Skip to content

Automatically trigger CI on significant liboqs changes (#345) #651

Automatically trigger CI on significant liboqs changes (#345)

Automatically trigger CI on significant liboqs changes (#345) #651

Workflow file for this run

name: Linux tests
on:
push:
branches: [ '*' ]
pull_request:
branches: [ "main" ]
jobs:
linux_baseline:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
cmake-params: [ "", "-DOQS_KEM_ENCODERS=ON" ]
container:
image: openquantumsafe/ci-ubuntu-jammy:latest
env:
MAKE_PARAMS: "-j 18"
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Full build
run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} ./scripts/fullbuild.sh
- name: Enable sibling oqsprovider for testing
run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
- name: Test
run: ./scripts/runtests.sh -V
linux_intel:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
ossl-branch: [openssl-3.1.0, master]
include:
- name: alpine
container: openquantumsafe/ci-alpine-amd64:latest
# focal test done on CircleCI - save the compute cycles here until CCI is dropped
# - name: focal
# container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
- name: jammy
container: openquantumsafe/ci-ubuntu-jammy:latest
container:
image: ${{ matrix.container }}
env:
MAKE_PARAMS: "-j 18"
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Full build
run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=main ./scripts/fullbuild.sh
- name: Enable sibling oqsprovider for testing
run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so
- name: Test
run: ./scripts/runtests.sh -V
- name: Verify nothing changes on re-generate code
run: |
apt-get update && apt-get install -y clang-format && \
git config --global user.name "ciuser" && \
git config --global user.email "[email protected]" && \
git config --global --add safe.directory `pwd` && \
export LIBOQS_SRC_DIR=`pwd`/liboqs && \
! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \
python3 oqs-template/generate.py && \
find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format -i && \
git diff && \
! git status | grep modified
- name: Build .deb install package
run: cpack
working-directory: _build
- name: Retain .deb installer
uses: actions/upload-artifact@v3
with:
name: oqsprovider-x64
path: _build/*.deb
asan_linux_intel:
name: "Security checks"
runs-on: ubuntu-latest
strategy:
fail-fast: false
container:
image: openquantumsafe/ci-ubuntu-jammy:latest
env:
CC: "clang"
CXX: "clang++"
ASAN_C_FLAGS: "-fsanitize=address -fno-omit-frame-pointer"
ASAN_OPTIONS: "detect_stack_use_after_return=1,detect_leaks=1"
OPENSSL_BRANCH: "openssl-3.1"
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install dependencies
run: apt-get update && apt-get install -y clang llvm ninja-build git cmake libclang-rt-14-dev libclang-common-14-dev
- name: Clone and build OpenSSL(3) with ASan
run: |
git clone --depth=1 --branch "${OPENSSL_BRANCH}" https://github.com/openssl/openssl.git openssl
cd openssl
mkdir install
./Configure --openssldir="${PWD}/install" \
--prefix="${PWD}/install" \
--debug \
enable-asan \
no-tests
make -j$(nproc)
make install_sw
cd ..
- name: Clone and build liboqs with ASan
run: |
git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
cd liboqs
mkdir build install
cmake -GNinja -B build \
-DCMAKE_BUILD_TYPE=Debug \
-DOQS_USE_OPENSSL=OFF \
-DCMAKE_C_FLAGS="${ASAN_C_FLAGS}" \
-DCMAKE_EXE_LINKER_FLAGS="${ASAN_C_FLAGS}" \
-DCMAKE_INSTALL_PREFIX="${PWD}/install"
cmake --build build -j$(nproc)
cmake --install build
cd ..
- name: Build oqs-provider with ASan
run: |
cmake -GNinja -B build \
-DCMAKE_BUILD_TYPE=Debug \
-DOPENSSL_ROOT_DIR="$PWD/openssl/install" \
-Dliboqs_DIR="$PWD/liboqs/install/lib/cmake/liboqs" \
-DCMAKE_C_FLAGS="${ASAN_C_FLAGS}" \
-DCMAKE_EXE_LINKER_FLAGS="${ASAN_C_FLAGS}"
cmake --build build -j$(nproc)
- name: Verify that test binaries are linked against ASan
run: |
find build/test/ -type f -perm '/u=x' | while read -r test_bin; do
if ! nm "${test_bin}" | grep -q '__local_asan_preinit'; then
echo "ASan not found in ${test_bin}"
exit 1
fi
done
- name: Run tests
run: ctest --test-dir build --output-on-failure
linux_aarch64:
name: "aarch64 cross-compilation"
runs-on: ubuntu-latest
strategy:
fail-fast: false
container:
image: openquantumsafe/ci-ubuntu-jammy:latest
env:
OPENSSL_BRANCH: "master"
INSTALL_DIR: "/opt/install"
CMAKE_TOOLCHAIN_FILE: "/opt/linux-aarch64-toolchain.cmake"
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install dependencies
run: apt-get update && apt-get install -y ninja-build git cmake nodejs gcc-aarch64-linux-gnu libc6-dev-arm64-cross qemu-user
- name: Prepare install directory
run: mkdir -p "${INSTALL_DIR}"
- name: Clone and build OpenSSL(3) for linux-aarch64
working-directory: /opt/
run: |
git clone --depth=1 --branch "${OPENSSL_BRANCH}" https://github.com/openssl/openssl.git openssl
cd openssl
./Configure linux-aarch64 no-tests --prefix="${INSTALL_DIR}" \
--openssldir="${INSTALL_DIR}" \
--cross-compile-prefix=aarch64-linux-gnu- \
--release
make -j$(nproc)
make install_sw
- name: Write CMake toolchain file for liboqs and oqs-provider
run: |
echo "set(CMAKE_SYSTEM_NAME Linux) \n
set(CMAKE_SYSTEM_PROCESSOR aarch64) \n
set(CMAKE_C_COMPILER "/usr/bin/aarch64-linux-gnu-gcc")\n" > "${CMAKE_TOOLCHAIN_FILE}"
- name: Clone and build liboqs for linux-aarch64
working-directory: /opt/
run: |
git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs
cd liboqs
mkdir build install
cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \
-GNinja -B build \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX="${INSTALL_DIR}" \
-DOQS_USE_OPENSSL=OFF
cmake --build build -j$(nproc)
cmake --install build
- name: Build oqs-provider for linux-aarch64
run: |
cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \
-GNinja -B build \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX="${INSTALL_DIR}" \
-DOPENSSL_ROOT_DIR="${INSTALL_DIR}" \
-Dliboqs_DIR="${INSTALL_DIR}/lib/cmake/liboqs"
cmake --build build -j$(nproc)
cmake --install build
- name: Run tests with qemu-aarch64
run: |
cmake -B build -DCMAKE_CROSSCOMPILING_EMULATOR="qemu-aarch64;-L;/usr/aarch64-linux-gnu"
ctest --test-dir build/
- name: Build .deb install package
run: cpack
working-directory: build
- name: Retain .deb installer
uses: actions/upload-artifact@v3
with:
name: oqsprovider-aarch64
path: build/*.deb