mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 01:10:48 +02:00
3a6c31a51e
Replace the one-runner-per-configuration matrices across the
make-check workflow family with a generic pooled runner,
.github/scripts/parallel-make-check.py. Each workflow keeps its
configuration list as JSON next to the invocation; one runner (or a
small fixed set of shards, balanced by measured per-config minutes)
builds every config in its own out-of-tree (VPATH) build directory off
a single checkout/autogen, on a pool of one-per-CPU worker threads,
longest first. Concurrent checks are isolated with bubblewrap network
namespaces, compilations are cached with ccache, the first failure
aborts the rest (fail-fast, with --no-fail-fast to run everything),
and per-config timings plus pool efficiency land in the step summary.
Failure logs upload as artifacts. smoke-test.yml is likewise reworked
into a single pooled job that runs its nine configs on one runner.
Converted workflows (runner jobs per full pass):
os-check.yml 101 -> 8 (92 Ubuntu configs -> 4 shards;
the macOS matrix, the user-settings jobs and
the standalone
macos-apple-native-cert-validation.yml fold
into one macOS runner; Windows unchanged)
pq-all.yml 21 -> 2 shards
disable-pk-algs.yml 15 -> 1
wolfCrypt-Wconversion.yml 11 -> 1
trackmemory.yml 7 -> 1
cryptocb-only.yml 8 -> 1 (incl. the two new SHA512 entries)
multi-compiler.yml 6 -> 1
smallStackSize.yml 6 -> 1
multi-arch.yml 6 -> 1
async.yml 5 -> 1
psk.yml 5 -> 1
no-malloc.yml 3 -> 1
wolfsm.yml 3 -> 1
opensslcoexist.yml 2 -> 1
Measured against current upstream passing runs (job execution time,
queue excluded): ~200 runner jobs / ~374 runner-minutes per full pass
become 23 jobs / ~168 runner-minutes, with more coverage than before.
multi-arch's old matrix combined an "include" list of four
architectures with an "opts" axis; GitHub's include-merge rules made
each arch entry overwrite the previous one, so only the armel
combinations actually ran. The pooled list restores the intended
aarch64/armhf/riscv64 coverage (23 combinations; riscv64 x sp-math is
omitted as invalid - configure rejects sp-math without SP, and
--enable-riscv-asm, unlike --enable-sp-asm, does not bring SP in).
Out-of-tree build fixes this depends on:
- Makefile.am: symlink the read-only test data (certs/, tests/ config
files, sniffer captures and helpers, examples/crypto_policies,
input, quit) into the build tree via a BUILT_SOURCES stamp, removed
again in distclean-local. ChangeToWolfRoot() and the script tests
resolve everything relative to the working directory, so out-of-tree
make check and make distcheck now pass.
- scripts/multi-msg-record.py: locate the client binary from the build
tree working directory rather than the script's source directory.
- configure.ac + wolfssl/include.am: run
support/gen-debug-trace-error-codes.sh from $srcdir; it reads the
error-code headers from the source tree and generates into the build
tree.
- tests/swdev: a WOLFBUILD variable points the sub-make at the build
tree for the configure-generated headers (wolfssl/options.h,
wolfssl/version.h); the in-tree-only guards are dropped.
Portions of PR #10649 are incorporated: the cross-platform
ccache-setup composite action, repository_owner gates on check-headers
and check-source-text, the docs-only paths-ignore on os-check, and the
libspdm timeout bumps.
137 lines
6.4 KiB
YAML
137 lines
6.4 KiB
YAML
name: Stack Size warnings
|
|
|
|
# START OF COMMON SECTION
|
|
on:
|
|
push:
|
|
branches: [ 'release/**' ]
|
|
pull_request:
|
|
types: [opened, synchronize, reopened, ready_for_review]
|
|
branches: [ '*' ]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
# END OF COMMON SECTION
|
|
|
|
jobs:
|
|
# All former runner-per-config matrix entries build on one runner via
|
|
# .github/scripts/parallel-make-check.py (see os-check.yml for the full
|
|
# pattern): each config builds in its own out-of-tree ("VPATH") build
|
|
# directory off one checkout/autogen, on a pool of one-per-CPU worker
|
|
# threads, longest first.
|
|
build_library:
|
|
name: build library
|
|
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
|
|
runs-on: ubuntu-24.04
|
|
# Generous for a cold ccache; warm reruns finish in a fraction.
|
|
timeout-minutes: 15
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
name: Checkout wolfSSL
|
|
|
|
- name: Install dependencies
|
|
uses: ./.github/actions/install-apt-deps
|
|
with:
|
|
packages: autoconf automake libtool build-essential
|
|
|
|
# ccache via the cross-platform composite; the script passes the
|
|
# compiler to configure as CC="ccache gcc" (or a per-config "cc").
|
|
- name: Set up ccache
|
|
uses: ./.github/actions/ccache-setup
|
|
with:
|
|
workflow-id: smallstacksize
|
|
max-size: 150M
|
|
|
|
# The JSON list below is the former runner-per-config matrix (the
|
|
# shared base configure arguments are folded into every entry). Each
|
|
# build must come out clean under -Wframe-larger-than/-Wstack-usage,
|
|
# then runs testwolfcrypt under the relative-stack checker.
|
|
- name: Build all configs (parallel, out-of-tree)
|
|
run: |
|
|
cat > "$RUNNER_TEMP/smallstacksize-configs.json" <<'EOF'
|
|
[
|
|
{"name": "noasm", "minutes": 1,
|
|
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
|
"--disable-testcert", "--enable-smallstack",
|
|
"--enable-smallstackcache", "--enable-crypttests",
|
|
"--disable-benchmark", "--disable-examples",
|
|
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
|
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
|
"--disable-asm"],
|
|
"check": false,
|
|
"run": [["./wolfcrypt/test/testwolfcrypt"]]},
|
|
{"name": "noasm-pq", "minutes": 1,
|
|
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
|
"--disable-testcert", "--enable-smallstack",
|
|
"--enable-smallstackcache", "--enable-crypttests",
|
|
"--disable-benchmark", "--disable-examples",
|
|
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
|
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
|
"--disable-asm", "--enable-mlkem", "--enable-lms", "--enable-xmss",
|
|
"--enable-mldsa"],
|
|
"check": false,
|
|
"run": [["./wolfcrypt/test/testwolfcrypt"]]},
|
|
{"name": "noasm-allcrypto-pq", "minutes": 1,
|
|
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
|
"--disable-testcert", "--enable-smallstack",
|
|
"--enable-smallstackcache", "--enable-crypttests",
|
|
"--disable-benchmark", "--disable-examples",
|
|
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
|
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
|
"--disable-asm", "--enable-all-crypto", "--enable-mlkem",
|
|
"--enable-lms", "--enable-xmss", "--enable-mldsa"],
|
|
"check": false,
|
|
"run": [["./wolfcrypt/test/testwolfcrypt"]]},
|
|
{"name": "intelasm", "minutes": 1,
|
|
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
|
"--disable-testcert", "--enable-smallstack",
|
|
"--enable-smallstackcache", "--enable-crypttests",
|
|
"--disable-benchmark", "--disable-examples",
|
|
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
|
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
|
"--enable-intelasm", "--enable-sp-asm"],
|
|
"check": false,
|
|
"run": [["./wolfcrypt/test/testwolfcrypt"]]},
|
|
{"name": "intelasm-pq", "minutes": 1,
|
|
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
|
"--disable-testcert", "--enable-smallstack",
|
|
"--enable-smallstackcache", "--enable-crypttests",
|
|
"--disable-benchmark", "--disable-examples",
|
|
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
|
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
|
"--enable-intelasm", "--enable-sp-asm", "--enable-mlkem",
|
|
"--enable-lms", "--enable-xmss", "--enable-mldsa"],
|
|
"check": false,
|
|
"run": [["./wolfcrypt/test/testwolfcrypt"]]},
|
|
{"name": "intelasm-allcrypto-pq", "minutes": 1,
|
|
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
|
"--disable-testcert", "--enable-smallstack",
|
|
"--enable-smallstackcache", "--enable-crypttests",
|
|
"--disable-benchmark", "--disable-examples",
|
|
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
|
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
|
"--enable-intelasm", "--enable-sp-asm", "--enable-all-crypto",
|
|
"--enable-mlkem", "--enable-lms", "--enable-xmss",
|
|
"--enable-mldsa"],
|
|
"check": false,
|
|
"run": [["./wolfcrypt/test/testwolfcrypt"]]}
|
|
]
|
|
EOF
|
|
.github/scripts/parallel-make-check.py \
|
|
"$RUNNER_TEMP/smallstacksize-configs.json"
|
|
|
|
- name: ccache stats
|
|
if: always()
|
|
run: ccache -s || true
|
|
|
|
- name: Upload logs on failure
|
|
if: failure()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: smallstacksize-logs
|
|
path: |
|
|
build-*/make-check.log
|
|
build-*/test-suite.log
|
|
build-*/config.log
|
|
if-no-files-found: ignore
|