Skip to content

Commit f9ec66f

Browse files
rheniumrhenium
committed
.github/workflows/test.yml: synchronize with master
[ This is a backport to the 3.0 branch. ] This includes the following commits: 2a5ca76 CI: Upgrade OpenSSL and LibreSSL versions 2aba5bc CI: Upgrade OpenSSL versions 3982fe7 .github/workflows/test.yml: reenable truffleruby tests 9bcc9f4 Update .github/workflows/test.yml 6e6ca93 CI: Upgrade OpenSSL and LibreSSL versions b0e4657 Revert "A temporary workaround to download OpenSSL archive files." f2c7729 A temporary workaround to download OpenSSL archive files. 64c5011 Don't download OpenSSL from ftp.openssl.org anyomre e774b23 [CI] test.yml - use `bundle exec`, use setup-ruby bundler-cache
1 parent bd3e938 commit f9ec66f

File tree

1 file changed

+68
-53
lines changed

1 file changed

+68
-53
lines changed

.github/workflows/test.yml

Lines changed: 68 additions & 53 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ jobs:
88
with:
99
engine: cruby-truffleruby
1010
min_version: 2.6
11+
1112
test:
1213
needs: ruby-versions
1314
name: >-
@@ -20,12 +21,8 @@ jobs:
2021
os: [ ubuntu-22.04, ubuntu-20.04, macos-latest, windows-latest ]
2122
ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }}
2223
exclude:
23-
# uses non-standard MSYS2 OpenSSL 3 package
24-
- { os: windows-latest, ruby: head }
2524
- { os: windows-latest, ruby: truffleruby }
2625
- { os: windows-latest, ruby: truffleruby-head }
27-
- { os: macos-latest, ruby: truffleruby }
28-
- { os: ubuntu-20.04, ruby: truffleruby }
2926
include:
3027
- { os: windows-latest, ruby: ucrt }
3128
- { os: windows-latest, ruby: mswin }
@@ -38,44 +35,43 @@ jobs:
3835
uses: ruby/setup-ruby@v1
3936
with:
4037
ruby-version: ${{ matrix.ruby }}
41-
42-
- name: depends
43-
run: bundle install
38+
bundler-cache: true # `bundle install` and cache
4439

4540
# Enable the verbose option in mkmf.rb to print the compiling commands.
4641
- name: enable mkmf verbose
4742
run: echo "MAKEFLAGS=V=1" >> $GITHUB_ENV
4843
if: runner.os == 'Linux' || runner.os == 'macOS'
4944

50-
- name: set flags to check compiler warnings.
45+
- name: set flags to check compiler warnings
5146
run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV
5247
if: ${{ !matrix.skip-warnings }}
5348

54-
- name: compile
55-
run: rake compile
49+
- name: rake compile
50+
run: bundle exec rake compile
5651

57-
- name: test
58-
run: rake test TESTOPTS="-v --no-show-detail-immediately"
52+
- name: rake test
53+
run: bundle exec rake test TESTOPTS="-v --no-show-detail-immediately"
5954
timeout-minutes: 5
6055

6156
test-openssls:
6257
name: >-
63-
${{ matrix.openssl }} ${{ matrix.name-extra || '' }}
64-
runs-on: ${{ matrix.os }}
58+
${{ matrix.openssl }} ${{ matrix.name-extra }}
59+
runs-on: ubuntu-latest
6560
strategy:
6661
fail-fast: false
6762
matrix:
68-
os: [ ubuntu-latest ]
69-
ruby: [ "3.0" ]
63+
name-extra: [ '' ]
7064
openssl:
71-
# https://www.openssl.org/source/
65+
# https://openssl-library.org/source/
7266
- openssl-1.0.2u # EOL
7367
- openssl-1.1.0l # EOL
74-
- openssl-1.1.1w # EOL
75-
- openssl-3.0.13
76-
- openssl-3.1.5
77-
- openssl-3.2.1
78-
- openssl-3.3.0
68+
- openssl-1.1.1w # EOL 2023-09-11, still used by RHEL 8 and Ubuntu 20.04
69+
- openssl-3.0.15 # Supported until 2026-09-07
70+
- openssl-3.1.7 # Supported until 2025-03-14
71+
- openssl-3.2.3 # Supported until 2025-11-23
72+
- openssl-3.3.2 # Supported until 2026-04-09
73+
- openssl-3.4.0 # Supported until 2026-10-22
74+
- openssl-master
7975
# http://www.libressl.org/releases.html
8076
- libressl-3.1.5 # EOL
8177
- libressl-3.2.7 # EOL
@@ -84,64 +80,83 @@ jobs:
8480
- libressl-3.5.3 # EOL
8581
- libressl-3.6.3 # EOL
8682
- libressl-3.7.3 # EOL
87-
- libressl-3.8.4
88-
- libressl-3.9.1
83+
- libressl-3.8.4 # EOL 2024-10-16
84+
- libressl-3.9.2 # Supported until 2025-04-05
85+
- libressl-4.0.0
8986
steps:
9087
- name: repo checkout
9188
uses: actions/checkout@v4
9289

93-
- name: prepare openssl
90+
- id: cache-openssl
91+
uses: actions/cache@v4
92+
with:
93+
path: ~/openssl
94+
key: openssl-${{ runner.os }}-${{ matrix.openssl }}-${{ matrix.append-configure || 'default' }}
95+
if: matrix.openssl != 'openssl-master' && matrix.openssl != 'libressl-master'
96+
97+
- name: Compile OpenSSL library
98+
if: steps.cache-openssl.outputs.cache-hit != 'true'
9499
run: |
95100
# Enable Bash debugging option temporarily for debugging use.
96101
set -x
97102
mkdir -p tmp/build-openssl && cd tmp/build-openssl
98103
case ${{ matrix.openssl }} in
99-
openssl-*)
100-
if [ -z "${{ matrix.git }}" ]; then
101-
curl -OL https://openssl.org/source/${{ matrix.openssl }}.tar.gz
102-
tar xf ${{ matrix.openssl }}.tar.gz && cd ${{ matrix.openssl }}
103-
else
104-
git clone -b ${{ matrix.branch }} --depth 1 ${{ matrix.git }} ${{ matrix.openssl }}
105-
cd ${{ matrix.openssl }}
106-
# Log the commit hash.
107-
echo "Git commit: $(git rev-parse HEAD)"
108-
fi
104+
openssl-1.*)
105+
OPENSSL_COMMIT=$(echo ${{ matrix.openssl }} | sed -e 's/^openssl-/OpenSSL_/' | sed -e 's/\./_/g')
106+
git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git .
107+
echo "Git commit: $(git rev-parse HEAD)"
109108
# shared is required for 1.0.x.
110-
./Configure --prefix=$HOME/.openssl/${{ matrix.openssl }} --libdir=lib \
111-
shared linux-x86_64 ${{ matrix.append-configure }}
112-
make depend
109+
./Configure --prefix=$HOME/openssl --libdir=lib shared linux-x86_64
110+
make depend && make -j4 && make install_sw
111+
;;
112+
openssl-*)
113+
OPENSSL_COMMIT=${{ matrix.openssl == 'openssl-master' && 'master' || matrix.openssl }}
114+
git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git .
115+
echo "Git commit: $(git rev-parse HEAD)"
116+
./Configure --prefix=$HOME/openssl --libdir=lib enable-fips ${{ matrix.append-configure }}
117+
make -j4 && make install_sw && make install_fips
113118
;;
114119
libressl-*)
115-
curl -OL https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${{ matrix.openssl }}.tar.gz
116-
tar xf ${{ matrix.openssl }}.tar.gz && cd ${{ matrix.openssl }}
117-
./configure --prefix=$HOME/.openssl/${{ matrix.openssl }}
120+
curl -L https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${{ matrix.openssl }}.tar.gz | \
121+
tar xzf - --strip-components=1
122+
./configure --prefix=$HOME/openssl
123+
make -j4 && make install
118124
;;
119125
*)
120126
false
121127
;;
122128
esac
123-
make -j4
124-
make install_sw
125129
126130
- name: load ruby
127131
uses: ruby/setup-ruby@v1
128132
with:
129-
ruby-version: ${{ matrix.ruby }}
130-
131-
- name: depends
132-
run: bundle install
133+
ruby-version: '3.0'
134+
bundler-cache: true
133135

134136
- name: enable mkmf verbose
135137
run: echo "MAKEFLAGS=V=1" >> $GITHUB_ENV
136-
if: runner.os == 'Linux' || runner.os == 'macOS'
137138

138-
- name: set flags to check compiler warnings.
139+
- name: set flags to check compiler warnings
139140
run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV
140141
if: ${{ !matrix.skip-warnings }}
141142

142-
- name: compile
143-
run: rake compile -- --with-openssl-dir=$HOME/.openssl/${{ matrix.openssl }}
143+
- name: rake compile
144+
run: bundle exec rake compile -- --with-openssl-dir=$HOME/openssl
145+
146+
- name: setup OpenSSL config file for fips
147+
run: |
148+
sed -e "s|OPENSSL_DIR|$HOME/openssl|" tool/openssl_fips.cnf.tmpl > tmp/openssl_fips.cnf
149+
echo "OPENSSL_CONF=$(pwd)/tmp/openssl_fips.cnf" >> $GITHUB_ENV
150+
if: matrix.fips-enabled
151+
152+
- name: rake test
153+
run: bundle exec rake test TESTOPTS="-v --no-show-detail-immediately"
154+
timeout-minutes: 5
155+
if: ${{ !matrix.fips-enabled }}
144156

145-
- name: test
146-
run: rake test TESTOPTS="-v --no-show-detail-immediately"
157+
# Run only the passing tests on the FIPS module as a temporary workaround.
158+
# TODO Fix other tests, and run all the tests on FIPS module.
159+
- name: rake test_fips
160+
run: bundle exec rake test_fips TESTOPTS="-v --no-show-detail-immediately"
147161
timeout-minutes: 5
162+
if: matrix.fips-enabled

0 commit comments

Comments
 (0)