-
Notifications
You must be signed in to change notification settings - Fork 40
156 lines (139 loc) · 5.74 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# Test the bindings using various OpenSSL versions
#
# For Linux / Windows, we cannot rely on the package manager,
# as each new release will come with a specific OpenSSL version,
# and we don't have control over this.
#
# Instead, this workflow installs an explicit version, builds it,
# and test the tls package with it.
name: CI
on: [push, pull_request]
jobs:
deps:
strategy:
matrix:
os: [ ubuntu-latest ]
openssl:
- version: 1.0.2u
link: https://www.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz
- version: 1.1.0l
link: https://www.openssl.org/source/old/1.1.0/openssl-1.1.0l.tar.gz
- version: 1.1.1o
link: https://www.openssl.org/source/openssl-1.1.1o.tar.gz
- version: 3.0.3
link: https://www.openssl.org/source/openssl-3.0.3.tar.gz
runs-on: ${{ matrix.os }}
timeout-minutes: 15
# Build the OpenSSL version if not already cached
steps:
- name: 'Looking up cache'
id: cache-openssl
uses: actions/cache@v1
with:
path: ${{ github.workspace }}/openssl/
key: ${{ runner.os }}-${{ runner.arch }}-${{ matrix.openssl.version }}
- name: 'Download and build OpenSSL ${{ matrix.openssl.version }}'
if: steps.cache-openssl.outputs.cache-hit != 'true'
run: |
mkdir -p ${{ github.workspace }}/openssl/
pushd ${{ github.workspace }}/openssl/
wget -O download.tar.gz ${{ matrix.openssl.link }}
tar -xf download.tar.gz
pushd openssl-${{ matrix.openssl.version }}/
./config --prefix=${{ github.workspace }}/openssl/install/
make install
echo "OpenSSL ${{ matrix.openssl.version }} has been installed in: ${{ github.workspace }}/openssl/install/"
# The previous job was separated to avoid a build once per matrix row,
# as opposed to once per platform / version as we want.
test:
needs: deps
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
dc:
- dmd-2.100.0
- ldc-1.29.0
openssl:
- version: 1.0.2u
lib-dir: lib
- version: 1.1.0l
lib-dir: lib
- version: 1.1.1o
lib-dir: lib
- version: 3.0.3
lib-dir: lib64
runs-on: ${{ matrix.os }}
timeout-minutes: 60
steps:
- uses: actions/checkout@v3
with:
path: deimos-openssl
- name: Prepare compiler
uses: dlang-community/setup-dlang@v1
with:
compiler: ${{ matrix.dc }}
# Checkout Vibe.d and its dependencies
#
# Do this before we remove the system OpenSSL, as `git clone` depends on it
# We fetch all dependencies but openssl early so we can use `--skip-registry=all`
# while building/testing, preventing dub from ever fetching the actual `openssl`
# package from the registry, which would make this job always succeed.
- name: 'Clone Vibe.d'
uses: actions/checkout@v3
with:
repository: 'vibe-d/vibe.d'
# Use a fixed ref to avoid random breakage due to upstream
# The first release compatible with this CI is v0.9.5-beta.2,
# feel free to update on new releases (commits can also be used).
ref: 'f9f122e71e679ca41130330a66b589e643fe23be'
path: 'vibe.d'
- name: 'Fetch Vibe.d dependencies'
run: |
# Versions are pinned to avoid upstream change breaking the CI
# When updating the Vibe.d version used, make sure to update this as well.
dub fetch 'vibe-core@==1.22.6'
dub fetch 'memutils@==1.0.5'
dub fetch 'taggedalgebraic@==0.11.22'
dub fetch 'botan-math@==1.0.3'
dub fetch 'stdx-allocator@==2.77.5'
dub fetch 'botan@==1.12.19'
dub fetch 'eventcore@==0.9.22'
dub fetch 'libasync@==0.8.6'
# Restore or install build openssl version
- name: 'Restore openssl from cache'
id: lookup-openssl
uses: actions/cache@v1
with:
path: ${{ github.workspace }}/openssl/
key: ${{ runner.os }}-${{ runner.arch }}-${{ matrix.openssl.version }}
- name: 'Make sure OpenSSL was loaded from cache'
if: steps.lookup-openssl.outputs.cache-hit != 'true'
run: exit 1
- name: 'Remove OpenSSL package, export env variables'
run: |
sudo apt-get remove -y libssl-dev
echo "PKG_CONFIG_PATH=${{ github.workspace }}/openssl/install/${{ matrix.openssl.lib-dir }}/pkgconfig/" >> $GITHUB_ENV
echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${{ github.workspace }}/openssl/install/${{ matrix.openssl.lib-dir }}/" >> $GITHUB_ENV
- name: 'Run tests'
run: |
echo "pkg-config uses: $(pkg-config --modversion openssl)"
if [ `pkg-config --modversion openssl` != "${{ matrix.openssl.version }}" ]; then
echo "Expected version '${{ matrix.openssl.version }}' but got `pkg-config --modversion openssl`"
exit 1
fi
# We don't checkout in $GITHUB_WORKSPACE to avoid polluting the repository with artifacts,
# e.g. the C openssl library or Vibe.d
cd ${{ github.workspace }}/deimos-openssl/
cd examples/sslecho/
${{ github.workspace }}/openssl/install/bin/openssl req -batch -newkey rsa:4096 -x509 -sha256 -days 3650 -subj "/C=GB/CN=localhost" -nodes -out cert.pem -keyout key.pem
dub build
# TODO: FIXME: This currently does not work because certificate verification fails (works on my machine).
# But at least it links, which is a good starting point.
#$DC -run test.d
- name: 'Test with Vibe.d'
if: matrix.openssl.version != '1.0.2u'
run: |
dub add-local ${{ github.workspace }}/deimos-openssl/ 3.42.0
cd ${{ github.workspace }}/vibe.d/
dub test --skip-registry=all :tls