fixup #367
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push, pull_request] | |
jobs: | |
ruby-versions: | |
uses: ruby/actions/.github/workflows/ruby_versions.yml@master | |
with: | |
engine: cruby-truffleruby | |
min_version: 2.7 | |
test: | |
needs: ruby-versions | |
name: >- | |
${{ matrix.os }} ${{ matrix.ruby }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
# ubuntu-22.04 uses OpenSSL 3.0, ubuntu-20.04 uses OpenSSL 1.1.1 | |
os: [ ubuntu-22.04, ubuntu-20.04, macos-latest, windows-latest ] | |
ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }} | |
exclude: | |
- { os: windows-latest, ruby: truffleruby } | |
- { os: windows-latest, ruby: truffleruby-head } | |
- { os: macos-latest, ruby: truffleruby } | |
- { os: ubuntu-20.04, ruby: truffleruby } | |
include: | |
- { os: windows-latest, ruby: ucrt } | |
- { os: windows-latest, ruby: mswin } | |
steps: | |
- name: repo checkout | |
uses: actions/checkout@v4 | |
- name: load ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: ${{ matrix.ruby }} | |
bundler-cache: true # `bundle install` and cache | |
- name: set flags to check compiler warnings. | |
run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV | |
if: ${{ !matrix.skip-warnings }} | |
- name: compile | |
run: bundle exec rake compile | |
env: | |
MAKEFLAGS: V=1 | |
- name: test | |
run: bundle exec rake test TESTOPTS="-v --no-show-detail-immediately" | |
timeout-minutes: 5 | |
test-openssls: | |
name: ${{ matrix.openssl }} ${{ matrix.name-extra || '' }} | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
openssl: | |
# https://openssl-library.org/source/ | |
- openssl-1.0.2u # EOL | |
- openssl-1.1.0l # EOL | |
- openssl-1.1.1w # EOL | |
- openssl-3.0.14 | |
- openssl-3.1.6 | |
- openssl-3.2.2 | |
- openssl-3.3.1 | |
- openssl-head | |
# http://www.libressl.org/releases.html | |
- libressl-3.1.5 # EOL | |
- libressl-3.2.7 # EOL | |
- libressl-3.3.6 # EOL | |
- libressl-3.4.3 # EOL | |
- libressl-3.5.3 # EOL | |
- libressl-3.6.3 # EOL | |
- libressl-3.7.3 # EOL | |
- libressl-3.8.4 | |
- libressl-3.9.2 | |
append-configure: [''] | |
include: | |
- { openssl: openssl-head, append-configure: 'no-legacy', name-extra: 'no-legacy' } | |
steps: | |
- name: repo checkout | |
uses: actions/checkout@v4 | |
- id: cache-openssl | |
uses: actions/cache@v4 | |
with: | |
path: ~/openssl | |
key: openssl-${{ runner.os }}-${{ matrix.openssl }}-${{ matrix.append-configure || 'none' }} | |
if: matrix.openssl != 'openssl-head' && matrix.openssl != 'libressl-head' | |
- name: compile openssl | |
if: steps.cache-openssl.outputs.cache-hit != 'true' | |
run: | | |
# Enable Bash debugging option temporarily for debugging use. | |
set -x | |
mkdir -p tmp/build-openssl && cd tmp/build-openssl | |
case ${{ matrix.openssl }} in | |
openssl-1.*) | |
curl -L https://openssl.org/source/${{ matrix.openssl }}.tar.gz | \ | |
tar xzf - --strip-components=1 | |
# shared is required for 1.0.x. | |
./Configure --prefix=$HOME/openssl --libdir=lib \ | |
shared linux-x86_64 ${{ matrix.append-configure }} | |
make depend | |
;; | |
openssl-*) | |
OPENSSL_COMMIT=${{ matrix.openssl == 'openssl-head' && 'master' || matrix.openssl }} | |
git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git . | |
echo "Git commit: $(git rev-parse HEAD)" | |
./config --prefix=$HOME/openssl --libdir=lib ${{ matrix.append-configure }} | |
;; | |
libressl-*) | |
curl -L https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${{ matrix.openssl }}.tar.gz | \ | |
tar xzf - --strip-components=1 | |
./configure --prefix=$HOME/openssl | |
;; | |
*) | |
false | |
;; | |
esac | |
make -j4 | |
make install_sw | |
- name: load ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.0' | |
bundler-cache: true | |
- name: set flags to check compiler warnings. | |
run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV | |
if: ${{ !matrix.skip-warnings }} | |
- name: compile | |
run: bundle exec rake compile -- --with-openssl-dir=$HOME/openssl | |
env: | |
MAKEFLAGS: V=1 | |
- name: test | |
run: bundle exec rake test TESTOPTS="-v --no-show-detail-immediately" | |
timeout-minutes: 5 | |
test-fips: | |
name: ${{ matrix.openssl }} with FIPS provider | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
openssl: | |
- openssl-3.0.14 | |
- openssl-3.1.6 | |
- openssl-3.2.2 | |
- openssl-3.3.1 | |
- openssl-head | |
steps: | |
- name: repo checkout | |
uses: actions/checkout@v4 | |
- id: cache-openssl | |
uses: actions/cache@v4 | |
with: | |
path: ~/openssl | |
key: openssl-${{ runner.os }}-${{ matrix.openssl }}-enable-fips | |
if: matrix.openssl != 'openssl-head' | |
- name: compile openssl | |
if: steps.cache-openssl.outputs.cache-hit != 'true' | |
run: | | |
set -x | |
mkdir -p tmp/build-openssl && cd tmp/build-openssl | |
OPENSSL_COMMIT=${{ matrix.openssl == 'openssl-head' && 'master' || matrix.openssl }} | |
git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git . | |
echo "Git commit: $(git rev-parse HEAD)" | |
./config --prefix=$HOME/openssl --libdir=lib enable-fips | |
make -j4 | |
make install_sw | |
make install_fips | |
- name: load ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.0' | |
bundler-cache: true | |
- name: set flags to check compiler warnings. | |
run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV | |
if: ${{ !matrix.skip-warnings }} | |
- name: compile | |
run: bundle exec rake compile -- --with-openssl-dir=$HOME/openssl | |
env: | |
MAKEFLAGS: V=1 | |
- name: setup openssl config file path for fips | |
run: | | |
sed -e "s|OPENSSL_DIR|$HOME/openssl|" tool/openssl_fips.cnf.tmpl > tmp/openssl_fips.cnf | |
echo "OPENSSL_CONF=$(pwd)/tmp/openssl_fips.cnf" >> $GITHUB_ENV | |
# Run only the passing tests on the FIPS module as a temporary workaround. | |
# TODO Fix other tests, and run all the tests on FIPS module. | |
- name: test | |
run: bundle exec rake test_fips TESTOPTS="-v --no-show-detail-immediately" | |
timeout-minutes: 5 |