Files
wolfssl/.github/workflows/mbedtls.yml
T
Juliusz Sosinowicz 3dd04c818c CI: hand off mbedtls/nss build via artifact on cache miss
With the cache save restricted to master, a cold-cache PR or release
run can no longer restore in the test job what the build job just built
(the per-PR cache scope is gone), so mbedtls/nss were compiled twice.

Upload the build as an artifact on a cache miss and download it in the
test job instead of recompiling, matching the handoff hostap-vm already
uses. master still restores from the shared cache, so it never uses the
artifact.
2026-06-18 12:53:57 +00:00

126 lines
4.0 KiB
YAML

name: mbedtls interop Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
# Daily run on master reseeds the shared cache (see save steps below).
schedule:
- cron: '20 4 * * *'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
MBED_REF: v3.6.2
jobs:
build_mbedtls:
name: Build mbedtls
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have mbed in cache
uses: actions/cache/restore@v5
id: cache
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
lookup-only: true
- name: Checkout mbedtls
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v5
with:
repository: Mbed-TLS/mbedtls
ref: ${{ env.MBED_REF }}
path: mbedtls
fetch-depth: 1
- name: Compile mbedtls
if: steps.cache.outputs.cache-hit != 'true'
working-directory: mbedtls
run: |
git submodule update --init
mkdir build
cd build
cmake ..
make -j$(nproc)
# convert key to pem format
openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem
# Only master (the daily schedule) saves, so all PRs share one entry.
- name: Save mbedtls cache
if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true'
uses: actions/cache/save@v5
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
# On a cache miss, hand the freshly built mbedtls to mbedtls_test via an
# artifact so it is not compiled a second time in the same run.
- name: tar mbedtls
if: steps.cache.outputs.cache-hit != 'true'
run: tar -zcf mbedtls.tgz mbedtls
- name: Upload mbedtls build
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/upload-artifact@v6
with:
name: mbedtls-build
path: mbedtls.tgz
retention-days: 1
mbedtls_test:
name: Test interop with mbedtls
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
needs: build_mbedtls
timeout-minutes: 15
steps:
- name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT)
run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6
# Restore only: the build_mbedtls job (master/schedule) owns the save.
- name: Checking if we have mbed in cache
uses: actions/cache/restore@v5
id: cache
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
# On a cache miss, reuse the build_mbedtls artifact instead of
# recompiling. master restores from the cache above instead.
- name: Download mbedtls build (fallback on cache miss)
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v7
with:
name: mbedtls-build
- name: untar mbedtls (fallback on cache miss)
if: steps.cache.outputs.cache-hit != 'true'
run: tar -xf mbedtls.tgz
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtlscid
install: false
check: false
- name: Test interop
run: bash wolfssl/.github/workflows/mbedtls.sh
- name: print server logs
if: ${{ failure() }}
run: cat /tmp/server.log