Commit Graph

35 Commits

Author SHA1 Message Date
Juliusz Sosinowicz 6c211be5b9 CI: only save dependency caches on master, restore on PRs
GitHub Actions caches are branch-scoped: an entry written by a
pull_request run lives under refs/pull/<N>/merge and is invisible to
other PRs. The haproxy, mbedtls, nss, ntp, threadx and hostap-vm
workflows used combined actions/cache with fixed keys, so every PR
re-saved its own copy of the same dependency, yielding one duplicate
cache entry per PR.

Split each into actions/cache/restore (always) plus actions/cache/save
gated to refs/heads/master, and add a daily schedule so a master run
reseeds the single shared entry that all PRs restore. mbedtls/nss save
in their build job only; the test jobs restore-only.

Disable the setup-msys2 package cache: the action only toggles caching
on/off and cannot save on master while restoring on PRs.
2026-06-18 11:37:29 +00:00
Juliusz Sosinowicz 06e4ec9fe3 CI: install all apt deps from ghcr bundles
Extends the ghcr offline-install path to every install-apt-deps consumer
that was still on plain apt, and publishes the bundles they need.

New bundles built by ci-deps-image:
- ubuntu-24.04-embedded: the membrowse ARM cross-toolchain (~0.5 GB), kept
  out of -full so it does not bloat the interop workflows' pull.
- ubuntu-24.04-linuxkm: linux-headers-$(uname -r) + the kernel-module build
  toolchain. linux-headers tracks the runner's running kernel, so a daily
  job rebuilds it only when uname -r changed (recorded as an image label);
  a mismatch during a runner-image rollout just falls back to apt.

Consumers now passing ghcr-debs-tag:
- sssd -> ubuntu-24.04-full (its deps added to that list)
- hostap-vm -> ubuntu-22.04-full (its deps added to that list)
- membrowse targets -> ubuntu-24.04-embedded; the two linuxkm targets ->
  ubuntu-24.04-linuxkm (new per-target matrix.ghcr_tag)
- linuxkm.yml -> ubuntu-24.04-linuxkm (pinned to ubuntu-24.04 so the
  bundle's headers match the runner kernel)

Each consumer still falls back to apt when its bundle is unavailable, so
nothing breaks until ci-deps-image first publishes the new tags.
2026-06-16 15:22:36 +00:00
Juliusz Sosinowicz 844852202b .github: bump JavaScript actions to Node.js 24 runtimes
GitHub Actions now emits "Node.js 20 actions are deprecated" warnings:
actions are forced to Node.js 24 by default starting 2026-06-16, and
Node.js 20 is removed from the runners on 2026-09-16. Update every
JavaScript action referenced by the workflows and the local composite
actions to the lowest release that runs on Node.js 24:

  actions/checkout              v4     -> v5
  actions/checkout (SHA pin)    v4.1.7 -> v5
  actions/upload-artifact       v4     -> v6   (v5 still Node.js 20)
  actions/download-artifact     v4     -> v7   (v5/v6 still Node.js 20)
  actions/cache[/restore|/save] v4     -> v5
  actions/setup-python          v5     -> v6
  actions/github-script         v7     -> v8
  docker/setup-buildx-action    v3     -> v4
  docker/build-push-action      v5     -> v7   (v6 still Node.js 20)
  docker/login-action           v3     -> v4
  microsoft/setup-msbuild       v2     -> v3
  open-watcom/setup-watcom      v0     -> v1

Actions already running on Node.js 24 (jwlawson/actions-setup-cmake,
shogo82148/actions-setup-perl, msys2/setup-msys2, dorny/paths-filter)
are left unchanged. These bumps are runtime-only; no workflow uses an
input or output removed by the new majors, and v4-format artifacts
remain compatible across the upload v6 / download v7 backends.
2026-06-15 18:09:04 +00:00
David Garske 7f80896033 CI optimizations
- Skip CI for draft PRs and redundant master-push re-runs; membrowse nightly.
- Add smoke test (8 configs, CFLAGS=-Werror, post-merge tree, fail-fast on conflicts).
- Add wait-for-smoke composite action for downstream CI gating.
- Add check-source-text + bash -n + shellcheck workflow (script in make dist).
- Cache apt-get update in install-apt-deps composite on cache hit.
2026-05-21 13:19:29 -07:00
Tobias Frauenschläger 57f4b231c4 hostap CI tests: incorporate internal retries 2026-05-06 10:36:19 +02:00
Tobias Frauenschläger 1411046a98 Retry hostap tests up to 2 times to reduce flakyness 2026-05-04 18:41:36 +02:00
Tobias Frauenschläger 46b47cb8ec Fix race conditions in hostap CI tests 2026-04-29 14:31:15 +02:00
JacobBarthelmeh 53e352181e Merge pull request #10058 from julek-wolfssl/hostap-ec-generate.sh
Re-enable hostap tests and remove some flaky tests
2026-04-23 14:09:09 -06:00
Tobias Frauenschläger 585a1ecaaf CI script improvements
* ensure make -j is called everywhere
* shallow clones where possible
* set fixed ubuntu version for linux tests
2026-04-10 12:50:24 +02:00
Juliusz Sosinowicz a0e1fcebfb Re-enable hostap tests and remove some flaky tests
ALL should not include NULL ciphersuites. Those need to be enabled explicitly.
2026-03-24 16:31:31 +01:00
Andrew Hutchings 36de828dc0 Composite GHA action with caching
This adds caching for apt and should make things a bit more stable and
faster.
2026-03-24 15:24:01 +00:00
Daniel Pouzzner 812161cec2 Revert "Re-enable hostap tests and remove some flaky tests"
This reverts commit 4498e12805.

see #9841 and #10052.
2026-03-23 17:22:35 -05:00
Juliusz Sosinowicz 4498e12805 Re-enable hostap tests and remove some flaky tests
Set suites->setSuites to 1 in ParseCipherList function
2026-03-23 15:28:04 +01:00
kaleb-himes 20b2fd200f Address failure rates from FIPS CRNGT test by implementing alternate RCT/ADP tests
Update ret code to match docs and update docs

Replace magic numbers with appropriate define

Define MAX_ENTROPY_BITS when MEMUSE not enabled

Fix type cast windows detection

Older FIPS modules still need the old check

CodeSpell you're wrong, that is what I want to name my variable

Turn the hostap into a manual dispatch until it gets fixed

Upon closer review we can not skip the test when memuse enabled

Fix whitespace stuff found by multitest

More syntax things

Correct comments based on latest findings
2026-01-22 09:06:17 -07:00
Josh Holtrop a4a24ad2fe Fix hostap repo clone URL 2026-01-15 09:30:27 -05:00
Juliusz Sosinowicz c63df82f0d Update sha384 and sha512 certs
- Print errors in logs on failure
2025-12-02 10:46:43 +01:00
Juliusz Sosinowicz 98ac98db9a Fix: Avoids hostap checkout on cache hit
This change prevents the hostap repository from being cloned
unnecessarily when the cache is hit, improving workflow efficiency.
2025-09-12 17:10:13 +02:00
David Garske 0d1e9c3264 Fix whitespace issue and known macros list 2025-08-22 12:48:55 -07:00
Juliusz Sosinowicz 4043dc2dd0 Fix hostap cert update
Update the `rsa3072-*` certs to get `suite_b_192_*` tests passing
2025-08-22 17:24:49 +02:00
Juliusz Sosinowicz c0f27e7066 hostap-vm.yml: Fix No module named 'Crypto' errors that were causing tests to be skipped 2025-04-08 18:53:24 +02:00
Daniel Pouzzner 058138eb00 Merge pull request #8286 from julek-wolfssl/hostap-action-update
Use source hostap repo
2024-12-16 23:07:05 -06:00
Daniel Pouzzner 5aeabbfa3c Merge pull request #8245 from julek-wolfssl/mbed-interop
Add CID interop with mbedtls
2024-12-16 23:04:19 -06:00
Juliusz Sosinowicz 3407f21e69 Use source hostap repo 2024-12-13 17:12:23 +01:00
Juliusz Sosinowicz 1d2acd9de6 Revert to ubuntu-22.04 2024-12-10 16:27:41 +01:00
Juliusz Sosinowicz 0961be7711 Add CID interop with mbedtls 2024-12-09 13:37:18 +01:00
Juliusz Sosinowicz ba4d1e6815 Add nss interop 2024-12-09 12:42:32 +01:00
Andras Fekete 8ed406c69d Fix test issues 2024-10-17 12:08:21 -04:00
Andras Fekete a5331d406c Revert "Merge pull request #8072 from rizlik/github-fix"
This reverts commit 0f8b4dbc63, reversing
changes made to 743a78dc85.
2024-10-15 12:39:01 -04:00
Marco Oliverio 5d3f7c2528 ci: github: fix ubuntu version to 22.04 2024-10-14 16:46:45 +00:00
gojimmypi 27adc66cca Add conditional repository_owner to workflow, remove socat strategy 2024-09-23 11:30:58 -07:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
Juliusz Sosinowicz 5320b425e7 Use tar to preserve links
Something broke in the actions/download-artifact action and it is not preserving symbolic links. It didn't get a new release so my guess is that something was updated in the node environment or in npm. This is a future proof solution to preserve the fs structure between upload and download.
2024-08-05 18:23:20 +02:00
Juliusz Sosinowicz 86c120a3f0 Increase hostap test timeout 2024-05-08 10:35:42 +02:00
Juliusz Sosinowicz 433f3ae0b9 Add latest patch set to CI 2024-05-08 10:35:42 +02:00
Juliusz Sosinowicz a987e76677 Use uml for hostap tests
Remove tests that fail with openssl
2024-05-08 10:33:30 +02:00