mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 01:20:50 +02:00
dd2f9d3ab8
The 10 GB, LRU-evicted, PR-scoped Actions cache was being thrashed - the
docker simulator buildx layers (~6 GiB), plus per-PR ccache and apt-archive
writes whose keys never hit - which kept evicting the shared ccache, while
the apt mirror timed out often enough to break PR CI. Move the heavy caches
to ghcr (free, separate pool) and make PR runs read-only against the Actions
cache.
apt dependencies from prebuilt ghcr .deb bundles
- ci-deps-image.yml resolves each package list under .github/ci-deps/ into
its .deb closure and publishes ghcr.io/<owner>/wolfssl-ci-debs:<tag> in
two tiers: <ver>-minimal (make-check family) and <ver>-full (interop
superset), for ubuntu-22.04 and 24.04.
- install-apt-deps gains a ghcr-debs-tag input: pull the bundle and install
offline (--no-download) so the apt mirror is never on the PR critical
path. Any failure (bundle missing/not public/incomplete) falls through to
the existing apt path, so it is always safe to set.
sim-test buildx layers to a shared ghcr registry cache
- the 7 docker simulator workflows switch from cache-to: type=gha to
ghcr.io/wolfssl/wolfssl-sim-cache:<scope>. cache-from reads on every run
(anonymous); cache-to writes only on the weekend cron and manual
workflow_dispatch. Per-distinct-image tags and de-duplicated writers keep
parallel matrix jobs from racing on one ref.
ccache: PRs read, the schedule writes
- ccache-setup gains read-only: PR runs restore the shared master-scoped
cache but never upload; schedule/push runs refresh it. Wired across
os-check (linux + macOS), pq-all, smoke-test and the 12 small make-check
workflows.
- parallel-make-check.py gains --build-only (compile every config, skip the
test phase) so weekday-morning seed crons warm the cache PR runs consume.
artifact retention capped at 7 days on the failure-log/result uploads that
previously defaulted to 90.
ONE-TIME SETUP: after their first publish, make the ghcr packages
wolfssl-ci-debs and wolfssl-sim-cache PUBLIC so anonymous pulls work from PR
(including fork) runs; until then everything falls back cleanly.
151 lines
4.9 KiB
YAML
151 lines
4.9 KiB
YAML
name: Linux Mono C# Build Test
|
|
|
|
# START OF COMMON SECTION
|
|
on:
|
|
push:
|
|
branches: [ 'release/**' ]
|
|
pull_request:
|
|
types: [opened, synchronize, reopened, ready_for_review]
|
|
branches: [ '*' ]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
# END OF COMMON SECTION
|
|
|
|
jobs:
|
|
build_wolfssl:
|
|
name: Build wolfSSL C# Wrapper
|
|
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 10
|
|
steps:
|
|
|
|
- name: Checkout wolfSSL CI actions
|
|
uses: actions/checkout@v5
|
|
with:
|
|
sparse-checkout: .github/actions
|
|
fetch-depth: 1
|
|
|
|
# Build wolfSSL using the user_settings.h from the C# wrapper directory
|
|
- name: Build wolfSSL
|
|
uses: wolfSSL/actions-build-autotools-project@v1
|
|
with:
|
|
path: wolfssl
|
|
configure: --enable-usersettings CPPFLAGS=-I$GITHUB_WORKSPACE/wolfssl/wrapper/CSharp
|
|
install: true
|
|
check: false
|
|
|
|
- name: Install mono-complete
|
|
uses: ./.github/actions/install-apt-deps
|
|
with:
|
|
packages: mono-complete
|
|
ghcr-debs-tag: ubuntu-24.04-full
|
|
|
|
- name: Copy wolfSSL.dll to C# wrapper directory
|
|
run: |
|
|
echo "Copying wolfSSL.dll to C# wrapper directory. $GITHUB_WORKSPACE/build-dir/lib contains:"
|
|
ls -la $GITHUB_WORKSPACE/build-dir/lib/*
|
|
cp $GITHUB_WORKSPACE/build-dir/lib/libwolfssl.so $GITHUB_WORKSPACE/wolfssl/wrapper/CSharp/wolfssl.dll
|
|
cp $GITHUB_WORKSPACE/build-dir/lib/libwolfssl.so $GITHUB_WORKSPACE/wolfssl/wrapper/CSharp/libwolfssl.so
|
|
|
|
- name: Build and run wolfCrypt test wrapper
|
|
working-directory: wolfssl/wrapper/CSharp
|
|
run: |
|
|
mcs wolfCrypt-Test/wolfCrypt-Test.cs wolfSSL_CSharp/wolfCrypt.cs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs -OUT:wolfcrypttest.exe
|
|
mono wolfcrypttest.exe
|
|
|
|
- name: Build wolfSSL client/server test
|
|
working-directory: wolfssl/wrapper/CSharp
|
|
env:
|
|
LD_LIBRARY_PATH: $GITHUB_WORKSPACE/build-dir/lib
|
|
run: |
|
|
mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe
|
|
mcs wolfSSL_CSharp/wolfCrypt.cs wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs -OUT:client.exe
|
|
|
|
- name: Test wolfSSL client/server communication
|
|
working-directory: wolfssl/wrapper/CSharp
|
|
env:
|
|
LD_LIBRARY_PATH: $GITHUB_WORKSPACE/build-dir/lib
|
|
run: |
|
|
# Start server in background and capture its PID
|
|
timeout 10s mono server.exe > server.log 2>&1 &
|
|
SERVER_PID=$!
|
|
|
|
# Wait for server to start
|
|
sleep 2
|
|
|
|
# Run client and capture output
|
|
timeout 5s mono client.exe > client.log 2>&1
|
|
CLIENT_EXIT_CODE=$?
|
|
|
|
# Wait a moment for server to process
|
|
sleep 1
|
|
|
|
# Kill server
|
|
kill $SERVER_PID 2>/dev/null || true
|
|
|
|
# Check if client completed successfully (exit code 0)
|
|
if [ $CLIENT_EXIT_CODE -eq 0 ]; then
|
|
echo "Client completed successfully"
|
|
else
|
|
echo "Client failed with exit code $CLIENT_EXIT_CODE"
|
|
cat client.log
|
|
exit 1
|
|
fi
|
|
|
|
# Check for success indicators in logs
|
|
if grep -q "SSL version is" client.log && grep -q "SSL cipher suite is" client.log; then
|
|
echo "TLS handshake successful - SSL version and cipher suite detected"
|
|
else
|
|
echo "TLS handshake failed - no SSL version/cipher detected"
|
|
echo "Client log:"
|
|
cat client.log
|
|
echo "Server log:"
|
|
cat server.log
|
|
exit 1
|
|
fi
|
|
|
|
- name: Test SNI functionality
|
|
working-directory: wolfssl/wrapper/CSharp
|
|
env:
|
|
LD_LIBRARY_PATH: $GITHUB_WORKSPACE/build-dir/lib
|
|
run: |
|
|
# Start server with SNI support in background
|
|
timeout 10s mono server.exe -S > server_sni.log 2>&1 &
|
|
SERVER_PID=$!
|
|
|
|
# Wait for server to start
|
|
sleep 2
|
|
|
|
# Run client with SNI and capture output
|
|
timeout 5s mono client.exe -S localhost > client_sni.log 2>&1
|
|
CLIENT_EXIT_CODE=$?
|
|
|
|
# Wait a moment for server to process
|
|
sleep 1
|
|
|
|
# Kill server
|
|
kill $SERVER_PID 2>/dev/null || true
|
|
|
|
# Check if client completed successfully
|
|
if [ $CLIENT_EXIT_CODE -eq 0 ]; then
|
|
echo "SNI client completed successfully"
|
|
else
|
|
echo "SNI client failed with exit code $CLIENT_EXIT_CODE"
|
|
cat client_sni.log
|
|
exit 1
|
|
fi
|
|
|
|
# Check for SNI success indicators
|
|
if grep -q "SSL version is" client_sni.log && grep -q "SSL cipher suite is" client_sni.log; then
|
|
echo "SNI TLS handshake successful"
|
|
else
|
|
echo "SNI TLS handshake failed"
|
|
echo "Client log:"
|
|
cat client_sni.log
|
|
echo "Server log:"
|
|
cat server_sni.log
|
|
exit 1
|
|
fi
|