Merge pull request #10507 from dgarske/ci_opt

CI Optimizations
This commit is contained in:
kareem-wolfssl
2026-05-21 17:50:20 -07:00
committed by GitHub
94 changed files with 1106 additions and 300 deletions
@@ -54,6 +54,8 @@ runs:
- name: Install packages
shell: bash
env:
APT_CACHE_HIT: ${{ steps.apt-cache.outputs.cache-hit }}
run: |
export DEBIAN_FRONTEND=noninteractive
RETRIES=${{ inputs.retries }}
@@ -62,6 +64,18 @@ runs:
if [ "${{ inputs.no-install-recommends }}" = "true" ]; then
NO_REC="--no-install-recommends"
fi
# Fast path: on cache hit the .debs are already pre-seeded into
# /var/cache/apt/archives. Try installing directly first; if that
# fails (e.g. the cached .debs were superseded in the index) fall
# through to the regular update + install path.
if [ "$APT_CACHE_HIT" = "true" ]; then
if sudo apt-get install -y $NO_REC ${{ inputs.packages }}; then
exit 0
fi
echo "::warning::install from cached .debs failed, falling back to apt-get update"
fi
for i in $(seq 1 $RETRIES); do
if sudo apt-get update -q && \
sudo apt-get install -y $NO_REC ${{ inputs.packages }}; then
+95
View File
@@ -0,0 +1,95 @@
name: 'Wait for Smoke Test'
description: 'Polls the Smoke Test workflow for the current commit and fails if it failed.'
# Designed to be the leading job in pull_request-triggered workflows so that
# expensive integration CI does not run unless the smoke build passes.
#
# Push events bypass the wait entirely (we still get smoke results for those
# pushes, but other CI is not gated on push). For drafts, callers should
# skip dependent jobs via `if: github.event.pull_request.draft == false` -
# this action will still pass through if smoke is skipped or absent.
inputs:
workflow:
description: 'Name of the smoke workflow file to wait on'
required: false
default: 'smoke-test.yml'
timeout-seconds:
description: 'Maximum time to wait for smoke to complete'
required: false
default: '1800'
poll-seconds:
description: 'Polling interval'
required: false
default: '20'
github-token:
description: 'GITHUB_TOKEN with actions:read permission'
required: true
runs:
using: 'composite'
steps:
- name: Wait for smoke
shell: bash
env:
GH_TOKEN: ${{ inputs.github-token }}
SMOKE_WORKFLOW: ${{ inputs.workflow }}
TIMEOUT: ${{ inputs.timeout-seconds }}
POLL: ${{ inputs.poll-seconds }}
REPO: ${{ github.repository }}
run: |
set -u
# Only gate pull_request events. Push events are not gated.
if [ "${{ github.event_name }}" != "pull_request" ]; then
echo "Not a pull_request event - skipping smoke gate."
exit 0
fi
HEAD_SHA="${{ github.event.pull_request.head.sha }}"
echo "Waiting for $SMOKE_WORKFLOW on $HEAD_SHA (timeout ${TIMEOUT}s)"
START=$(date +%s)
while :; do
NOW=$(date +%s)
ELAPSED=$((NOW - START))
if [ "$ELAPSED" -ge "$TIMEOUT" ]; then
echo "::error::Timed out after ${TIMEOUT}s waiting for $SMOKE_WORKFLOW on $HEAD_SHA"
exit 1
fi
# Look up the latest run for this workflow + head SHA.
RUN_JSON=$(gh api \
"repos/${REPO}/actions/workflows/${SMOKE_WORKFLOW}/runs?head_sha=${HEAD_SHA}&per_page=1" \
2>/dev/null || echo '{}')
STATUS=$(echo "$RUN_JSON" | jq -r '.workflow_runs[0].status // "missing"')
CONCLUSION=$(echo "$RUN_JSON" | jq -r '.workflow_runs[0].conclusion // ""')
RUN_URL=$(echo "$RUN_JSON" | jq -r '.workflow_runs[0].html_url // ""')
case "$STATUS" in
completed)
case "$CONCLUSION" in
success)
echo "Smoke test passed: $RUN_URL"
exit 0
;;
skipped|neutral)
echo "Smoke test was $CONCLUSION - treating as pass: $RUN_URL"
exit 0
;;
*)
echo "::error::Smoke test concluded as '$CONCLUSION': $RUN_URL"
exit 1
;;
esac
;;
missing)
echo "[$ELAPSED s] No smoke run yet for $HEAD_SHA"
;;
*)
echo "[$ELAPSED s] Smoke status=$STATUS ($RUN_URL)"
;;
esac
sleep "$POLL"
done
+99
View File
@@ -0,0 +1,99 @@
#!/usr/bin/env bash
#
# check-headers.sh
#
# Verifies that every public-facing wolfSSL header compiles standalone
# from a fresh consumer's perspective:
#
# #include <wolfssl/options.h>
# #include <wolfssl/...the header...>
# int main(void) { return 0; }
#
# Catches the common breakage where a header silently relies on a
# transitive include from an earlier `.c` file and stops compiling
# when downstream code includes it first.
#
# Requires:
# * ./configure has been run (so wolfssl/options.h exists).
# * gcc and standard build env.
#
# Usage:
# .github/scripts/check-headers.sh # scan default header set
# .github/scripts/check-headers.sh <files> # scan a specific list
set -u
ROOT="$(git rev-parse --show-toplevel)"
cd "$ROOT" || exit 2
if [ ! -f wolfssl/options.h ]; then
echo "::error::wolfssl/options.h not found - run ./configure first" >&2
exit 2
fi
CC="${CC:-gcc}"
GHA="${GITHUB_ACTIONS:-}"
emit() {
local file="$1" msg="$2"
if [ -n "$GHA" ]; then
printf '::error file=%s,line=1,title=header-self-include::%s\n' "$file" "$msg"
else
printf '%s: %s\n' "$file" "$msg"
fi
}
# Default scope: public wolfssl headers excluding vendor/port subdirs and
# files that are intentionally not standalone-includable.
if [ "$#" -gt 0 ]; then
HEADERS=("$@")
else
# Exclusions:
# * generated / private / test-data headers.
# * wolfcrypt math backends (tfm vs sp_int are mutually exclusive).
# * port/* headers whose first-line vendor SDK include can't be
# satisfied in a generic CI environment (mcapi.h, kcapi.h,
# em_device.h, fsl_dcp.h, hw/inout.h, etc.) or that reference
# vendor-only types. Fix the offending header's vendor #include
# with an #ifdef guard and drop the exclusion in a follow-up.
mapfile -t HEADERS < <(
git ls-files 'wolfssl/*.h' 'wolfssl/wolfcrypt/*.h' \
'wolfssl/wolfcrypt/port/**/*.h' 'wolfssl/openssl/*.h' \
| grep -vE '^wolfssl/(options|internal|certs_test|certs_test_sm|debug-trace-error-codes|debug-untrace-error-codes)\.h$' \
| grep -vE '^wolfssl/wolfcrypt/(fips_test|selftest|tfm)\.h$' \
| grep -vE '^wolfssl/wolfcrypt/port/aria/aria-crypt(ocb)?\.h$' \
| grep -vE '^wolfssl/wolfcrypt/port/autosar/(CryIf|Crypto)\.h$' \
| grep -vE '^wolfssl/wolfcrypt/port/caam/(caam_driver|caam_qnx|wolfcaam_hash)\.h$' \
| grep -vE '^wolfssl/wolfcrypt/port/kcapi/' \
| grep -vE '^wolfssl/wolfcrypt/port/nxp/(dcp_port|se050_port)\.h$' \
| grep -vE '^wolfssl/wolfcrypt/port/Renesas/(renesas_fspsm_internal|renesas-rx64-hw-crypt|renesas-tsip-crypt|renesas_tsip_internal)\.h$' \
| grep -vE '^wolfssl/wolfcrypt/port/silabs/silabs_aes\.h$'
)
fi
TMPDIR="$(mktemp -d)"
trap 'rm -rf "$TMPDIR"' EXIT
FAIL=0
PASS=0
for h in "${HEADERS[@]}"; do
[ -f "$h" ] || continue
cat > "$TMPDIR/test.c" <<EOF
#include <wolfssl/options.h>
#include <$h>
int main(void) { return 0; }
EOF
if out="$("$CC" -I. -c -o /dev/null "$TMPDIR/test.c" 2>&1)"; then
PASS=$((PASS + 1))
else
FAIL=$((FAIL + 1))
first_err="$(printf '%s' "$out" | grep -E 'error:' | head -1 | sed 's/.*error: //')"
emit "$h" "header does not compile standalone: ${first_err:-(see build log)}"
if [ -z "$GHA" ]; then
printf '%s\n' "$out" | head -8 | sed 's/^/ /'
fi
fi
done
echo "check-headers: $PASS pass, $FAIL fail"
[ "$FAIL" -eq 0 ]
+309
View File
@@ -0,0 +1,309 @@
#!/usr/bin/env bash
#
# check-source-text.sh
#
# Source-hygiene checker for wolfSSL.
# Public subset of the internal wolfssl-multi-test.sh check-source-text scenario.
#
# Subtests (lettered to match the internal multi-test):
# A. trailing whitespace
# B. no ending newline
# C. 8-bit / non-ASCII bytes
# D. weird control chars, hard tabs, CRs (excluding Makefile-like, .S, .asm)
# E. C++ '//' comments in C-like files (excluding // NOLINT and // cppcheck)
# F. flush-left function calls (debug residue) in C-like files
# G. invalid UTF-8 (requires iconv)
# H. macros that take args but have an empty definition
#
# Not ported (require pcre2grep against built artifacts or are
# wolfSSL-internal conventions covered elsewhere):
# I. unescaped error code operands (WC_NO_ERR_TRACE)
# J. unannotated native heap access
# K. unknown macros (requires built config.h + .wolfssl_known_macro_extras)
# L. codespell - run as its own workflow (.github/workflows/codespell.yml)
#
# Usage:
# .github/scripts/check-source-text.sh # scan all tracked files
# .github/scripts/check-source-text.sh <files...> # scan a specific list
#
# Exits 0 if clean, 1 if any check fails.
# When run under GitHub Actions, emits ::error file=...,line=... annotations.
set -u
shopt -s extglob
ROOT="$(git rev-parse --show-toplevel)"
cd "$ROOT" || exit 2
FAIL=0
GHA="${GITHUB_ACTIONS:-}"
emit() {
# emit <check> <file> <line> <message>
local check="$1" file="$2" line="$3" msg="$4"
if [ -n "$GHA" ]; then
printf '::error file=%s,line=%s,title=%s::%s\n' "$file" "$line" "$check" "$msg"
else
printf '%s:%s: [%s] %s\n' "$file" "$line" "$check" "$msg"
fi
FAIL=1
}
# ---- File classification ----------------------------------------------------
is_excluded() {
case "$1" in
IDE/*|mcapi/*|mplabx/*|mqx/*|RTOS/*|tirtos/*|zephyr/*|bsdkm/*) return 0 ;;
debian/*|rpm/*|Docker/*|build-aux/*|autom4te.cache/*) return 0 ;;
cyassl/*|doc/*) return 0 ;;
aclocal.m4|config.in|Makefile.in) return 0 ;;
certs/*|*.der|*.pem|*.crl|*.p12|*.pfx|*.jks) return 0 ;;
*.gz|*.zip|*.tar|*.bz2|*.xz|*.7z) return 0 ;;
*.png|*.jpg|*.jpeg|*.gif|*.ico|*.pdf) return 0 ;;
*.vcproj|*.vcxproj|*.vcxproj.user|*.sln|*.sdf) return 0 ;;
*.gen.h|*.generated.*) return 0 ;;
ChangeLog.md) return 0 ;;
wolfcrypt/src/fp_*.i|wolfcrypt/src/sp_dsp32.c) return 0 ;;
esac
return 1
}
# Mirrors multi-test scrubbable_extensions.
is_scrubbable() {
case "$1" in
*.c|*.h|*.s|*.S|*.i) return 0 ;;
*.cc|*.cpp|*.cxx|*.hpp|*.hxx|*.cu) return 0 ;;
*.asm) return 0 ;;
*.in|*.ac|*.am|*.m4|*.mk) return 0 ;;
*.yml|*.sh|*.css|*.js|*.dox|*.tex|*.html|*.md) return 0 ;;
CMakeLists.txt) return 0 ;;
scripts/*.test) return 0 ;;
esac
return 1
}
# Mirrors multi-test c_like_extensions: *.[chi] + *.cu
is_c_like() {
case "$1" in
*.c|*.h|*.i|*.cu) return 0 ;;
esac
return 1
}
is_makelike() {
case "$1" in
Makefile|Makefile.*|*.am|*.mk) return 0 ;;
esac
return 1
}
# ---- Build file list --------------------------------------------------------
if [ "$#" -gt 0 ]; then
INPUT_FILES=("$@")
else
mapfile -t INPUT_FILES < <(git ls-files)
fi
SCRUB=()
C_LIKE=()
for f in "${INPUT_FILES[@]}"; do
[ -f "$f" ] || continue
is_excluded "$f" && continue
if is_scrubbable "$f"; then SCRUB+=("$f"); fi
if is_c_like "$f"; then C_LIKE+=("$f"); fi
done
have_scrub() { [ "${#SCRUB[@]}" -gt 0 ]; }
have_c_like() { [ "${#C_LIKE[@]}" -gt 0 ]; }
# Stream grep output (file:line:rest) and convert to annotated emit() calls.
emit_hits() {
local check="$1" msg="$2" f row line
while IFS= read -r row; do
f="${row%%:*}"
row="${row#*:}"
line="${row%%:*}"
emit "$check" "$f" "$line" "$msg"
done
}
# ---- Subtests ---------------------------------------------------------------
# A. trailing whitespace
check_trailing_whitespace() {
have_scrub || return 0
emit_hits "trailing-whitespace" "trailing whitespace" \
< <(LC_ALL=C grep -E -n -e $'[ \t]+$' -- "${SCRUB[@]}" 2>/dev/null || true)
}
# B. no ending newline
check_no_ending_newline() {
have_scrub || return 0
local f
for f in "${SCRUB[@]}"; do
[ -s "$f" ] || continue
if [ -n "$(tail -c 1 -- "$f")" ]; then
emit "no-ending-newline" "$f" 1 "missing newline at end of file"
fi
done
}
# Per-subtest exclusions mirror the internal multi-test's path filters.
excl_8bit() {
case "$1" in
*.md|README*|AUTHORS|*.txt) return 0 ;;
examples/client/client.c) return 0 ;;
examples/server/server.c) return 0 ;;
wolfcrypt/benchmark/benchmark.c) return 0 ;;
wolfssl/test.h) return 0 ;;
esac
return 1
}
excl_control_chars() {
is_makelike "$1" && return 0
case "$1" in
*.S|*.asm) return 0 ;;
wolfcrypt/src/port/arm/*) return 0 ;;
wolfcrypt/src/asm.c|wolfcrypt/src/sp_*.c) return 0 ;;
linuxkm/libwolfssl.mod.c) return 0 ;;
debian/rules.in) return 0 ;;
m4/*) return 0 ;;
*/include.am) return 0 ;;
esac
return 1
}
excl_cpp_comments() {
case "$1" in
wolfcrypt/src/port/arm/*) return 0 ;;
mcapi/*) return 0 ;;
*/user_settings*.h|user_settings*.h) return 0 ;;
resource.h) return 0 ;;
wolfcrypt/src/asm.c|wolfcrypt/src/sp_*.c) return 0 ;;
esac
return 1
}
excl_utf8() {
case "$1" in
wolfssl.prime) return 0 ;;
wolfcrypt/src/port/arm/*) return 0 ;;
esac
return 1
}
# H is scoped narrowly in multi-test: only wolfssl/, wolfcrypt/src/, src/
# C-like files, and excludes sp_*.c (allows sp_int.c).
in_empty_macro_scope() {
case "$1" in
wolfssl/*|wolfcrypt/src/*|src/*) ;;
*) return 1 ;;
esac
case "$1" in
wolfcrypt/src/sp_int.c) return 0 ;;
wolfcrypt/src/sp_*.c) return 1 ;;
esac
return 0
}
# C. 8-bit / non-ASCII bytes.
check_8bit() {
local files=() f
for f in "${SCRUB[@]}"; do
excl_8bit "$f" && continue
files+=("$f")
done
[ "${#files[@]}" -gt 0 ] || return 0
emit_hits "non-ascii" "non-ASCII (8-bit) byte" \
< <(LC_ALL=C grep -E -n -e $'[^\001-\177]' -- "${files[@]}" 2>/dev/null || true)
}
# D. weird control chars / hard tabs / CRs.
check_control_chars() {
local files=() f
for f in "${SCRUB[@]}"; do
excl_control_chars "$f" && continue
files+=("$f")
done
[ "${#files[@]}" -gt 0 ] || return 0
# \001-\011: SOH..HT (includes \t); \013-\037: VT..US (includes \r); \177: DEL
# \012 (LF) excluded so newline-terminated lines pass through.
emit_hits "control-char" "weird control char / hard tab / CR" \
< <(LC_ALL=C grep -E -n -e $'[\001-\011\013-\037\177]' -- "${files[@]}" 2>/dev/null || true)
}
# E. C++-style // comments in C-like files.
# Allows "// NOLINT" and "// cppcheck" suppressions (no /**/ alternatives).
# Needs GNU grep -P for the negative lookahead.
check_cpp_comments() {
local files=() f
for f in "${C_LIKE[@]}"; do
excl_cpp_comments "$f" && continue
files+=("$f")
done
[ "${#files[@]}" -gt 0 ] || return 0
emit_hits "cpp-comment" "C++-style // comment" \
< <(LC_ALL=C grep -P -n \
-e '(^|[^:"*+a-zA-Z0-9])//(?!([*]| ?NOLINT| ?cppcheck)).*$' \
-- "${files[@]}" 2>/dev/null || true)
}
# F. flush-left function calls (typically debugging residue).
check_flush_left_calls() {
have_c_like || return 0
emit_hits "flush-left-call" "flush-left function call (debug residue?)" \
< <(LC_ALL=C grep -P -n \
-e '^(?!(?:wc_)?static_assert[0-9]* *\(|module_init *\(|module_exit *\(|[A-Z][A-Z0-9_]* *\()[a-zA-Z_]+[a-zA-Z0-9_]* *\(.*\);' \
-- "${C_LIKE[@]}" 2>/dev/null || true)
}
# G. invalid UTF-8 (requires iconv).
check_utf8() {
if ! command -v iconv >/dev/null 2>&1; then
echo "check-source-text: [skipping invalid-utf8 - iconv not available]" >&2
return 0
fi
have_scrub || return 0
local f
for f in "${SCRUB[@]}"; do
excl_utf8 "$f" && continue
if ! LC_ALL=en_US.UTF-8 iconv -f UTF-8 -o /dev/null -- "$f" 2>/dev/null; then
emit "invalid-utf8" "$f" 1 "file is not valid UTF-8"
fi
done
}
# H. macros that take args but have an empty definition.
# Scoped to wolfssl/, wolfcrypt/src/, src/ - excludes sp_*.c except sp_int.c.
check_empty_macros() {
local files=() f
for f in "${C_LIKE[@]}"; do
in_empty_macro_scope "$f" || continue
files+=("$f")
done
[ "${#files[@]}" -gt 0 ] || return 0
emit_hits "empty-macro" "macro takes args but has empty body" \
< <(LC_ALL=C grep -E -n \
-e '#define +[A-Za-z0-9_]+\( *[A-Za-z0-9_]+ *(, *[A-Za-z0-9_]+)* *\) *$' \
-- "${files[@]}" 2>/dev/null || true)
}
# ---- Run --------------------------------------------------------------------
check_trailing_whitespace
check_no_ending_newline
check_8bit
check_control_chars
check_cpp_comments
check_flush_left_calls
check_utf8
check_empty_macros
if [ "$FAIL" -ne 0 ]; then
echo "::error::check-source-text found violations" >&2
exit 1
fi
echo "check-source-text: clean"
+3 -2
View File
@@ -2,14 +2,15 @@ name: WolfSSL Ada Build Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
jobs:
build:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
steps:
+3 -2
View File
@@ -48,7 +48,7 @@ name: Arduino CI Build (1 of 4) wolfssl
# START OF COMMON SECTION
on:
push:
branches: [ '**', 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
paths:
# Specific to this Arduino CI Build (1 of 4)
- '.github/workflows/arduino.yml'
@@ -57,6 +57,7 @@ on:
- 'wolfcrypt/**'
- 'wolfssl/**'
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '**' ]
paths:
- '.github/workflows/arduino.yml'
@@ -76,7 +77,7 @@ concurrency:
jobs:
build:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# Teensy is allowed to fail: its board index lives at pjrc.com, which is
# chronically unreachable from GitHub Actions runner egress IPs (DNS
+3 -2
View File
@@ -2,8 +2,9 @@ name: Async Examples
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -12,7 +13,7 @@ concurrency:
jobs:
async_examples:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 10
strategy:
+3 -2
View File
@@ -3,8 +3,9 @@ name: Async Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -25,7 +26,7 @@ jobs:
'--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS -pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
]
name: make check
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
+3 -2
View File
@@ -3,8 +3,9 @@ name: ATECC608 simulator test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -31,7 +32,7 @@ env:
jobs:
atecc608_sim:
name: wolfCrypt against ATECC608 simulator
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 30
steps:
+4 -3
View File
@@ -3,8 +3,9 @@ name: bind9 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -46,7 +47,7 @@ jobs:
# List of releases to test
ref: [ 9.18.0, 9.18.28, 9.18.33, 9.20.11 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
+43
View File
@@ -0,0 +1,43 @@
name: Check Headers
# Verifies every public-facing wolfSSL header compiles standalone with
# only wolfssl/options.h included first. Catches the common breakage
# where a header silently relies on a transitive include from an
# earlier .c file and stops compiling from a fresh consumer.
#
# Runs on drafts (fast static check).
on:
push:
branches: [ master, main ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ master, main ]
concurrency:
group: check-headers-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
check:
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- name: Install dependencies
uses: ./.github/actions/install-apt-deps
with:
packages: autoconf automake libtool build-essential
- name: autogen
run: ./autogen.sh
- name: configure --enable-all
run: ./configure --enable-all
- name: Run check-headers
run: ./.github/scripts/check-headers.sh
+107
View File
@@ -0,0 +1,107 @@
name: Check Source Text
# Source-hygiene + shell-script lint. Runs on drafts too - fast feedback.
#
# Checks:
# * check-source-text.sh: trailing whitespace, hard tabs in C/H, CRLF,
# BOM / non-ASCII.
# * bash -n + shellcheck (warning level) on shell scripts.
#
# Scope:
# * pull_request: only files changed in the PR (catches new violations
# without failing on historical debt).
# * push: scan the full tree (baseline guard on master).
on:
push:
branches: [ master, main ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ master, main ]
concurrency:
group: check-source-text-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
check:
runs-on: ubuntu-24.04
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install shellcheck
uses: ./.github/actions/install-apt-deps
with:
packages: shellcheck
- name: Collect files to check
id: files
run: |
if [ "${{ github.event_name }}" = "pull_request" ]; then
BASE_SHA="${{ github.event.pull_request.base.sha }}"
HEAD_SHA="${{ github.event.pull_request.head.sha }}"
git diff --name-only --diff-filter=ACMR "$BASE_SHA" "$HEAD_SHA" \
> changed.txt || true
grep -E '\.sh$' changed.txt > changed-sh.txt || true
echo "Files changed in PR:"
cat changed.txt
echo "Shell scripts changed:"
cat changed-sh.txt
echo "count=$(wc -l < changed.txt)" >> "$GITHUB_OUTPUT"
echo "sh_count=$(wc -l < changed-sh.txt)" >> "$GITHUB_OUTPUT"
else
: > changed.txt
git ls-files '*.sh' > changed-sh.txt
echo "count=0" >> "$GITHUB_OUTPUT"
echo "sh_count=$(wc -l < changed-sh.txt)" >> "$GITHUB_OUTPUT"
fi
- name: Run check-source-text (PR changed files)
if: github.event_name == 'pull_request' && steps.files.outputs.count != '0'
run: |
# shellcheck disable=SC2046
./.github/scripts/check-source-text.sh $(cat changed.txt)
- name: Run check-source-text (full tree)
if: github.event_name != 'pull_request'
run: ./.github/scripts/check-source-text.sh
- name: bash -n (syntax check)
if: steps.files.outputs.sh_count != '0'
run: |
fail=0
while IFS= read -r f; do
[ -f "$f" ] || continue
if ! bash -n "$f"; then
echo "::error file=$f::bash -n syntax error"
fail=1
fi
done < changed-sh.txt
exit "$fail"
- name: shellcheck (warning level)
if: steps.files.outputs.sh_count != '0'
run: |
# Mirrors the internal multi-test check-shell-scripts subtest:
# --severity=warning
# -e SC2226,SC2166,SC2164,SC2046,SC2034,SC2188,SC2043
# SC2226 (no ln destination), SC2166 ([ p -a q ]), SC2164 (cd ||),
# SC2046 (word splitting), SC2034 (unused var), SC2188 (redirect
# w/o command), SC2043 (loop runs once) - common in this codebase,
# suppressed in the internal multi-test for the same reason.
fail=0
while IFS= read -r f; do
[ -f "$f" ] || continue
if ! shellcheck --severity=warning \
--exclude=SC2226,SC2166,SC2164,SC2046,SC2034,SC2188,SC2043 \
--format=gcc "$f"; then
fail=1
fi
done < changed-sh.txt
exit "$fail"
+3 -2
View File
@@ -2,13 +2,14 @@ name: WolfSSL CMake Autoconf Interworking Test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
jobs:
build:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
steps:
+3 -2
View File
@@ -2,13 +2,14 @@ name: WolfSSL CMake Build Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
jobs:
build:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
steps:
+2 -1
View File
@@ -4,6 +4,7 @@ on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -13,7 +14,7 @@ concurrency:
jobs:
codespell:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
+3 -2
View File
@@ -3,8 +3,9 @@ name: cryptocb-only Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -54,7 +55,7 @@ jobs:
-DWOLF_CRYPTO_CB_ONLY_ECC -DWOLF_CRYPTO_CB_ONLY_RSA
-DWOLF_CRYPTO_CB_ONLY_SHA256 -DWOLF_CRYPTO_CB_ONLY_AES
name: make check (${{ matrix.name }})
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 10
env:
+4 -3
View File
@@ -3,8 +3,9 @@ name: curl Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
@@ -39,7 +40,7 @@ jobs:
test_curl:
name: ${{ matrix.curl_ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 15
+4 -3
View File
@@ -3,8 +3,9 @@ name: cyrus-sasl Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -47,7 +48,7 @@ jobs:
# List of releases to test
ref: [ 2.1.28 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
+3 -2
View File
@@ -3,8 +3,9 @@ name: disable-pk-algs Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -35,7 +36,7 @@ jobs:
'--enable-cryptonly --disable-rsa --disable-dh --disable-ecc --disable-curve25519 --disable-ed25519 --disable-curve448 --disable-ed448 --enable-ed448',
]
name: make check
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
+5 -4
View File
@@ -2,8 +2,9 @@ name: Espressif examples tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -14,7 +15,7 @@ concurrency:
jobs:
espressif_latest:
name: latest Docker container
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 12
@@ -28,7 +29,7 @@ jobs:
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v4_4:
name: v4.4 Docker container
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
container:
image: espressif/idf:release-v4.4
@@ -38,7 +39,7 @@ jobs:
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v5_0:
name: v5.0 Docker container
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
container:
image: espressif/idf:release-v5.0
+4 -3
View File
@@ -5,8 +5,9 @@ name: OpenWrt test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -17,7 +18,7 @@ concurrency:
jobs:
build_library:
name: Compile libwolfssl.so
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
@@ -41,7 +42,7 @@ jobs:
retention-days: 5
compile_container:
name: Compile container
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 2
+3 -2
View File
@@ -3,8 +3,9 @@ name: emNET non-blocking handshake test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -22,7 +23,7 @@ concurrency:
jobs:
emnet_nonblock:
name: wolfSSL emNET non-blocking handshake
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 20
steps:
+3 -2
View File
@@ -6,8 +6,9 @@ env:
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -27,7 +28,7 @@ jobs:
]
# This should be a safe limit for the tests to run.
timeout-minutes: 30
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
name: ${{ matrix.config }}
steps:
+3 -2
View File
@@ -3,8 +3,9 @@ name: FreeRTOS mem_track.h compile regression
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -24,7 +25,7 @@ concurrency:
jobs:
freertos_mem_track:
name: mem_track.h non-Linux multi-threaded compile
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 5
steps:
+3 -2
View File
@@ -3,8 +3,9 @@ name: Test gencertbuf script
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
gencertbuf:
name: gencertbuf
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
+4 -3
View File
@@ -3,8 +3,9 @@ name: grpc Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -51,7 +52,7 @@ jobs:
test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
h2_ssl_cert_test h2_ssl_session_reuse_test
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
+4 -3
View File
@@ -3,8 +3,9 @@ name: haproxy Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
@@ -39,7 +40,7 @@ jobs:
test_haproxy:
name: ${{ matrix.haproxy_ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 15
+6 -5
View File
@@ -3,8 +3,9 @@ name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -27,7 +28,7 @@ jobs:
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-tlsv10 --enable-oldtls
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
@@ -65,7 +66,7 @@ jobs:
checkout_hostap:
name: Checkout hostap repo
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
@@ -93,7 +94,7 @@ jobs:
build_uml_linux:
name: Build UML (UserMode Linux)
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
@@ -181,7 +182,7 @@ jobs:
build_id: hostap-vm-build2
}
name: hwsim test
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 45
+3 -2
View File
@@ -3,8 +3,9 @@ name: Dynamic C Fallback Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -21,7 +22,7 @@ jobs:
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
]
name: make check
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
+4 -3
View File
@@ -3,8 +3,9 @@ name: ipmitool Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -16,7 +17,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -47,7 +48,7 @@ jobs:
matrix:
git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
name: ${{ matrix.git_ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
needs: build_wolfssl
steps:
+4 -3
View File
@@ -3,8 +3,9 @@ name: jwt-cpp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -16,7 +17,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
@@ -41,7 +42,7 @@ jobs:
retention-days: 5
build_pam-ipmi:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
strategy:
fail-fast: false
matrix:
+4 -3
View File
@@ -3,8 +3,9 @@ name: Kerberos 5 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -16,7 +17,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 5
@@ -49,7 +50,7 @@ jobs:
# List of releases to test
ref: [ 1.21.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 8
+4 -3
View File
@@ -3,8 +3,9 @@ name: libspdm Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -45,7 +46,7 @@ jobs:
# List of releases to test
ref: [ 3.7.0 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
+4 -3
View File
@@ -3,8 +3,9 @@ name: libssh2 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -16,7 +17,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
@@ -46,7 +47,7 @@ jobs:
# List of releases to test
ref: [ 1.11.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 8
+4 -3
View File
@@ -3,8 +3,9 @@ name: libvncserver Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -16,7 +17,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
@@ -46,7 +47,7 @@ jobs:
matrix:
ref: [ 0.9.13, 0.9.14 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
needs: build_wolfssl
steps:
+3 -2
View File
@@ -3,8 +3,9 @@ name: Kernel Module Build
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -21,7 +22,7 @@ jobs:
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384'
]
name: build module
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
@@ -3,8 +3,9 @@ name: MacOS apple native cert validation tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -14,7 +15,7 @@ concurrency:
jobs:
make_check:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: macos-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 5
+4 -3
View File
@@ -3,8 +3,9 @@ name: mbedtls interop Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -18,7 +19,7 @@ env:
jobs:
build_mbedtls:
name: Build mbedtls
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
@@ -55,7 +56,7 @@ jobs:
mbedtls_test:
name: Test interop with mbedtls
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
needs: build_mbedtls
timeout-minutes: 15
-32
View File
@@ -1,32 +0,0 @@
name: Membrowse Comment
on:
workflow_run:
workflows: [Membrowse Memory Report]
types:
- completed
jobs:
post-comment:
runs-on: ubuntu-24.04
timeout-minutes: 10
# Run the comment job even if some of the builds fail
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion != 'cancelled'
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Post Membrowse PR comment
if: ${{ env.MEMBROWSE_API_KEY != '' }}
uses: membrowse/membrowse-action/comment-action@v1
with:
api_key: ${{ secrets.MEMBROWSE_API_KEY }}
commit: ${{ github.event.workflow_run.head_sha }}
env:
MEMBROWSE_API_KEY: ${{ secrets.MEMBROWSE_API_KEY }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+9 -7
View File
@@ -1,14 +1,17 @@
name: Membrowse Memory Report
# Runs nightly instead of per-PR - the report is for trend tracking, not
# gating individual PRs, and the build matrix is too heavy to run on every
# push. Use workflow_dispatch to trigger an ad-hoc run.
on:
pull_request:
push:
branches:
- master
schedule:
- cron: '0 4 * * *' # daily at 04:00 UTC
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.sha || github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
group: ${{ github.workflow }}
cancel-in-progress: false
jobs:
load-targets:
@@ -59,4 +62,3 @@ jobs:
api_key: ${{ secrets.MEMBROWSE_API_KEY }}
api_url: ${{ vars.MEMBROWSE_API_URL }}
verbose: INFO
+4 -3
View File
@@ -3,8 +3,9 @@ name: memcached Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -16,7 +17,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
steps:
- name: Build wolfSSL
@@ -47,7 +48,7 @@ jobs:
include:
- ref: 1.6.22
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
needs: build_wolfssl
steps:
+3 -2
View File
@@ -3,8 +3,9 @@ name: Linux Mono C# Build Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL C# Wrapper
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
+4 -3
View File
@@ -3,8 +3,9 @@ name: mosquitto Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -16,7 +17,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
@@ -44,7 +45,7 @@ jobs:
matrix:
ref: [ 2.0.18 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
+4 -3
View File
@@ -3,8 +3,9 @@ name: msmtp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -16,7 +17,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
@@ -44,7 +45,7 @@ jobs:
matrix:
ref: [ 1.8.28 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
+3 -2
View File
@@ -3,8 +3,9 @@ name: MSYS2 Build Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -14,7 +15,7 @@ concurrency:
jobs:
msys2:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: windows-latest
defaults:
run:
+3 -2
View File
@@ -3,8 +3,9 @@ name: Multiple architectures
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -51,7 +52,7 @@ jobs:
OPT_CFLAGS: '-Os'
- name: '-Ofast'
OPT_CFLAGS: '-Ofast'
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
+3 -2
View File
@@ -3,8 +3,9 @@ name: Multiple compilers and versions
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -37,7 +38,7 @@ jobs:
- CC: clang-19
CXX: clang++-19
OS: ubuntu-24.04
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ${{ matrix.OS }}
# This should be a safe limit for the tests to run.
timeout-minutes: 4
+4 -3
View File
@@ -3,8 +3,9 @@ name: net-snmp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -47,7 +48,7 @@ jobs:
- ref: 5.9.3
test_opts: -e 'agentxperl'
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
+4 -3
View File
@@ -3,8 +3,9 @@ name: nginx Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -19,7 +20,7 @@ env:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -146,7 +147,7 @@ jobs:
stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
stream_proxy_ssl_verify.t
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
+3 -2
View File
@@ -3,8 +3,9 @@ name: No Malloc Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -23,7 +24,7 @@ jobs:
'--enable-ecc --enable-rsa --enable-keygen --enable-ed25519 --enable-curve25519 --enable-ed448 --enable-curve448 --enable-mlkem --enable-staticmemory CFLAGS="-DWOLFSSL_NO_MALLOC -pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
]
name: make check
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
-49
View File
@@ -1,49 +0,0 @@
name: --disable-tls Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--disable-tls --enable-all CFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL
run: |
./autogen.sh
./configure ${{ matrix.config }}
make -j 4
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done
+4 -3
View File
@@ -5,8 +5,9 @@ name: nss interop Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -20,7 +21,7 @@ env:
jobs:
build_nss:
name: Build nss
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
@@ -63,7 +64,7 @@ jobs:
nss_test:
name: Test interop with nss
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
needs: build_nss
timeout-minutes: 30
+4 -3
View File
@@ -3,8 +3,9 @@ name: ntp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -46,7 +47,7 @@ jobs:
# List of releases to test
ref: [ 4.2.8p15, 4.2.8p17, 4.2.8p18 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
+3 -2
View File
@@ -3,8 +3,9 @@ name: OCSP Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
ocsp_stapling:
name: ocsp stapling
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
+4 -3
View File
@@ -3,8 +3,9 @@ name: openldap Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -52,7 +53,7 @@ jobs:
- osp_ref: 2.6.9
git_ref: OPENLDAP_REL_ENG_2_6_9
name: ${{ matrix.osp_ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 20
+4 -3
View File
@@ -3,8 +3,9 @@ name: openssh Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -80,7 +81,7 @@ jobs:
exit-status rekey multiplex forward-control channel-timeout
connection-timeout
name: ${{ matrix.osp_ver }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
needs: build_wolfssl
steps:
+5 -4
View File
@@ -3,8 +3,9 @@ name: OpenSSL ECH Interop Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 4
steps:
@@ -55,7 +56,7 @@ jobs:
build_openssl_ech:
name: Build OpenSSL (feature/ech)
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
@@ -87,7 +88,7 @@ jobs:
ech_interop_test:
name: ECH Interop Test
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
needs: [build_wolfssl, build_openssl_ech]
runs-on: ubuntu-24.04
timeout-minutes: 10
+3 -2
View File
@@ -3,8 +3,9 @@ name: OPENSSL_COEXIST and TEST_OPENSSL_COEXIST
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -22,7 +23,7 @@ jobs:
'--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_OPENSSL_COEXIST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"'
]
name: make check
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
+4 -3
View File
@@ -3,8 +3,9 @@ name: OpenVPN Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -44,7 +45,7 @@ jobs:
matrix:
ref: [ release/2.6, v2.6.19 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
+8 -7
View File
@@ -3,8 +3,9 @@ name: Ubuntu-Macos-Windows Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -133,7 +134,7 @@ jobs:
'CPPFLAGS="-DNO_VERIFY_OID -DWOLFSSL_FPKI"',
]
name: make check linux
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@@ -184,7 +185,7 @@ jobs:
'--enable-cryptocb --enable-keygen --enable-cryptocbutils=setkey',
]
name: make check macos
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: macos-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@@ -217,7 +218,7 @@ jobs:
'examples/configs/user_settings_all.h',
]
name: make user_setting.h
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@@ -264,7 +265,7 @@ jobs:
# - user_settings_baremetal.h: Requires static memory, custom platform
]
name: make user_setting.h (testwolfcrypt only)
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@@ -285,7 +286,7 @@ jobs:
# the equivalent code paths on Darwin.
make_user_all:
name: make user_setting.h (with sed)
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@@ -308,7 +309,7 @@ jobs:
windows_build:
name: Windows Build Test
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: windows-latest
strategy:
fail-fast: false
+3 -2
View File
@@ -3,8 +3,9 @@ name: Packaging Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Package wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
+4 -3
View File
@@ -3,8 +3,9 @@ name: pam-ipmi Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -16,7 +17,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -47,7 +48,7 @@ jobs:
matrix:
git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
name: ${{ matrix.git_ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
needs: build_wolfssl
steps:
+3 -2
View File
@@ -3,8 +3,9 @@ name: Quantum Resistant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -41,7 +42,7 @@ jobs:
'--disable-intelasm --enable-dilithium=44,65,87,verify-only CPPFLAGS="-DWOLFSSL_DILITHIUM_DYNAMIC_KEYS"',
]
name: make check
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
+2 -1
View File
@@ -2,6 +2,7 @@ name: PR commit message checks
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '**' ]
concurrency:
@@ -11,7 +12,7 @@ concurrency:
jobs:
commit-messages:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
+3 -2
View File
@@ -3,8 +3,9 @@ name: PSK Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -25,7 +26,7 @@ jobs:
'--disable-oldtls --disable-tlsv12 --enable-tls13 --enable-psk -disable-rsa --disable-dh -disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --enable-lowresource --enable-singlethreaded --disable-asm --disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224 --disable-sha384 --disable-sha512 --disable-sha --disable-md5 -disable-aescbc --disable-chacha --disable-poly1305 --disable-coding --disable-sp-math-all --disable-mlkem'
]
name: make check
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
+3 -2
View File
@@ -3,8 +3,9 @@ name: PUF Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
puf_host_test:
name: PUF host test
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 6
steps:
+4 -3
View File
@@ -3,8 +3,9 @@ name: Python Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
@@ -93,7 +94,7 @@ jobs:
test_xmlrpc
test_docxmlrpc
name: Python ${{ matrix.python_ver }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 60
needs: build_wolfssl
+4 -3
View File
@@ -3,8 +3,9 @@ name: rng-tools Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -46,7 +47,7 @@ jobs:
# List of releases to test
ref: [ 6.16, 6.17 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
+3 -2
View File
@@ -3,8 +3,9 @@ name: Build Rust Wrapper
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL Rust Wrapper
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 10
+3 -2
View File
@@ -3,8 +3,9 @@ name: SE050 simulator test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -26,7 +27,7 @@ env:
jobs:
se050_sim:
name: wolfCrypt against SE050 simulator
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 30
steps:
+3 -2
View File
@@ -3,8 +3,9 @@ name: Stack Size warnings
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -36,7 +37,7 @@ jobs:
'--enable-intelasm --enable-sp-asm --enable-all-crypto --enable-mlkem --enable-lms --enable-xmss --enable-mldsa'
]
name: build library
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
+136
View File
@@ -0,0 +1,136 @@
name: Smoke Test
# Fast pre-flight build + make check across common-failure configs derived
# from the Jenkins PRB top-10 (last 30 days). Intentionally runs on drafts
# too: this is the gate that protects the rest of CI. Other PR workflows
# wait for this via .github/actions/wait-for-smoke.
#
# CFLAGS=-Werror is applied at make time only (not ./configure) so autoconf
# feature detection is not poisoned by benign warnings in conftest probes.
#
# For pull_request events the workflow tests the POST-MERGE tree:
# the PR head is checked out, the base branch is merged in, and:
# * a merge conflict fails the job before any build runs.
# * if the PR tree is identical to base (no diff), the matrix is skipped.
# * otherwise the build runs against the merged tree.
# This catches stale PRs whose head builds clean but whose merge with
# current master would break.
on:
push:
branches: [ master, main ]
paths-ignore:
- '**/*.md'
- 'doc/**'
- 'AUTHORS'
- 'LICENSING'
- 'ChangeLog.md'
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ master, main ]
concurrency:
group: smoke-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
smoke:
runs-on: ubuntu-24.04
timeout-minutes: 25
strategy:
fail-fast: false
matrix:
config:
- name: default
args: ""
- name: enable-all
args: "--enable-all"
- name: opensslextra
args: "--enable-opensslextra"
- name: enable-all-smallstack
args: "--enable-all --enable-smallstack"
- name: cryptonly
args: "--enable-cryptonly"
# Below entries target the top Jenkins PRB failure modes
# (-Werror unused-function / implicit-decl / link errors).
- name: leantls-extra
args: "--enable-leantls --enable-session-ticket --enable-sni --enable-opensslextra"
- name: dtls-suite
args: "--enable-psk --enable-dtls --enable-dtls13 --enable-dtls-mtu --enable-aesccm --enable-opensslextra"
- name: integration
args: "--enable-openssh --enable-lighty --enable-stunnel --enable-opensslextra"
# AddressSanitizer (UBSAN excluded - current master has known
# left-shift UB in auto-generated SP math).
- name: sanitize-asan
args: "--enable-all"
cflags: "-fsanitize=address -fno-omit-frame-pointer -g -O1"
ldflags: "-fsanitize=address"
env:
MAKE_CFLAGS: "-Werror"
steps:
# For PRs we explicitly check out the PR head (not the auto-merge
# ref) and do the merge ourselves below so we can fail fast on
# conflicts. For push events we just check out the pushed SHA.
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Merge base into PR head (fail fast on conflict)
id: merge_check
if: github.event_name == 'pull_request'
env:
BASE_REF: ${{ github.event.pull_request.base.ref }}
run: |
set -e
git config user.email "ci@wolfssl.invalid"
git config user.name "wolfSSL CI Merge"
git fetch --no-tags origin "$BASE_REF"
BASE_SHA=$(git rev-parse FETCH_HEAD)
if git diff --quiet "$BASE_SHA" HEAD; then
echo "::notice::PR tree is identical to $BASE_REF; skipping smoke matrix."
echo "skip=true" >> "$GITHUB_OUTPUT"
exit 0
fi
if ! git merge --no-ff --no-commit "$BASE_SHA"; then
echo "::error::Merge conflicts with $BASE_REF - please rebase or merge $BASE_REF into the PR branch before testing."
git merge --abort || true
exit 1
fi
echo "skip=false" >> "$GITHUB_OUTPUT"
echo "Clean merge with $BASE_REF; testing post-merge tree."
- name: Install dependencies
if: steps.merge_check.outputs.skip != 'true'
uses: ./.github/actions/install-apt-deps
with:
packages: autoconf automake libtool build-essential
- name: autogen
if: steps.merge_check.outputs.skip != 'true'
run: ./autogen.sh
- name: configure ${{ matrix.config.name }}
if: steps.merge_check.outputs.skip != 'true'
run: ./configure ${{ matrix.config.args }}
- name: make
if: steps.merge_check.outputs.skip != 'true'
env:
ENTRY_CFLAGS: ${{ matrix.config.cflags }}
ENTRY_LDFLAGS: ${{ matrix.config.ldflags }}
run: |
FLAGS="${ENTRY_CFLAGS:-$MAKE_CFLAGS}"
make -j"$(nproc)" CFLAGS="$FLAGS" LDFLAGS="$ENTRY_LDFLAGS"
- name: make check
if: steps.merge_check.outputs.skip != 'true'
env:
ENTRY_CFLAGS: ${{ matrix.config.cflags }}
ENTRY_LDFLAGS: ${{ matrix.config.ldflags }}
run: |
FLAGS="${ENTRY_CFLAGS:-$MAKE_CFLAGS}"
make check CFLAGS="$FLAGS" LDFLAGS="$ENTRY_LDFLAGS"
+4 -3
View File
@@ -3,8 +3,9 @@ name: socat Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 4
steps:
@@ -38,7 +39,7 @@ jobs:
socat_check:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
+4 -3
View File
@@ -3,8 +3,9 @@ name: SoftHSMv2 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -46,7 +47,7 @@ jobs:
# List of releases to test
ref: [ 2.6.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 20
+4 -3
View File
@@ -3,8 +3,9 @@ name: sssd Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -14,7 +15,7 @@ concurrency:
jobs:
build_wolfssl:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
@@ -46,7 +47,7 @@ jobs:
# List of releases to test
ref: [ 2.9.1, 2.10.2 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
container:
image: quay.io/sssd/ci-client-devel:ubuntu-latest
+3 -2
View File
@@ -3,8 +3,9 @@ name: STM32 simulator test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -24,7 +25,7 @@ concurrency:
jobs:
stm32_sim:
name: wolfCrypt on STM32${{ matrix.chip_label }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 30
strategy:
+3 -2
View File
@@ -3,8 +3,9 @@ name: STSAFE-A120 simulator test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -32,7 +33,7 @@ env:
jobs:
stsafe_a120_sim:
name: wolfCrypt against STSAFE-A120 simulator
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 30
steps:
+4 -3
View File
@@ -3,8 +3,9 @@ name: stunnel Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
# Just to keep it the same as the testing target
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
@@ -45,7 +46,7 @@ jobs:
# List of releases to test
ref: [ 5.67 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
+3 -2
View File
@@ -3,8 +3,9 @@ name: WOLFSSL_API_PREFIX_MAP
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -20,7 +21,7 @@ jobs:
'--enable-all --enable-mlkem --enable-mldsa --enable-xmss --enable-lms --enable-acert --with-sys-crypto-policy CFLAGS=-DWOLFSSL_API_PREFIX_MAP'
]
name: make and analyze
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
+3 -1
View File
@@ -2,12 +2,14 @@ name: ThreadXBuild Test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
jobs:
build:
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.draft == false }}
runs-on: ubuntu-24.04
timeout-minutes: 10
+3 -2
View File
@@ -3,8 +3,9 @@ name: WOLFSSL_TRACK_MEMORY Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -32,7 +33,7 @@ jobs:
'--disable-asm --enable-wolfEntropy --enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
]
name: make check
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
+3 -2
View File
@@ -3,8 +3,9 @@ name: TROPIC01 simulator test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -32,7 +33,7 @@ env:
jobs:
tropic01_sim:
name: wolfCrypt against TROPIC01 simulator
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 30
steps:
+3 -2
View File
@@ -3,8 +3,9 @@ name: Build Watcom C
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -14,7 +15,7 @@ concurrency:
jobs:
wolfssl_watcomc_windows:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
strategy:
fail-fast: false
matrix:
+3 -2
View File
@@ -2,14 +2,15 @@ name: Windows CSharp Build Test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
jobs:
build:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: windows-latest
# This should be a safe limit for the tests to run.
+3 -2
View File
@@ -3,8 +3,9 @@ name: wolfCrypt conversion warnings
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -31,7 +32,7 @@ jobs:
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small --enable-slhdsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
]
name: build library
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
+7 -6
View File
@@ -2,8 +2,9 @@ name: wolfBoot Integration
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
workflow_dispatch:
@@ -19,7 +20,7 @@ env:
jobs:
keytools:
name: keytools
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 20
@@ -120,7 +121,7 @@ jobs:
host_smoke:
name: host-smoke
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 15
@@ -192,7 +193,7 @@ jobs:
renode_multimem_smallstack:
name: renode-multimem-smallstack
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
timeout-minutes: 45
permissions:
@@ -318,7 +319,7 @@ jobs:
renode_multimem_smallstack_fastmath:
name: renode-multimem-smallstack-fastmath
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
timeout-minutes: 45
permissions:
@@ -426,7 +427,7 @@ jobs:
renode_multimem_smallstack_noasm:
name: renode-multimem-smallstack-noasm
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
timeout-minutes: 45
permissions:
+3 -2
View File
@@ -3,8 +3,9 @@ name: wolfSM Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -26,7 +27,7 @@ jobs:
'--enable-all --enable-sm2 --enable-sm3 --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr --enable-sm4-gcm --enable-sm4-ccm',
]
name: make check
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
+3 -2
View File
@@ -3,8 +3,9 @@ name: Xcode Build Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -14,7 +15,7 @@ concurrency:
jobs:
build:
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: macos-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
+3 -2
View File
@@ -3,8 +3,9 @@ name: Zephyr 4.x tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -15,7 +16,7 @@ concurrency:
jobs:
build:
name: ${{ matrix.zephyr-ref }} | ${{ matrix.board }} | ${{ matrix.sample }}${{ matrix.extra-conf != '' && ' | extlibc' || '' }}
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
timeout-minutes: 60
strategy:
+3 -2
View File
@@ -3,8 +3,9 @@ name: Zephyr tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
@@ -25,7 +26,7 @@ jobs:
zephyr-sdk: 0.16.3
- zephyr-ref: v2.7.4
zephyr-sdk: 0.16.3
if: github.repository_owner == 'wolfssl'
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 45
+1
View File
@@ -149,6 +149,7 @@ EXTRA_DIST+= wolfssl64.sln
EXTRA_DIST+= valgrind-error.sh
EXTRA_DIST+= valgrind-bash.supp
EXTRA_DIST+= fips-hash.sh
EXTRA_DIST+= .github/scripts/check-source-text.sh
EXTRA_DIST+= gencertbuf.pl
EXTRA_DIST+= README.md
EXTRA_DIST+= README-async.md
+7 -9
View File
@@ -35,13 +35,10 @@
#ifndef NO_STDINT_H
#include <stdint.h>
#endif
#include <stddef.h> /* size_t */
/* QUIC operates on three encryption levels which determine
* which keys/algos are used for de-/encryption. These are
* kept separately for incoming and outgoing data and.
* Due to the nature of UDP, more than one might be in use
* at the same time due to resends or out-of-order arrivals.
*/
/* Defined before ssl.h: openssl/ssl.h pulls quic.h mid-include and
* references WOLFSSL_ENCRYPTION_LEVEL and WOLFSSL_QUIC_METHOD. */
typedef enum wolfssl_encryption_level_t {
wolfssl_encryption_initial = 0,
wolfssl_encryption_early_data,
@@ -49,11 +46,12 @@ typedef enum wolfssl_encryption_level_t {
wolfssl_encryption_application
} WOLFSSL_ENCRYPTION_LEVEL;
/* All QUIC related callbacks to the application.
*/
typedef struct wolfssl_quic_method_t WOLFSSL_QUIC_METHOD;
#include <wolfssl/ssl.h>
/* All QUIC related callbacks to the application. */
struct wolfssl_quic_method_t {
/**
* Provide secrets to the QUIC stack when they become available in the SSL
@@ -22,6 +22,7 @@
#define __RENESAS_FSPSM_CRYPT_H__
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h>
#include <stdint.h> /* uint8_t */
#ifdef __cplusplus
extern "C" {
+1
View File
@@ -32,6 +32,7 @@
#define WOLF_CRYPT_RNG_BANK_H
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/random.h>
#ifdef WC_RNG_BANK_SUPPORT