improve static build testing #721
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Linux tests | |
on: | |
push: | |
branches: [ '*' ] | |
pull_request: | |
branches: [ "main" ] | |
jobs: | |
linux_baseline: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
cmake-params: [ "", "-DOQS_KEM_ENCODERS=ON" ] | |
container: | |
image: openquantumsafe/ci-ubuntu-jammy:latest | |
env: | |
MAKE_PARAMS: "-j 18" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Full build | |
run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} ./scripts/fullbuild.sh | |
- name: Enable sibling oqsprovider for testing | |
run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so | |
- name: Test | |
run: ./scripts/runtests.sh -V | |
linux_intel: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
ossl-branch: [openssl-3.1.0, master] | |
include: | |
- name: alpine | |
container: openquantumsafe/ci-alpine-amd64:latest | |
# focal test done on CircleCI - save the compute cycles here until CCI is dropped | |
# - name: focal | |
# container: openquantumsafe/ci-ubuntu-focal-x86_64:latest | |
- name: jammy | |
container: openquantumsafe/ci-ubuntu-jammy:latest | |
container: | |
image: ${{ matrix.container }} | |
env: | |
MAKE_PARAMS: "-j 18" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Full build | |
run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} LIBOQS_BRANCH=main ./scripts/fullbuild.sh | |
- name: Enable sibling oqsprovider for testing | |
run: cd _build/lib && ln -s oqsprovider.so oqsprovider2.so | |
- name: Test | |
run: ./scripts/runtests.sh -V | |
- name: Verify nothing changes on re-generate code | |
run: | | |
apt-get update && apt-get install -y clang-format && \ | |
git config --global user.name "ciuser" && \ | |
git config --global user.email "[email protected]" && \ | |
git config --global --add safe.directory `pwd` && \ | |
export LIBOQS_SRC_DIR=`pwd`/liboqs && \ | |
! pip3 install -r oqs-template/requirements.txt 2>&1 | grep ERROR && \ | |
python3 oqs-template/generate.py && \ | |
find . -type f -and '(' -name '*.h' -or -name '*.c' -or -name '*.inc' ')' | xargs clang-format -i && \ | |
git diff && \ | |
! git status | grep modified | |
- name: Build .deb install package | |
run: cpack | |
working-directory: _build | |
- name: Retain .deb installer | |
uses: actions/upload-artifact@v3 | |
with: | |
name: oqsprovider-x64 | |
path: _build/*.deb | |
asan_linux_intel: | |
name: "Security checks" | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
container: | |
image: openquantumsafe/ci-ubuntu-jammy:latest | |
env: | |
CC: "clang" | |
CXX: "clang++" | |
ASAN_C_FLAGS: "-fsanitize=address -fno-omit-frame-pointer" | |
ASAN_OPTIONS: "detect_stack_use_after_return=1,detect_leaks=1" | |
OPENSSL_BRANCH: "openssl-3.1" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Install dependencies | |
run: apt-get update && apt-get install -y clang llvm ninja-build git cmake libclang-rt-14-dev libclang-common-14-dev | |
- name: Clone and build OpenSSL(3) with ASan | |
run: | | |
git clone --depth=1 --branch "${OPENSSL_BRANCH}" https://github.com/openssl/openssl.git openssl | |
cd openssl | |
mkdir install | |
./Configure --openssldir="${PWD}/install" \ | |
--prefix="${PWD}/install" \ | |
--debug \ | |
enable-asan \ | |
no-tests | |
make -j$(nproc) | |
make install_sw | |
cd .. | |
- name: Clone and build liboqs with ASan | |
run: | | |
git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs | |
cd liboqs | |
mkdir build install | |
cmake -GNinja -B build \ | |
-DCMAKE_BUILD_TYPE=Debug \ | |
-DOQS_USE_OPENSSL=OFF \ | |
-DCMAKE_C_FLAGS="${ASAN_C_FLAGS}" \ | |
-DCMAKE_EXE_LINKER_FLAGS="${ASAN_C_FLAGS}" \ | |
-DCMAKE_INSTALL_PREFIX="${PWD}/install" | |
cmake --build build -j$(nproc) | |
cmake --install build | |
cd .. | |
- name: Build oqs-provider with ASan | |
run: | | |
cmake -GNinja -B build \ | |
-DCMAKE_BUILD_TYPE=Debug \ | |
-DOPENSSL_ROOT_DIR="$PWD/openssl/install" \ | |
-Dliboqs_DIR="$PWD/liboqs/install/lib/cmake/liboqs" \ | |
-DCMAKE_C_FLAGS="${ASAN_C_FLAGS}" \ | |
-DCMAKE_EXE_LINKER_FLAGS="${ASAN_C_FLAGS}" | |
cmake --build build -j$(nproc) | |
- name: Verify that test binaries are linked against ASan | |
run: | | |
find build/test/ -type f -perm '/u=x' | while read -r test_bin; do | |
if ! nm "${test_bin}" | grep -q '__local_asan_preinit'; then | |
echo "ASan not found in ${test_bin}" | |
exit 1 | |
fi | |
done | |
- name: Run tests | |
run: ctest --test-dir build --output-on-failure | |
linux_aarch64: | |
name: "aarch64 cross-compilation" | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
container: | |
image: openquantumsafe/ci-ubuntu-jammy:latest | |
env: | |
OPENSSL_BRANCH: "master" | |
INSTALL_DIR: "/opt/install" | |
CMAKE_TOOLCHAIN_FILE: "/opt/linux-aarch64-toolchain.cmake" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Install dependencies | |
run: apt-get update && apt-get install -y ninja-build git cmake nodejs gcc-aarch64-linux-gnu libc6-dev-arm64-cross qemu-user | |
- name: Prepare install directory | |
run: mkdir -p "${INSTALL_DIR}" | |
- name: Clone and build OpenSSL(3) for linux-aarch64 | |
working-directory: /opt/ | |
run: | | |
git clone --depth=1 --branch "${OPENSSL_BRANCH}" https://github.com/openssl/openssl.git openssl | |
cd openssl | |
./Configure linux-aarch64 no-tests --prefix="${INSTALL_DIR}" \ | |
--openssldir="${INSTALL_DIR}" \ | |
--cross-compile-prefix=aarch64-linux-gnu- \ | |
--release | |
make -j$(nproc) | |
make install_sw | |
- name: Write CMake toolchain file for liboqs and oqs-provider | |
run: | | |
echo "set(CMAKE_SYSTEM_NAME Linux) \n | |
set(CMAKE_SYSTEM_PROCESSOR aarch64) \n | |
set(CMAKE_C_COMPILER "/usr/bin/aarch64-linux-gnu-gcc")\n" > "${CMAKE_TOOLCHAIN_FILE}" | |
- name: Clone and build liboqs for linux-aarch64 | |
working-directory: /opt/ | |
run: | | |
git clone --depth=1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs | |
cd liboqs | |
mkdir build install | |
cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \ | |
-GNinja -B build \ | |
-DCMAKE_BUILD_TYPE=Release \ | |
-DCMAKE_INSTALL_PREFIX="${INSTALL_DIR}" \ | |
-DOQS_USE_OPENSSL=OFF | |
cmake --build build -j$(nproc) | |
cmake --install build | |
- name: Build oqs-provider for linux-aarch64 | |
run: | | |
cmake --toolchain "${CMAKE_TOOLCHAIN_FILE}" \ | |
-GNinja -B build \ | |
-DCMAKE_BUILD_TYPE=Release \ | |
-DCMAKE_INSTALL_PREFIX="${INSTALL_DIR}" \ | |
-DOPENSSL_ROOT_DIR="${INSTALL_DIR}" \ | |
-Dliboqs_DIR="${INSTALL_DIR}/lib/cmake/liboqs" | |
cmake --build build -j$(nproc) | |
cmake --install build | |
- name: Run tests with qemu-aarch64 | |
run: | | |
cmake -B build -DCMAKE_CROSSCOMPILING_EMULATOR="qemu-aarch64;-L;/usr/aarch64-linux-gnu" | |
ctest --test-dir build/ | |
- name: Build .deb install package | |
run: cpack | |
working-directory: build | |
- name: Retain .deb installer | |
uses: actions/upload-artifact@v3 | |
with: | |
name: oqsprovider-aarch64 | |
path: build/*.deb |