Rework HPKE into JCA Provider model. #2231
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous integration | |
on: | |
push: | |
pull_request: | |
schedule: | |
# Run every day at midnight UTC | |
- cron: '0 0 * * *' | |
jobs: | |
boringssl_clone: | |
# This step ensures that all builders have the same version of BoringSSL | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone BoringSSL repo | |
run: | | |
git clone --depth 1 --filter=blob:none --no-checkout https://github.com/google/boringssl.git "${{ runner.temp }}/boringssl" | |
echo Using BoringSSL commit: $(cd "${{ runner.temp }}/boringssl"; git rev-parse HEAD) | |
- name: Archive BoringSSL source | |
uses: actions/upload-artifact@v1 | |
with: | |
name: boringssl-source | |
path: ${{ runner.temp }}/boringssl | |
build: | |
needs: boringssl_clone | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: [ubuntu-latest, macos-latest, windows-latest] | |
include: | |
- platform: ubuntu-latest | |
tools_url: https://dl.google.com/android/repository/commandlinetools-linux-9477386_latest.zip | |
- platform: macos-latest | |
tools_url: https://dl.google.com/android/repository/commandlinetools-mac-9477386_latest.zip | |
- platform: windows-latest | |
tools_url: https://dl.google.com/android/repository/commandlinetools-win-9477386_latest.zip | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- name: Set up JDK 11 for toolchains | |
uses: actions/setup-java@v1.4.3 | |
with: | |
java-version: 11 | |
- name: Set runner-specific environment variables | |
shell: bash | |
run: | | |
echo "ANDROID_HOME=${{ runner.temp }}/android-sdk" >> $GITHUB_ENV | |
echo "ANDROID_SDK_ROOT=${{ runner.temp }}/android-sdk" >> $GITHUB_ENV | |
echo "BORINGSSL_HOME=${{ runner.temp }}/boringssl" >> $GITHUB_ENV | |
echo "SDKMANAGER=${{ runner.temp }}/android-sdk/cmdline-tools/bin/sdkmanager" >> $GITHUB_ENV | |
echo "M2_REPO=${{ runner.temp }}/m2" >> $GITHUB_ENV | |
- uses: actions/checkout@v2 | |
- name: Setup Linux environment | |
if: runner.os == 'Linux' | |
run: | | |
echo "CC=clang" >> $GITHUB_ENV | |
echo "CXX=clang++" >> $GITHUB_ENV | |
sudo dpkg --add-architecture i386 | |
sudo add-apt-repository ppa:openjdk-r/ppa | |
sudo apt-get -qq update | |
sudo apt-get -qq install -y --no-install-recommends \ | |
gcc-multilib \ | |
g++-multilib \ | |
ninja-build \ | |
openjdk-11-jre-headless | |
- name: Setup macOS environment | |
if: runner.os == 'macOS' | |
run: | | |
brew update || echo update failed | |
brew install ninja || echo update failed | |
- name: install Go | |
uses: actions/setup-go@v1 | |
with: | |
go-version: '1.19.3' | |
- name: Setup Windows environment | |
if: runner.os == 'Windows' | |
run: | | |
choco install nasm -y | |
choco install ninja -y | |
- name: Fetch BoringSSL source | |
uses: actions/download-artifact@v1 | |
with: | |
name: boringssl-source | |
path: ${{ runner.temp }}/boringssl | |
- name: Checkout BoringSSL master branch | |
shell: bash | |
run: | | |
cd "$BORINGSSL_HOME" | |
git checkout --progress --force -B master | |
- name: Build BoringSSL x86 and ARM MacOS | |
if: runner.os == 'macOS' | |
env: | |
# For compatibility, but 10.15 target requires 16-byte stack alignment. | |
MACOSX_DEPLOYMENT_TARGET: 10.11 | |
run: | | |
mkdir -p "$BORINGSSL_HOME/build.x86" | |
pushd "$BORINGSSL_HOME/build.x86" | |
cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -DCMAKE_OSX_ARCHITECTURES=x86_64 -GNinja .. | |
ninja | |
popd | |
mkdir -p "$BORINGSSL_HOME/build.arm" | |
pushd "$BORINGSSL_HOME/build.arm" | |
cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -DCMAKE_OSX_ARCHITECTURES=arm64 -GNinja .. | |
ninja | |
popd | |
- name: Build BoringSSL 64-bit Linux | |
if: runner.os == 'Linux' | |
run: | | |
mkdir -p "$BORINGSSL_HOME/build64" | |
pushd "$BORINGSSL_HOME/build64" | |
cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -GNinja .. | |
ninja | |
popd | |
- name: Build BoringSSL 64-bit Windows | |
if: runner.os == 'Windows' | |
run: | | |
cd $Env:BORINGSSL_HOME | |
& $Env:GITHUB_WORKSPACE\.github\workflows\vsenv.ps1 -arch x64 -hostArch x64 | |
mkdir build64 | |
pushd build64 | |
cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS_RELEASE=/MT -DCMAKE_CXX_FLAGS_RELEASE=/MT -GNinja .. | |
ninja | |
popd | |
- name: Setup Android environment | |
shell: bash | |
if: runner.os == 'Linux' | |
run: | | |
cd "${{ runner.temp }}" | |
curl -L "${{ matrix.tools_url }}" -o android-tools.zip | |
mkdir -p "$ANDROID_HOME" | |
unzip -q android-tools.zip -d "$ANDROID_HOME" | |
yes | "$SDKMANAGER" --sdk_root="$ANDROID_HOME" --licenses || true | |
"$SDKMANAGER" --sdk_root="$ANDROID_HOME" tools | |
"$SDKMANAGER" --sdk_root="$ANDROID_HOME" platform-tools | |
"$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'build-tools;30.0.3' | |
"$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'platforms;android-26' | |
"$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'extras;android;m2repository' | |
"$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'ndk;25.2.9519653' | |
"$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'cmake;3.22.1' | |
- name: Build with Gradle | |
shell: bash | |
run: ./gradlew assemble -PcheckErrorQueue | |
- name: Test with Gradle | |
shell: bash | |
run: ./gradlew test -PcheckErrorQueue | |
- name: Other checks with Gradle | |
shell: bash | |
run: ./gradlew check -PcheckErrorQueue | |
- name: Publish to local Maven repo | |
shell: bash | |
run: ./gradlew publishToMavenLocal -Dmaven.repo.local="$M2_REPO" | |
- name: Upload Maven respository | |
uses: actions/upload-artifact@v1 | |
with: | |
name: m2repo-${{ runner.os }} | |
path: ${{ runner.temp }}/m2 | |
- name: Build test JAR with dependencies | |
if: runner.os == 'Linux' | |
shell: bash | |
run: ./gradlew :conscrypt-openjdk:testJar -PcheckErrorQueue | |
- name: Upload test JAR with dependencies | |
if: runner.os == 'Linux' | |
uses: actions/upload-artifact@v2 | |
with: | |
name: testjar | |
path: openjdk/build/libs/conscrypt-openjdk-*-tests.jar | |
if-no-files-found: error | |
uberjar: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set runner-specific environment variables | |
shell: bash | |
run: | | |
echo "M2_REPO=${{ runner.temp }}/m2" >> $GITHUB_ENV | |
echo "BORINGSSL_HOME=${{ runner.temp }}/boringssl" >> $GITHUB_ENV | |
- name: Fetch BoringSSL source | |
uses: actions/download-artifact@v1 | |
with: | |
name: boringssl-source | |
path: ${{ runner.temp }}/boringssl | |
- name: Make fake BoringSSL directories | |
shell: bash | |
run: | | |
# TODO: remove this when the check is only performed when building. | |
# BoringSSL is not needed during the UberJAR build, but the | |
# assertion to check happens regardless of whether the project | |
# needs it. | |
mkdir -p "${{ runner.temp }}/boringssl/build64" | |
mkdir -p "${{ runner.temp }}/boringssl/include" | |
- name: Download Maven repository for Linux | |
uses: actions/download-artifact@v1 | |
with: | |
name: m2repo-Linux | |
path: ${{ runner.temp }}/m2 | |
- name: Download Maven repository for MacOS | |
uses: actions/download-artifact@v1 | |
with: | |
name: m2repo-macOS | |
path: ${{ runner.temp }}/m2 | |
- name: Download Maven repository for Windows | |
uses: actions/download-artifact@v1 | |
with: | |
name: m2repo-Windows | |
path: ${{ runner.temp }}/m2 | |
- name: Build UberJAR with Gradle | |
shell: bash | |
run: | | |
./gradlew :conscrypt-openjdk-uber:build -Dorg.conscrypt.openjdk.buildUberJar=true -Dmaven.repo.local="$M2_REPO" | |
- name: Publish UberJAR to Maven Local | |
shell: bash | |
run: | | |
./gradlew :conscrypt-openjdk-uber:publishToMavenLocal -Dorg.conscrypt.openjdk.buildUberJar=true -Dmaven.repo.local="$M2_REPO" | |
- name: Upload Maven respository | |
uses: actions/upload-artifact@v1 | |
with: | |
name: m2repo-uber | |
path: ${{ runner.temp }}/m2 | |
openjdk-test: | |
needs: uberjar | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: [ubuntu-latest, macos-latest, windows-latest] | |
java: [8, 9, 11] | |
include: | |
- java: 8 | |
suite_class: "org.conscrypt.Conscrypt(OpenJdk)?Suite" | |
- java: 9 | |
suite_class: "org.conscrypt.Conscrypt(OpenJdk)?Suite" | |
- java: 11 | |
suite_class: "org.conscrypt.Conscrypt(OpenJdk)?Suite" | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- name: Set up Java | |
uses: actions/setup-java@v1 | |
with: | |
java-version: ${{ matrix.java }} | |
- name: Download UberJAR | |
uses: actions/download-artifact@v2 | |
with: | |
name: m2repo-uber | |
path: m2 | |
- name: Download Test JAR with Dependencies | |
uses: actions/download-artifact@v2 | |
with: | |
name: testjar | |
path: testjar | |
- name: Download JUnit runner | |
shell: bash | |
run: mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:copy -Dartifact=org.junit.platform:junit-platform-console-standalone:1.6.2 -DoutputDirectory=. -Dmdep.stripVersion=true | |
- name: Run JUnit tests | |
shell: bash | |
run: | | |
DIR="$(find m2/org/conscrypt/conscrypt-openjdk-uber -maxdepth 1 -mindepth 1 -type d -print)" | |
VERSION="${DIR##*/}" | |
TESTJAR="$(find testjar -name '*-tests.jar')" | |
java -jar junit-platform-console-standalone.jar -cp "$DIR/conscrypt-openjdk-uber-$VERSION.jar:$TESTJAR" -n='${{ matrix.suite_class }}' --scan-classpath --reports-dir=results --fail-if-no-tests | |
- name: Archive test results | |
if: ${{ always() }} | |
uses: actions/upload-artifact@v2 | |
with: | |
name: test-results-${{ matrix.platform }}-${{ matrix.java }} | |
path: results |