Add CI workflow checking #784
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Linux and MacOS tests | |
permissions: | |
contents: read | |
on: [ push, pull_request , workflow_dispatch] | |
env: | |
# Semi-colon separated list of algorithims with libjade implementations to | |
# be passed as input to CMake option as: -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST | |
# See CONFIGURE.md under ## OQS_MINIMAL_BUILD | |
LIBJADE_ALG_LIST: "KEM_kyber_512;KEM_kyber_768" | |
jobs: | |
stylecheck: | |
name: Check code formatting | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 | |
- name: Ensure code conventions are upheld | |
run: python3 -m pytest --verbose tests/test_code_conventions.py | |
- name: Check that doxygen can parse the documentation | |
run: mkdir build && ./scripts/run_doxygen.sh $(which doxygen) ./docs/.Doxyfile ./build | |
- name: Validate CBOM | |
run: scripts/validate_cbom.sh | |
upstreamcheck: | |
name: Check upstream code is properly integrated | |
strategy: | |
fail-fast: false | |
matrix: | |
copy-mode: | |
- copy | |
- libjade | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
runs-on: ubuntu-latest | |
steps: | |
- name: Setup nix | |
uses: cachix/install-nix-action@v26 | |
- name: Setup jasmin-compiler | |
run: | | |
nix-channel --add https://nixos.org/channels/nixos-23.11 nixpkgs && \ | |
nix-channel --update && nix-env -iA nixpkgs.jasmin-compiler | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 | |
- name: Verify copy_from_upstream state after "${{ matrix.copy-mode}}" | |
run: | | |
git config --global user.name "ciuser" && \ | |
git config --global user.email "[email protected]" && \ | |
export LIBOQS_DIR=`pwd` && \ | |
git config --global --add safe.directory $LIBOQS_DIR && \ | |
cd scripts/copy_from_upstream && \ | |
! pip3 install --require-hashes -r requirements.txt 2>&1 | grep ERROR && \ | |
python3 copy_from_upstream.py ${{ matrix.copy-mode }} && \ | |
! git status | grep modified | |
buildcheck: | |
name: Check that code passes a basic build before starting heavier tests | |
needs: [ stylecheck, upstreamcheck ] | |
strategy: | |
matrix: | |
include: | |
- runner: oqs-arm64 | |
container: openquantumsafe/ci-ubuntu-focal-arm64:latest | |
- runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
- runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-latest:latest | |
runs-on: ${{ matrix.runner }} | |
container: ${{ matrix.container }} | |
env: | |
KEM_NAME: kyber_768 | |
SIG_NAME: dilithium_3 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 | |
- name: Configure | |
run: | | |
mkdir build && \ | |
cd build && \ | |
cmake .. --warn-uninitialized \ | |
-GNinja \ | |
-DOQS_MINIMAL_BUILD="KEM_$KEM_NAME;SIG_$SIG_NAME" \ | |
> config.log 2>&1 && \ | |
cat config.log && \ | |
cmake -LA -N .. && \ | |
! (grep "uninitialized variable" config.log) | |
- name: Build code | |
run: ninja | |
working-directory: build | |
- name: Build documentation | |
run: ninja gen_docs | |
working-directory: build | |
if: matrix.runner == 'ubuntu-latest' | |
linux: | |
needs: buildcheck | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: arm64 | |
runner: oqs-arm64 | |
container: openquantumsafe/ci-ubuntu-focal-arm64:latest | |
PYTEST_ARGS: --maxprocesses=10 --ignore=tests/test_kat_all.py | |
CMAKE_ARGS: -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON | |
- name: alpine | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-alpine-amd64:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON | |
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py | |
- name: alpine | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-alpine-amd64:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST | |
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py | |
- name: alpine-no-stfl-key-sig-gen | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-alpine-amd64:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON | |
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py | |
- name: alpine-openssl-all | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-alpine-amd64:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON | |
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py | |
- name: alpine-noopenssl | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-alpine-amd64:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON | |
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py | |
- name: focal-nistr4-openssl | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_R4 | |
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py | |
- name: focal-nistonramp-openssl | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_SIG_ONRAMP | |
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py | |
- name: focal-noopenssl | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF | |
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py | |
- name: focal-noopenssl | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST | |
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py | |
- name: focal-shared-noopenssl | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-7 -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON | |
PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py | |
- name: focal-clang15 | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang-15 | |
PYTEST_ARGS: --ignore=tests/test_kat_all.py | |
- name: jammy-std-openssl3 | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-jammy:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON | |
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py | |
- name: jammy-std-openssl3-libjade | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-jammy:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST | |
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py | |
- name: jammy-std-openssl3-dlopen | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-jammy:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON | |
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py | |
- name: jammy-std-openssl3-dlopen-libjade | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-jammy:latest | |
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST | |
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py | |
- name: address-sanitizer | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON | |
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10 | |
- name: address-sanitizer-no-stfl-key-sig-gen | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON | |
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10 | |
- name: address-sanitizer-libjade | |
runner: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST | |
PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10 | |
runs-on: ${{ matrix.runner }} | |
container: | |
image: ${{ matrix.container }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 | |
- name: Configure | |
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N .. | |
- name: Build | |
run: ninja | |
working-directory: build | |
- name: Run tests | |
timeout-minutes: 60 | |
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --numprocesses=auto ${{ matrix.PYTEST_ARGS }} | |
- name: Package .deb | |
if: matrix.name == 'jammy-std-openssl3' | |
run: cpack | |
working-directory: build | |
- name: Retain .deb file | |
if: matrix.name == 'jammy-std-openssl3' | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # pin@v3 | |
with: | |
name: liboqs-openssl3-shared-x64 | |
path: build/*.deb | |
- name: Check STD algorithm and alias | |
if: matrix.name == 'jammy-std-openssl3' | |
run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-DSA-44-ipd:\n isnull: true" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false"' | |
working-directory: build | |
linux_arm_emulated: | |
needs: buildcheck | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: armhf | |
ARCH: armhf | |
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON | |
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py | |
- name: armhf-no-stfl-key-sig-gen | |
ARCH: armhf | |
CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON | |
PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py | |
# no longer supporting armel | |
# - name: armel | |
# ARCH: armel | |
# CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 | |
- name: Install the emulation handlers | |
run: docker run --rm --privileged multiarch/qemu-user-static:register --reset | |
- name: Build in an x86_64 container | |
run: | | |
docker run --rm \ | |
-v `pwd`:`pwd` \ | |
-w `pwd` \ | |
openquantumsafe/ci-debian-buster-amd64:latest /bin/bash \ | |
-c "mkdir build && \ | |
(cd build && \ | |
cmake .. -GNinja ${{ matrix.CMAKE_ARGS }} \ | |
-DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_${{ matrix.ARCH }}.cmake && \ | |
cmake -LA -N .. && \ | |
ninja)" | |
- name: Run the tests in an ${{ matrix.ARCH }} container | |
timeout-minutes: 60 | |
run: | | |
docker run --rm -e SKIP_TESTS=style,mem_kem,mem_sig \ | |
-v `pwd`:`pwd` \ | |
-w `pwd` \ | |
openquantumsafe/ci-debian-buster-${{ matrix.ARCH }}:latest /bin/bash \ | |
-c "mkdir -p tmp && \ | |
python3 -m pytest --verbose \ | |
--numprocesses=auto \ | |
--ignore=tests/test_code_conventions.py ${{ matrix.PYTEST_ARGS }}" | |
linux_cross_compile: | |
needs: buildcheck | |
runs-on: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: windows-binaries | |
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake | |
- name: windows-dll | |
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake -DBUILD_SHARED_LIBS=ON | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 | |
- name: Configure | |
run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N .. | |
- name: Build | |
run: ninja | |
working-directory: build | |
macos: | |
needs: buildcheck | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
# macos-14 runs on aarch64; the others run on x64 | |
- macos-12 | |
- macos-13 | |
- macos-14 | |
CMAKE_ARGS: | |
- -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON | |
- -DCMAKE_C_COMPILER=gcc-13 | |
- -DOQS_USE_OPENSSL=OFF | |
- -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF | |
libjade-build: | |
- -DOQS_LIBJADE_BUILD=OFF | |
# Restrict -DOQS_LIBJADE_BUILD=ON build to algs provided by | |
# libjade to minimise repeated tests | |
- -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST | |
exclude: | |
# macos-14 runs on aarch64, libjade targets x86 | |
# Skip testing libjade on macos-14 | |
- os: macos-14 | |
libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD=$LIBJADE_ALG_LIST | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Install Python | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5 | |
with: | |
python-version: '3.12' | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 | |
- name: Install dependencies | |
run: env HOMEBREW_NO_AUTO_UPDATE=1 brew install ninja && pip3 install --require-hashes --break-system-packages -r .github/workflows/requirements.txt | |
- name: Patch GCC | |
run: env HOMEBREW_NO_AUTO_UPDATE=1 brew uninstall --ignore-dependencies gcc@13 && wget https://raw.githubusercontent.com/Homebrew/homebrew-core/eb6dd225d093b66054e18e07d56509cf670793b1/Formula/g/gcc%4013.rb && env HOMEBREW_NO_AUTO_UPDATE=1 brew install --ignore-dependencies --formula [email protected] | |
- name: Get system information | |
run: sysctl -a | grep machdep.cpu | |
- name: Configure | |
run: mkdir -p build && cd build && source ~/.bashrc && cmake -GNinja -DOQS_STRICT_WARNINGS=ON ${{ matrix.CMAKE_ARGS }} ${{ matrix.libjade-build }} .. && cmake -LA -N .. | |
- name: Build | |
run: ninja | |
working-directory: build | |
- name: Run tests | |
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py | |
timeout-minutes: 60 | |
linux_openssl330-dev: | |
needs: buildcheck | |
runs-on: ubuntu-latest | |
container: | |
image: openquantumsafe/ci-ubuntu-jammy:latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 | |
- name: Retrieve OpenSSL330 from cache | |
id: cache-openssl330 | |
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # pin@v3 | |
with: | |
path: .localopenssl330 | |
key: ${{ runner.os }}-openssl330 | |
- name: Checkout the OpenSSL v3.3.0 commit | |
if: steps.cache-openssl330.outputs.cache-hit != 'true' | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 | |
with: | |
repository: 'openssl/openssl' | |
ref: 'openssl-3.3.0-beta1' | |
path: openssl | |
- name: Prepare the OpenSSL build directory | |
if: steps.cache-openssl330.outputs.cache-hit != 'true' | |
run: mkdir .localopenssl330 | |
working-directory: openssl | |
- name: Build openssl3 if not cached | |
if: steps.cache-openssl330.outputs.cache-hit != 'true' | |
run: | | |
./config --prefix=`pwd`/../.localopenssl330 && make -j 4 && make install_sw install_ssldirs | |
working-directory: openssl | |
- name: Save OpenSSL | |
id: cache-openssl-save | |
if: steps.cache-openssl330.outputs.cache-hit != 'true' | |
uses: actions/cache/save@e12d46a63a90f2fae62d114769bbf2a179198b5c # pin@v3 | |
with: | |
path: | | |
.localopenssl330 | |
key: ${{ runner.os }}-openssl330 | |
- name: Configure | |
run: mkdir build && cd build && cmake -GNinja -DOQS_STRICT_WARNINGS=ON -DOPENSSL_ROOT_DIR=../.localopenssl330 -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON .. && cmake -LA -N .. | |
- name: Build | |
run: ninja | |
working-directory: build | |
- name: Run tests | |
timeout-minutes: 60 | |
run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py | |
scan_build: | |
needs: buildcheck | |
runs-on: ubuntu-latest | |
container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Configure | |
run: mkdir build && cd build && scan-build-15 cmake -GNinja .. | |
- name: Build | |
run: scan-build-15 --status-bugs ninja | |
working-directory: build |