From 0d55b45b2bbc9b3be01c4c0478c3e8b1200321ce Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Wed, 20 Nov 2024 12:48:55 -0600 Subject: [PATCH 01/32] create build and test workflow for openssl3 Signed-off-by: Alex Bozarth --- .github/workflows/openssl3.yml | 51 ++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/openssl3.yml diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml new file mode 100644 index 0000000..6f12b7a --- /dev/null +++ b/.github/workflows/openssl3.yml @@ -0,0 +1,51 @@ +name: Build & Test - openssl3 + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/openssl3.yml', 'openssl3/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/openssl3.yml', 'openssl3/**'] + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + build: + - name: release + - name: latest + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: openssl3 + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j 18 + ${{ matrix.build.build-args }} + tags: oqs-ossl3-img + + - name: Spot-test - One baseline and one hybrid QSC alg + run: | + docker run --rm --name oqs-ossl3 oqs-ossl3-img sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && + docker run --rm --name oqs-ossl3 oqs-ossl3-img sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" From 0609139382d6442c1b968c18d0e1e0989469e602 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Wed, 20 Nov 2024 17:13:29 -0600 Subject: [PATCH 02/32] add curl and httpd workflows also update openssl3 workflow to only use the available 4 cores Signed-off-by: Alex Bozarth --- .github/workflows/curl.yml | 62 ++++++++++++++++++++++++++++++++ .github/workflows/httpd.yml | 64 ++++++++++++++++++++++++++++++++++ .github/workflows/openssl3.yml | 8 ++--- 3 files changed, 130 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/curl.yml create mode 100644 .github/workflows/httpd.yml diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml new file mode 100644 index 0000000..31e8ba3 --- /dev/null +++ b/.github/workflows/curl.yml @@ -0,0 +1,62 @@ +name: Build & Test - curl + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/curl.yml', 'curl/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/curl.yml', 'curl/**'] + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + build: + - name: release + - name: latest + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: curl + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ matrix.build.build-args }} + tags: oqs-curl + + - name: Build the Docker image (dev) + uses: docker/build-push-action@v6 + with: + load: true + context: curl + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ matrix.build.build-args }} + target: dev + tags: oqs-curl-dev + + - name: Spot-test - One baseline and one hybrid QSC alg + run: | + docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl perftest.sh diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml new file mode 100644 index 0000000..12889e7 --- /dev/null +++ b/.github/workflows/httpd.yml @@ -0,0 +1,64 @@ +name: Build & Test - httpd + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/httpd.yml', 'httpd/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/httpd.yml', 'httpd/**'] + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + build: + - name: release + - name: latest + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the httpd Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: httpd + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ matrix.build.build-args }} + tags: oqs-httpd + + - name: Build the curl Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: curl + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ matrix.build.build-args }} + tags: oqs-curl + + - name: Spot-test - One baseline and one hybrid QSC alg + run: | + docker network create httpd-test && + docker run --network httpd-test --detach --rm --name oqs-httpd oqs-httpd && + sleep 2 && + docker run --network httpd-test oqs-curl curl -k https://oqs-httpd:4433 --curves kyber768 diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 6f12b7a..54a3058 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -41,11 +41,11 @@ jobs: context: openssl3 platforms: ${{ matrix.platform }} build-args: | - MAKE_DEFINES=-j 18 + MAKE_DEFINES=-j4 ${{ matrix.build.build-args }} - tags: oqs-ossl3-img + tags: oqs-ossl3 - name: Spot-test - One baseline and one hybrid QSC alg run: | - docker run --rm --name oqs-ossl3 oqs-ossl3-img sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && - docker run --rm --name oqs-ossl3 oqs-ossl3-img sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" + docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && + docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" From 536b568bb2e72703dc02ad40e1d1fb6cabb93e57 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Wed, 20 Nov 2024 18:29:36 -0600 Subject: [PATCH 03/32] fix test step names Signed-off-by: Alex Bozarth --- .github/workflows/curl.yml | 2 +- .github/workflows/httpd.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 31e8ba3..7bc8ad1 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -57,6 +57,6 @@ jobs: target: dev tags: oqs-curl-dev - - name: Spot-test - One baseline and one hybrid QSC alg + - name: Test curl run: | docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl perftest.sh diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml index 12889e7..7c1f1eb 100644 --- a/.github/workflows/httpd.yml +++ b/.github/workflows/httpd.yml @@ -56,7 +56,7 @@ jobs: ${{ matrix.build.build-args }} tags: oqs-curl - - name: Spot-test - One baseline and one hybrid QSC alg + - name: Test httpd using curl run: | docker network create httpd-test && docker run --network httpd-test --detach --rm --name oqs-httpd oqs-httpd && From e22e0eb08ddb61221cf15ff7edaa74dc45ce7bc9 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Wed, 20 Nov 2024 18:43:29 -0600 Subject: [PATCH 04/32] make building against latest liboqs optional move the build against liboqs/oqsprovider matrix builds to a triggerable option not run automatically Signed-off-by: Alex Bozarth --- .github/workflows/curl.yml | 21 +++++++++++++-------- .github/workflows/httpd.yml | 21 +++++++++++++-------- .github/workflows/openssl3.yml | 19 ++++++++++++------- 3 files changed, 38 insertions(+), 23 deletions(-) diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 7bc8ad1..29da7c7 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -8,6 +8,17 @@ on: branches: [ 'main' ] paths: ['.github/workflows/curl.yml', 'curl/**'] workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main jobs: build: @@ -18,12 +29,6 @@ jobs: platform: - linux/amd64 - linux/arm64 - build: - - name: release - - name: latest - build-args: | - LIBOQS_TAG=main - OQSPROVIDER_TAG=main steps: - uses: actions/checkout@v3 - uses: docker/setup-qemu-action@v3 @@ -42,7 +47,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ matrix.build.build-args }} + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} tags: oqs-curl - name: Build the Docker image (dev) @@ -53,7 +58,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ matrix.build.build-args }} + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} target: dev tags: oqs-curl-dev diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml index 7c1f1eb..25e4a42 100644 --- a/.github/workflows/httpd.yml +++ b/.github/workflows/httpd.yml @@ -8,6 +8,17 @@ on: branches: [ 'main' ] paths: ['.github/workflows/httpd.yml', 'httpd/**'] workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main jobs: build: @@ -18,12 +29,6 @@ jobs: platform: - linux/amd64 - linux/arm64 - build: - - name: release - - name: latest - build-args: | - LIBOQS_TAG=main - OQSPROVIDER_TAG=main steps: - uses: actions/checkout@v3 - uses: docker/setup-qemu-action@v3 @@ -42,7 +47,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ matrix.build.build-args }} + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} tags: oqs-httpd - name: Build the curl Docker image @@ -53,7 +58,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ matrix.build.build-args }} + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} tags: oqs-curl - name: Test httpd using curl diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 54a3058..076a494 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -8,6 +8,17 @@ on: branches: [ 'main' ] paths: ['.github/workflows/openssl3.yml', 'openssl3/**'] workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main jobs: build: @@ -18,12 +29,6 @@ jobs: platform: - linux/amd64 - linux/arm64 - build: - - name: release - - name: latest - build-args: | - LIBOQS_TAG=main - OQSPROVIDER_TAG=main steps: - uses: actions/checkout@v3 - uses: docker/setup-qemu-action@v3 @@ -42,7 +47,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ matrix.build.build-args }} + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} tags: oqs-ossl3 - name: Spot-test - One baseline and one hybrid QSC alg From 55e675dfc6ef4a4e3309de6f6dc6094a0c9a2da7 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 12:41:34 -0600 Subject: [PATCH 05/32] Add nginx workflow and generic curl tests Signed-off-by: Alex Bozarth --- .github/workflows/curl.yml | 17 +++++++-- .github/workflows/nginx.yml | 70 +++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/nginx.yml diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 29da7c7..b64c004 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -62,6 +62,19 @@ jobs: target: dev tags: oqs-curl-dev - - name: Test curl + - name: Build the Docker image (with generic liboqs) + uses: docker/build-push-action@v6 + with: + load: true + context: curl + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-curl-generic + + - name: Test curl and curl generic run: | - docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl perftest.sh + docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl perftest.sh && + docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl-generic perftest.sh diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml new file mode 100644 index 0000000..117efff --- /dev/null +++ b/.github/workflows/nginx.yml @@ -0,0 +1,70 @@ +name: Build & Test - nginx + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/nginx.yml', 'nginx/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/nginx.yml', 'nginx/**'] + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: nginx + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-nginx + + - name: Build the curl Docker image (with generic liboqs) + uses: docker/build-push-action@v6 + with: + load: true + context: curl + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-curl-generic + + - name: Test nginx with curl generic + run: | + docker network create nginx-test && + docker run --network nginx-test --detach --rm --name oqs-nginx oqs-nginx && + sleep 2 && + docker run --network nginx-test oqs-curl-generic curl -k https://oqs-nginx:4433 From 4e50cce67b49a1e2240103df1305179d1bd45057 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 13:02:54 -0600 Subject: [PATCH 06/32] Add openssh workflow Signed-off-by: Alex Bozarth --- .github/workflows/openssh.yml | 55 ++++++++++++++++++++++++++++++++++ .github/workflows/openssl3.yml | 2 +- 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/openssh.yml diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml new file mode 100644 index 0000000..678dc4c --- /dev/null +++ b/.github/workflows/openssh.yml @@ -0,0 +1,55 @@ +name: Build & Test - openssh + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/openssh.yml', 'openssh/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/openssh.yml', 'openssh/**'] + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: openssh + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-openssh + + - name: Test openssh + run: | + docker run --rm --name oqs-openssh oqs-openssh connect-test.sh diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 076a494..1ff103f 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -50,7 +50,7 @@ jobs: ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} tags: oqs-ossl3 - - name: Spot-test - One baseline and one hybrid QSC alg + - name: Test openssl3 with provider - one baseline and one hybrid QSC algorithm run: | docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" From 7c37f3cd17d74eda6cc2fff6e5a9025172c46324 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 13:37:11 -0600 Subject: [PATCH 07/32] Create a callable workflow to trigger all builds Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 43 ++++++++++++++++++++++++++++++++++ .github/workflows/curl.yml | 2 +- .github/workflows/httpd.yml | 2 +- .github/workflows/nginx.yml | 2 +- .github/workflows/openssh.yml | 2 +- .github/workflows/openssl3.yml | 2 +- 6 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..a05d91e --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,43 @@ +name: Build & Test - all + +on: + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +jobs: + curl: + uses: ./.github/workflows/curl.yml + with: + build_main: ${{ github.event.inputs.build_main }} + + httpd: + uses: ./.github/workflows/httpd.yml + with: + build_main: ${{ github.event.inputs.build_main }} + + nginx: + uses: ./.github/workflows/nginx.yml + with: + build_main: ${{ github.event.inputs.build_main }} + + openssh: + uses: ./.github/workflows/openssh.yml + with: + build_main: ${{ github.event.inputs.build_main }} + + openssl3: + uses: ./.github/workflows/openssl3.yml + with: + build_main: ${{ github.event.inputs.build_main }} diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index b64c004..87ab966 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [ 'main' ] paths: ['.github/workflows/curl.yml', 'curl/**'] - workflow_dispatch: + workflow_call: inputs: build_main: description: "Build using liboqs and oqsprovider main branches" diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml index 25e4a42..2c11dfb 100644 --- a/.github/workflows/httpd.yml +++ b/.github/workflows/httpd.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [ 'main' ] paths: ['.github/workflows/httpd.yml', 'httpd/**'] - workflow_dispatch: + workflow_call: inputs: build_main: description: "Build using liboqs and oqsprovider main branches" diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 117efff..3913b23 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [ 'main' ] paths: ['.github/workflows/nginx.yml', 'nginx/**'] - workflow_dispatch: + workflow_call: inputs: build_main: description: "Build using liboqs and oqsprovider main branches" diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 678dc4c..66648fb 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [ 'main' ] paths: ['.github/workflows/openssh.yml', 'openssh/**'] - workflow_dispatch: + workflow_call: inputs: build_main: description: "Build using liboqs and oqsprovider main branches" diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 1ff103f..ac39422 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [ 'main' ] paths: ['.github/workflows/openssl3.yml', 'openssl3/**'] - workflow_dispatch: + workflow_call: inputs: build_main: description: "Build using liboqs and oqsprovider main branches" From c3429a9756921fa1ebe9806184838064edbd6492 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 14:27:28 -0600 Subject: [PATCH 08/32] add h2load workflow Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 5 +++ .github/workflows/h2load.yml | 67 ++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 .github/workflows/h2load.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a05d91e..b6e2663 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,6 +27,11 @@ jobs: with: build_main: ${{ github.event.inputs.build_main }} + h2load: + uses: ./.github/workflows/h2load.yml + with: + build_main: ${{ github.event.inputs.build_main }} + nginx: uses: ./.github/workflows/nginx.yml with: diff --git a/.github/workflows/h2load.yml b/.github/workflows/h2load.yml new file mode 100644 index 0000000..31af83e --- /dev/null +++ b/.github/workflows/h2load.yml @@ -0,0 +1,67 @@ +name: Build & Test - h2load + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/h2load.yml', 'h2load/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/h2load.yml', 'h2load/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: h2load + platforms: ${{ matrix.platform }} + build-args: | + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-h2load + + - name: Build the nginx Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: nginx + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-nginx + + - name: Test h2load using nginx + run: | + docker network create h2load-test && + docker run --network h2load-test --detach --rm --name oqs-nginx oqs-nginx && + docker run --network h2load-test oqs-h2load sh -c "h2load -n 100 -c 10 https://oqs-nginx:4433 --groups kyber512" From 5f41da186aa240682bd54edb466a14221dba3366 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 14:43:12 -0600 Subject: [PATCH 09/32] add haproxy workflow Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 5 +++ .github/workflows/haproxy.yml | 69 +++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 .github/workflows/haproxy.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b6e2663..7241913 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,6 +32,11 @@ jobs: with: build_main: ${{ github.event.inputs.build_main }} + haproxy: + uses: ./.github/workflows/haproxy.yml + with: + build_main: ${{ github.event.inputs.build_main }} + nginx: uses: ./.github/workflows/nginx.yml with: diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml new file mode 100644 index 0000000..a984a12 --- /dev/null +++ b/.github/workflows/haproxy.yml @@ -0,0 +1,69 @@ +name: Build & Test - haproxy + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/haproxy.yml', 'haproxy/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/haproxy.yml', 'haproxy/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: haproxy + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-haproxy + + - name: Build the curl Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: curl + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-curl + + - name: Test haproxy using curl + run: | + docker network create haproxy-test && + docker run --network haproxy-test --detach --rm --name oqs-haproxy oqs-haproxy && + sleep 4 && + docker run --network haproxy-test oqs-curl curl -k https://oqs-haproxy:4433 From b1d5079ee82110bc1a9c02838cb55d7da80021a7 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 14:51:34 -0600 Subject: [PATCH 10/32] locust workflow note this workflow does not include tests Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 15 +++++++---- .github/workflows/locust.yml | 51 ++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/locust.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7241913..39a6e21 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,11 +22,6 @@ jobs: with: build_main: ${{ github.event.inputs.build_main }} - httpd: - uses: ./.github/workflows/httpd.yml - with: - build_main: ${{ github.event.inputs.build_main }} - h2load: uses: ./.github/workflows/h2load.yml with: @@ -37,6 +32,16 @@ jobs: with: build_main: ${{ github.event.inputs.build_main }} + httpd: + uses: ./.github/workflows/httpd.yml + with: + build_main: ${{ github.event.inputs.build_main }} + + locust: + uses: ./.github/workflows/locust.yml + with: + build_main: ${{ github.event.inputs.build_main }} + nginx: uses: ./.github/workflows/nginx.yml with: diff --git a/.github/workflows/locust.yml b/.github/workflows/locust.yml new file mode 100644 index 0000000..efb6a04 --- /dev/null +++ b/.github/workflows/locust.yml @@ -0,0 +1,51 @@ +name: Build - locust + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/locust.yml', 'locust/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/locust.yml', 'locust/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: locust + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-locust From 1d3f07d360d80f3f4d1f9c9965e4031a3379183a Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 15:07:17 -0600 Subject: [PATCH 11/32] wireshark workflow note this workflow does not include tests Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 5 ++++ .github/workflows/wireshark.yml | 50 +++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 .github/workflows/wireshark.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 39a6e21..9632413 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -56,3 +56,8 @@ jobs: uses: ./.github/workflows/openssl3.yml with: build_main: ${{ github.event.inputs.build_main }} + + wireshark: + uses: ./.github/workflows/wireshark.yml + with: + build_main: ${{ github.event.inputs.build_main }} diff --git a/.github/workflows/wireshark.yml b/.github/workflows/wireshark.yml new file mode 100644 index 0000000..b045356 --- /dev/null +++ b/.github/workflows/wireshark.yml @@ -0,0 +1,50 @@ +name: Build - wireshark + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/wireshark.yml', 'wireshark/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/wireshark.yml', 'wireshark/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: wireshark + platforms: ${{ matrix.platform }} + build-args: | + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-wireshark From cbe67c993fb143054f47cffda5cab60ed14b72db Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 15:58:01 -0600 Subject: [PATCH 12/32] mosquitto Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 5 +++ .github/workflows/mosquitto.yml | 60 +++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 .github/workflows/mosquitto.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9632413..174a096 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -42,6 +42,11 @@ jobs: with: build_main: ${{ github.event.inputs.build_main }} + mosquitto: + uses: ./.github/workflows/mosquitto.yml + with: + build_main: ${{ github.event.inputs.build_main }} + nginx: uses: ./.github/workflows/nginx.yml with: diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml new file mode 100644 index 0000000..a4336ab --- /dev/null +++ b/.github/workflows/mosquitto.yml @@ -0,0 +1,60 @@ +name: Build & Test - mosquitto + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/mosquitto.yml', 'mosquitto/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/mosquitto.yml', 'mosquitto/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: mosquitto + platforms: ${{ matrix.platform }} + build-args: | + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-mosquitto + + - name: Test mosquitto using local docker network + run: | + docker network create --subnet=192.168.0.0/16 mosquitto-test && + docker run --network mosquitto-test --ip 192.168.0.2 -it --rm --name oqs-mosquitto-broker -e "BROKER_IP=192.168.0.2" -e "EXAMPLE=broker-start.sh" -d oqs-mosquitto && + docker run --network mosquitto-test --ip 192.168.0.3 -it --rm --name oqs-mosquitto-subscriber -e "BROKER_IP=192.168.0.2" -e "SUB_IP=192.168.0.3" -e "EXAMPLE=subscriber-start.sh" -d oqs-mosquitto && + docker run --network mosquitto-test --ip 192.168.0.4 -it --rm --name oqs-mosquitto-publisher -e "BROKER_IP=192.168.0.2" -e "PUB_IP=192.168.0.4" -e "EXAMPLE=publisher-start.sh" -d oqs-mosquitto && + sleep 2 && + docker logs oqs-mosquitto-publisher | grep "Client_pub sending PUBLISH" && + docker logs oqs-mosquitto-subscriber | grep "Hello world" From 0dc2cf1d2ee31b2f2d7b0190eb1097a8bda933a2 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 15:42:11 -0600 Subject: [PATCH 13/32] ngtcp2 Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 5 +++ .github/workflows/ngtcp2.yml | 71 ++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 .github/workflows/ngtcp2.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 174a096..e3af851 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,6 +52,11 @@ jobs: with: build_main: ${{ github.event.inputs.build_main }} + ngtcp2: + uses: ./.github/workflows/ngtcp2.yml + with: + build_main: ${{ github.event.inputs.build_main }} + openssh: uses: ./.github/workflows/openssh.yml with: diff --git a/.github/workflows/ngtcp2.yml b/.github/workflows/ngtcp2.yml new file mode 100644 index 0000000..65f8c49 --- /dev/null +++ b/.github/workflows/ngtcp2.yml @@ -0,0 +1,71 @@ +name: Build & Test - ngtcp2 + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/ngtcp2.yml', 'ngtcp2/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/ngtcp2.yml', 'ngtcp2/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the server Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: ngtcp2 + file: ngtcp2/Dockerfile-server + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-ngtcp2-server + + - name: Build the client Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: ngtcp2 + file: ngtcp2/Dockerfile-client + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-ngtcp2-client + + - name: Test ngtcp2 using local docker network + run: | + docker network create ngtcp2-test && + docker run --network ngtcp2-test --detach --name oqs-ngtcp2server oqs-ngtcp2-server && + docker run --network ngtcp2-test --name oqs-ngtcp2client oqs-ngtcp2-client sh -c 'qtlsclient --exit-on-first-stream-close --groups kyber512 oqs-ngtcp2server 6000' && + docker logs oqs-ngtcp2client 2>&1 | grep "QUIC handshake has been confirmed" From 4c6e7ed277b0d7aa0aa92778ad1763f66d1d88eb Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 16:44:06 -0600 Subject: [PATCH 14/32] openvpn Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 5 ++++ .github/workflows/openvpn.yml | 56 +++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 .github/workflows/openvpn.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e3af851..bab2b0c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,6 +67,11 @@ jobs: with: build_main: ${{ github.event.inputs.build_main }} + openvpn: + uses: ./.github/workflows/openvpn.yml + with: + build_main: ${{ github.event.inputs.build_main }} + wireshark: uses: ./.github/workflows/wireshark.yml with: diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml new file mode 100644 index 0000000..292ba52 --- /dev/null +++ b/.github/workflows/openvpn.yml @@ -0,0 +1,56 @@ +name: Build & Test - openvpn + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/openvpn.yml', 'openvpn/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/openvpn.yml', 'openvpn/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: openvpn + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-openvpn + + - name: Test openvpn + working-directory: ./openvpn + run: | + sh ./test.sh dilithium5 p521_kyber1024 From d4c1957e7624607083dafa42a8ef0141a95fcad5 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 16:47:33 -0600 Subject: [PATCH 15/32] prep for adding push steps Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 2 +- .github/workflows/curl.yml | 9 ++++++++- .github/workflows/h2load.yml | 9 ++++++++- .github/workflows/haproxy.yml | 9 ++++++++- .github/workflows/httpd.yml | 9 ++++++++- .github/workflows/locust.yml | 9 ++++++++- .github/workflows/mosquitto.yml | 9 ++++++++- .github/workflows/nginx.yml | 9 ++++++++- .github/workflows/ngtcp2.yml | 9 ++++++++- .github/workflows/openssh.yml | 9 ++++++++- .github/workflows/openssl3.yml | 9 ++++++++- .github/workflows/openvpn.yml | 9 ++++++++- .github/workflows/wireshark.yml | 9 ++++++++- 13 files changed, 97 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bab2b0c..e80ef32 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Build & Test - all +name: Run all on: workflow_call: diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 87ab966..850eb8b 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -1,4 +1,4 @@ -name: Build & Test - curl +name: curl on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/h2load.yml b/.github/workflows/h2load.yml index 31af83e..ac7a886 100644 --- a/.github/workflows/h2load.yml +++ b/.github/workflows/h2load.yml @@ -1,4 +1,4 @@ -name: Build & Test - h2load +name: h2load on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml index a984a12..aab2d35 100644 --- a/.github/workflows/haproxy.yml +++ b/.github/workflows/haproxy.yml @@ -1,4 +1,4 @@ -name: Build & Test - haproxy +name: haproxy on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml index 2c11dfb..1183346 100644 --- a/.github/workflows/httpd.yml +++ b/.github/workflows/httpd.yml @@ -1,4 +1,4 @@ -name: Build & Test - httpd +name: httpd on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/locust.yml b/.github/workflows/locust.yml index efb6a04..34a4e30 100644 --- a/.github/workflows/locust.yml +++ b/.github/workflows/locust.yml @@ -1,4 +1,4 @@ -name: Build - locust +name: locust on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index a4336ab..f0d9f06 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -1,4 +1,4 @@ -name: Build & Test - mosquitto +name: mosquitto on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 3913b23..165eb70 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -1,4 +1,4 @@ -name: Build & Test - nginx +name: nginx on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/ngtcp2.yml b/.github/workflows/ngtcp2.yml index 65f8c49..0f6fa30 100644 --- a/.github/workflows/ngtcp2.yml +++ b/.github/workflows/ngtcp2.yml @@ -1,4 +1,4 @@ -name: Build & Test - ngtcp2 +name: ngtcp2 on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 66648fb..c3cb7dd 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -1,4 +1,4 @@ -name: Build & Test - openssh +name: openssh on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index ac39422..f3bb1b7 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -1,4 +1,4 @@ -name: Build & Test - openssl3 +name: openssl3 on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 292ba52..6254de9 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -1,4 +1,4 @@ -name: Build & Test - openvpn +name: openvpn on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | diff --git a/.github/workflows/wireshark.yml b/.github/workflows/wireshark.yml index b045356..be435e2 100644 --- a/.github/workflows/wireshark.yml +++ b/.github/workflows/wireshark.yml @@ -1,4 +1,4 @@ -name: Build - wireshark +name: wireshark on: push: @@ -14,6 +14,13 @@ on: required: false default: false type: boolean + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean env: build-args: | From 80dd76d9361455120501f3c5fe1e8749765a4521 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 17:04:42 -0600 Subject: [PATCH 16/32] Fix run all Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e80ef32..5f6cb77 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,59 +20,59 @@ jobs: curl: uses: ./.github/workflows/curl.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} h2load: uses: ./.github/workflows/h2load.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} haproxy: uses: ./.github/workflows/haproxy.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} httpd: uses: ./.github/workflows/httpd.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} locust: uses: ./.github/workflows/locust.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} mosquitto: uses: ./.github/workflows/mosquitto.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} nginx: uses: ./.github/workflows/nginx.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} ngtcp2: uses: ./.github/workflows/ngtcp2.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} openssh: uses: ./.github/workflows/openssh.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} openssl3: uses: ./.github/workflows/openssl3.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} openvpn: uses: ./.github/workflows/openvpn.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} wireshark: uses: ./.github/workflows/wireshark.yml with: - build_main: ${{ github.event.inputs.build_main }} + build_main: ${{ github.event.inputs.build_main == 'true' }} From 235541ecc5a1aaaf1955518e3a534f534e81c42d Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 19:33:18 -0600 Subject: [PATCH 17/32] fix warnings Signed-off-by: Alex Bozarth --- .github/workflows/curl.yml | 2 +- .github/workflows/h2load.yml | 2 +- .github/workflows/haproxy.yml | 2 +- .github/workflows/httpd.yml | 2 +- .github/workflows/locust.yml | 2 +- .github/workflows/mosquitto.yml | 2 +- .github/workflows/nginx.yml | 2 +- .github/workflows/ngtcp2.yml | 2 +- .github/workflows/openssh.yml | 2 +- .github/workflows/openssl3.yml | 2 +- .github/workflows/openvpn.yml | 2 +- .github/workflows/wireshark.yml | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 850eb8b..e55e79f 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/h2load.yml b/.github/workflows/h2load.yml index ac7a886..b7fcfa4 100644 --- a/.github/workflows/h2load.yml +++ b/.github/workflows/h2load.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml index aab2d35..e327c1d 100644 --- a/.github/workflows/haproxy.yml +++ b/.github/workflows/haproxy.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml index 1183346..d86127b 100644 --- a/.github/workflows/httpd.yml +++ b/.github/workflows/httpd.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/locust.yml b/.github/workflows/locust.yml index 34a4e30..a5a0a42 100644 --- a/.github/workflows/locust.yml +++ b/.github/workflows/locust.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index f0d9f06..5d9d514 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 165eb70..70660dd 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/ngtcp2.yml b/.github/workflows/ngtcp2.yml index 0f6fa30..c27388f 100644 --- a/.github/workflows/ngtcp2.yml +++ b/.github/workflows/ngtcp2.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index c3cb7dd..1e58145 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index f3bb1b7..273484c 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 6254de9..6a9efc8 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/wireshark.yml b/.github/workflows/wireshark.yml index be435e2..86da7ad 100644 --- a/.github/workflows/wireshark.yml +++ b/.github/workflows/wireshark.yml @@ -37,7 +37,7 @@ jobs: - linux/amd64 - linux/arm64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 From f3dd085cdbd975281b4635aaeb83052503bbd268 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 18:24:48 -0600 Subject: [PATCH 18/32] add push to openssl3 Signed-off-by: Alex Bozarth --- .github/workflows/openssl3.yml | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 273484c..895dff6 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: ${{ env.push == true }} + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -54,10 +68,24 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-ossl3 - name: Test openssl3 with provider - one baseline and one hybrid QSC algorithm run: | docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" + + - name: Push Docker image to registries + if: env.push + uses: docker/build-push-action@v6 + with: + push: true + context: openssl3 + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + openquantumsafe/openssl3:${{ inputs.release_tag || 'latest' }} + ghcr.io/open-quantum-safe/openssl3:${{ inputs.release_tag || 'latest' }} From afe727aac8fa909efa2e4ca2505063b03b089f46 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 19:54:40 -0600 Subject: [PATCH 19/32] dont push on pr Signed-off-by: Alex Bozarth --- .github/workflows/openssl3.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 895dff6..4a93a2f 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -50,7 +50,7 @@ jobs: - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 - if: ${{ env.push == true }} + if: env.push with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} From 3d1414befc9756204a41122200e84bea17cc1370 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 20:00:41 -0600 Subject: [PATCH 20/32] fix if statements Signed-off-by: Alex Bozarth --- .github/workflows/openssl3.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 4a93a2f..ff6c6b1 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -50,7 +50,7 @@ jobs: - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 - if: env.push + if: env.push == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -77,7 +77,7 @@ jobs: docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" - name: Push Docker image to registries - if: env.push + if: env.push == 'true' uses: docker/build-push-action@v6 with: push: true From de0857a8d579a039e2fe623d57da107cde65333e Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 20:36:17 -0600 Subject: [PATCH 21/32] Update QUIC to work on PRs Signed-off-by: Alex Bozarth --- .github/workflows/quic.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/quic.yml b/.github/workflows/quic.yml index e550aa6..d9e6690 100644 --- a/.github/workflows/quic.yml +++ b/.github/workflows/quic.yml @@ -12,6 +12,7 @@ on: env: TARGET_NAME: openquantumsafe + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: test-push: @@ -21,9 +22,16 @@ jobs: - uses: actions/checkout@v4 - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.push == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Create a shared volume run: docker volume create shared-1 shell: bash @@ -50,6 +58,7 @@ jobs: curl --cacert /certs/CA.crt --http3-only https://host.docker.internal --curves hqc192 -vvvv shell: bash - name: Push Docker images to Docker Hub + if: env.push == 'true' run: | docker push $TARGET_NAME/curl-quic:latest docker push $TARGET_NAME/nginx-quic:latest From 6b07b25989ce4d0a08e3f2dd9f07982beba094d2 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 25 Nov 2024 21:03:44 -0600 Subject: [PATCH 22/32] turn off old ci Signed-off-by: Alex Bozarth --- .github/workflows/linux.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index cf96496..9453c8c 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -3,8 +3,6 @@ name: Docker images on: push: branches: [ '*' ] - pull_request: - branches: [ "main" ] repository_dispatch: types: [ '*' ] From a33da46c819bd12730ea7e5b22aeaeb5225763a8 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Tue, 26 Nov 2024 15:09:30 -0600 Subject: [PATCH 23/32] Update locust workflow with tests Based on suggestions from @davidgca Signed-off-by: Alex Bozarth --- .github/workflows/locust.yml | 49 +++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/.github/workflows/locust.yml b/.github/workflows/locust.yml index a5a0a42..9d155a4 100644 --- a/.github/workflows/locust.yml +++ b/.github/workflows/locust.yml @@ -55,4 +55,51 @@ jobs: build-args: | MAKE_DEFINES=-j4 ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} - tags: oqs-locust + tags: | + oqs-locust + oqs-locust:0.0.1 + + # Launch the Locust environment with a single worker for this test case. + - name: Launch Locust in Docker Compose + working-directory: ./locust + run: | + LOGGER_LEVEL=DEBUG HOST=https://localhost:4433 GROUP=kyber768 docker compose up -d --scale worker=1 + - run: sleep 10 + + # Start the OpenSSL quantum-safe server inside the Locust worker container. + - name: Start OpenSSL server + working-directory: ./locust + run: | + docker exec -d locust-worker-1 openssl s_server \ + -cert bin/CA.crt \ + -key bin/CA.key \ + -www \ + -tls1_3 \ + -groups kyber768 + - run: sleep 10 + + # Trigger the Locust load test by sending a POST request to the Locust master API. + - name: Run Locust load test + working-directory: ./locust + run: | + curl -X POST -H 'content-type: application/x-www-form-urlencoded' \ + --data-raw 'user_count=1&spawn_rate=1&host=https%3A%2F%2Flocalhost%3A4433&run_time=30s' \ + http://localhost:8189/swarm + + # Allow the test to complete by waiting longer than the specified run-time. + - name: Wait for test to finish + run: sleep 70 + + # Fetch the Locust test results in CSV format using the /stats/requests API. + - name: Download and Check JSON report + working-directory: ./locust + run: | + curl 'http://localhost:8189/stats/requests/csv' -o results.out && + cat results.out | grep kyber768 + + # Save the JSON report as an artifact so it can be downloaded after the workflow completes. + - name: Upload JSON report + uses: actions/upload-artifact@v4 + with: + name: locust-report + path: locust/results.out From 06c766275cda22ce347c5d4f50e937a980b68c55 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Tue, 26 Nov 2024 21:36:02 -0600 Subject: [PATCH 24/32] fix CI failure Signed-off-by: Alex Bozarth --- .github/workflows/locust.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/locust.yml b/.github/workflows/locust.yml index 9d155a4..6fb2bdd 100644 --- a/.github/workflows/locust.yml +++ b/.github/workflows/locust.yml @@ -94,12 +94,6 @@ jobs: - name: Download and Check JSON report working-directory: ./locust run: | - curl 'http://localhost:8189/stats/requests/csv' -o results.out && - cat results.out | grep kyber768 - - # Save the JSON report as an artifact so it can be downloaded after the workflow completes. - - name: Upload JSON report - uses: actions/upload-artifact@v4 - with: - name: locust-report - path: locust/results.out + curl 'http://localhost:8189/stats/requests/csv' -o results.out && + cat results.out && + grep kyber768 results.out From 2e90ae1d493127910a4811da88e4818f4bc7091e Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Thu, 5 Dec 2024 11:03:48 -0600 Subject: [PATCH 25/32] remove old CI Signed-off-by: Alex Bozarth --- .circleci/config.yml | 680 ------------------------------------ .github/workflows/linux.yml | 111 ------ 2 files changed, 791 deletions(-) delete mode 100644 .circleci/config.yml delete mode 100644 .github/workflows/linux.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 550cb1e..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,680 +0,0 @@ -version: 2.1 - -parameters: - new_openssl_commit: - type: boolean - default: false - -# CircleCI doesn't handle large file sets properly for local builds -# https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051 -localCheckout: - &localCheckout - run: |- - git config --global --add safe.directory /tmp/_circleci_local_build_repo - PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd) - mkdir -p ${PROJECT_PATH} - cd /tmp/_circleci_local_build_repo - git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH} - cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH} - -jobs: - ubuntu_x64_provider: - description: Building and pushing oqsprovider demo Docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build Provider - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-ossl3-img . && - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main -t oqs-ossl3-img-main . - working_directory: openssl3 - - run: - name: Spot-test Provider -- One baseline and one hybrid QSC alg - command: | - docker run --rm --name oqs-ossl3 oqs-ossl3-img sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && - docker run --rm --name oqs-ossl3 oqs-ossl3-img sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" - - run: - name: Spot-test Provider -- One baseline and one hybrid QSC alg (main/master) - command: | - docker run --rm --name oqs-ossl3-main oqs-ossl3-img-main sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && - docker run --rm --name oqs-ossl3-main oqs-ossl3-img-main sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push oqsprovider image - command: | - docker tag oqs-ossl3-img $TARGETNAME/oqs-ossl3:latest && - docker push $TARGETNAME/oqs-ossl3:latest - # The resource_class feature allows configuring CPU and RAM resources for each job. Different resource classes are available for different executors. https://circleci.com/docs/2.0/configuration-reference/#resourceclass - resource_class: large - - ubuntu_x64_nginx: - description: Building and pushing OQS-nginx and OQS-curl generic demo Docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build OQS nginx - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-nginx-img . && - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main -t oqs-nginx-img-main . - working_directory: nginx - - run: - name: Build curl with generic liboqs - command: | - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" -t oqs-curl-generic . && - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main -t oqs-curl-generic-main . - working_directory: curl - - run: - name: Test Curl with generic liboqs - command: | - docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 -it oqs-curl-generic perftest.sh - - run: - name: Test Curl with generic liboqs (main/master) - command: | - docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 -it oqs-curl-generic-main perftest.sh - - run: - name: Test nginx and curl generic - command: | - docker network create nginx-test && - docker run --network nginx-test --detach --rm --name oqs-nginx oqs-nginx-img && - sleep 2 && - docker run --network nginx-test oqs-curl-generic curl -k https://oqs-nginx:4433 - - run: - name: Test nginx and curl generic (main/master) - command: | - docker network create nginx-test-main && - docker run --network nginx-test-main --detach --rm --name oqs-nginx-main oqs-nginx-img-main && - sleep 2 && - docker run --network nginx-test-main oqs-curl-generic-main curl -k https://oqs-nginx-main:4433 - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push nginx and curl generic image - command: | - docker tag oqs-curl-generic $TARGETNAME/curl:latest && - docker push $TARGETNAME/curl:latest && - docker tag oqs-nginx-img $TARGETNAME/nginx:latest && - docker push $TARGETNAME/nginx:latest - -# Not actively maintained: - ubuntu_x64_openlitespeed: - description: Building and pushing OQS-openlitespeed demo Docker images - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build openlitespeed with liboqs - command: | - docker build -f Dockerfile-server -t oqs-openlitespeed . - working_directory: openlitespeed - - run: - name: Test oqs-openlitespeed using public oqs-msquic - command: | - docker network create oqsls-test && - docker run --network oqsls-test --detach --rm --name lsws oqs-openlitespeed bash -c "/root/serverstart.sh && /usr/local/lsws/bin/lswsctrl start && sleep 100" && - sleep 20 && - docker run --rm --network oqsls-test -it openquantumsafe/msquic-reach bash -c "wget http://lsws/CA.crt && SSL_CERT_FILE=CA.crt TLS_DEFAULT_GROUPS=p521_kyber1024 quicreach lsws --port 443 --stats" - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push openlitespeed image - command: | - docker tag oqs-openlitespeed $TARGETNAME/openlitespeed:latest && - docker push $TARGETNAME/openlitespeed:latest - -# Not actively maintained: - ubuntu_x64_quic: - description: Building and pushing OQS-QUIC-nginx and OQS-msquic demo Docker images - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build OQS QUIC nginx - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -f Dockerfile-server -t oqs-quic-nginx-img . - working_directory: quic - - run: - name: Build msquic with liboqs - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -f Dockerfile-client -t oqs-msquic . - working_directory: quic - - run: - name: Test oqs-msquic against baseline QUIC test server - command: | - docker run -it oqs-msquic bash -c "quicreach quic.nginx.org" - - run: - name: Test oqs-nginx-quic and oqs-msquic - command: | - docker network create quic-test && - docker run --network quic-test --detach --rm --name nginx oqs-quic-nginx-img && - sleep 100 && - docker run --network quic-test -it oqs-msquic bash -c "cd /root && wget nginx:5999/CA.crt && TLS_DEFAULT_GROUPS=frodo640aes SSL_CERT_FILE=/root/CA.crt quicreach nginx --port 6001" - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push nginx-quic and msquic images - command: | - docker tag oqs-msquic $TARGETNAME/msquic-reach:latest && - docker push $TARGETNAME/msquic-reach:latest && - docker tag oqs-quic-nginx-img $TARGETNAME/nginx-quic:latest && - docker push $TARGETNAME/nginx-quic:latest - - ubuntu_x64_httpd: - description: Building and pushing OQS-httpd and OQS-curl dev demo Docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build Apache httpd - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-httpd-img . && - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main -t oqs-httpd-img-main . - working_directory: httpd - - run: - name: Build Curl (dev) - command: | - # The CircleCI executor offers 35 cores, but using - # all of them might exhaust memory - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-curl . && - docker build --build-arg MAKE_DEFINES="-j 18" --target dev -t oqs-curl-dev . && - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main -t oqs-curl-main . - working_directory: curl - - run: - name: Test Curl (dev) - command: | - docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 -it oqs-curl perftest.sh - - run: - name: Test Curl (dev) (main/master) - command: | - docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 -it oqs-curl-main perftest.sh - - run: - name: Test httpd using curl (dev) - command: | - docker network create httpd-test && - docker run --network httpd-test --detach --rm --name oqs-httpd oqs-httpd-img && - sleep 2 && - docker run --network httpd-test oqs-curl curl -k https://oqs-httpd:4433 --curves kyber768 - - run: - name: Test httpd using curl (dev) (main/master) - command: | - docker network create httpd-test-main && - docker run --network httpd-test-main --detach --rm --name oqs-httpd2 oqs-httpd-img-main && - sleep 2 && - docker run --network httpd-test-main oqs-curl-main curl -k https://oqs-httpd2:4433 --curves kyber768 - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push httpd and curl dev images - command: | - docker tag oqs-curl $TARGETNAME/curl:optimized && - docker push $TARGETNAME/curl:optimized && - docker tag oqs-curl-dev $TARGETNAME/curl-dev && - docker push $TARGETNAME/curl-dev && - docker tag oqs-httpd-img $TARGETNAME/httpd:latest && - docker push $TARGETNAME/httpd:latest - -# Not actively maintained: - ubuntu_x64_haproxy: - description: Building OQS-based HAproxy docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build HAproxy - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-haproxy-img . - working_directory: haproxy - - run: - name: Test HAproxy using public OQS curl - command: | - docker network create haproxy-test && - docker run --network haproxy-test --detach --rm --name oqs-haproxy oqs-haproxy-img && - sleep 4 && - docker run --network haproxy-test openquantumsafe/curl curl -k https://oqs-haproxy:4433 - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push OQS HAproxy image - command: | - docker tag oqs-haproxy-img $TARGETNAME/haproxy:latest && - docker push $TARGETNAME/haproxy:latest - - ubuntu_x64_openvpn: - description: Building OQS-based OpenVPN docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker: - version: 20.10.2 - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build OpenVPN (main/master) - command: | - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main --build-arg OPENVPN_TAG=master -t oqs-openvpn . - working_directory: openvpn - - run: - name: Test OpenVPN using local docker network (main/master) - command: | - ./test.sh dilithium5 p521_kyber1024 - working_directory: openvpn - - run: - name: Build OpenVPN - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-openvpn . - working_directory: openvpn - - run: - name: Test OpenVPN using local docker network - command: | - ./test.sh dilithium5 p521_kyber1024 - working_directory: openvpn - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push OQS OpenVPN image - command: | - docker tag oqs-openvpn $TARGETNAME/openvpn:latest && - docker push $TARGETNAME/openvpn:latest - -# Not actively maintained: - ubuntu_x64_mosquitto: - description: Building OQS-based Mosquitto docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build Mosquitto - command: | - docker build -t oqs-mosquitto . - working_directory: mosquitto - - run: - name: Test Mosquitto using local docker network - command: | - docker network create --subnet=192.168.0.0/16 mosquitto-test && - docker run --network mosquitto-test --ip 192.168.0.2 -it --rm --name oqs-mosquitto-broker -e "BROKER_IP=192.168.0.2" -e "EXAMPLE=broker-start.sh" -d oqs-mosquitto && - docker run --network mosquitto-test --ip 192.168.0.3 -it --rm --name oqs-mosquitto-subscriber -e "BROKER_IP=192.168.0.2" -e "SUB_IP=192.168.0.3" -e "EXAMPLE=subscriber-start.sh" -d oqs-mosquitto && - docker run --network mosquitto-test --ip 192.168.0.4 -it --rm --name oqs-mosquitto-publisher -e "BROKER_IP=192.168.0.2" -e "PUB_IP=192.168.0.4" -e "EXAMPLE=publisher-start.sh" -d oqs-mosquitto && - sleep 2 && - docker logs oqs-mosquitto-publisher | grep "Client_pub sending PUBLISH" && - docker logs oqs-mosquitto-subscriber | grep "Hello world" - working_directory: mosquitto - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push OQS Mosquitto image - command: | - docker tag oqs-mosquitto $TARGETNAME/mosquitto:latest && - docker push $TARGETNAME/mosquitto:latest - -# Not actively maintained: - ubuntu_x64_wireshark: - description: Building OQS-based wireshark docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build wireshark image - command: | - docker build -t $TARGETNAME/wireshark . - working_directory: wireshark - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push wireshark image - command: | - docker push $TARGETNAME/wireshark - - ubuntu_x64_ngtcp2: - description: Building OQS-based ngtcp2 docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build ngtcp2 server and client - command: | - docker build -t oqs-ngtcp2-server -f Dockerfile-server . && - docker build -t oqs-ngtcp2-client -f Dockerfile-client . - working_directory: ngtcp2 - - run: - name: Build ngtcp2 server and client (main/master) - command: | - docker build --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main --build-arg NGHTTP3_TAG=main --build-arg NGTCP2_TAG=main -t oqs-ngtcp2-server-main -f Dockerfile-server . && - docker build --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main --build-arg NGHTTP3_TAG=main --build-arg NGTCP2_TAG=main -t oqs-ngtcp2-client-main -f Dockerfile-client . - working_directory: ngtcp2 - - run: - name: Test ngtcp2 using local docker network - command: | - docker network create ngtcp2-test - docker run --network ngtcp2-test --name oqs-ngtcp2server oqs-ngtcp2-server & - docker run --network ngtcp2-test -it --name oqs-ngtcp2client oqs-ngtcp2-client sh -c 'qtlsclient --exit-on-first-stream-close --groups kyber512 oqs-ngtcp2server 6000' - docker logs oqs-ngtcp2client | grep "QUIC handshake has been confirmed" - docker rm oqs-ngtcp2client - docker stop oqs-ngtcp2server - docker rm oqs-ngtcp2server - docker network rm ngtcp2-test - working_directory: ngtcp2 - - run: - name: Test ngtcp2 using local docker network (main/master) - command: | - docker network create ngtcp2-test-main - docker run --network ngtcp2-test-main --name oqs-ngtcp2server-main oqs-ngtcp2-server-main & - docker run --network ngtcp2-test-main -it --name oqs-ngtcp2client-main oqs-ngtcp2-client-main sh -c 'qtlsclient --exit-on-first-stream-close --groups kyber512 oqs-ngtcp2server-main 6000' - docker logs oqs-ngtcp2client | grep "QUIC handshake has been confirmed" - docker rm oqs-ngtcp2client-main - docker stop oqs-ngtcp2server-main - docker rm oqs-ngtcp2server-main - docker network rm ngtcp2-test-main - working_directory: ngtcp2 - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push OQS ngtcp2 image - command: | - docker tag oqs-ngtcp2-server $TARGETNAME/ngtcp2-server:latest && - docker tag oqs-ngtcp2-client $TARGETNAME/ngtcp2-client:latest && - docker push $TARGETNAME/ngtcp2-server:latest && - docker push $TARGETNAME/ngtcp2-client:latest - - ubuntu_x64_openssh: - description: A template for building and pushing OQS demo Docker images on - Ubuntu that do not use OQS-OpenSSL, but rather liboqs in another form - (e.g. OQS-OpenSSH) - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Test OpenSSH - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-openssh-img . && - docker run --rm --name oqs-openssh oqs-openssh-img connect-test.sh - working_directory: openssh - - run: - name: Test OpenSSH (main/master) - command: | - docker build --build-arg LIBOQS_RELEASE=main --build-arg MAKE_DEFINES="-j 18" -t oqs-openssh-img-main . && - docker run --rm --name oqs-openssh-main oqs-openssh-img-main connect-test.sh - working_directory: openssh - - when: - condition: - equal: [ main, << pipeline.git.branch >> ] - steps: - - run: - name: Push openssh image - command: | - docker tag oqs-openssh-img $TARGETNAME/openssh:latest && - docker push $TARGETNAME/openssh:latest - -# Not actively maintained: - ubuntu_x64_envoy: - description: Building and pushing OQS-enabled envoy - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Install curl and Docker Compose - environment: - COMPOSE_VERSION: '1.29.2' - command: | - apt-get update && apt-get install curl - curl -L "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o ~/docker-compose - chmod +x ~/docker-compose - mv ~/docker-compose /usr/local/bin/docker-compose - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build OQS envoy - no_output_timeout: "1h" - command: | - docker build -t envoy-oqs . - working_directory: envoy - - run: - name: Test OQS envoy TLS servers using built OQS envoy - command: | - docker create -v /data --name certsvolume openquantumsafe/ci-ubuntu-focal-x86_64:latest && - docker cp $(pwd)/certs/gen_cert.sh certsvolume:/data && - docker run -it --user root --volumes-from certsvolume -w /data --name keygen openquantumsafe/curl sh -c "/data/gen_cert.sh" && - docker cp keygen:/data/. $(pwd)/certs && - docker-compose pull && - docker-compose up --build -d && - docker-compose ps && - sleep 10 && - docker run --network host -it openquantumsafe/curl curl -v -k https://localhost:10000 -e SIG_ALG=dilithium3 - working_directory: envoy/tls - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push envoy image - command: | - docker tag envoy-oqs $TARGETNAME/envoy:latest && - docker push $TARGETNAME/envoy:latest - - ubuntu_x64_h2load: - description: Building and pushing OQS-h2load demo Docker images - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build h2load with liboqs - command: | - docker build -t oqs-h2load . - working_directory: h2load - - run: - name: Build h2load with liboqs (main/master) - command: | - docker build --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main --build-arg NGHTTP2_TAG=master -t oqs-h2load-main . - working_directory: h2load - - run: - name: Test oqs-h2load using public oqs-nginx - command: | - docker network create h2load-test && - docker run --network h2load-test --detach --rm --name oqs-nginx openquantumsafe/nginx && - docker run --network h2load-test oqs-h2load sh -c "h2load -n 100 -c 10 https://oqs-nginx:4433 --groups kyber512" - - run: - name: Test oqs-h2load using public oqs-nginx (main/master) - command: | - docker network create h2load-test-main && - docker run --network h2load-test-main --detach --rm --name oqs-nginx-main openquantumsafe/nginx && - docker run --network h2load-test-main oqs-h2load-main sh -c "h2load -n 100 -c 10 https://oqs-nginx-main:4433 --groups kyber512" - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push h2load image - command: | - docker tag oqs-h2load $TARGETNAME/h2load:latest && - docker push $TARGETNAME/h2load:latest - -workflows: - version: 2.1 - build: - jobs: - - ubuntu_x64_provider: - context: openquantumsafe - - ubuntu_x64_nginx: - context: openquantumsafe - #- ubuntu_x64_quic: - # context: openquantumsafe - - ubuntu_x64_httpd: - context: openquantumsafe - #- ubuntu_x64_haproxy: - # context: openquantumsafe - # - ubuntu_x64_openvpn: - # context: openquantumsafe - #- ubuntu_x64_mosquitto: - # context: openquantumsafe - # - ubuntu_x64_ngtcp2: - # context: openquantumsafe - - ubuntu_x64_openssh: - context: openquantumsafe - # Disabled in CI as failing to conclude test properly as per - # https://github.com/open-quantum-safe/oqs-demos/pull/167#issuecomment-1383673300 - # - ubuntu_x64_openlitespeed: - # context: openquantumsafe - #- ubuntu_x64_wireshark: - # context: openquantumsafe - # Disable as it takes too long on OQS CCI plan - #- ubuntu_x64_envoy: - # context: openquantumsafe - # - ubuntu_x64_h2load: - # context: openquantumsafe diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml deleted file mode 100644 index 9453c8c..0000000 --- a/.github/workflows/linux.yml +++ /dev/null @@ -1,111 +0,0 @@ -name: Docker images - -on: - push: - branches: [ '*' ] - repository_dispatch: - types: [ '*' ] - -env: - REGISTRY_IMAGE: openquantumsafe/openssl3 - -jobs: - build: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - platform: - - linux/amd64 -# - linux/arm/v6 -# - linux/arm/v7 - - linux/arm64 - steps: - - - name: Checkout - uses: actions/checkout@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY_IMAGE }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push OpenSSL3+oqs-provider by digest - id: build - uses: docker/build-push-action@v4 - with: - context: openssl3 - platforms: ${{ matrix.platform }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Export digest - run: | - mkdir -p /tmp/digests - digest="${{ steps.build.outputs.digest }}" - touch "/tmp/digests/${digest#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v3 - with: - name: digests - path: /tmp/digests/* - if-no-files-found: error - retention-days: 1 - - merge: - runs-on: ubuntu-latest - needs: - - build - if: github.ref == 'refs/heads/main' - steps: - - - name: Download digests - uses: actions/download-artifact@v3 - with: - name: digests - path: /tmp/digests - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY_IMAGE }} - tags: | - type=sha,enable=true,prefix=commit- - type=raw,value=latest,enable=true - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Create manifest list and push - working-directory: /tmp/digests - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) - - - name: Inspect image - run: | - docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} - From 822e30f18c57086c8c23b6fa2e87877fe371c866 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Thu, 5 Dec 2024 11:39:05 -0600 Subject: [PATCH 26/32] Add push to rest of the workflows Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 44 ++++++++++++++++------- .github/workflows/curl.yml | 64 +++++++++++++++++++++++++++++++-- .github/workflows/h2load.yml | 31 ++++++++++++++-- .github/workflows/haproxy.yml | 32 +++++++++++++++-- .github/workflows/httpd.yml | 32 +++++++++++++++-- .github/workflows/locust.yml | 30 +++++++++++++++- .github/workflows/mosquitto.yml | 29 ++++++++++++++- .github/workflows/nginx.yml | 32 +++++++++++++++-- .github/workflows/ngtcp2.yml | 48 +++++++++++++++++++++++-- .github/workflows/openssh.yml | 30 +++++++++++++++- .github/workflows/openssl3.yml | 2 +- .github/workflows/openvpn.yml | 30 +++++++++++++++- .github/workflows/wireshark.yml | 29 ++++++++++++++- 13 files changed, 402 insertions(+), 31 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5f6cb77..ac8139d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,6 +8,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -15,64 +19,80 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string jobs: curl: uses: ./.github/workflows/curl.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} h2load: uses: ./.github/workflows/h2load.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} haproxy: uses: ./.github/workflows/haproxy.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} httpd: uses: ./.github/workflows/httpd.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} locust: uses: ./.github/workflows/locust.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} mosquitto: uses: ./.github/workflows/mosquitto.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} nginx: uses: ./.github/workflows/nginx.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} ngtcp2: uses: ./.github/workflows/ngtcp2.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} openssh: uses: ./.github/workflows/openssh.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} openssl3: uses: ./.github/workflows/openssl3.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} openvpn: uses: ./.github/workflows/openvpn.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} wireshark: uses: ./.github/workflows/wireshark.yml with: - build_main: ${{ github.event.inputs.build_main == 'true' }} + build_main: ${{ inputs.build_main == 'true' }} + release_tag: ${{ inputs.release_tag }} diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index e55e79f..2d99a0f 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -54,7 +68,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-curl - name: Build the Docker image (dev) @@ -65,7 +79,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} target: dev tags: oqs-curl-dev @@ -78,10 +92,54 @@ jobs: build-args: | MAKE_DEFINES=-j4 LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-curl-generic - name: Test curl and curl generic run: | docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl perftest.sh && docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl-generic perftest.sh + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: curl + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/curl:optimized + openquantumsafe/curl:optimized + + - name: Push Docker image to registries (dev) + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: curl + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + target: dev + tags: | + ghcr.io/${{ github.repository_owner }}/curl-dev + openquantumsafe/curl-dev + + - name: Push Docker image to registries (with generic liboqs) + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: curl + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/curl:${{ inputs.release_tag || 'latest' }} + openquantumsafe/curl:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/h2load.yml b/.github/workflows/h2load.yml index b7fcfa4..0bbff2a 100644 --- a/.github/workflows/h2load.yml +++ b/.github/workflows/h2load.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -53,7 +67,7 @@ jobs: context: h2load platforms: ${{ matrix.platform }} build-args: | - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-h2load - name: Build the nginx Docker image @@ -64,7 +78,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-nginx - name: Test h2load using nginx @@ -72,3 +86,16 @@ jobs: docker network create h2load-test && docker run --network h2load-test --detach --rm --name oqs-nginx oqs-nginx && docker run --network h2load-test oqs-h2load sh -c "h2load -n 100 -c 10 https://oqs-nginx:4433 --groups kyber512" + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: h2load + platforms: ${{ matrix.platform }} + build-args: | + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/h2load:${{ inputs.release_tag || 'latest' }} + openquantumsafe/h2load:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml index e327c1d..0683909 100644 --- a/.github/workflows/haproxy.yml +++ b/.github/workflows/haproxy.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -54,7 +68,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-haproxy - name: Build the curl Docker image @@ -65,7 +79,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-curl - name: Test haproxy using curl @@ -74,3 +88,17 @@ jobs: docker run --network haproxy-test --detach --rm --name oqs-haproxy oqs-haproxy && sleep 4 && docker run --network haproxy-test oqs-curl curl -k https://oqs-haproxy:4433 + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: haproxy + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/haproxy:${{ inputs.release_tag || 'latest' }} + openquantumsafe/haproxy:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml index d86127b..aa86a9d 100644 --- a/.github/workflows/httpd.yml +++ b/.github/workflows/httpd.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -54,7 +68,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-httpd - name: Build the curl Docker image @@ -65,7 +79,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-curl - name: Test httpd using curl @@ -74,3 +88,17 @@ jobs: docker run --network httpd-test --detach --rm --name oqs-httpd oqs-httpd && sleep 2 && docker run --network httpd-test oqs-curl curl -k https://oqs-httpd:4433 --curves kyber768 + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: httpd + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/httpd:${{ inputs.release_tag || 'latest' }} + openquantumsafe/httpd:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/locust.yml b/.github/workflows/locust.yml index 6fb2bdd..f8af052 100644 --- a/.github/workflows/locust.yml +++ b/.github/workflows/locust.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -54,7 +68,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | oqs-locust oqs-locust:0.0.1 @@ -97,3 +111,17 @@ jobs: curl 'http://localhost:8189/stats/requests/csv' -o results.out && cat results.out && grep kyber768 results.out + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: locust + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/locust:${{ inputs.release_tag || 'latest' }} + openquantumsafe/locust:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index 5d9d514..03a046f 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -53,7 +67,7 @@ jobs: context: mosquitto platforms: ${{ matrix.platform }} build-args: | - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-mosquitto - name: Test mosquitto using local docker network @@ -65,3 +79,16 @@ jobs: sleep 2 && docker logs oqs-mosquitto-publisher | grep "Client_pub sending PUBLISH" && docker logs oqs-mosquitto-subscriber | grep "Hello world" + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: mosquitto + platforms: ${{ matrix.platform }} + build-args: | + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/mosquitto:${{ inputs.release_tag || 'latest' }} + openquantumsafe/mosquitto:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 70660dd..b325f29 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -54,7 +68,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-nginx - name: Build the curl Docker image (with generic liboqs) @@ -66,7 +80,7 @@ jobs: build-args: | MAKE_DEFINES=-j4 LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-curl-generic - name: Test nginx with curl generic @@ -75,3 +89,17 @@ jobs: docker run --network nginx-test --detach --rm --name oqs-nginx oqs-nginx && sleep 2 && docker run --network nginx-test oqs-curl-generic curl -k https://oqs-nginx:4433 + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: nginx + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/nginx:${{ inputs.release_tag || 'latest' }} + openquantumsafe/nginx:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/ngtcp2.yml b/.github/workflows/ngtcp2.yml index c27388f..1523ad9 100644 --- a/.github/workflows/ngtcp2.yml +++ b/.github/workflows/ngtcp2.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -55,7 +69,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-ngtcp2-server - name: Build the client Docker image @@ -67,7 +81,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-ngtcp2-client - name: Test ngtcp2 using local docker network @@ -76,3 +90,33 @@ jobs: docker run --network ngtcp2-test --detach --name oqs-ngtcp2server oqs-ngtcp2-server && docker run --network ngtcp2-test --name oqs-ngtcp2client oqs-ngtcp2-client sh -c 'qtlsclient --exit-on-first-stream-close --groups kyber512 oqs-ngtcp2server 6000' && docker logs oqs-ngtcp2client 2>&1 | grep "QUIC handshake has been confirmed" + + - name: Push server Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: ngtcp2 + file: ngtcp2/Dockerfile-server + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/ngtcp2-server:${{ inputs.release_tag || 'latest' }} + openquantumsafe/ngtcp2-server:${{ inputs.release_tag || 'latest' }} + + - name: Push client Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: ngtcp2 + file: ngtcp2/Dockerfile-client + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/ngtcp2-client:${{ inputs.release_tag || 'latest' }} + openquantumsafe/ngtcp2-client:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 1e58145..206c81d 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -54,9 +68,23 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-openssh - name: Test openssh run: | docker run --rm --name oqs-openssh oqs-openssh connect-test.sh + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: openssh + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/openssh:${{ inputs.release_tag || 'latest' }} + openquantumsafe/openssh:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index ff6c6b1..91986d0 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -87,5 +87,5 @@ jobs: MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | + ghcr.io/${{ github.repository_owner }}/openssl3:${{ inputs.release_tag || 'latest' }} openquantumsafe/openssl3:${{ inputs.release_tag || 'latest' }} - ghcr.io/open-quantum-safe/openssl3:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 6a9efc8..5941072 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -54,10 +68,24 @@ jobs: platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-openvpn - name: Test openvpn working-directory: ./openvpn run: | sh ./test.sh dilithium5 p521_kyber1024 + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: openvpn + platforms: ${{ matrix.platform }} + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/openvpn:${{ inputs.release_tag || 'latest' }} + openquantumsafe/openvpn:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/wireshark.yml b/.github/workflows/wireshark.yml index 86da7ad..8b1724a 100644 --- a/.github/workflows/wireshark.yml +++ b/.github/workflows/wireshark.yml @@ -14,6 +14,10 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string workflow_dispatch: inputs: build_main: @@ -21,11 +25,16 @@ on: required: false default: false type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: build: @@ -40,6 +49,11 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 with: registry: ghcr.io @@ -53,5 +67,18 @@ jobs: context: wireshark platforms: ${{ matrix.platform }} build-args: | - ${{ (github.event.inputs.build_main == 'true') && env.build-args || null }} + ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-wireshark + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: wireshark + platforms: ${{ matrix.platform }} + build-args: | + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/wireshark:${{ inputs.release_tag || 'latest' }} + openquantumsafe/wireshark:${{ inputs.release_tag || 'latest' }} From cfa3cfc281bd77cbb51465861ea12d8f7df1c5c0 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 9 Dec 2024 11:49:55 -0600 Subject: [PATCH 27/32] Switch from qemu to runners Signed-off-by: Alex Bozarth --- .github/workflows/openssl3.yml | 28 +++++++++++++------- .github/workflows/push-manifest.yml | 41 +++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/push-manifest.yml diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 91986d0..5fa4d1b 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: arm64 + runner: oqs-arm64 + - arch: x86_64 + runner: ubuntu-latest + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: openssl3 - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -82,10 +81,19 @@ jobs: with: push: true context: openssl3 - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/openssl3:${{ inputs.release_tag || 'latest' }} - openquantumsafe/openssl3:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/openssl3:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/openssl3:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + if: env.push == 'true' + with: + image_name: openssl3 + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/push-manifest.yml b/.github/workflows/push-manifest.yml new file mode 100644 index 0000000..a1a12d5 --- /dev/null +++ b/.github/workflows/push-manifest.yml @@ -0,0 +1,41 @@ +name: push-manifest + +on: + workflow_call: + inputs: + image_name: + description: "Which docker image to push to" + required: true + type: string + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +jobs: + push: + runs-on: ubuntu-latest + steps: + - uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push multiarch image to ghcr.io + run: | + docker manifest create ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }} \ + --amend ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }}-x86_64 \ + --amend ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }}-arm64 && + docker manifest push ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }} + + - name: Push multiarch image to DockerHub + run: | + docker manifest create openquantumsafe/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }} \ + --amend openquantumsafe/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }}-x86_64 \ + --amend openquantumsafe/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }}-arm64 && + docker manifest push openquantumsafe/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }} From ecc80eb2c5df57a1ea1d13fe2eb27911ae57a881 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Mon, 9 Dec 2024 12:39:39 -0600 Subject: [PATCH 28/32] Update all workflows to use runner Signed-off-by: Alex Bozarth --- .github/workflows/curl.yml | 48 ++++++++++++++++++++------------- .github/workflows/h2load.yml | 29 ++++++++++++-------- .github/workflows/haproxy.yml | 29 ++++++++++++-------- .github/workflows/httpd.yml | 29 ++++++++++++-------- .github/workflows/locust.yml | 28 ++++++++++++------- .github/workflows/mosquitto.yml | 28 ++++++++++++------- .github/workflows/nginx.yml | 29 ++++++++++++-------- .github/workflows/ngtcp2.yml | 38 ++++++++++++++++---------- .github/workflows/openssh.yml | 28 ++++++++++++------- .github/workflows/openssl3.yml | 6 ++--- .github/workflows/openvpn.yml | 28 ++++++++++++------- .github/workflows/wireshark.yml | 28 ++++++++++++------- 12 files changed, 219 insertions(+), 129 deletions(-) diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 2d99a0f..de62ea3 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: curl - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -76,7 +75,6 @@ jobs: with: load: true context: curl - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -88,7 +86,6 @@ jobs: with: load: true context: curl - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" @@ -106,13 +103,12 @@ jobs: with: push: true context: curl - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/curl:optimized - openquantumsafe/curl:optimized + ghcr.io/${{ github.repository_owner }}/curl:optimized-${{ matrix.arch }} + openquantumsafe/curl:optimized-${{ matrix.arch }} - name: Push Docker image to registries (dev) if: env.push == 'true' @@ -120,14 +116,13 @@ jobs: with: push: true context: curl - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} target: dev tags: | - ghcr.io/${{ github.repository_owner }}/curl-dev - openquantumsafe/curl-dev + ghcr.io/${{ github.repository_owner }}/curl-dev:latest-${{ matrix.arch }} + openquantumsafe/curl-dev:latest-${{ matrix.arch }} - name: Push Docker image to registries (with generic liboqs) if: env.push == 'true' @@ -135,11 +130,28 @@ jobs: with: push: true context: curl - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/curl:${{ inputs.release_tag || 'latest' }} - openquantumsafe/curl:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/curl:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/curl:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: curl + release_tag: optimized + - uses: ./.github/workflows/manifest + with: + image_name: curl-dev + release_tag: latest + - uses: ./.github/workflows/manifest + with: + image_name: curl + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/h2load.yml b/.github/workflows/h2load.yml index 0bbff2a..5228a1d 100644 --- a/.github/workflows/h2load.yml +++ b/.github/workflows/h2load.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: h2load - platforms: ${{ matrix.platform }} build-args: | ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-h2load @@ -75,7 +74,6 @@ jobs: with: load: true context: nginx - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -93,9 +91,18 @@ jobs: with: push: true context: h2load - platforms: ${{ matrix.platform }} build-args: | ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/h2load:${{ inputs.release_tag || 'latest' }} - openquantumsafe/h2load:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/h2load:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/h2load:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: h2load + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml index 0683909..f3f25aa 100644 --- a/.github/workflows/haproxy.yml +++ b/.github/workflows/haproxy.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: haproxy - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -76,7 +75,6 @@ jobs: with: load: true context: curl - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -95,10 +93,19 @@ jobs: with: push: true context: haproxy - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/haproxy:${{ inputs.release_tag || 'latest' }} - openquantumsafe/haproxy:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/haproxy:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/haproxy:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: haproxy + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml index aa86a9d..5a2be7a 100644 --- a/.github/workflows/httpd.yml +++ b/.github/workflows/httpd.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: httpd - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -76,7 +75,6 @@ jobs: with: load: true context: curl - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -95,10 +93,19 @@ jobs: with: push: true context: httpd - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/httpd:${{ inputs.release_tag || 'latest' }} - openquantumsafe/httpd:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/httpd:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/httpd:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: httpd + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/locust.yml b/.github/workflows/locust.yml index f8af052..970a4b0 100644 --- a/.github/workflows/locust.yml +++ b/.github/workflows/locust.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: locust - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -118,10 +117,19 @@ jobs: with: push: true context: locust - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/locust:${{ inputs.release_tag || 'latest' }} - openquantumsafe/locust:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/locust:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/locust:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: locust + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index 03a046f..caa3a48 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: mosquitto - platforms: ${{ matrix.platform }} build-args: | ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-mosquitto @@ -86,9 +85,18 @@ jobs: with: push: true context: mosquitto - platforms: ${{ matrix.platform }} build-args: | ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/mosquitto:${{ inputs.release_tag || 'latest' }} - openquantumsafe/mosquitto:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/mosquitto:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/mosquitto:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: mosquitto + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index b325f29..16b0b75 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: nginx - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -76,7 +75,6 @@ jobs: with: load: true context: curl - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" @@ -96,10 +94,19 @@ jobs: with: push: true context: nginx - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/nginx:${{ inputs.release_tag || 'latest' }} - openquantumsafe/nginx:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/nginx:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/nginx:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: nginx + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/ngtcp2.yml b/.github/workflows/ngtcp2.yml index 1523ad9..3da18a8 100644 --- a/.github/workflows/ngtcp2.yml +++ b/.github/workflows/ngtcp2.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -66,7 +66,6 @@ jobs: load: true context: ngtcp2 file: ngtcp2/Dockerfile-server - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -78,7 +77,6 @@ jobs: load: true context: ngtcp2 file: ngtcp2/Dockerfile-client - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -98,13 +96,12 @@ jobs: push: true context: ngtcp2 file: ngtcp2/Dockerfile-server - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/ngtcp2-server:${{ inputs.release_tag || 'latest' }} - openquantumsafe/ngtcp2-server:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/ngtcp2-server:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/ngtcp2-server:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} - name: Push client Docker image to registries if: env.push == 'true' @@ -113,10 +110,23 @@ jobs: push: true context: ngtcp2 file: ngtcp2/Dockerfile-client - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/ngtcp2-client:${{ inputs.release_tag || 'latest' }} - openquantumsafe/ngtcp2-client:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/ngtcp2-client:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/ngtcp2-client:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: ngtcp2-server + release_tag: ${{ inputs.release_tag || 'latest' }} + - uses: ./.github/workflows/manifest + with: + image_name: ngtcp2-client + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 206c81d..152d457 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: openssh - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -81,10 +80,19 @@ jobs: with: push: true context: openssh - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/openssh:${{ inputs.release_tag || 'latest' }} - openquantumsafe/openssh:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/openssh:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/openssh:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: openssh + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 5fa4d1b..a1ea2c0 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -42,10 +42,10 @@ jobs: fail-fast: false matrix: include: - - arch: arm64 - runner: oqs-arm64 - arch: x86_64 runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 @@ -89,11 +89,11 @@ jobs: openquantumsafe/openssl3:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} needs: build runs-on: ubuntu-latest steps: - uses: ./.github/workflows/manifest - if: env.push == 'true' with: image_name: openssl3 release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 5941072..4b52e60 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: openvpn - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} @@ -82,10 +81,19 @@ jobs: with: push: true context: openvpn - platforms: ${{ matrix.platform }} build-args: | MAKE_DEFINES=-j4 ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/openvpn:${{ inputs.release_tag || 'latest' }} - openquantumsafe/openvpn:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/openvpn:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/openvpn:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: openvpn + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/wireshark.yml b/.github/workflows/wireshark.yml index 8b1724a..b8d2f49 100644 --- a/.github/workflows/wireshark.yml +++ b/.github/workflows/wireshark.yml @@ -38,17 +38,17 @@ env: jobs: build: - runs-on: ubuntu-latest strategy: fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 if: env.push == 'true' with: @@ -65,7 +65,6 @@ jobs: with: load: true context: wireshark - platforms: ${{ matrix.platform }} build-args: | ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: oqs-wireshark @@ -76,9 +75,18 @@ jobs: with: push: true context: wireshark - platforms: ${{ matrix.platform }} build-args: | ${{ (inputs.build_main == 'true') && env.build-args || null }} tags: | - ghcr.io/${{ github.repository_owner }}/wireshark:${{ inputs.release_tag || 'latest' }} - openquantumsafe/wireshark:${{ inputs.release_tag || 'latest' }} + ghcr.io/${{ github.repository_owner }}/wireshark:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/wireshark:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: wireshark + release_tag: ${{ inputs.release_tag || 'latest' }} From f12ff66fb78d00208aa4dac613be71beba2dc5ec Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Tue, 10 Dec 2024 09:31:14 -0600 Subject: [PATCH 29/32] dont push when using liboqs and oqsprovider main Signed-off-by: Alex Bozarth --- .github/workflows/curl.yml | 4 ++-- .github/workflows/h2load.yml | 4 ++-- .github/workflows/haproxy.yml | 4 ++-- .github/workflows/httpd.yml | 4 ++-- .github/workflows/locust.yml | 4 ++-- .github/workflows/mosquitto.yml | 4 ++-- .github/workflows/nginx.yml | 4 ++-- .github/workflows/ngtcp2.yml | 4 ++-- .github/workflows/openssh.yml | 4 ++-- .github/workflows/openssl3.yml | 4 ++-- .github/workflows/openvpn.yml | 4 ++-- .github/workflows/wireshark.yml | 4 ++-- 12 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index de62ea3..672ca26 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -139,7 +139,7 @@ jobs: openquantumsafe/curl:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/h2load.yml b/.github/workflows/h2load.yml index 5228a1d..ca697da 100644 --- a/.github/workflows/h2load.yml +++ b/.github/workflows/h2load.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -98,7 +98,7 @@ jobs: openquantumsafe/h2load:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml index f3f25aa..8d1bfd0 100644 --- a/.github/workflows/haproxy.yml +++ b/.github/workflows/haproxy.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -101,7 +101,7 @@ jobs: openquantumsafe/haproxy:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml index 5a2be7a..fb1c399 100644 --- a/.github/workflows/httpd.yml +++ b/.github/workflows/httpd.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -101,7 +101,7 @@ jobs: openquantumsafe/httpd:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/locust.yml b/.github/workflows/locust.yml index 970a4b0..cdacba4 100644 --- a/.github/workflows/locust.yml +++ b/.github/workflows/locust.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -125,7 +125,7 @@ jobs: openquantumsafe/locust:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index caa3a48..30b1d0a 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -92,7 +92,7 @@ jobs: openquantumsafe/mosquitto:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 16b0b75..407a99c 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -102,7 +102,7 @@ jobs: openquantumsafe/nginx:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/ngtcp2.yml b/.github/workflows/ngtcp2.yml index 3da18a8..c0d7292 100644 --- a/.github/workflows/ngtcp2.yml +++ b/.github/workflows/ngtcp2.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -118,7 +118,7 @@ jobs: openquantumsafe/ngtcp2-client:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 152d457..cfb23ad 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -88,7 +88,7 @@ jobs: openquantumsafe/openssh:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index a1ea2c0..d920629 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -89,7 +89,7 @@ jobs: openquantumsafe/openssl3:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 4b52e60..1ae765c 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -89,7 +89,7 @@ jobs: openquantumsafe/openvpn:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: diff --git a/.github/workflows/wireshark.yml b/.github/workflows/wireshark.yml index b8d2f49..2131fd7 100644 --- a/.github/workflows/wireshark.yml +++ b/.github/workflows/wireshark.yml @@ -34,7 +34,7 @@ env: build-args: | LIBOQS_TAG=main OQSPROVIDER_TAG=main - push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} jobs: build: @@ -82,7 +82,7 @@ jobs: openquantumsafe/wireshark:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} push: - if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build runs-on: ubuntu-latest steps: From 70b115ff93699441a1c319df523356e42a50996e Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Tue, 10 Dec 2024 13:05:17 -0600 Subject: [PATCH 30/32] Add docs Signed-off-by: Alex Bozarth --- .github/workflow-templates/template.yml | 100 ++++++++++++++++++++++++ CONTRIBUTING.md | 25 ++++++ README.md | 31 ++++---- 3 files changed, 141 insertions(+), 15 deletions(-) create mode 100644 .github/workflow-templates/template.yml create mode 100644 CONTRIBUTING.md diff --git a/.github/workflow-templates/template.yml b/.github/workflow-templates/template.yml new file mode 100644 index 0000000..2f9442c --- /dev/null +++ b/.github/workflow-templates/template.yml @@ -0,0 +1,100 @@ +# This is a template workflow for a new demo +# To get started replace all instances of with the name of your demo below and add the demo to the build.yml workflow +name: + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/.yml', '/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/.yml', '/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: + + - name: Test + run: | + echo "Add tests here" + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..e1eec28 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,25 @@ +# Contributing new quantum-safe application integrations + +All submissions must meet acceptance criteria given below. Demos may be removed if they no longer meet the acceptance criteria. + +## Documentation requirements + +- Purpose of integration and upstream (code origin) location must be clearly documented. +- README must contain all steps to build the OQS-enabled code. +- An optional USAGE file must be present if the integration can be built into a docker image. + +## Execution requirements + +- If possible, a Dockerfile should be provided such as to automate the integration completely. In this case, a separate USAGE file must be available that shall document usage of the docker file at [docker hub](https://hub.docker.com/orgs/openquantumsafe/repositories). +- If a docker file is provided, it is expected that build-and-test code is added to the continuous integration environment testing (see below). + +## Maintenance + +We hope the contributor will intend to help update the integration over time as the upstream code bases as well as the underlying algorithms and APIs evolve. + +## Continuous Integration + +Each demo should have it's own GitHub Actions workflow to handle building, testing, and pushing its Docker image. An [example template](.github/workflow-templates/template.yml) is provided to get started. + +A workflow should run the build and test steps whenever changes are detected for the integration in a pull request or push to main. +The push step should only be triggered when the workflow is run on the main branch of the upstream repository (not forks) and not when building against the latest liboqs and oqs-provider code. \ No newline at end of file diff --git a/README.md b/README.md index 39b15d3..0d1349a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ -[![GitHub actions](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/linux.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/linux.yml) +[![openssl](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openssl3.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openssl3.yml) [![QUIC](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/quic.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/quic.yml) -[![open-quantum-safe](https://circleci.com/gh/open-quantum-safe/oqs-demos.svg?style=svg)](https://app.circleci.com/pipelines/github/open-quantum-safe/oqs-demos) oqs-demos ========= @@ -11,7 +10,7 @@ A repository of instructions (with associated patches and scripts) to enable, th In most cases, Dockerfiles encode the instructions for ease-of-use: Just do `docker build -t .`. For more detailed usage instructions (parameters, algorithms, etc.) refer to the README for each package. Pre-built Docker images may also be available. -As the level of interest in providing and maintaining these integrations for public consumption has fallen, the packages are tagged with the github monikers of the persons willing to keep supporting them or the term "Unmaintained". If that tag is listed, no CI and github support for the integration is available and the code shall be seen as a snapshot that once worked only. +As the level of interest in providing and maintaining these integrations for public consumption has fallen, the packages are tagged with the github monikers of the persons willing to keep supporting them or the term "Unmaintained". If that tag is listed, no github support for the integration is available and the code shall be seen as a snapshot that once worked only. We are explicitly soliciting contributors to maintain those integrations labelled "Unmaintained". @@ -19,18 +18,18 @@ Currently available integrations at their respective support level: | | **Build instructions** | **Pre-built Docker image or binary files** | Support | |-------------------|----------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -------- | -| **curl** | [Github: oqs-demos/curl](curl) | [Dockerhub: openquantumsafe/curl](https://hub.docker.com/repository/docker/openquantumsafe/curl), [Dockerhub: openquantumsafe/curl-quic](https://hub.docker.com/repository/docker/openquantumsafe/curl-quic) | Maintained: @baentsch, @pi-314159 -| **Apache httpd** | [Github: oqs-demos/httpd](httpd) | [Dockerhub: openquantumsafe/httpd](https://hub.docker.com/repository/docker/openquantumsafe/httpd) | Maintained: @baentsch -| **nginx** | [Github: oqs-demos/nginx](nginx) | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx), [Dockerhub: openquantumsafe/nginx-quic](https://hub.docker.com/repository/docker/openquantumsafe/nginx-quic) | Maintained: @baentsch, @bhess, @pi-314159 +| **curl** | [Github: oqs-demos/curl](curl) | [Dockerhub: openquantumsafe/curl](https://hub.docker.com/repository/docker/openquantumsafe/curl), [Dockerhub: openquantumsafe/curl-quic](https://hub.docker.com/repository/docker/openquantumsafe/curl-quic) | [![curl](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/curl.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/curl.yml) Maintained: @baentsch, @pi-314159 +| **Apache httpd** | [Github: oqs-demos/httpd](httpd) | [Dockerhub: openquantumsafe/httpd](https://hub.docker.com/repository/docker/openquantumsafe/httpd) | [![httpd](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/httpd.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/httpd.yml) Maintained: @baentsch +| **nginx** | [Github: oqs-demos/nginx](nginx) | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx), [Dockerhub: openquantumsafe/nginx-quic](https://hub.docker.com/repository/docker/openquantumsafe/nginx-quic) | [![nginx](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/nginx.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/nginx.yml) Maintained: @baentsch, @bhess, @pi-314159 | **Chromium** | [Github: oqs-demos/chromium](chromium) (limited support) | - | Maintained: @pi-314159 -| **Locust** | [Github: oqs-demos/locust](locust) | - | Maintained: @davidgca -| **Wireshark** | [Github: oqs-demos/wireshark](wireshark) | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark) | Maintained: @hayyaaf -| **OpenSSH** | [Github: oqs-demos/openssh](openssh) | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh) | Unmaintained -| **OpenVPN** | [Github: oqs-demos/openvpn](openvpn) | [Dockerhub: openquantumsafe/openvpn](https://hub.docker.com/repository/docker/openquantumsafe/openvpn) | Unmaintained -| **ngtcp2** | [Github: oqs-demos/ngtcp2](ngtcp2) | Dockerhub: [Server: openquantumsafe/ngtcp2-server](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-server), [Client: openquantumsafe/ngtcp2-client](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-client) | Unmaintained -| **h2load** | [Github: oqs-demos/h2load](h2load) | [ Dockerhub: openquantumsafe/h2load](https://hub.docker.com/repository/docker/openquantumsafe/h2load) | Unmaintained -| **HAproxy** | [Github: oqs-demos/haproxy](haproxy) | [Dockerhub: openquantumsafe/haproxy](https://hub.docker.com/repository/docker/openquantumsafe/haproxy) | Unmaintained -| **Mosquitto** | [Github: oqs-demos/mosquitto](mosquitto) | [Dockerhub: openquantumsafe/mosquitto](https://hub.docker.com/repository/docker/openquantumsafe/mosquitto) | Unmaintained +| **Locust** | [Github: oqs-demos/locust](locust) | - | [![locust](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/locust.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/locust.yml) Maintained: @davidgca +| **Wireshark** | [Github: oqs-demos/wireshark](wireshark) | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark) | [![wireshark](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/wireshark.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/wireshark.yml) Maintained: @hayyaaf +| **OpenSSH** | [Github: oqs-demos/openssh](openssh) | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh) | [![openssh](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openssh.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openssh.yml) Unmaintained +| **OpenVPN** | [Github: oqs-demos/openvpn](openvpn) | [Dockerhub: openquantumsafe/openvpn](https://hub.docker.com/repository/docker/openquantumsafe/openvpn) | [![openvpn](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openvpn.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openvpn.yml) Unmaintained +| **ngtcp2** | [Github: oqs-demos/ngtcp2](ngtcp2) | Dockerhub: [Server: openquantumsafe/ngtcp2-server](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-server), [Client: openquantumsafe/ngtcp2-client](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-client) | [![ngtcp2](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/ngtcp2.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/ngtcp2.yml) Unmaintained +| **h2load** | [Github: oqs-demos/h2load](h2load) | [ Dockerhub: openquantumsafe/h2load](https://hub.docker.com/repository/docker/openquantumsafe/h2load) | [![h2load](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/h2load.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/h2load.yml) Unmaintained +| **HAproxy** | [Github: oqs-demos/haproxy](haproxy) | [Dockerhub: openquantumsafe/haproxy](https://hub.docker.com/repository/docker/openquantumsafe/haproxy) | [![haproxy](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/haproxy.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/haproxy.yml) Unmaintained +| **Mosquitto** | [Github: oqs-demos/mosquitto](mosquitto) | [Dockerhub: openquantumsafe/mosquitto](https://hub.docker.com/repository/docker/openquantumsafe/mosquitto) | [![mosquitto](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/mosquitto.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/mosquitto.yml) Unmaintained | **Epiphany** | [Github: oqs-demos/epiphany](epiphany) | [Dockerhub: openquantumsafe/epiphany](https://hub.docker.com/repository/docker/openquantumsafe/epiphany) | Deprecated | **OpenLiteSpeed** | [Github: oqs-demos/openlitespeed](openlitespeed) | [ Dockerhub: openquantumsafe/openlitespeed](https://hub.docker.com/repository/docker/openquantumsafe/openlitespeed) | Deprecated | **Envoy** | [Github: oqs-demos/envoy](envoy) | [ Dockerhub: openquantumsafe/envoy](https://hub.docker.com/repository/docker/openquantumsafe/envoy) | Deprecated @@ -38,9 +37,11 @@ Currently available integrations at their respective support level: It should be possible to use the openssl (s_client) and curl clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using `oqs-provider v0.7.0` and `liboqs v0.11.0`) but no guarantees are given for software not explicitly labelled with the name of a person offering support for it. Since [OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl) no longer maintains the same set of algorithms, software that depends on OQS-BoringSSL (e.g., nginx-quic and curl-quic) may not fully (inter)operate with the test server. +When updates to an integration with a Dockerfile are pushed to `main`, an updated `latest` image is pushed to DockerHub and ghcr.io with support for both x86_64 and arm64. + ## Contributing -Contributions are gratefully welcomed. See our [Contributing Guide](https://github.com/open-quantum-safe/oqs-demos/wiki/Contributing-guide) for more details. +Contributions are gratefully welcomed. See our [Contributing Guide](CONTRIBUTING.md) for more details. ## License From 666ab72aeebc201f76ae77de0141e85dda0a1642 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Tue, 10 Dec 2024 14:39:39 -0600 Subject: [PATCH 31/32] Add weekly cron job with build_main true Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 26 ++++++++++++++------------ README.md | 2 ++ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ac8139d..590c071 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -23,76 +23,78 @@ on: description: "Which docker tag to push to" required: false type: string + schedule: # run with "build_main: true" weekly on Mon at 1:01 + - cron: '1 1 * * 1' jobs: curl: uses: ./.github/workflows/curl.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} h2load: uses: ./.github/workflows/h2load.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} haproxy: uses: ./.github/workflows/haproxy.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} httpd: uses: ./.github/workflows/httpd.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} locust: uses: ./.github/workflows/locust.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} mosquitto: uses: ./.github/workflows/mosquitto.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} nginx: uses: ./.github/workflows/nginx.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} ngtcp2: uses: ./.github/workflows/ngtcp2.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} openssh: uses: ./.github/workflows/openssh.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} openssl3: uses: ./.github/workflows/openssl3.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} openvpn: uses: ./.github/workflows/openvpn.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} wireshark: uses: ./.github/workflows/wireshark.yml with: - build_main: ${{ inputs.build_main == 'true' }} + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} diff --git a/README.md b/README.md index 0d1349a..aa812b0 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,8 @@ It should be possible to use the openssl (s_client) and curl clients with all al When updates to an integration with a Dockerfile are pushed to `main`, an updated `latest` image is pushed to DockerHub and ghcr.io with support for both x86_64 and arm64. +The build and test CI is run against the latest code in liboqs and oqs-provider weekly. + ## Contributing Contributions are gratefully welcomed. See our [Contributing Guide](CONTRIBUTING.md) for more details. From 0f05a5f8b5a3a599c37b97f9c72e4949f5466801 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Tue, 10 Dec 2024 14:55:08 -0600 Subject: [PATCH 32/32] Update name for better badge readability Signed-off-by: Alex Bozarth --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 590c071..b914ff2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Run all +name: OQS Demos on: workflow_call: