Commit Graph

28 Commits

Author SHA1 Message Date
Juliusz Sosinowicz dd2f9d3ab8 CI: offload ccache/apt/buildx caches off the GitHub Actions cache
The 10 GB, LRU-evicted, PR-scoped Actions cache was being thrashed - the
docker simulator buildx layers (~6 GiB), plus per-PR ccache and apt-archive
writes whose keys never hit - which kept evicting the shared ccache, while
the apt mirror timed out often enough to break PR CI. Move the heavy caches
to ghcr (free, separate pool) and make PR runs read-only against the Actions
cache.

apt dependencies from prebuilt ghcr .deb bundles
  - ci-deps-image.yml resolves each package list under .github/ci-deps/ into
    its .deb closure and publishes ghcr.io/<owner>/wolfssl-ci-debs:<tag> in
    two tiers: <ver>-minimal (make-check family) and <ver>-full (interop
    superset), for ubuntu-22.04 and 24.04.
  - install-apt-deps gains a ghcr-debs-tag input: pull the bundle and install
    offline (--no-download) so the apt mirror is never on the PR critical
    path. Any failure (bundle missing/not public/incomplete) falls through to
    the existing apt path, so it is always safe to set.

sim-test buildx layers to a shared ghcr registry cache
  - the 7 docker simulator workflows switch from cache-to: type=gha to
    ghcr.io/wolfssl/wolfssl-sim-cache:<scope>. cache-from reads on every run
    (anonymous); cache-to writes only on the weekend cron and manual
    workflow_dispatch. Per-distinct-image tags and de-duplicated writers keep
    parallel matrix jobs from racing on one ref.

ccache: PRs read, the schedule writes
  - ccache-setup gains read-only: PR runs restore the shared master-scoped
    cache but never upload; schedule/push runs refresh it. Wired across
    os-check (linux + macOS), pq-all, smoke-test and the 12 small make-check
    workflows.
  - parallel-make-check.py gains --build-only (compile every config, skip the
    test phase) so weekday-morning seed crons warm the cache PR runs consume.

artifact retention capped at 7 days on the failure-log/result uploads that
previously defaulted to 90.

ONE-TIME SETUP: after their first publish, make the ghcr packages
wolfssl-ci-debs and wolfssl-sim-cache PUBLIC so anonymous pulls work from PR
(including fork) runs; until then everything falls back cleanly.
2026-06-15 22:36:35 +00:00
Juliusz Sosinowicz 844852202b .github: bump JavaScript actions to Node.js 24 runtimes
GitHub Actions now emits "Node.js 20 actions are deprecated" warnings:
actions are forced to Node.js 24 by default starting 2026-06-16, and
Node.js 20 is removed from the runners on 2026-09-16. Update every
JavaScript action referenced by the workflows and the local composite
actions to the lowest release that runs on Node.js 24:

  actions/checkout              v4     -> v5
  actions/checkout (SHA pin)    v4.1.7 -> v5
  actions/upload-artifact       v4     -> v6   (v5 still Node.js 20)
  actions/download-artifact     v4     -> v7   (v5/v6 still Node.js 20)
  actions/cache[/restore|/save] v4     -> v5
  actions/setup-python          v5     -> v6
  actions/github-script         v7     -> v8
  docker/setup-buildx-action    v3     -> v4
  docker/build-push-action      v5     -> v7   (v6 still Node.js 20)
  docker/login-action           v3     -> v4
  microsoft/setup-msbuild       v2     -> v3
  open-watcom/setup-watcom      v0     -> v1

Actions already running on Node.js 24 (jwlawson/actions-setup-cmake,
shogo82148/actions-setup-perl, msys2/setup-msys2, dorny/paths-filter)
are left unchanged. These bumps are runtime-only; no workflow uses an
input or output removed by the new majors, and v4-format artifacts
remain compatible across the upload v6 / download v7 backends.
2026-06-15 18:09:04 +00:00
David Garske 7f80896033 CI optimizations
- Skip CI for draft PRs and redundant master-push re-runs; membrowse nightly.
- Add smoke test (8 configs, CFLAGS=-Werror, post-merge tree, fail-fast on conflicts).
- Add wait-for-smoke composite action for downstream CI gating.
- Add check-source-text + bash -n + shellcheck workflow (script in make dist).
- Cache apt-get update in install-apt-deps composite on cache hit.
2026-05-21 13:19:29 -07:00
Andrew Hutchings 36de828dc0 Composite GHA action with caching
This adds caching for apt and should make things a bit more stable and
faster.
2026-03-24 15:24:01 +00:00
Josh Holtrop 69fd8dc01f Update from Ubuntu 22.04 to Ubuntu 24.04 for several github workflows 2026-01-20 21:44:56 -05:00
Juliusz Sosinowicz f95cb4e9bf Improve domain and IP address matching in certificate verification
- Distinguish between domain and IP address checks.
- Update curl action to test with httpd server
2025-11-04 18:36:29 +01:00
Juliusz Sosinowicz 1d2acd9de6 Revert to ubuntu-22.04 2024-12-10 16:27:41 +01:00
Andras Fekete 8ed406c69d Fix test issues 2024-10-17 12:08:21 -04:00
Andras Fekete a5331d406c Revert "Merge pull request #8072 from rizlik/github-fix"
This reverts commit 0f8b4dbc63, reversing
changes made to 743a78dc85.
2024-10-15 12:39:01 -04:00
Marco Oliverio 5d3f7c2528 ci: github: fix ubuntu version to 22.04 2024-10-14 16:46:45 +00:00
gojimmypi 27adc66cca Add conditional repository_owner to workflow, remove socat strategy 2024-09-23 11:30:58 -07:00
Juliusz Sosinowicz c166b9dd77 Use nproc not nproc+1 threads 2024-09-18 10:28:28 +02:00
Andras Fekete ab7bc29006 Fix curl.yml 2024-08-13 16:18:29 -04:00
Juliusz Sosinowicz 5320b425e7 Use tar to preserve links
Something broke in the actions/download-artifact action and it is not preserving symbolic links. It didn't get a new release so my guess is that something was updated in the node environment or in npm. This is a future proof solution to preserve the fs structure between upload and download.
2024-08-05 18:23:20 +02:00
Juliusz Sosinowicz 7206508329 Don't use main.yml since it has a limit of 20 jobs 2024-05-06 17:18:01 +02:00
Juliusz Sosinowicz d34cf39206 Increase retention days to make re-running easier 2024-02-09 11:36:55 +01:00
Juliusz Sosinowicz 31bfac43ea Update github actions
Many of these updates should also speed up some steps
2024-02-02 20:14:28 +01:00
Juliusz Sosinowicz cae231b557 Add curl dependencies 2024-01-09 22:47:59 +01:00
Juliusz Sosinowicz 962c315447 Test curl releases too 2023-10-13 11:52:02 +02:00
Juliusz Sosinowicz 53f14206d1 Increase curl timeout 2023-10-10 14:36:00 +02:00
Juliusz Sosinowicz cb912219e4 Run only stable curl tests 2023-10-10 14:19:03 +02:00
Juliusz Sosinowicz 365fae8ac0 Add curl test dep 2023-10-10 11:37:48 +02:00
Juliusz Sosinowicz 9bea33b598 Correct name in curl github action 2023-08-28 11:55:42 +02:00
JacobBarthelmeh 3e5e16f1ff Merge pull request #6641 from julek-wolfssl/gh/6555
Dtls13GetRnMask: Correctly get chacha counter on BE systems
2023-07-26 11:29:39 -06:00
Juliusz Sosinowicz 4a175ba280 Updates for Kerberos 5 1.21.1
- wolfssl_ec_point_mul: fix parameters being passed into ec_mul2add
- Compile in compressed ecc key parsing for OPENSSLALL
- Improve debugging around compat layer ecc operations
- wolfSSL_BN_div: dv can be NULL
- Add spake like computation test
- Add CI krb5 testing
- Add timeouts to CI
2023-07-26 16:40:38 +02:00
Juliusz Sosinowicz 8ec2e23773 Rework curl action to use actions-build-autotools-project 2023-07-24 09:13:10 +02:00
Lealem Amedie f30364a00d Fix test 2023-07-11 13:27:37 -06:00
Lealem Amedie e140a83fad Add curl gh actions test 2023-07-11 13:27:37 -06:00