luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f62be9cfb6
curl/.github/workflows/http3-linux.yml
Viktor Szakats 852692b24f
GHA/http3-linux: fix cache rebuild conditions, switch to wolfSSL stable 
ngtcp2 depends on crypto backends. nghttp2 depends on ngtcp2 and nghttp3
(for nghttpx server used in pytests).

Before this patch, ngtcp2, nghttp2 weren't rebuilt when their
dependencies changes. This worked fine until wolfSSL bumped its
soversion and caused CI to fail because ngtcp2 was not rebuilt and was
still referring to the old soname that was no longer offered by the
wolfSSL package.

Make sure to rebuild ngtcp2/nghttp2 when any of their dependencies bump.
To avoid rebuilding everything on every wolfSSL commit, switch to use
wolfSSL stable versions.

Bug: https://github.com/curl/curl/pull/15882#issuecomment-2566821417
Closes #15885
2025-01-02 21:04:02 +01:00

512 lines
20 KiB
YAML
Raw Blame History

# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
#
# SPDX-License-Identifier: curl
name: Linux HTTP/3
'on':
push:
branches:
- master
- '*/ci'
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
pull_request:
branches:
- master
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
concurrency:
# Hardcoded workflow filename as workflow name above is just Linux again
group: http3-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
permissions: {}
env:
MAKEFLAGS: -j 5
# handled in renovate.json
openssl-version: 3.4.0
# handled in renovate.json
quictls-version: 3.3.0
# renovate: datasource=github-tags depName=gnutls/gnutls versioning=semver registryUrl=https://github.com
gnutls-version: 3.8.8
# renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
wolfssl-version: 5.7.6
# renovate: datasource=github-tags depName=ngtcp2/nghttp3 versioning=semver registryUrl=https://github.com
nghttp3-version: 1.7.0
# renovate: datasource=github-tags depName=ngtcp2/ngtcp2 versioning=semver registryUrl=https://github.com
ngtcp2-version: 1.10.0
# renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com
nghttp2-version: 1.64.0
# renovate: datasource=github-tags depName=cloudflare/quiche versioning=semver registryUrl=https://github.com
quiche-version: 0.22.0
jobs:
build-cache:
runs-on: ubuntu-latest
steps:
- name: cache quictls
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-quictls-no-deprecated
env:
cache-name: cache-quictls-no-deprecated
with:
path: /home/runner/quictls/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quictls-version }}-quic1
- name: cache gnutls
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-gnutls
env:
cache-name: cache-gnutls
with:
path: /home/runner/gnutls/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.gnutls-version }}
- name: cache wolfssl
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-wolfssl
env:
cache-name: cache-wolfssl
with:
path: /home/runner/wolfssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.wolfssl-version }}
- name: cache nghttp3
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-nghttp3
env:
cache-name: cache-nghttp3
with:
path: /home/runner/nghttp3/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp3-version }}
- name: cache ngtcp2
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-ngtcp2
env:
cache-name: cache-ngtcp2
with:
path: /home/runner/ngtcp2/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.ngtcp2-version }}-${{ env.quictls-version }}-${{ env.gnutls-version }}-${{ env.wolfssl-version }}
- name: cache nghttp2
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-nghttp2
env:
cache-name: cache-nghttp2
with:
path: /home/runner/nghttp2/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp2-version }}-${{ env.quictls-version }}-${{ env.ngtcp2-version }}-${{ env.nghttp3-version }}
- id: settings
if: |
steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' ||
steps.cache-gnutls.outputs.cache-hit != 'true' ||
steps.cache-wolfssl.outputs.cache-hit != 'true' ||
steps.cache-nghttp3.outputs.cache-hit != 'true' ||
steps.cache-ngtcp2.outputs.cache-hit != 'true' ||
steps.cache-nghttp2.outputs.cache-hit != 'true'
run: |
echo 'needs-build=true' >> $GITHUB_OUTPUT
- name: install build prereqs
if: steps.settings.outputs.needs-build == 'true'
run: |
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo apt-get update -y
sudo apt-get install -y --no-install-suggests --no-install-recommends \
libtool autoconf automake pkgconf stunnel4 \
libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libev-dev libc-ares-dev \
nettle-dev libp11-kit-dev libtspi-dev libunistring-dev guile-2.2-dev libtasn1-bin \
libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \
texinfo texlive texlive-extra-utils autopoint libev-dev \
apache2 apache2-dev libnghttp2-dev
echo 'CC=gcc-12' >> $GITHUB_ENV
echo 'CXX=g++-12' >> $GITHUB_ENV
- if: steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true'
run: |
cd $HOME
git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }}-quic1 https://github.com/quictls/openssl quictls
cd quictls
./config no-deprecated --prefix=$PWD/build --libdir=lib no-makedepend no-apps no-docs no-tests
make
make -j1 install_sw
name: 'build quictls'
- if: steps.cache-gnutls.outputs.cache-hit != 'true'
run: |
cd $HOME
git clone --quiet --depth=1 -b ${{ env.gnutls-version }} https://github.com/gnutls/gnutls.git
cd gnutls
./bootstrap
./configure --disable-dependency-tracking --prefix=$PWD/build \
LDFLAGS="-Wl,-rpath,$PWD/build/lib -L$PWD/build/lib" \
--with-included-libtasn1 --with-included-unistring \
--disable-guile --disable-doc --disable-tests --disable-tools
make
make install
name: 'build gnutls'
- if: steps.cache-wolfssl.outputs.cache-hit != 'true'
run: |
cd $HOME
git clone --quiet --depth=1 -b v${{ env.wolfssl-version }}-stable https://github.com/wolfSSL/wolfssl.git
cd wolfssl
./autogen.sh
./configure --disable-dependency-tracking --enable-all --enable-quic \
--disable-benchmark --disable-crypttests --disable-examples --prefix=$PWD/build
make
make install
name: 'build wolfssl'
- if: steps.cache-nghttp3.outputs.cache-hit != 'true'
run: |
cd $HOME
git clone --quiet --depth=1 -b v${{ env.nghttp3-version }} https://github.com/ngtcp2/nghttp3
cd nghttp3
git submodule update --init --depth=1
autoreconf -fi
./configure --disable-dependency-tracking --prefix=$PWD/build \
PKG_CONFIG_PATH="$PWD/build/lib/pkgconfig" \
--enable-lib-only
make
make install
name: 'build nghttp3'
- if: steps.cache-ngtcp2.outputs.cache-hit != 'true'
run: |
cd $HOME
git clone --quiet --depth=1 -b v${{ env.ngtcp2-version }} https://github.com/ngtcp2/ngtcp2
cd ngtcp2
autoreconf -fi
./configure --disable-dependency-tracking --prefix=$PWD/build \
PKG_CONFIG_PATH="$HOME/quictls/build/lib/pkgconfig:$HOME/gnutls/build/lib/pkgconfig:$HOME/wolfssl/build/lib/pkgconfig" \
--enable-lib-only --with-openssl --with-gnutls --with-wolfssl
make install
name: 'build ngtcp2'
- if: steps.cache-nghttp2.outputs.cache-hit != 'true'
run: |
cd $HOME
git clone --quiet --depth=1 -b v${{ env.nghttp2-version }} https://github.com/nghttp2/nghttp2
cd nghttp2
autoreconf -fi
./configure --disable-dependency-tracking --prefix=$PWD/build \
PKG_CONFIG_PATH="$HOME/quictls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig" \
LDFLAGS="-Wl,-rpath,$HOME/quictls/build/lib" \
--enable-http3
make install
name: 'build nghttp2'
linux:
name: ${{ matrix.build.generate && 'CM' || 'AM' }} ${{ matrix.build.name }}
needs:
- build-cache
runs-on: 'ubuntu-24.04'
timeout-minutes: 45
strategy:
fail-fast: false
matrix:
build:
- name: quictls
PKG_CONFIG_PATH: '$HOME/quictls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig'
configure: >-
LDFLAGS="-Wl,-rpath,$HOME/quictls/build/lib"
--with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug --disable-ntlm
--with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx"
--with-openssl=$HOME/quictls/build
- name: gnutls
PKG_CONFIG_PATH: '$HOME/gnutls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig'
configure: >-
LDFLAGS="-Wl,-rpath,$HOME/gnutls/build/lib"
--with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug
--with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx"
--with-gnutls=$HOME/gnutls/build
- name: wolfssl
PKG_CONFIG_PATH: '$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig'
configure: >-
LDFLAGS="-Wl,-rpath,$HOME/wolfssl/build/lib"
--with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug
--with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx"
--with-wolfssl=$HOME/wolfssl/build
--enable-ech
- name: wolfssl
PKG_CONFIG_PATH: '$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig'
generate: >-
-DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON -DENABLE_DEBUG=ON
-DTEST_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx"
-DHTTPD_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx"
-DUSE_ECH=ON
- name: openssl-quic
PKG_CONFIG_PATH: '$HOME/openssl/build/lib64/pkgconfig'
configure: >-
LDFLAGS="-Wl,-rpath,$HOME/openssl/build/lib64"
--enable-warnings --enable-werror --enable-debug --disable-ntlm
--with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx"
--with-openssl=$HOME/openssl/build --with-openssl-quic
--with-nghttp3=$HOME/nghttp3/build
- name: quiche
configure: >-
LDFLAGS="-Wl,-rpath,$HOME/quiche/target/release"
--with-openssl=$HOME/quiche/quiche/deps/boringssl/src
--enable-warnings --enable-werror --enable-debug
--with-quiche=$HOME/quiche/target/release
--with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx"
--with-ca-fallback
- name: quiche
PKG_CONFIG_PATH: '$HOME/quiche/target/release'
generate: >-
-DOPENSSL_ROOT_DIR=$HOME/quiche/quiche/deps/boringssl/src -DENABLE_DEBUG=ON
-DUSE_QUICHE=ON
-DTEST_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx"
-DHTTPD_NGHTTPX="$HOME/nghttp2/build/bin/nghttpx"
-DCURL_CA_FALLBACK=ON
steps:
- run: |
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo apt-get update -y
sudo apt-get install -y --no-install-suggests --no-install-recommends \
libtool autoconf automake ninja-build pkgconf stunnel4 \
libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libev-dev libc-ares-dev \
nettle-dev libp11-kit-dev libtspi-dev libunistring-dev guile-2.2-dev libtasn1-bin \
libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \
texinfo texlive texlive-extra-utils autopoint libev-dev \
apache2 apache2-dev libnghttp2-dev vsftpd
python3 -m venv $HOME/venv
echo 'CC=gcc-12' >> $GITHUB_ENV
echo 'CXX=g++-12' >> $GITHUB_ENV
name: 'install prereqs'
- name: cache quictls
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-quictls-no-deprecated
env:
cache-name: cache-quictls-no-deprecated
with:
path: /home/runner/quictls/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quictls-version }}
fail-on-cache-miss: true
- name: cache gnutls
if: matrix.build.name == 'gnutls'
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-gnutls
env:
cache-name: cache-gnutls
with:
path: /home/runner/gnutls/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.gnutls-version }}
fail-on-cache-miss: true
- name: cache wolfssl
if: matrix.build.name == 'wolfssl'
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-wolfssl
env:
cache-name: cache-wolfssl
with:
path: /home/runner/wolfssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.wolfssl-version }}
fail-on-cache-miss: true
- name: cache nghttp3
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-nghttp3
env:
cache-name: cache-nghttp3
with:
path: /home/runner/nghttp3/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp3-version }}
fail-on-cache-miss: true
- name: cache ngtcp2
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-ngtcp2
env:
cache-name: cache-ngtcp2
with:
path: /home/runner/ngtcp2/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.ngtcp2-version }}-${{ env.quictls-version }}-${{ env.gnutls-version }}-${{ env.wolfssl-version }}
fail-on-cache-miss: true
- name: cache nghttp2
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-nghttp2
env:
cache-name: cache-nghttp2
with:
path: /home/runner/nghttp2/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp2-version }}-${{ env.quictls-version }}-${{ env.ngtcp2-version }}-${{ env.nghttp3-version }}
fail-on-cache-miss: true
- name: cache openssl
if: matrix.build.name == 'openssl-quic'
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-openssl
env:
cache-name: cache-openssl
with:
path: /home/runner/openssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.openssl-version }}
- name: 'install openssl'
if: matrix.build.name == 'openssl-quic' && steps.cache-openssl.outputs.cache-hit != 'true'
run: |
git clone --quiet --depth=1 -b openssl-${{ env.openssl-version }} https://github.com/openssl/openssl
cd openssl
./config --prefix=$HOME/openssl/build no-makedepend no-apps no-docs no-tests
make
make -j1 install_sw
cat exporters/openssl.pc
- name: cache quiche
if: matrix.build.name == 'quiche'
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
id: cache-quiche
env:
cache-name: cache-quiche
with:
path: /home/runner/quiche
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quiche-version }}
- if: matrix.build.name == 'quiche' && steps.cache-quiche.outputs.cache-hit != 'true'
run: |
cd $HOME
git clone --quiet --depth=1 -b ${{ env.quiche-version }} --recursive https://github.com/cloudflare/quiche.git
cd quiche
#### Work-around https://github.com/curl/curl/issues/7927 #######
#### See https://github.com/alexcrichton/cmake-rs/issues/131 ####
sed -i -e 's/cmake = "0.1"/cmake = "=0.1.45"/' quiche/Cargo.toml
cargo build -v --package quiche --release --features ffi,pkg-config-meta,qlog --verbose
ln -s libquiche.so target/release/libquiche.so.0
mkdir -v quiche/deps/boringssl/src/lib
ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/
# include dir
# $HOME/quiche/quiche/deps/boringssl/src/include
# lib dir
# $HOME/quiche/quiche/deps/boringssl/src/lib
name: 'build quiche and boringssl'
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- run: autoreconf -fi
if: ${{ matrix.build.configure }}
name: 'autoreconf'
- name: 'configure'
run: |
if [ -n '${{ matrix.build.PKG_CONFIG_PATH }}' ]; then
export PKG_CONFIG_PATH="${{ matrix.build.PKG_CONFIG_PATH }}"
fi
if [ -n '${{ matrix.build.generate }}' ]; then
cmake -B . -G Ninja \
-DCMAKE_C_COMPILER_TARGET=$(uname -m)-pc-linux-gnu -DBUILD_STATIC_LIBS=ON \
-DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON -DCURL_WERROR=ON \
${{ matrix.build.generate }}
else
./configure --disable-dependency-tracking --enable-unity --enable-test-bundles --enable-warnings --enable-werror \
${{ matrix.build.configure }}
fi
- name: 'configure log'
if: ${{ !cancelled() }}
run: cat config.log CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true
- name: 'curl_config.h'
run: |
echo '::group::raw'; cat lib/curl_config.h || true; echo '::endgroup::'
grep -F '#define' lib/curl_config.h | sort || true
- name: 'test configs'
run: |
cat tests/config || true
cat tests/http/config.ini || true
- name: 'build'
run: |
if [ -n '${{ matrix.build.generate }}' ]; then
cmake --build . --verbose
else
make V=1
fi
- run: ./src/curl -V
name: 'check curl -V output'
- name: 'build tests'
run: |
if [ -n '${{ matrix.build.generate }}' ]; then
cmake --build . --verbose --target testdeps
else
make V=1 -C tests
fi
- name: 'install test prereqs'
run: |
source $HOME/venv/bin/activate
python3 -m pip install -r tests/requirements.txt
- name: 'run tests'
env:
TFLAGS: "${{ matrix.build.tflags }}"
run: |
source $HOME/venv/bin/activate
if [ -n '${{ matrix.build.generate }}' ]; then
cmake --build . --verbose --target test-ci
else
make V=1 test-ci
fi
- name: 'install pytest prereqs'
run: |
source $HOME/venv/bin/activate
python3 -m pip install -r tests/http/requirements.txt
- name: 'run pytest'
env:
TFLAGS: "${{ matrix.build.tflags }}"
CURL_CI: github
run: |
source $HOME/venv/bin/activate
if [ -n '${{ matrix.build.generate }}' ]; then
cmake --build . --verbose --target curl-pytest-ci
else
make V=1 pytest-ci
fi
- name: 'build examples'
run: |
if [ -n '${{ matrix.build.generate }}' ]; then
cmake --build . --verbose --target curl-examples
else
make V=1 examples
fi
Reference in New Issue View Git Blame Copy Permalink