Files
wolfssl/.github/workflows/mono.yml
T
Juliusz Sosinowicz dd2f9d3ab8 CI: offload ccache/apt/buildx caches off the GitHub Actions cache
The 10 GB, LRU-evicted, PR-scoped Actions cache was being thrashed - the
docker simulator buildx layers (~6 GiB), plus per-PR ccache and apt-archive
writes whose keys never hit - which kept evicting the shared ccache, while
the apt mirror timed out often enough to break PR CI. Move the heavy caches
to ghcr (free, separate pool) and make PR runs read-only against the Actions
cache.

apt dependencies from prebuilt ghcr .deb bundles
  - ci-deps-image.yml resolves each package list under .github/ci-deps/ into
    its .deb closure and publishes ghcr.io/<owner>/wolfssl-ci-debs:<tag> in
    two tiers: <ver>-minimal (make-check family) and <ver>-full (interop
    superset), for ubuntu-22.04 and 24.04.
  - install-apt-deps gains a ghcr-debs-tag input: pull the bundle and install
    offline (--no-download) so the apt mirror is never on the PR critical
    path. Any failure (bundle missing/not public/incomplete) falls through to
    the existing apt path, so it is always safe to set.

sim-test buildx layers to a shared ghcr registry cache
  - the 7 docker simulator workflows switch from cache-to: type=gha to
    ghcr.io/wolfssl/wolfssl-sim-cache:<scope>. cache-from reads on every run
    (anonymous); cache-to writes only on the weekend cron and manual
    workflow_dispatch. Per-distinct-image tags and de-duplicated writers keep
    parallel matrix jobs from racing on one ref.

ccache: PRs read, the schedule writes
  - ccache-setup gains read-only: PR runs restore the shared master-scoped
    cache but never upload; schedule/push runs refresh it. Wired across
    os-check (linux + macOS), pq-all, smoke-test and the 12 small make-check
    workflows.
  - parallel-make-check.py gains --build-only (compile every config, skip the
    test phase) so weekday-morning seed crons warm the cache PR runs consume.

artifact retention capped at 7 days on the failure-log/result uploads that
previously defaulted to 90.

ONE-TIME SETUP: after their first publish, make the ghcr packages
wolfssl-ci-debs and wolfssl-sim-cache PUBLIC so anonymous pulls work from PR
(including fork) runs; until then everything falls back cleanly.
2026-06-15 22:36:35 +00:00

151 lines
4.9 KiB
YAML

name: Linux Mono C# Build Test
# START OF COMMON SECTION
on:
push:
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL C# Wrapper
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- name: Checkout wolfSSL CI actions
uses: actions/checkout@v5
with:
sparse-checkout: .github/actions
fetch-depth: 1
# Build wolfSSL using the user_settings.h from the C# wrapper directory
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-usersettings CPPFLAGS=-I$GITHUB_WORKSPACE/wolfssl/wrapper/CSharp
install: true
check: false
- name: Install mono-complete
uses: ./.github/actions/install-apt-deps
with:
packages: mono-complete
ghcr-debs-tag: ubuntu-24.04-full
- name: Copy wolfSSL.dll to C# wrapper directory
run: |
echo "Copying wolfSSL.dll to C# wrapper directory. $GITHUB_WORKSPACE/build-dir/lib contains:"
ls -la $GITHUB_WORKSPACE/build-dir/lib/*
cp $GITHUB_WORKSPACE/build-dir/lib/libwolfssl.so $GITHUB_WORKSPACE/wolfssl/wrapper/CSharp/wolfssl.dll
cp $GITHUB_WORKSPACE/build-dir/lib/libwolfssl.so $GITHUB_WORKSPACE/wolfssl/wrapper/CSharp/libwolfssl.so
- name: Build and run wolfCrypt test wrapper
working-directory: wolfssl/wrapper/CSharp
run: |
mcs wolfCrypt-Test/wolfCrypt-Test.cs wolfSSL_CSharp/wolfCrypt.cs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs -OUT:wolfcrypttest.exe
mono wolfcrypttest.exe
- name: Build wolfSSL client/server test
working-directory: wolfssl/wrapper/CSharp
env:
LD_LIBRARY_PATH: $GITHUB_WORKSPACE/build-dir/lib
run: |
mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe
mcs wolfSSL_CSharp/wolfCrypt.cs wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs -OUT:client.exe
- name: Test wolfSSL client/server communication
working-directory: wolfssl/wrapper/CSharp
env:
LD_LIBRARY_PATH: $GITHUB_WORKSPACE/build-dir/lib
run: |
# Start server in background and capture its PID
timeout 10s mono server.exe > server.log 2>&1 &
SERVER_PID=$!
# Wait for server to start
sleep 2
# Run client and capture output
timeout 5s mono client.exe > client.log 2>&1
CLIENT_EXIT_CODE=$?
# Wait a moment for server to process
sleep 1
# Kill server
kill $SERVER_PID 2>/dev/null || true
# Check if client completed successfully (exit code 0)
if [ $CLIENT_EXIT_CODE -eq 0 ]; then
echo "Client completed successfully"
else
echo "Client failed with exit code $CLIENT_EXIT_CODE"
cat client.log
exit 1
fi
# Check for success indicators in logs
if grep -q "SSL version is" client.log && grep -q "SSL cipher suite is" client.log; then
echo "TLS handshake successful - SSL version and cipher suite detected"
else
echo "TLS handshake failed - no SSL version/cipher detected"
echo "Client log:"
cat client.log
echo "Server log:"
cat server.log
exit 1
fi
- name: Test SNI functionality
working-directory: wolfssl/wrapper/CSharp
env:
LD_LIBRARY_PATH: $GITHUB_WORKSPACE/build-dir/lib
run: |
# Start server with SNI support in background
timeout 10s mono server.exe -S > server_sni.log 2>&1 &
SERVER_PID=$!
# Wait for server to start
sleep 2
# Run client with SNI and capture output
timeout 5s mono client.exe -S localhost > client_sni.log 2>&1
CLIENT_EXIT_CODE=$?
# Wait a moment for server to process
sleep 1
# Kill server
kill $SERVER_PID 2>/dev/null || true
# Check if client completed successfully
if [ $CLIENT_EXIT_CODE -eq 0 ]; then
echo "SNI client completed successfully"
else
echo "SNI client failed with exit code $CLIENT_EXIT_CODE"
cat client_sni.log
exit 1
fi
# Check for SNI success indicators
if grep -q "SSL version is" client_sni.log && grep -q "SSL cipher suite is" client_sni.log; then
echo "SNI TLS handshake successful"
else
echo "SNI TLS handshake failed"
echo "Client log:"
cat client_sni.log
echo "Server log:"
cat server_sni.log
exit 1
fi