./config --banner=Configured --strict-warnings enable-sctp | |
- name: config dump | |
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' | |
run: ./configdata.pm --dump | |
- name: make | |
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' | |
run: make -s -j4 | |
- name: get cpu info | |
run: | | |
cat /proc/cpuinfo | |
./util/opensslwrap.sh version -c | |
- name: make test | |
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' | |
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} | |
jitter: | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout openssl | |
uses: actions/checkout@v4 | |
- name: checkout jitter | |
uses: actions/checkout@v4 | |
with: | |
repository: smuellerDD/jitterentropy-library | |
ref: v3.5.0 | |
path: jitter | |
- name: build jitter | |
run: make -C jitter/ | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- name: config | |
run: ./config --with-rand-seed=none enable-jitter enable-fips-jitter --with-jitter-include=jitter/ --with-jitter-lib=jitter/ -DOPENSSL_DEFAULT_SEED_SRC=JITTER && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: get cpu info | |
run: | | |
cat /proc/cpuinfo | |
./util/opensslwrap.sh version -c | |
- name: make test | |
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} | |
enable_brotli_dynamic: | |
runs-on: ubuntu-latest | |
steps: | |
- name: install brotli | |
run: | | |
sudo apt-get update | |
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev | |
- name: checkout openssl | |
uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- name: config | |
run: ./config enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: get cpu info | |
run: | | |
cat /proc/cpuinfo | |
./util/opensslwrap.sh version -c | |
- name: make test | |
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} | |
enable_zstd_dynamic: | |
runs-on: ubuntu-latest | |
steps: | |
- name: install zstd | |
run: | | |
sudo apt-get update | |
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev | |
- name: checkout openssl | |
uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- name: config | |
run: ./config enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: get cpu info | |
run: | | |
cat /proc/cpuinfo | |
./util/opensslwrap.sh version -c | |
- name: make test | |
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} | |
enable_brotli_and_zstd_dynamic: | |
runs-on: ubuntu-latest | |
steps: | |
- name: install brotli and zstd | |
run: | | |
sudo apt-get update | |
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev | |
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev | |
- name: checkout openssl | |
uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- name: config | |
run: ./config enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: get cpu info | |
run: | | |
cat /proc/cpuinfo | |
./util/opensslwrap.sh version -c | |
- name: make test | |
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} | |
enable_brotli_and_asan_ubsan: | |
runs-on: ubuntu-latest | |
steps: | |
- name: install brotli | |
run: | | |
sudo apt-get update | |
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev | |
- name: checkout openssl | |
uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- name: Adjust ASLR for sanitizer | |
run: | | |
sudo cat /proc/sys/vm/mmap_rnd_bits | |
sudo sysctl -w vm.mmap_rnd_bits=28 | |
- name: config | |
run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: get cpu info | |
run: | | |
cat /proc/cpuinfo | |
./util/opensslwrap.sh version -c | |
- name: make test | |
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 | |
enable_zstd_and_asan_ubsan: | |
runs-on: ubuntu-latest | |
steps: | |
- name: install zstd | |
run: | | |
sudo apt-get update | |
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev | |
- name: checkout openssl | |
uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- name: Adjust ASLR for sanitizer | |
run: | | |
sudo cat /proc/sys/vm/mmap_rnd_bits | |
sudo sysctl -w vm.mmap_rnd_bits=28 | |
- name: config | |
run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: get cpu info | |
run: | | |
cat /proc/cpuinfo | |
./util/opensslwrap.sh version -c | |
- name: make test | |
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 | |
enable_tfo: | |
strategy: | |
matrix: | |
os: [ ubuntu-latest, macos-13, macos-14 ] | |
runs-on: ${{matrix.os}} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- name: config | |
run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: get cpu info | |
run: ./util/opensslwrap.sh version -c | |
- name: make test | |
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} | |
enable_buildtest: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- name: config | |
run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: get cpu info | |
run: | | |
cat /proc/cpuinfo | |
./util/opensslwrap.sh version -c | |
- name: make test | |
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} |