Files
wolfssl/.github/workflows/nss.yml
T
Juliusz Sosinowicz 3dd04c818c CI: hand off mbedtls/nss build via artifact on cache miss
With the cache save restricted to master, a cold-cache PR or release
run can no longer restore in the test job what the build job just built
(the per-PR cache scope is gone), so mbedtls/nss were compiled twice.

Upload the build as an artifact on a cache miss and download it in the
test job instead of recompiling, matching the handoff hostap-vm already
uses. master still restores from the shared cache, so it never uses the
artifact.
2026-06-18 12:53:57 +00:00

133 lines
3.9 KiB
YAML

name: nss interop Tests
### TODO uncomment stuff
# START OF COMMON SECTION
on:
push:
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
# Daily run on master reseeds the shared cache (see save steps below).
schedule:
- cron: '40 4 * * *'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
NSS_REF: NSS_3_107_RTM
jobs:
build_nss:
name: Build nss
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
steps:
- name: Checkout wolfSSL CI actions
uses: actions/checkout@v5
with:
sparse-checkout: .github/actions
fetch-depth: 1
- name: Checking if we have nss in cache
uses: actions/cache/restore@v5
id: cache
with:
path: dist
key: nss-${{ env.NSS_REF }}
lookup-only: true
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
uses: ./.github/actions/install-apt-deps
with:
packages: gyp ninja-build
ghcr-debs-tag: ubuntu-24.04-full
- name: Checkout nss
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v5
with:
repository: nss-dev/nss
ref: ${{ env.NSS_REF }}
path: nss
fetch-depth: 1
- name: Compile nss
if: steps.cache.outputs.cache-hit != 'true'
run: |
hg clone https://hg.mozilla.org/projects/nspr
cd nss
./build.sh
# Only master (the daily schedule) saves, so all PRs share one entry.
- name: Save nss cache
if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true'
uses: actions/cache/save@v5
with:
path: dist
key: nss-${{ env.NSS_REF }}
# On a cache miss, hand the freshly built dist/ to nss_test via an
# artifact so nss is not compiled a second time in the same run.
- name: tar nss dist
if: steps.cache.outputs.cache-hit != 'true'
run: tar -zcf nss-dist.tgz dist
- name: Upload nss build
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/upload-artifact@v6
with:
name: nss-build
path: nss-dist.tgz
retention-days: 1
nss_test:
name: Test interop with nss
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
needs: build_nss
timeout-minutes: 30
steps:
# Restore only: the build_nss job (master/schedule) owns the save.
- name: Checking if we have nss in cache
uses: actions/cache/restore@v5
id: cache
with:
path: dist
key: nss-${{ env.NSS_REF }}
# On a cache miss, reuse the build_nss artifact instead of recompiling.
# master restores from the cache above instead.
- name: Download nss build (fallback on cache miss)
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v7
with:
name: nss-build
- name: untar nss dist (fallback on cache miss)
if: steps.cache.outputs.cache-hit != 'true'
run: tar -xf nss-dist.tgz
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtls13
install: false
check: false
- name: Test interop
run: bash wolfssl/.github/workflows/nss.sh
- name: print server logs
if: ${{ failure() }}
run: |
cat /tmp/server.log