7bab201abe
Also:
- detect and add required system libraries for Rustls on macOS and
non-Windows.
- add Linux CMake jobs for the touched dependencies.
Caveats:
- MSH3 generates a broken `libmsh3.pc`, so needs manual config.
Upstream PR: https://github.com/nibanks/msh3/pull/225
- Rustls `.pc` file missing, so needs manual config.
An internal change worthy of mention is that we are using the lib path
and name information returned by `pkg-config` as-is. Meaning the libname
doesn't include the full path, like it's usual with native cmake
detection. The path comes separately and needs to be rolled separately.
For this we add it to targets via `link_directories()`. We also keep tab
of them in `CURL_LIBDIRS` and use that in `libcurl.pc`. Feature checks
also need to receive these paths. CMake doesn't offer
a `CMAKE_REQUIRED_*` variable for this purpose, only
a `CMAKE_REQUIRED_LINK_OPTIONS` accepting raw linker flags. Add a macro
to convert a list of paths to linker options to solve it. wolfSSL
requires this for now.
Closes #15193
691 lines
29 KiB
YAML
691 lines
29 KiB
YAML
# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
#
|
|
# SPDX-License-Identifier: curl
|
|
|
|
name: Linux
|
|
|
|
'on':
|
|
push:
|
|
branches:
|
|
- master
|
|
- '*/ci'
|
|
paths-ignore:
|
|
- '**/*.md'
|
|
- '.circleci/**'
|
|
- 'appveyor.*'
|
|
- 'packages/**'
|
|
- 'plan9/**'
|
|
- 'projects/**'
|
|
- 'winbuild/**'
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
paths-ignore:
|
|
- '**/*.md'
|
|
- '.circleci/**'
|
|
- 'appveyor.*'
|
|
- 'packages/**'
|
|
- 'plan9/**'
|
|
- 'projects/**'
|
|
- 'winbuild/**'
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
env:
|
|
MAKEFLAGS: -j 5
|
|
# unhandled
|
|
bearssl-version: 0.6
|
|
# renovate: datasource=github-tags depName=libressl-portable/portable versioning=semver registryUrl=https://github.com
|
|
libressl-version: 3.9.2
|
|
# renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
|
|
wolfssl-version: 5.7.2
|
|
# renovate: datasource=github-tags depName=Mbed-TLS/mbedtls versioning=semver registryUrl=https://github.com
|
|
mbedtls-version: 3.6.0
|
|
# renovate: datasource=github-tags depName=icing/mod_h2 versioning=semver registryUrl=https://github.com
|
|
mod_h2-version: 2.0.29
|
|
# renovate: datasource=github-tags depName=nibanks/msh3 versioning=semver registryUrl=https://github.com
|
|
msh3-version: 0.6.0
|
|
# renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
|
|
awslc-version: 1.36.0
|
|
# handled in renovate.json
|
|
openssl3-version: openssl-3.1.3
|
|
# unhandled
|
|
quictls-version: 3.1.4+quic
|
|
# renovate: datasource=github-tags depName=rustls/rustls-ffi versioning=semver registryUrl=https://github.com
|
|
rustls-version: 0.14.0
|
|
|
|
jobs:
|
|
linux:
|
|
name: ${{ matrix.build.generate && 'CM' || 'AM' }} ${{ matrix.build.name }}
|
|
runs-on: 'ubuntu-latest'
|
|
container: ${{ matrix.build.container }}
|
|
timeout-minutes: 45
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
build:
|
|
- name: bearssl
|
|
install_packages: zlib1g-dev
|
|
install_steps: bearssl pytest
|
|
configure: LDFLAGS="-Wl,-rpath,$HOME/bearssl/lib" --with-bearssl=$HOME/bearssl --enable-debug
|
|
|
|
- name: bearssl clang
|
|
install_packages: zlib1g-dev clang
|
|
install_steps: bearssl
|
|
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/bearssl/lib" --with-bearssl=$HOME/bearssl --enable-debug
|
|
|
|
- name: libressl heimdal
|
|
install_packages: zlib1g-dev heimdal-dev
|
|
install_steps: libressl pytest
|
|
configure: LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --with-gssapi --enable-debug
|
|
|
|
- name: libressl heimdal valgrind
|
|
install_packages: zlib1g-dev heimdal-dev valgrind
|
|
install_steps: libressl pytest
|
|
generate: -DOPENSSL_ROOT_DIR=$HOME/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON
|
|
|
|
- name: libressl clang
|
|
install_packages: zlib1g-dev clang
|
|
install_steps: libressl
|
|
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --enable-debug
|
|
|
|
- name: wolfssl-all
|
|
install_packages: zlib1g-dev
|
|
install_steps: wolfssl-all
|
|
configure: LDFLAGS="-Wl,-rpath,$HOME/wolfssl-all/lib" --with-wolfssl=$HOME/wolfssl-all --enable-debug
|
|
|
|
- name: wolfssl-opensslextra valgrind
|
|
install_packages: zlib1g-dev valgrind
|
|
install_steps: wolfssl-opensslextra
|
|
configure: LDFLAGS="-Wl,-rpath,$HOME/wolfssl-opensslextra/lib" --with-wolfssl=$HOME/wolfssl-opensslextra --enable-debug
|
|
|
|
- name: mbedtls valgrind
|
|
install_packages: libnghttp2-dev valgrind
|
|
install_steps: mbedtls pytest
|
|
configure: LDFLAGS="-Wl,-rpath,$HOME/mbedtls/lib" --with-mbedtls=$HOME/mbedtls --enable-debug
|
|
|
|
- name: mbedtls clang
|
|
install_packages: libnghttp2-dev clang
|
|
install_steps: mbedtls
|
|
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/mbedtls/lib" --with-mbedtls=$HOME/mbedtls --enable-debug
|
|
|
|
- name: mbedtls
|
|
install_packages: libnghttp2-dev
|
|
install_steps: mbedtls
|
|
PKG_CONFIG_PATH: '$HOME/mbedtls/lib/pkgconfig' # Requires v3.6.0 or upper
|
|
generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON
|
|
|
|
- name: mbedtls-pkg
|
|
install_packages: libnghttp2-dev libmbedtls-dev
|
|
generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_USE_PKGCONFIG=OFF
|
|
|
|
- name: msh3
|
|
install_packages: zlib1g-dev
|
|
install_steps: quictls msh3
|
|
configure: LDFLAGS="-Wl,-rpath,$HOME/msh3/lib -Wl,-rpath,$HOME/quictls/lib" --with-msh3=$HOME/msh3 --with-openssl=$HOME/quictls --enable-debug
|
|
|
|
- name: msh3
|
|
install_packages: zlib1g-dev
|
|
install_steps: quictls msh3 skipall
|
|
PKG_CONFIG_PATH: '$HOME/msh3/lib/pkgconfig' # Broken as of v0.6.0
|
|
generate: -DOPENSSL_ROOT_DIR=$HOME/quictls -DUSE_MSH3=ON -DMSH3_INCLUDE_DIR=$HOME/msh3/include -DMSH3_LIBRARY=$HOME/msh3/lib/libmsh3.so -DENABLE_DEBUG=ON
|
|
|
|
- name: awslc
|
|
install_packages: zlib1g-dev
|
|
install_steps: awslc
|
|
configure: LDFLAGS="-Wl,-rpath,$HOME/awslc/lib" --with-openssl=$HOME/awslc
|
|
|
|
- name: awslc
|
|
install_packages: zlib1g-dev
|
|
install_steps: awslc
|
|
generate: -DOPENSSL_ROOT_DIR=$HOME/awslc -DCMAKE_UNITY_BUILD=OFF
|
|
|
|
- name: openssl default
|
|
install_steps: pytest
|
|
configure: --with-openssl --enable-debug --disable-unity
|
|
|
|
- name: openssl libssh2 sync-resolver valgrind
|
|
install_packages: zlib1g-dev libssh2-1-dev valgrind
|
|
install_steps: pytest
|
|
configure: --with-openssl --enable-debug --disable-threaded-resolver --with-libssh2
|
|
|
|
- name: openssl3
|
|
install_packages: zlib1g-dev
|
|
install_steps: gcc-11 openssl3 pytest
|
|
configure: CFLAGS=-std=gnu89 LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug
|
|
|
|
- name: openssl3 -O3 valgrind
|
|
install_packages: zlib1g-dev valgrind
|
|
install_steps: gcc-11 openssl3
|
|
configure: CPPFLAGS=-DCURL_WARN_SIGN_CONVERSION CFLAGS=-O3 LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug
|
|
|
|
- name: openssl3 clang krb5
|
|
install_packages: zlib1g-dev libkrb5-dev clang
|
|
install_steps: openssl3
|
|
configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --with-gssapi --enable-debug
|
|
|
|
- name: openssl3 clang krb5
|
|
install_packages: zlib1g-dev libkrb5-dev clang
|
|
install_steps: openssl3
|
|
generate: -DOPENSSL_ROOT_DIR=$HOME/openssl3 -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON
|
|
|
|
- name: openssl3 !ipv6
|
|
install_steps: gcc-11 openssl3
|
|
configure: LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug --disable-ipv6 --disable-unity
|
|
|
|
- name: openssl3 https-only
|
|
install_steps: gcc-11 openssl3
|
|
configure: >-
|
|
LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug --disable-unity
|
|
--disable-dict --disable-gopher --disable-ldap --disable-telnet
|
|
--disable-imap --disable-pop3 --disable-smtp
|
|
--disable-rtmp --disable-rtsp
|
|
--disable-scp --disable-sftp --disable-tftp --disable-ftp --disable-file --disable-smb
|
|
|
|
- name: '!ssl !http !smtp !imap'
|
|
install_steps: gcc-11
|
|
configure: --without-ssl --enable-debug --disable-http --disable-smtp --disable-imap --disable-unity
|
|
|
|
- name: scanbuild
|
|
install_packages: clang-tools clang libssl-dev libssh2-1-dev
|
|
install_steps: skipall
|
|
configure: --with-openssl --enable-debug --with-libssh2 --disable-unity
|
|
configure-prefix: CC=clang scan-build
|
|
make-prefix: scan-build --status-bugs
|
|
|
|
- name: address-sanitizer
|
|
install_packages: zlib1g-dev libssh2-1-dev clang libssl-dev libubsan1 libasan8 libtsan2
|
|
install_steps: pytest
|
|
configure: >-
|
|
CC=clang
|
|
CFLAGS="-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g"
|
|
LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer"
|
|
LIBS="-ldl -lubsan"
|
|
--with-openssl --enable-debug
|
|
|
|
- name: thread-sanitizer
|
|
install_packages: zlib1g-dev clang libtsan2
|
|
install_steps: pytest openssltsan3
|
|
configure: >-
|
|
CC=clang
|
|
CFLAGS="-fsanitize=thread -g"
|
|
LDFLAGS="-fsanitize=thread -Wl,-rpath,$HOME/openssl3/lib"
|
|
--with-openssl=$HOME/openssl3 --enable-debug
|
|
|
|
- name: memory-sanitizer
|
|
install_packages: clang
|
|
configure: >-
|
|
CC=clang
|
|
CFLAGS="-fsanitize=memory -Wformat -Werror=format-security -Werror=array-bounds -g"
|
|
LDFLAGS="-fsanitize=memory"
|
|
LIBS="-ldl"
|
|
--without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug
|
|
|
|
- name: event-based
|
|
install_packages: libssh-dev
|
|
configure: --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
|
|
tflags: -n -e '!TLS-SRP'
|
|
|
|
- name: hyper
|
|
install_steps: rust hyper
|
|
configure: LDFLAGS="-Wl,-rpath,$HOME/hyper/target/debug" --with-openssl --with-hyper=$HOME/hyper --enable-debug
|
|
|
|
- name: rustls valgrind
|
|
install_packages: libpsl-dev valgrind
|
|
install_steps: rust rustls pytest
|
|
configure: --with-rustls=$HOME/rustls --enable-debug
|
|
|
|
- name: rustls
|
|
install_packages: libpsl-dev
|
|
install_steps: rust rustls skipall
|
|
PKG_CONFIG_PATH: '$HOME/rustls/lib/pkgconfig' # Not built as of v0.14.0
|
|
generate: -DCURL_USE_RUSTLS=ON -DRUSTLS_INCLUDE_DIR=$HOME/rustls/include -DRUSTLS_LIBRARY=$HOME/rustls/lib/librustls.a -DENABLE_DEBUG=ON
|
|
|
|
- name: IntelC !SSL
|
|
install_packages: zlib1g-dev
|
|
install_steps: intel
|
|
configure: CC=icc --enable-debug --without-ssl
|
|
|
|
- name: IntelC openssl valgrind
|
|
install_packages: zlib1g-dev libssl-dev valgrind
|
|
install_steps: intel
|
|
configure: CC=icc --enable-debug --with-openssl
|
|
|
|
- name: Slackware openssl gssapi gcc
|
|
# These are essentially the same flags used to build the curl Slackware package
|
|
# https://ftpmirror.infania.net/slackware/slackware64-current/source/n/curl/curl.SlackBuild
|
|
configure: --with-openssl --with-libssh2 --with-gssapi --enable-ares --enable-static=no --without-ca-bundle --with-ca-path=/etc/ssl/certs
|
|
# Docker Hub image that `container-job` executes in
|
|
container: 'andy5995/slackware-build-essential:15.0'
|
|
|
|
- name: Alpine MUSL
|
|
configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl
|
|
container: 'alpine:3.18'
|
|
|
|
steps:
|
|
- if: matrix.build.container == null
|
|
run: |
|
|
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
|
|
sudo apt-get update -y
|
|
sudo apt-get install libtool autoconf automake ninja-build pkgconf stunnel4 libpsl-dev libbrotli-dev libzstd-dev \
|
|
${{ matrix.build.install_packages }}
|
|
sudo python3 -m pip install impacket
|
|
name: 'install prereqs and impacket'
|
|
|
|
- if: startsWith(matrix.build.container, 'alpine')
|
|
run: |
|
|
apk add --no-cache build-base autoconf automake libtool perl openssl-dev libssh2-dev \
|
|
zlib-dev brotli-dev zstd-dev libidn2-dev openldap-dev heimdal-dev libpsl-dev \
|
|
py3-impacket py3-asn1 py3-six py3-pycryptodomex \
|
|
perl-time-hires openssh stunnel sudo git
|
|
name: 'install dependencies'
|
|
|
|
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4
|
|
|
|
- name: Fix kernel mmap rnd bits
|
|
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
|
|
# high-entropy ASLR in much newer kernels that GitHub runners are
|
|
# using leading to random crashes: https://reviews.llvm.org/D148280
|
|
# See https://github.com/actions/runner-images/issues/9491
|
|
continue-on-error: true
|
|
run: sudo sysctl vm.mmap_rnd_bits=28
|
|
|
|
- if: contains(matrix.build.install_steps, 'gcc-11')
|
|
run: |
|
|
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
|
|
sudo add-apt-repository ppa:ubuntu-toolchain-r/ppa
|
|
sudo apt-get update
|
|
sudo apt-get install gcc-11
|
|
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 100
|
|
sudo update-alternatives --set gcc /usr/bin/gcc-11
|
|
gcc --version
|
|
name: 'install gcc-11'
|
|
|
|
- name: cache bearssl
|
|
if: contains(matrix.build.install_steps, 'bearssl')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-bearssl
|
|
env:
|
|
cache-name: cache-bearssl
|
|
with:
|
|
path: /home/runner/bearssl
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.bearssl-version }}
|
|
|
|
- name: 'build bearssl'
|
|
if: contains(matrix.build.install_steps, 'bearssl') && steps.cache-bearssl.outputs.cache-hit != 'true'
|
|
run: |
|
|
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://bearssl.org/bearssl-${{ env.bearssl-version }}.tar.gz
|
|
tar -xzf bearssl-${{ env.bearssl-version }}.tar.gz
|
|
cd bearssl-${{ env.bearssl-version }}
|
|
make
|
|
mkdir -p $HOME/bearssl/lib $HOME/bearssl/include
|
|
cp inc/*.h $HOME/bearssl/include
|
|
cp build/libbearssl.* $HOME/bearssl/lib
|
|
|
|
- name: cache libressl
|
|
if: contains(matrix.build.install_steps, 'libressl')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-libressl
|
|
env:
|
|
cache-name: cache-libressl
|
|
with:
|
|
path: /home/runner/libressl
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.libressl-version }}
|
|
|
|
- name: 'build libressl'
|
|
if: contains(matrix.build.install_steps, 'libressl') && steps.cache-libressl.outputs.cache-hit != 'true'
|
|
run: |
|
|
git clone --quiet --depth=1 -b v${{ env.libressl-version }} https://github.com/libressl-portable/portable.git libressl-git
|
|
cd libressl-git
|
|
./autogen.sh
|
|
./configure --disable-dependency-tracking --prefix=$HOME/libressl
|
|
make install
|
|
|
|
- name: cache wolfssl (all)
|
|
if: contains(matrix.build.install_steps, 'wolfssl-all')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-wolfssl-all
|
|
env:
|
|
cache-name: cache-wolfssl-all
|
|
with:
|
|
path: /home/runner/wolfssl-all
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.wolfssl-version }}
|
|
|
|
- name: 'build wolfssl (all)'
|
|
if: contains(matrix.build.install_steps, 'wolfssl-all') && steps.cache-wolfssl-all.outputs.cache-hit != 'true'
|
|
run: |
|
|
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssl/archive/v${{ env.wolfssl-version }}-stable.tar.gz
|
|
tar -xzf v${{ env.wolfssl-version }}-stable.tar.gz
|
|
cd wolfssl-${{ env.wolfssl-version }}-stable
|
|
./autogen.sh
|
|
./configure --disable-dependency-tracking --enable-tls13 --enable-harden --prefix=$HOME/wolfssl-all --enable-all
|
|
make install
|
|
|
|
- name: cache wolfssl (opensslextra)
|
|
if: contains(matrix.build.install_steps, 'wolfssl-opensslextra')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-wolfssl-opensslextra
|
|
env:
|
|
cache-name: cache-wolfssl-opensslextra
|
|
with:
|
|
path: /home/runner/wolfssl-opensslextra
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.wolfssl-version }}
|
|
|
|
- name: 'build wolfssl (opensslextra)'
|
|
if: contains(matrix.build.install_steps, 'wolfssl-opensslextra') && steps.cache-wolfssl-opensslextra.outputs.cache-hit != 'true'
|
|
run: |
|
|
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssl/archive/v${{ env.wolfssl-version }}-stable.tar.gz
|
|
tar -xzf v${{ env.wolfssl-version }}-stable.tar.gz
|
|
cd wolfssl-${{ env.wolfssl-version }}-stable
|
|
./autogen.sh
|
|
./configure --disable-dependency-tracking --enable-tls13 --enable-harden --prefix=$HOME/wolfssl-opensslextra --enable-opensslextra
|
|
make install
|
|
|
|
- name: cache mbedtls
|
|
if: contains(matrix.build.install_steps, 'mbedtls')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-mbedtls
|
|
env:
|
|
cache-name: cache-mbedtls
|
|
with:
|
|
path: /home/runner/mbedtls
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.mbedtls-version }}
|
|
|
|
- name: 'build mbedtls'
|
|
if: contains(matrix.build.install_steps, 'mbedtls') && steps.cache-mbedtls.outputs.cache-hit != 'true'
|
|
run: |
|
|
git clone --quiet --depth=1 -b v${{ env.mbedtls-version }} https://github.com/Mbed-TLS/mbedtls
|
|
cd mbedtls
|
|
git submodule update --init --depth=1
|
|
cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=$HOME/mbedtls \
|
|
-DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF
|
|
cmake --build .
|
|
cmake --install .
|
|
|
|
- name: cache openssl3
|
|
if: contains(matrix.build.install_steps, 'openssl3')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-openssl3
|
|
env:
|
|
cache-name: cache-openssl3
|
|
with:
|
|
path: /home/runner/openssl3
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.openssl3-version }}
|
|
|
|
- name: 'install openssl3'
|
|
if: contains(matrix.build.install_steps, 'openssl3') && steps.cache-openssl3.outputs.cache-hit != 'true'
|
|
run: |
|
|
git clone --quiet --depth=1 -b ${{ env.openssl3-version }} https://github.com/openssl/openssl
|
|
cd openssl
|
|
./config --prefix=$HOME/openssl3 --libdir=lib
|
|
make -j1 install_sw
|
|
|
|
- name: cache openssltsan3
|
|
if: contains(matrix.build.install_steps, 'openssltsan3')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-openssltsan3
|
|
env:
|
|
cache-name: cache-openssltsan3
|
|
with:
|
|
path: /home/runner/openssl3
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.openssl3-version }}-d8def798
|
|
|
|
- name: 'install openssltsan3'
|
|
if: contains(matrix.build.install_steps, 'openssltsan3') && steps.cache-openssltsan3.outputs.cache-hit != 'true'
|
|
# There are global data race in openssl:
|
|
# Cherry-Pick the fix for testing https://github.com/openssl/openssl/pull/24782
|
|
run: |
|
|
git clone --quiet --depth=1 -b ${{ env.openssl3-version }} https://github.com/openssl/openssl
|
|
cd openssl
|
|
git fetch --quiet --depth=2 origin d8def79838cd0d5e7c21d217aa26edb5229f0ab4
|
|
git cherry-pick -n d8def79838cd0d5e7c21d217aa26edb5229f0ab4
|
|
CC="clang" CFLAGS="-fsanitize=thread" LDFLAGS="-fsanitize=thread" ./config --prefix=$HOME/openssl3 --libdir=lib
|
|
make -j1 install_sw
|
|
|
|
- name: cache quictls
|
|
if: contains(matrix.build.install_steps, 'quictls')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-quictls
|
|
env:
|
|
cache-name: cache-quictls
|
|
with:
|
|
path: /home/runner/quictls
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.quictls-version }}
|
|
|
|
- name: 'build quictls'
|
|
if: contains(matrix.build.install_steps, 'quictls') && steps.cache-quictls.outputs.cache-hit != 'true'
|
|
run: |
|
|
git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }} https://github.com/quictls/openssl
|
|
cd openssl
|
|
./config --prefix=$HOME/quictls --libdir=lib
|
|
make -j1 install_sw
|
|
|
|
- name: cache msh3
|
|
if: contains(matrix.build.install_steps, 'msh3')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-msh3
|
|
env:
|
|
cache-name: cache-msh3
|
|
with:
|
|
path: /home/runner/msh3
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.msh3-version }}
|
|
|
|
- name: 'build msh3'
|
|
if: contains(matrix.build.install_steps, 'msh3') && steps.cache-msh3.outputs.cache-hit != 'true'
|
|
run: |
|
|
git clone --quiet --depth=1 -b v${{ env.msh3-version }} --recursive https://github.com/nibanks/msh3
|
|
cd msh3
|
|
cmake -B . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=$HOME/msh3
|
|
cmake --build .
|
|
cmake --install .
|
|
|
|
- name: cache awslc
|
|
if: contains(matrix.build.install_steps, 'awslc')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-awslc
|
|
env:
|
|
cache-name: cache-awslc
|
|
with:
|
|
path: /home/runner/awslc
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.awslc-version }}
|
|
|
|
- name: build awslc
|
|
if: contains(matrix.build.install_steps, 'awslc') && steps.cache-awslc.outputs.cache-hit != 'true'
|
|
run: |
|
|
curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \
|
|
https://github.com/awslabs/aws-lc/archive/refs/tags/v${{ env.awslc-version }}.tar.gz
|
|
tar xzf v${{ env.awslc-version }}.tar.gz
|
|
mkdir aws-lc-${{ env.awslc-version }}-build
|
|
cd aws-lc-${{ env.awslc-version }}-build
|
|
cmake -G Ninja -DCMAKE_INSTALL_PREFIX=$HOME/awslc ../aws-lc-${{ env.awslc-version }}
|
|
cmake --build . --parallel 5
|
|
cmake --install .
|
|
|
|
- name: cache rustls
|
|
if: contains(matrix.build.install_steps, 'rustls')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-rustls
|
|
env:
|
|
cache-name: cache-rustls
|
|
with:
|
|
path: /home/runner/rustls
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.rustls-version }}
|
|
|
|
- name: 'install rust'
|
|
if: contains(matrix.build.install_steps, 'rust') && steps.cache-rustls.outputs.cache-hit != 'true'
|
|
run: |
|
|
cd $HOME
|
|
curl -sSf --compressed https://sh.rustup.rs/ | sh -s -- -y
|
|
source $HOME/.cargo/env
|
|
rustup toolchain install nightly
|
|
|
|
- name: 'build rustls'
|
|
if: contains(matrix.build.install_steps, 'rustls') && steps.cache-rustls.outputs.cache-hit != 'true'
|
|
run: |
|
|
git clone --quiet --depth=1 -b v${{ env.rustls-version }} --recursive https://github.com/rustls/rustls-ffi.git
|
|
cd rustls-ffi
|
|
make DESTDIR=$HOME/rustls install
|
|
|
|
- if: contains(matrix.build.install_steps, 'hyper')
|
|
run: |
|
|
cd $HOME
|
|
git clone --quiet --depth=1 https://github.com/hyperium/hyper.git
|
|
cd $HOME/hyper
|
|
RUSTFLAGS="--cfg hyper_unstable_ffi" cargo +nightly rustc --features client,http1,http2,ffi -Z unstable-options --crate-type cdylib
|
|
echo "LD_LIBRARY_PATH=$HOME/hyper/target/debug:/usr/local/lib" >> $GITHUB_ENV
|
|
name: 'install hyper'
|
|
|
|
- if: contains(matrix.build.install_steps, 'intel')
|
|
run: |
|
|
cd /tmp
|
|
curl -sSf --compressed https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | sudo apt-key add -
|
|
sudo add-apt-repository "deb https://apt.repos.intel.com/oneapi all main"
|
|
sudo apt install --no-install-recommends intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic
|
|
source /opt/intel/oneapi/setvars.sh
|
|
printenv >> $GITHUB_ENV
|
|
name: 'install Intel compilers'
|
|
|
|
- if: contains(matrix.build.install_steps, 'pytest')
|
|
run: |
|
|
sudo apt-get install apache2 apache2-dev libnghttp2-dev vsftpd
|
|
sudo python3 -m pip install -r tests/http/requirements.txt
|
|
name: 'install pytest and apach2-dev'
|
|
|
|
- name: cache mod_h2
|
|
if: contains(matrix.build.install_steps, 'pytest')
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
|
|
id: cache-mod_h2
|
|
env:
|
|
cache-name: cache-mod_h2
|
|
with:
|
|
path: /home/runner/mod_h2
|
|
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.mod_h2-version }}
|
|
|
|
- name: 'build mod_h2'
|
|
if: contains(matrix.build.install_steps, 'pytest') && steps.cache-mod_h2.outputs.cache-hit != 'true'
|
|
run: |
|
|
cd $HOME
|
|
git clone --quiet --depth=1 -b v${{ env.mod_h2-version }} https://github.com/icing/mod_h2
|
|
cd mod_h2
|
|
autoreconf -fi
|
|
./configure
|
|
make
|
|
|
|
- name: 'install mod_h2'
|
|
if: contains(matrix.build.install_steps, 'pytest')
|
|
run: |
|
|
cd $HOME/mod_h2
|
|
sudo make install
|
|
|
|
- run: autoreconf -fi
|
|
if: ${{ matrix.build.configure }}
|
|
name: 'autoreconf'
|
|
|
|
- name: 'configure'
|
|
run: |
|
|
[[ '${{ matrix.build.install_steps }}' = *'awslc'* ]] && sudo apt remove --yes libssl-dev
|
|
if [ -n '${{ matrix.build.PKG_CONFIG_PATH }}' ]; then
|
|
export PKG_CONFIG_PATH="${{ matrix.build.PKG_CONFIG_PATH }}"
|
|
fi
|
|
if [ -n '${{ matrix.build.generate }}' ]; then
|
|
cmake -B . -G Ninja \
|
|
-DCMAKE_C_COMPILER_TARGET=$(uname -m)-pc-linux-gnu -DBUILD_STATIC_LIBS=ON \
|
|
-DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON -DCURL_WERROR=ON \
|
|
-DCURL_BROTLI=ON -DCURL_ZSTD=ON \
|
|
${{ matrix.build.generate }}
|
|
else
|
|
${{ matrix.build.configure-prefix }} \
|
|
./configure --disable-dependency-tracking --enable-unity --enable-test-bundles --enable-warnings --enable-werror \
|
|
${{ matrix.build.configure }}
|
|
fi
|
|
|
|
- name: 'configure log'
|
|
if: ${{ !cancelled() }}
|
|
run: cat config.log CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true
|
|
|
|
- name: 'curl_config.h'
|
|
run: |
|
|
echo '::group::raw'; cat lib/curl_config.h || true; echo '::endgroup::'
|
|
cat lib/curl_config.h | grep -F '#define' | sort || true
|
|
|
|
- name: 'test configs'
|
|
run: |
|
|
cat tests/config || true
|
|
cat tests/http/config.ini || true
|
|
|
|
- name: 'build'
|
|
run: |
|
|
if [ -n '${{ matrix.build.generate }}' ]; then
|
|
${{ matrix.build.make-prefix }} cmake --build . --parallel 5 --verbose
|
|
else
|
|
${{ matrix.build.make-prefix }} make V=1
|
|
fi
|
|
|
|
- name: single-use function check
|
|
if: ${{ contains(matrix.build.configure, '--disable-unity') || contains(matrix.build.generate, '-DCMAKE_UNITY_BUILD=OFF') }}
|
|
run: |
|
|
git config --global --add safe.directory "*"
|
|
if [ -n '${{ matrix.build.generate }}' ]; then
|
|
libcurla=lib/libcurl.a
|
|
else
|
|
libcurla=lib/.libs/libcurl.a
|
|
fi
|
|
./scripts/singleuse.pl --unit ${libcurla}
|
|
|
|
- run: ./src/curl -V
|
|
name: 'check curl -V output'
|
|
|
|
- run: cmake --install . --prefix $HOME/curl --strip
|
|
if: ${{ matrix.build.generate }}
|
|
name: 'cmake install'
|
|
|
|
- name: 'build tests'
|
|
if: ${{ matrix.build.install_steps != 'skipall' }}
|
|
run: |
|
|
if [ -n '${{ matrix.build.generate }}' ]; then
|
|
cmake --build . --parallel 5 --verbose --target testdeps
|
|
else
|
|
make V=1 -C tests
|
|
fi
|
|
|
|
- name: 'run tests'
|
|
if: ${{ matrix.build.install_steps != 'skipall' && matrix.build.install_steps != 'skiprun' }}
|
|
timeout-minutes: ${{ contains(matrix.build.install_packages, 'valgrind') && 30 || 15 }}
|
|
run: |
|
|
export TFLAGS='${{ matrix.build.tflags }}'
|
|
if [[ '${{ matrix.build.install_packages }}' = *'valgrind'* ]]; then
|
|
TFLAGS+=' -j6'
|
|
fi
|
|
if [[ '${{ matrix.build.install_packages }}' = *'heimdal-dev'* ]]; then
|
|
TFLAGS+=' ~2077 ~2078' # valgrind errors
|
|
fi
|
|
if [ -n '${{ matrix.build.generate }}' ]; then
|
|
cmake --build . --verbose --target test-ci
|
|
else
|
|
make V=1 test-ci
|
|
fi
|
|
|
|
- name: 'run pytest'
|
|
if: contains(matrix.build.install_steps, 'pytest')
|
|
env:
|
|
TFLAGS: "${{ matrix.build.tflags }}"
|
|
CURL_CI: github
|
|
run: |
|
|
if [ -n '${{ matrix.build.generate }}' ]; then
|
|
cmake --build . --verbose --target curl-pytest-ci
|
|
else
|
|
make V=1 pytest-ci
|
|
fi
|
|
|
|
- name: 'build examples'
|
|
run: |
|
|
if [ -n '${{ matrix.build.generate }}' ]; then
|
|
${{ matrix.build.make-prefix }} cmake --build . --parallel 5 --verbose --target curl-examples
|
|
else
|
|
${{ matrix.build.make-prefix }} make V=1 examples
|
|
fi
|