Address issues with the push manifest CI workflow (#333) #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: openssl3 | |
on: | |
push: | |
branches: [ 'main' ] | |
paths: ['.github/workflows/openssl3.yml', 'openssl3/**'] | |
pull_request: | |
branches: [ 'main' ] | |
paths: ['.github/workflows/openssl3.yml', 'openssl3/**'] | |
workflow_call: | |
inputs: | |
build_main: | |
description: "Build using liboqs and oqsprovider main branches" | |
required: false | |
default: false | |
type: boolean | |
release_tag: | |
description: "Which docker tag to push to" | |
required: false | |
type: string | |
workflow_dispatch: | |
inputs: | |
build_main: | |
description: "Build using liboqs and oqsprovider main branches" | |
required: false | |
default: false | |
type: boolean | |
release_tag: | |
description: "Which docker tag to push to" | |
required: false | |
type: string | |
env: | |
build-args: | | |
LIBOQS_TAG=main | |
OQSPROVIDER_TAG=main | |
push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- arch: x86_64 | |
runner: ubuntu-latest | |
- arch: arm64 | |
runner: oqs-arm64 | |
runs-on: ${{ matrix.runner }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/login-action@v3 | |
if: env.push == 'true' | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build the Docker image | |
uses: docker/build-push-action@v6 | |
with: | |
load: true | |
context: openssl3 | |
build-args: | | |
MAKE_DEFINES=-j4 | |
${{ (inputs.build_main == 'true') && env.build-args || null }} | |
tags: oqs-ossl3 | |
- name: Test openssl3 with provider - one baseline and one hybrid QSC algorithm | |
run: | | |
docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && | |
docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" | |
- name: Push Docker image to registries | |
if: env.push == 'true' | |
uses: docker/build-push-action@v6 | |
with: | |
push: true | |
context: openssl3 | |
build-args: | | |
MAKE_DEFINES=-j4 | |
${{ (inputs.build_main == 'true') && env.build-args || null }} | |
tags: | | |
ghcr.io/${{ github.repository_owner }}/openssl3:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} | |
openquantumsafe/openssl3:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} | |
push: | |
if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} | |
needs: build | |
uses: ./.github/workflows/push-manifest.yml | |
with: | |
image_name: openssl3 | |
release_tag: ${{ inputs.release_tag || 'latest' }} |