gnutls-wolfssl/.github/workflows/deb.yml at 0fc9ced2ebda8e202d4315ede69ebfb2934b6056 · gasbytes/gnutls-wolfssl · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
name: Deb packaging testing

on:
  push:
    branches: [ "master", "main", "release/**" ]
  pull_request: {}
concurrency:
  group: smoke-${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  deb-testing:
    runs-on: ubuntu-latest
    container:
      image: debian:bookworm
    env:
      DEBIAN_FRONTEND: noninteractive
    steps:
      - name: Checkout source
        uses: actions/checkout@v4

      - name: Install build tooling
        run: |
          apt-get update
          apt-get install -y --no-install-recommends \
            build-essential devscripts debhelper-compat fakeroot clang \
            autoconf automake libtool pkg-config gettext bison flex gperf \
            libgmp-dev libunistring-dev nettle-dev libtasn1-dev libp11-kit-dev \
            libev-dev gtk-doc-tools lintian libtasn1-bin git texinfo sudo git \
            wget

      - name: Build & install wolfSSL (non-FIPS)
        run: |
          set -e
          git clone --depth=1 https://github.com/wolfssl/wolfssl.git
          cd wolfssl
          ./autogen.sh
          ./configure CC=clang \
            --enable-cmac --with-eccminsz=192 --enable-ed25519 --enable-ed448 --enable-md5 \
            --enable-curve25519 --enable-curve448 \
            --enable-aesccm --enable-aesxts --enable-aescfb \
            --enable-keygen --enable-shake128 --enable-shake256 \
            'CFLAGS=-DWOLFSSL_PUBLIC_ASN -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DWOLFSSL_DH_EXTRA -DWOLFSSL_PSS_SALT_LEN_DISCOVER -DWOLFSSL_PUBLIC_MP -DWOLFSSL_RSA_KEY_CHECK -DHAVE_FFDHE_Q -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_ECDSA_DETERMINISTIC_K -DWOLFSSL_VALIDATE_ECC_IMPORT -DRSA_MIN_SIZE=1024 -DWOLFSSL_AES_COUNTER'
          make -j"$(nproc)"
          sudo make deb
          sudo dpkg -i ../libwolfssl_*.deb ../libwolfssl-dev_*.deb ../libwolfssl-dbgsym_*.deb

      - name: Build .deb set (gnutls-wolfssl non-FIPS)
        run: dpkg-buildpackage -us -uc -b

      - name: Install built packages (needed for the smoke test)
        run: |
          sudo dpkg -i ../gnutls-wolfssl_*.deb ../wolfssl-gnutls-wrapper_*.deb || sudo apt-get -f install -y

      - name: Wrapper-load smoke test
        run: |
          set -e
          OUT=$(WGW_LOGGING=1 gnutls-cli --version 2>&1 || true)
          echo "$OUT"
          echo "$OUT" | grep -q "ENTER: _gnutls_wolfssl_init" \
            || { echo "::error ::wrapper not initialised – FAIL"; exit 1; }

      - name: Run unit tests
        run: |
          TEST_RESULT=0
          cd wolfssl-gnutls-wrapper
          ${{ matrix.provider }} make test || TEST_RESULT=$?
          if [ "$TEST_RESULT" -ne 0 ]; then
            echo "Tests failed: TEST_RESULT=$TEST_RESULT"
            exit 1
          fi