Add security override for sha1 #990
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: debian | |
on: | |
push: | |
branches: | |
- main | |
- 'release/**' | |
paths-ignore: | |
- '/*.sh' | |
- '/.*' | |
- '/_*' | |
- 'Brewfile' | |
- 'docs/**' | |
- '**.adoc' | |
- '**.md' | |
- '**.nix' | |
- 'flake.lock' | |
- 'version.txt' | |
- '.github/workflows/*.yml' | |
- '!.github/workflows/debian.yml' | |
pull_request: | |
paths-ignore: | |
- '/*.sh' | |
- '/.*' | |
- '/_*' | |
- 'Brewfile' | |
- 'docs/**' | |
- '**.adoc' | |
- '**.md' | |
- '**.nix' | |
- 'flake.lock' | |
- 'version.txt' | |
concurrency: | |
group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' | |
cancel-in-progress: true | |
env: | |
CORES: 2 | |
LANG: C.UTF-8 | |
LC_ALL: C.UTF-8 | |
LC_LANG: C.UTF-8 | |
RNP_LOG_CONSOLE: 1 | |
jobs: | |
tests: | |
name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }}; GnuPG system-shipped] | |
runs-on: ubuntu-latest | |
if: "!contains(github.event.head_commit.message, 'skip ci')" | |
timeout-minutes: 120 | |
strategy: | |
fail-fast: false | |
matrix: | |
image: | |
- { container: 'debian-11-i386', cpu: 'i386', backend: 'botan' } | |
- { container: 'debian-11-i386', cpu: 'i386', backend: 'openssl' } | |
- { container: 'debian-11-amd64', cpu: 'x86_64', backend: 'botan' } | |
- { container: 'debian-11-amd64', cpu: 'x86_64', backend: 'openssl' } | |
- { container: 'debian-12-amd64', cpu: 'x86_64', backend: 'botan' } | |
- { container: 'debian-12-amd64', cpu: 'x86_64', backend: 'openssl' } | |
- { container: 'debian-10-i386', cpu: 'i386', backend: 'botan' } | |
env: | |
- { CC: 'gcc', CXX: 'g++' } | |
- { CC: 'clang', CXX: 'clang++' } | |
container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }} | |
env: ${{ matrix.env }} | |
steps: | |
- name: Checkout on x86_x64 | |
if: matrix.image.cpu == 'x86_64' | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Checkout on i386 | |
if: matrix.image.cpu == 'i386' | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Setup environment | |
shell: bash | |
# rnpuser is only needed for rnpkeys_generatekey_verifykeyHomeDirNoPermission test | |
run: | | |
useradd rnpuser | |
printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser | |
printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf | |
- name: Configure | |
run: | | |
cmake -B build \ | |
-DBUILD_SHARED_LIBS=ON \ | |
-DCRYPTO_BACKEND=${{ matrix.image.backend }} \ | |
-DDOWNLOAD_GTEST=ON \ | |
-DCMAKE_BUILD_TYPE=Release . | |
- name: Build | |
run: cmake --build build --parallel ${{ env.CORES }} | |
- name: Test | |
run: | | |
mkdir -p "build/Testing/Temporary" | |
cp "cmake/CTestCostData.txt" "build/Testing/Temporary" | |
export PATH="$PWD/build/src/lib:$PATH" | |
chown -R rnpuser:rnpuser $PWD | |
exec su rnpuser -c "ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure" | |
- name: Package | |
run: cpack -G DEB -B debian --config build/CPackConfig.cmake |