Files
wolfssl/.github/workflows/multi-arch.yml
T
Juliusz Sosinowicz dd2f9d3ab8 CI: offload ccache/apt/buildx caches off the GitHub Actions cache
The 10 GB, LRU-evicted, PR-scoped Actions cache was being thrashed - the
docker simulator buildx layers (~6 GiB), plus per-PR ccache and apt-archive
writes whose keys never hit - which kept evicting the shared ccache, while
the apt mirror timed out often enough to break PR CI. Move the heavy caches
to ghcr (free, separate pool) and make PR runs read-only against the Actions
cache.

apt dependencies from prebuilt ghcr .deb bundles
  - ci-deps-image.yml resolves each package list under .github/ci-deps/ into
    its .deb closure and publishes ghcr.io/<owner>/wolfssl-ci-debs:<tag> in
    two tiers: <ver>-minimal (make-check family) and <ver>-full (interop
    superset), for ubuntu-22.04 and 24.04.
  - install-apt-deps gains a ghcr-debs-tag input: pull the bundle and install
    offline (--no-download) so the apt mirror is never on the PR critical
    path. Any failure (bundle missing/not public/incomplete) falls through to
    the existing apt path, so it is always safe to set.

sim-test buildx layers to a shared ghcr registry cache
  - the 7 docker simulator workflows switch from cache-to: type=gha to
    ghcr.io/wolfssl/wolfssl-sim-cache:<scope>. cache-from reads on every run
    (anonymous); cache-to writes only on the weekend cron and manual
    workflow_dispatch. Per-distinct-image tags and de-duplicated writers keep
    parallel matrix jobs from racing on one ref.

ccache: PRs read, the schedule writes
  - ccache-setup gains read-only: PR runs restore the shared master-scoped
    cache but never upload; schedule/push runs refresh it. Wired across
    os-check (linux + macOS), pq-all, smoke-test and the 12 small make-check
    workflows.
  - parallel-make-check.py gains --build-only (compile every config, skip the
    test phase) so weekday-morning seed crons warm the cache PR runs consume.

artifact retention capped at 7 days on the failure-log/result uploads that
previously defaulted to 90.

ONE-TIME SETUP: after their first publish, make the ghcr packages
wolfssl-ci-debs and wolfssl-sim-cache PUBLIC so anonymous pulls work from PR
(including fork) runs; until then everything falls back cleanly.
2026-06-15 22:36:35 +00:00

274 lines
16 KiB
YAML

name: Multiple architectures
# START OF COMMON SECTION
on:
push:
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
# Weekday-morning cron (10:00 UTC) seeds the master-scoped ccache that PR runs
# restore: re-runs --build-only (compile only, no tests) on the
# default branch. PR runs are read-only (see ccache-setup).
schedule:
- cron: '20 10 * * 1-5'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
# All former runner-per-config matrix entries build on one runner via
# .github/scripts/parallel-make-check.py (see os-check.yml for the full
# pattern): each config builds in its own out-of-tree ("VPATH") build
# directory off one checkout/autogen, on a pool of one-per-CPU worker
# threads, longest first.
my_matrix:
name: Multi-arch test
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-22.04
# Generous for a cold ccache; warm reruns finish in a fraction.
timeout-minutes: 35
steps:
- uses: actions/checkout@v5
name: Checkout wolfSSL
- name: Install dependencies
uses: ./.github/actions/install-apt-deps
with:
packages: autoconf automake libtool build-essential crossbuild-essential-arm64 crossbuild-essential-armhf crossbuild-essential-riscv64 crossbuild-essential-armel qemu-user
ghcr-debs-tag: ubuntu-22.04-minimal
# ccache via the cross-platform composite; the script passes the
# compiler to configure as CC="ccache gcc" (or a per-config "cc").
- name: Set up ccache
uses: ./.github/actions/ccache-setup
with:
workflow-id: multi-arch
read-only: ${{ github.event_name == 'pull_request' }}
max-size: 500M
# NOTE: the old runner-per-config matrix combined an "include" list
# of four architectures with an "opts" axis; GitHub's include-merge
# rules made each arch entry overwrite the previous one, so only the
# last (armel) combinations actually ran. The JSON below restores the
# evidently intended aarch64/armhf/riscv64 x opts coverage alongside
# armel, except riscv64 x sp-math: configure rejects --enable-sp-math
# without SP, and riscv64's --enable-riscv-asm (unlike the other
# arches' --enable-sp-asm) does not bring it in. Cross builds run
# testwolfcrypt transparently under qemu-user (binfmt) with the
# matching QEMU_LD_PREFIX.
- name: Build all configs (parallel, out-of-tree)
run: |
cat > "$RUNNER_TEMP/multi-arch-configs.json" <<'EOF'
[
{"name": "arm64-o0", "minutes": 4,
"cc": "ccache aarch64-linux-gnu-gcc",
"configure": ["--host=aarch64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "--enable-armasm", "CFLAGS=-O0"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/aarch64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armhf-o0", "minutes": 4,
"cc": "ccache arm-linux-gnueabihf-gcc",
"configure": ["--host=arm-linux-gnueabihf", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "CFLAGS=-O0"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "riscv64-o0", "minutes": 4,
"cc": "ccache riscv64-linux-gnu-gcc",
"configure": ["--host=riscv64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-riscv-asm", "CFLAGS=-O0"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/riscv64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armel-o0", "minutes": 4,
"cc": "ccache arm-linux-gnueabi-gcc",
"configure": ["--host=arm-linux-gnueabi", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "CFLAGS=-marm -DWOLFSSL_SP_ARM_ARCH=6 -O0"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabi", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "arm64-o1-no-fp-ecc", "minutes": 3,
"cc": "ccache aarch64-linux-gnu-gcc",
"configure": ["--host=aarch64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "--enable-armasm", "CFLAGS=-O1 -UFP_ECC"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/aarch64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "arm64-os", "minutes": 3,
"cc": "ccache aarch64-linux-gnu-gcc",
"configure": ["--host=aarch64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "--enable-armasm", "CFLAGS=-Os"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/aarch64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armhf-o1-no-fp-ecc", "minutes": 3,
"cc": "ccache arm-linux-gnueabihf-gcc",
"configure": ["--host=arm-linux-gnueabihf", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "CFLAGS=-O1 -UFP_ECC"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armhf-os", "minutes": 3,
"cc": "ccache arm-linux-gnueabihf-gcc",
"configure": ["--host=arm-linux-gnueabihf", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "CFLAGS=-Os"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "riscv64-o1-no-fp-ecc", "minutes": 3,
"cc": "ccache riscv64-linux-gnu-gcc",
"configure": ["--host=riscv64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-riscv-asm", "CFLAGS=-O1 -UFP_ECC"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/riscv64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "riscv64-os", "minutes": 3,
"cc": "ccache riscv64-linux-gnu-gcc",
"configure": ["--host=riscv64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-riscv-asm", "CFLAGS=-Os"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/riscv64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armel-o1-no-fp-ecc", "minutes": 3,
"cc": "ccache arm-linux-gnueabi-gcc",
"configure": ["--host=arm-linux-gnueabi", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm",
"CFLAGS=-marm -DWOLFSSL_SP_ARM_ARCH=6 -O1 -UFP_ECC"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabi", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armel-os", "minutes": 3,
"cc": "ccache arm-linux-gnueabi-gcc",
"configure": ["--host=arm-linux-gnueabi", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "CFLAGS=-marm -DWOLFSSL_SP_ARM_ARCH=6 -Os"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabi", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "arm64-o2", "minutes": 2.5,
"cc": "ccache aarch64-linux-gnu-gcc",
"configure": ["--host=aarch64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "--enable-armasm", "CFLAGS=-O2"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/aarch64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "arm64-o2-sp-math", "minutes": 2.5,
"cc": "ccache aarch64-linux-gnu-gcc",
"configure": ["--host=aarch64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "--enable-armasm", "--enable-sp-math",
"CFLAGS=-O2"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/aarch64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "arm64-ofast", "minutes": 2.5,
"cc": "ccache aarch64-linux-gnu-gcc",
"configure": ["--host=aarch64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "--enable-armasm", "CFLAGS=-Ofast"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/aarch64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armhf-o2", "minutes": 2.5,
"cc": "ccache arm-linux-gnueabihf-gcc",
"configure": ["--host=arm-linux-gnueabihf", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "CFLAGS=-O2"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armhf-o2-sp-math", "minutes": 2.5,
"cc": "ccache arm-linux-gnueabihf-gcc",
"configure": ["--host=arm-linux-gnueabihf", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "--enable-sp-math", "CFLAGS=-O2"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armhf-ofast", "minutes": 2.5,
"cc": "ccache arm-linux-gnueabihf-gcc",
"configure": ["--host=arm-linux-gnueabihf", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "CFLAGS=-Ofast"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "riscv64-o2", "minutes": 2.5,
"cc": "ccache riscv64-linux-gnu-gcc",
"configure": ["--host=riscv64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-riscv-asm", "CFLAGS=-O2"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/riscv64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "riscv64-ofast", "minutes": 2.5,
"cc": "ccache riscv64-linux-gnu-gcc",
"configure": ["--host=riscv64-linux-gnu", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-riscv-asm", "CFLAGS=-Ofast"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/riscv64-linux-gnu", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armel-o2", "minutes": 2.5,
"cc": "ccache arm-linux-gnueabi-gcc",
"configure": ["--host=arm-linux-gnueabi", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "CFLAGS=-marm -DWOLFSSL_SP_ARM_ARCH=6 -O2"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabi", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armel-o2-sp-math", "minutes": 2.5,
"cc": "ccache arm-linux-gnueabi-gcc",
"configure": ["--host=arm-linux-gnueabi", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "--enable-sp-math",
"CFLAGS=-marm -DWOLFSSL_SP_ARM_ARCH=6 -O2"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabi", "./wolfcrypt/test/testwolfcrypt"]]},
{"name": "armel-ofast", "minutes": 2.5,
"cc": "ccache arm-linux-gnueabi-gcc",
"configure": ["--host=arm-linux-gnueabi", "--enable-all",
"--disable-examples",
"CPPFLAGS=-pedantic -Wdeclaration-after-statement -Wnull-dereference -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT",
"--enable-sp-asm", "CFLAGS=-marm -DWOLFSSL_SP_ARM_ARCH=6 -Ofast"],
"check": false,
"run": [["env", "QEMU_LD_PREFIX=/usr/arm-linux-gnueabi", "./wolfcrypt/test/testwolfcrypt"]]}
]
EOF
.github/scripts/parallel-make-check.py \
${{ github.event_name == 'schedule' && '--build-only' || '' }} \
"$RUNNER_TEMP/multi-arch-configs.json"
- name: ccache stats
if: always()
run: ccache -s || true
- name: Upload logs on failure
if: failure()
uses: actions/upload-artifact@v6
with:
retention-days: 7
name: multi-arch-logs
path: |
build-*/make-check.log
build-*/test-suite.log
build-*/config.log
if-no-files-found: ignore