lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-07-20 18:02:59 +03:00
Code Activity

GHA: fix zizmor and shellcheck warnings, verify in CI

Browse Source 
Closes #1609
This commit is contained in:
Viktor Szakats
2025-06-06 10:54:35 +02:00
parent d8ae40bad0
commit d7cf63bb05
4 changed files with 282 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
.github/workflows/appveyor_docker.yml vendored
View File

@ -52,6 +52,13 @@ jobs:
daemon:
runs-on: ubuntu-latest
timeout-minutes: 60
env:
SSH_HOST: '${{ github.event.inputs.ssh_host }}'
SSH_PORT: '${{ github.event.inputs.ssh_port }}'
SSH_USER: '${{ github.event.inputs.ssh_user }}'
SSH_FORWARD: '${{ github.event.inputs.ssh_forward }}'
SSH_HOSTKEY: '${{ github.event.inputs.ssh_hostkey }}'
SSH_PRIVKEY: '${{ github.event.inputs.ssh_privkey }}'
steps:
- name: Setup SSH client configuration
run: |
@ -60,15 +67,17 @@ jobs:
install -m 0600 /dev/null .ssh/config
{
echo 'ServerAliveInterval 45'
echo 'Host ${{ github.event.inputs.ssh_host }}'
echo '${{ github.event.inputs.ssh_forward }}' | sed 's/,/\n/g' | sed 's/^/ RemoteForward /g'
echo "Host ${SSH_HOST}"
# shellcheck disable=SC2001
echo "${SSH_FORWARD}" | sed 's/,/\n/g' | sed 's/^/ RemoteForward /g'
} | tee -a .ssh/config
install -m 0600 /dev/null .ssh/known_hosts
echo '${{ github.event.inputs.ssh_host }} ${{ github.event.inputs.ssh_hostkey }}' | sed 's/,/\n${{ github.event.inputs.ssh_host }} /g' | tee -a .ssh/known_hosts
echo "${SSH_HOST} ${SSH_HOSTKEY}" | sed "s/,/\n${SSH_HOST} /g" | tee -a .ssh/known_hosts
install -m 0600 /dev/null .ssh/id_rsa
echo '${{ github.event.inputs.ssh_privkey }}' | sed 's/,/\n/g' >> .ssh/id_rsa
# shellcheck disable=SC2001
echo "${SSH_PRIVKEY}" | sed 's/,/\n/g' >> .ssh/id_rsa
# we sleep explicitly to allow the remote system to kill the sleep process
- name: Connect to AppVeyor and sleep
run: |
ssh -v -p ${{ github.event.inputs.ssh_port }} ${{ github.event.inputs.ssh_user }}@${{ github.event.inputs.ssh_host }} sleep 1h
ssh -v -p "${SSH_PORT}" "${SSH_USER}@${SSH_HOST}" sleep 1h

468
.github/workflows/ci.yml vendored
View File

@ -28,16 +28,6 @@ jobs:
- name: 'checksrc'
run: ./ci/checksrc.sh
shellcheck:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: 'shellcheck'
run: ./ci/shellcheck.sh
spellcheck:
runs-on: ubuntu-latest
steps:
@ -49,6 +39,40 @@ jobs:
- name: 'spellcheck'
run: ./ci/spellcheck.sh
shellcheck:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: 'shellcheck'
run: ./ci/shellcheck.sh
cicheck:
runs-on: macos-latest
timeout-minutes: 1
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: 'install prereqs'
run: brew install shellcheck zizmor
- name: 'zizmor GHA'
run: zizmor --pedantic .github/workflows/*.yml
- name: 'shellcheck'
run: |
shellcheck --version
export SHELLCHECK_OPTS='--exclude=1090,1091,2086,2153 --enable=avoid-nullary-conditions,deprecate-which'
git ls-files '.github/workflows/*.yml' | while read -r f; do
echo "Verifying ${f}..."
{
echo '#!/usr/bin/env bash'
echo 'set -eu'
yq eval '.. | select(has("run") and (.run | type == "!!str")) | .run + "\ntrue\n"' "${f}"
} | sed -E 's|\$\{\{ .+ \}\}|GHA_EXPRESSION|g' | shellcheck -
done
build_integration:
name: 'integration on ${{ matrix.image }}'
runs-on: ${{ matrix.image }}
@ -58,7 +82,8 @@ jobs:
shell: ${{ contains(matrix.image, 'windows') && 'msys2 {0}' || 'bash' }}
env:
CC: ${{ !contains(matrix.image, 'windows') && 'clang' || '' }}
old-cmake-version: 3.11.4
MATRIX_IMAGE: '${{ matrix.image }}'
OLD_CMAKE_VERSION: 3.11.4
strategy:
fail-fast: false
matrix:
@ -77,26 +102,26 @@ jobs:
- name: 'install packages'
run: |
if [[ '${{ matrix.image }}' = *'windows'* ]]; then
cd "${HOME}" || exit 1
if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location 'https://github.com/Kitware/CMake/releases/download/v${{ env.old-cmake-version }}/cmake-${{ env.old-cmake-version }}-win64-x64.zip' --output bin.zip
--location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-win64-x64.zip" --output bin.zip
unzip -q bin.zip
rm -f bin.zip
printf '%s' "${HOME}/cmake-${{ env.old-cmake-version }}-win64-x64/bin/cmake.exe" > "${HOME}/old-cmake-path.txt"
elif [[ '${{ matrix.image }}' = *'ubuntu'* ]]; then
printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-win64-x64/bin/cmake.exe > ~/old-cmake-path.txt
elif [[ "${MATRIX_IMAGE}" = *'ubuntu'* ]]; then
sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -o Dpkg::Use-Pty=0 install libgcrypt-dev libssl-dev libmbedtls-dev libwolfssl-dev
cd "${HOME}" || exit 1
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location https://github.com/Kitware/CMake/releases/download/v${{ env.old-cmake-version }}/cmake-${{ env.old-cmake-version }}-Linux-x86_64.tar.gz | tar -xzf -
printf '%s' "$PWD/cmake-${{ env.old-cmake-version }}-Linux-x86_64/bin/cmake" > "${HOME}/old-cmake-path.txt"
--location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-Linux-x86_64.tar.gz" | tar -xz
printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-Linux-x86_64/bin/cmake > ~/old-cmake-path.txt
else
brew install libgcrypt openssl mbedtls wolfssl
cd "${HOME}" || exit 1
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location https://github.com/Kitware/CMake/releases/download/v${{ env.old-cmake-version }}/cmake-${{ env.old-cmake-version }}-Darwin-x86_64.tar.gz | tar -xzf -
printf '%s' "$PWD/cmake-${{ env.old-cmake-version }}-Darwin-x86_64/CMake.app/Contents/bin/cmake" > "${HOME}/old-cmake-path.txt"
--location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-Darwin-x86_64.tar.gz" | tar -xz
printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-Darwin-x86_64/CMake.app/Contents/bin/cmake > ~/old-cmake-path.txt
fi
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
@ -121,23 +146,23 @@ jobs:
- name: 'via add_subdirectory OpenSSL (old cmake)'
run: |
export TEST_CMAKE_CONSUMER="$(cat "${HOME}/old-cmake-path.txt")"
[[ '${{ matrix.image }}' = *'macos'* ]] && export CFLAGS='-arch arm64'
if [[ '${{ matrix.image }}' = *'windows'* ]]; then
export TEST_CMAKE_CONSUMER; TEST_CMAKE_CONSUMER="$(cat ~/old-cmake-path.txt)"
[[ "${MATRIX_IMAGE}" = *'macos'* ]] && export CFLAGS='-arch arm64'
if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then
export TEST_CMAKE_GENERATOR='MSYS Makefiles'
export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DOPENSSL_ROOT_DIR=C:/msys64/mingw64'
fi
./tests/cmake/test.sh add_subdirectory -DCRYPTO_BACKEND=OpenSSL ${options}
./tests/cmake/test.sh add_subdirectory -DCRYPTO_BACKEND=OpenSSL
- name: 'via find_package OpenSSL (old cmake)'
run: |
export TEST_CMAKE_CONSUMER="$(cat "${HOME}/old-cmake-path.txt")"
[[ '${{ matrix.image }}' = *'macos'* ]] && export CFLAGS='-arch arm64'
if [[ '${{ matrix.image }}' = *'windows'* ]]; then
export TEST_CMAKE_CONSUMER; TEST_CMAKE_CONSUMER="$(cat ~/old-cmake-path.txt)"
[[ "${MATRIX_IMAGE}" = *'macos'* ]] && export CFLAGS='-arch arm64'
if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then
export TEST_CMAKE_GENERATOR='MSYS Makefiles'
export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DOPENSSL_ROOT_DIR=C:/msys64/mingw64'
fi
./tests/cmake/test.sh find_package -DCRYPTO_BACKEND=OpenSSL ${options}
./tests/cmake/test.sh find_package -DCRYPTO_BACKEND=OpenSSL
build_linux:
name: 'linux'
@ -234,34 +259,38 @@ jobs:
options: --disable-static
env:
CC: ${{ matrix.compiler == 'clang-tidy' && 'clang' || matrix.compiler }}
mbedtls-version: 3.6.2
wolfssl-version: 5.7.4
wolfssl-version-prev: 5.5.4
boringssl-version: 0.20250114.0
awslc-version: 1.46.1
libressl-version: 4.0.0
openssl-version: 3.4.0
openssl111-version: 1.1.1w
openssl110-version: 1.1.0l
openssl102-version: 1.0.2u
MATRIX_ARCH: '${{ matrix.arch }}'
MATRIX_CRYPTO: '${{ matrix.crypto }}'
MATRIX_OPTIONS: '${{ matrix.options }}'
MATRIX_ZLIB: '${{ matrix.zlib }}'
MBEDTLS_VERSION: 3.6.2
WOLFSSL_VERSION: 5.7.4
WOLFSSL_VERSION_PREV: 5.5.4
BORINGSSL_VERSION: 0.20250114.0
AWSLC_VERSION: 1.46.1
LIBRESSL_VERSION: 4.0.0
OPENSSL_VERSION: 3.4.0
OPENSSL111_VERSION: 1.1.1w
OPENSSL110_VERSION: 1.1.0l
OPENSSL102_VERSION: 1.0.2u
steps:
- name: 'install architecture'
if: ${{ matrix.arch != 'amd64' }}
run: |
sudo dpkg --add-architecture '${{ matrix.arch }}'
sudo dpkg --add-architecture "${MATRIX_ARCH}"
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo apt-get -o Dpkg::Use-Pty=0 update
sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -o Dpkg::Use-Pty=0 install gcc-multilib build-essential zlib1g-dev:${{ matrix.arch }}
sudo apt-get -o Dpkg::Use-Pty=0 install gcc-multilib build-essential zlib1g-dev:"${MATRIX_ARCH}"
- name: 'install packages'
run: |
[ '${{ matrix.crypto }}' = 'OpenSSL' ] && pkg='libssl-dev'
[ '${{ matrix.crypto }}' = 'Libgcrypt' ] && pkg='libgcrypt-dev'
[ '${{ matrix.crypto }}' = 'mbedTLS' ] && pkg='libmbedtls-dev'
[ '${{ matrix.crypto }}' = 'wolfSSL' ] && pkg='libwolfssl-dev'
[ "${MATRIX_CRYPTO}" = 'OpenSSL' ] && pkg='libssl-dev'
[ "${MATRIX_CRYPTO}" = 'Libgcrypt' ] && pkg='libgcrypt-dev'
[ "${MATRIX_CRYPTO}" = 'mbedTLS' ] && pkg='libmbedtls-dev'
[ "${MATRIX_CRYPTO}" = 'wolfSSL' ] && pkg='libwolfssl-dev'
if [ -n "${pkg}" ]; then
sudo apt-get -o Dpkg::Use-Pty=0 install "${pkg}:${{ matrix.arch }}"
sudo apt-get -o Dpkg::Use-Pty=0 install "${pkg}:${MATRIX_ARCH}"
fi
- name: 'cache mbedTLS'
@ -270,40 +299,37 @@ jobs:
id: cache-mbedtls
with:
path: ~/usr
key: ${{ runner.os }}-mbedtls-${{ env.mbedtls-version }}-${{ matrix.arch }}
key: ${{ runner.os }}-mbedtls-${{ env.MBEDTLS_VERSION }}-${{ matrix.arch }}
- name: 'install mbedTLS from source'
if: ${{ matrix.crypto == 'mbedTLS-from-source' }}
if: ${{ matrix.crypto == 'mbedTLS-from-source' && !steps.cache-mbedtls.outputs.cache-hit }}
run: |
if [ '${{ steps.cache-mbedtls.outputs.cache-hit }}' != 'true' ]; then
curl -fsS -L https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${{ env.mbedtls-version }}/mbedtls-${{ env.mbedtls-version }}.tar.bz2 | tar -xjf -
cd mbedtls-${{ env.mbedtls-version }}
if [ '${{ matrix.arch }}' = 'i386' ]; then
crossoptions='-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_VERSION=1 -DCMAKE_SYSTEM_PROCESSOR=${{ matrix.arch }}'
cflags='-m32 -mpclmul -msse2 -maes'
fi
cmake -B . -G Ninja ${crossoptions} \
-DCMAKE_C_FLAGS="${cflags}" \
-DENABLE_PROGRAMS=OFF \
-DENABLE_TESTING=OFF \
-DUSE_STATIC_MBEDTLS_LIBRARY=OFF \
-DUSE_SHARED_MBEDTLS_LIBRARY=ON \
-DCMAKE_INSTALL_PREFIX="$HOME/usr"
cmake --build . --parallel 5
cmake --install .
cd ..
curl -fsS -L "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" | tar -xj
cd "mbedtls-${MBEDTLS_VERSION}"
if [ "${MATRIX_ARCH}" = 'i386' ]; then
crossoptions="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_VERSION=1 -DCMAKE_SYSTEM_PROCESSOR=${MATRIX_ARCH}"
cflags='-m32 -mpclmul -msse2 -maes'
fi
cmake -B . -G Ninja ${crossoptions} \
-DCMAKE_C_FLAGS="${cflags}" \
-DENABLE_PROGRAMS=OFF \
-DENABLE_TESTING=OFF \
-DUSE_STATIC_MBEDTLS_LIBRARY=OFF \
-DUSE_SHARED_MBEDTLS_LIBRARY=ON \
-DCMAKE_INSTALL_PREFIX="$HOME"/usr
cmake --build . --parallel 5
cmake --install .
- name: 'install wolfSSL from source'
if: ${{ startsWith(matrix.crypto, 'wolfSSL-from-source') }}
run: |
if [ '${{ matrix.crypto }}' = 'wolfSSL-from-source' ]; then
WOLFSSLVER=${{ env.wolfssl-version }}
if [ "${MATRIX_CRYPTO}" = 'wolfSSL-from-source' ]; then
WOLFSSLVER="${WOLFSSL_VERSION}"
else
WOLFSSLVER=${{ env.wolfssl-version-prev }}
WOLFSSLVER="${WOLFSSL_VERSION_PREV}"
options='-DWOLFSSL_OPENSSLEXTRA=ON'
fi
curl -fsS -L https://github.com/wolfSSL/wolfssl/archive/refs/tags/v$WOLFSSLVER-stable.tar.gz | tar -xzf -
curl -fsS -L https://github.com/wolfSSL/wolfssl/archive/refs/tags/v$WOLFSSLVER-stable.tar.gz | tar -xz
cd wolfssl-$WOLFSSLVER-stable
cmake -B bld -G Ninja ${options} \
-DWOLFSSL_LIBSSH2=ON \
@ -313,7 +339,7 @@ jobs:
-DWOLFSSL_CRYPT_TESTS=OFF \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-DCMAKE_C_FLAGS='-DWOLFSSL_AESGCM_STREAM' \
-DCMAKE_INSTALL_PREFIX="$HOME/usr"
-DCMAKE_INSTALL_PREFIX="$HOME"/usr
cmake --build bld --parallel 5
cmake --install bld
cd ..
@ -324,25 +350,22 @@ jobs:
id: cache-boringssl
with:
path: ~/usr
key: ${{ runner.os }}-boringssl-${{ env.boringssl-version }}-${{ matrix.arch }}
key: ${{ runner.os }}-boringssl-${{ env.BORINGSSL_VERSION }}-${{ matrix.arch }}
- name: 'install BoringSSL from source'
if: ${{ matrix.crypto == 'BoringSSL' }}
if: ${{ matrix.crypto == 'BoringSSL' && !steps.cache-boringssl.outputs.cache-hit }}
run: |
if [ '${{ steps.cache-boringssl.outputs.cache-hit }}' != 'true' ]; then
mkdir boringssl
cd boringssl
curl -fsS https://boringssl.googlesource.com/boringssl/+archive/${{ env.boringssl-version }}.tar.gz | tar -xzf -
# Skip tests to finish the build faster
echo 'set_target_properties(decrepit bssl_shim test_fips boringssl_gtest test_support_lib urandom_test crypto_test ssl_test decrepit_test all_tests pki pki_test run_tests PROPERTIES EXCLUDE_FROM_ALL TRUE)' >> ./CMakeLists.txt
cmake -B . -G Ninja \
-DOPENSSL_SMALL=ON \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-DCMAKE_INSTALL_PREFIX="$HOME/usr"
cmake --build . --parallel 5
cmake --install .
cd ..
fi
mkdir boringssl
cd boringssl
curl -fsS "https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" | tar -xz
# Skip tests to finish the build faster
echo 'set_target_properties(decrepit bssl_shim test_fips boringssl_gtest test_support_lib urandom_test crypto_test ssl_test decrepit_test all_tests pki pki_test run_tests PROPERTIES EXCLUDE_FROM_ALL TRUE)' >> ./CMakeLists.txt
cmake -B . -G Ninja \
-DOPENSSL_SMALL=ON \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-DCMAKE_INSTALL_PREFIX="$HOME"/usr
cmake --build . --parallel 5
cmake --install .
- name: 'cache AWS-LC'
if: ${{ matrix.crypto == 'AWS-LC' }}
@ -350,20 +373,17 @@ jobs:
id: cache-aws-lc
with:
path: ~/usr
key: ${{ runner.os }}-aws-lc-${{ env.awslc-version }}-${{ matrix.arch }}
key: ${{ runner.os }}-aws-lc-${{ env.AWSLC_VERSION }}-${{ matrix.arch }}
- name: 'install AWS-LC from source'
if: ${{ matrix.crypto == 'AWS-LC' }}
if: ${{ matrix.crypto == 'AWS-LC' && !steps.cache-aws-lc.outputs.cache-hit }}
run: |
if [ '${{ steps.cache-aws-lc.outputs.cache-hit }}' != 'true' ]; then
mkdir aws-lc
cd aws-lc
curl -fsS -L https://github.com/aws/aws-lc/archive/refs/tags/v${{ env.awslc-version }}.tar.gz | tar -xzf -
cmake aws-lc-${{ env.awslc-version }} -B . -DCMAKE_INSTALL_PREFIX="$HOME/usr"
cmake --build . --parallel 5
cmake --install .
cd ..
fi
mkdir aws-lc
cd aws-lc
curl -fsS -L "https://github.com/aws/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" | tar -xz
cmake "aws-lc-${AWSLC_VERSION}" -B . -DCMAKE_INSTALL_PREFIX="$HOME"/usr
cmake --build . --parallel 5
cmake --install .
- name: 'cache LibreSSL'
if: ${{ matrix.crypto == 'LibreSSL' }}
@ -371,22 +391,19 @@ jobs:
id: cache-libressl
with:
path: ~/usr
key: ${{ runner.os }}-libressl-${{ env.libressl-version }}-${{ matrix.arch }}
key: ${{ runner.os }}-libressl-${{ env.LIBRESSL_VERSION }}-${{ matrix.arch }}
- name: 'install LibreSSL from source'
if: ${{ matrix.crypto == 'LibreSSL' }}
if: ${{ matrix.crypto == 'LibreSSL' && !steps.cache-libressl.outputs.cache-hit }}
run: |
if [ '${{ steps.cache-libressl.outputs.cache-hit }}' != 'true' ]; then
curl -fsS -L https://github.com/libressl/portable/releases/download/v${{ env.libressl-version }}/libressl-${{ env.libressl-version }}.tar.gz | tar -xzf -
cd libressl-${{ env.libressl-version }}
cmake -B . -G Ninja \
-DLIBRESSL_APPS=OFF \
-DLIBRESSL_TESTS=OFF \
-DCMAKE_INSTALL_PREFIX="$HOME/usr"
cmake --build . --parallel 5
cmake --install .
cd ..
fi
curl -fsS -L "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" | tar -xz
cd "libressl-${LIBRESSL_VERSION}"
cmake -B . -G Ninja \
-DLIBRESSL_APPS=OFF \
-DLIBRESSL_TESTS=OFF \
-DCMAKE_INSTALL_PREFIX="$HOME"/usr
cmake --build . --parallel 5
cmake --install .
- name: 'cache OpenSSL'
if: ${{ matrix.crypto == 'OpenSSL-3-no-deprecated' }}
@ -394,20 +411,17 @@ jobs:
id: cache-openssl
with:
path: ~/usr
key: ${{ runner.os }}-openssl-${{ env.openssl-version }}-${{ matrix.arch }}
key: ${{ runner.os }}-openssl-${{ env.OPENSSL_VERSION }}-${{ matrix.arch }}
- name: 'install OpenSSL from source'
if: ${{ matrix.crypto == 'OpenSSL-3-no-deprecated' }}
if: ${{ matrix.crypto == 'OpenSSL-3-no-deprecated' && !steps.cache-openssl.outputs.cache-hit }}
run: |
if [ '${{ steps.cache-openssl.outputs.cache-hit }}' != 'true' ]; then
curl -fsS -L https://github.com/openssl/openssl/releases/download/openssl-${{ env.openssl-version }}/openssl-${{ env.openssl-version }}.tar.gz | tar -xzf -
cd openssl-${{ env.openssl-version }}
./Configure no-deprecated \
no-apps no-docs no-tests no-makedepend \
no-comp no-quic no-legacy --prefix="$HOME/usr"
make -j5 install_sw
cd ..
fi
curl -fsS -L "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" | tar -xz
cd "openssl-${OPENSSL_VERSION}"
./Configure no-deprecated \
no-apps no-docs no-tests no-makedepend \
no-comp no-quic no-legacy --prefix="$HOME"/usr
make -j5 install_sw
- name: 'cache OpenSSL 1.1.1'
if: ${{ matrix.crypto == 'OpenSSL-111-from-source' }}
@ -415,19 +429,16 @@ jobs:
id: cache-openssl111
with:
path: ~/usr
key: ${{ runner.os }}-openssl-${{ env.openssl111-version }}-${{ matrix.arch }}
key: ${{ runner.os }}-openssl-${{ env.OPENSSL111_VERSION }}-${{ matrix.arch }}
- name: 'install OpenSSL 1.1.1 from source'
if: ${{ matrix.crypto == 'OpenSSL-111-from-source' }}
if: ${{ matrix.crypto == 'OpenSSL-111-from-source' && !steps.cache-openssl111.outputs.cache-hit }}
run: |
if [ '${{ steps.cache-openssl111.outputs.cache-hit }}' != 'true' ]; then
curl -fsS -L https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-${{ env.openssl111-version }}.tar.gz | tar -xzf -
cd openssl-${{ env.openssl111-version }}
./config no-unit-test no-makedepend --prefix="$HOME/usr" no-tests
make -j5
make -j1 install_sw
cd ..
fi
curl -fsS -L "https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-${OPENSSL111_VERSION}.tar.gz" | tar -xz
cd "openssl-${OPENSSL111_VERSION}"
./config no-unit-test no-makedepend --prefix="$HOME"/usr no-tests
make -j5
make -j1 install_sw
- name: 'cache OpenSSL 1.1.0'
if: ${{ matrix.crypto == 'OpenSSL-110-from-source' }}
@ -435,19 +446,16 @@ jobs:
id: cache-openssl110
with:
path: ~/usr
key: ${{ runner.os }}-openssl-${{ env.openssl110-version }}-${{ matrix.arch }}
key: ${{ runner.os }}-openssl-${{ env.OPENSSL110_VERSION }}-${{ matrix.arch }}
- name: 'install OpenSSL 1.1.0 from source'
if: ${{ matrix.crypto == 'OpenSSL-110-from-source' }}
if: ${{ matrix.crypto == 'OpenSSL-110-from-source' && !steps.cache-openssl110.outputs.cache-hit }}
run: |
if [ '${{ steps.cache-openssl110.outputs.cache-hit }}' != 'true' ]; then
curl -fsS -L https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_0l/openssl-${{ env.openssl110-version }}.tar.gz | tar -xzf -
cd openssl-${{ env.openssl110-version }}
./config no-unit-test no-makedepend --prefix="$HOME/usr"
make -j5
make -j1 install_sw
cd ..
fi
curl -fsS -L "https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_0l/openssl-${OPENSSL110_VERSION}.tar.gz" | tar -xz
cd "openssl-${OPENSSL110_VERSION}"
./config no-unit-test no-makedepend --prefix="$HOME"/usr
make -j5
make -j1 install_sw
- name: 'cache OpenSSL 1.0.2'
if: ${{ matrix.crypto == 'OpenSSL-102-from-source' }}
@ -455,19 +463,16 @@ jobs:
id: cache-openssl102
with:
path: ~/usr
key: ${{ runner.os }}-openssl-${{ env.openssl102-version }}-${{ matrix.arch }}
key: ${{ runner.os }}-openssl-${{ env.OPENSSL102_VERSION }}-${{ matrix.arch }}
- name: 'install OpenSSL 1.0.2 from source'
if: ${{ matrix.crypto == 'OpenSSL-102-from-source' }}
if: ${{ matrix.crypto == 'OpenSSL-102-from-source' && !steps.cache-openssl102.outputs.cache-hit }}
run: |
if [ '${{ steps.cache-openssl102.outputs.cache-hit }}' != 'true' ]; then
curl -fsS -L https://github.com/openssl/openssl/releases/download/OpenSSL_1_0_2u/openssl-${{ env.openssl102-version }}.tar.gz | tar -xzf -
cd openssl-${{ env.openssl102-version }}
./config no-unit-test no-makedepend --prefix="$HOME/usr" -fPIC
make -j5
make -j1 install_sw
cd ..
fi
curl -fsS -L "https://github.com/openssl/openssl/releases/download/OpenSSL_1_0_2u/openssl-${OPENSSL102_VERSION}.tar.gz" | tar -xz
cd "openssl-${OPENSSL102_VERSION}"
./config no-unit-test no-makedepend --prefix="$HOME"/usr -fPIC
make -j5
make -j1 install_sw
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
@ -478,12 +483,13 @@ jobs:
- name: 'autotools configure'
if: ${{ matrix.build == 'autotools' && matrix.target != 'maketgz' }}
run: |
if [ '${{ matrix.arch }}' = 'i386' ]; then
if [ "${MATRIX_ARCH}" = 'i386' ]; then
crossoptions='--host=i686-pc-linux-gnu'
export CFLAGS=-m32
fi
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \
${crossoptions} ${{ matrix.options }} \
mkdir bld && cd bld
../configure --enable-werror --enable-debug \
${crossoptions} ${MATRIX_OPTIONS} \
--disable-dependency-tracking || { tail -n 1000 config.log; false; }
- name: 'autotools build'
@ -503,7 +509,7 @@ jobs:
run: |
export SOURCE_DATE_EPOCH=1711526400
./configure --enable-werror --disable-debug \
${{ matrix.options }} --disable-dependency-tracking
${MATRIX_OPTIONS} --disable-dependency-tracking
./maketgz 99.98.97
# Test reproducibility
mkdir run1; mv ./libssh2-99.98.97.* run1/
@ -514,38 +520,40 @@ jobs:
# Test build from tarball
tar -xvf libssh2-99.98.97.tar.gz
cd libssh2-99.98.97
./configure --enable-werror --enable-debug --prefix="${HOME}/temp" \
${{ matrix.options }} --disable-dependency-tracking
./configure --enable-werror --enable-debug --prefix="$HOME"/temp \
${MATRIX_OPTIONS} --disable-dependency-tracking
make -j5 install
cd ..
# Verify install
diff -u <(find docs -name '*.3' -printf '%f\n' | grep -v template | sort) <(find "${HOME}/temp/share/man/man3" -name '*.3' -printf '%f\n' | sort)
diff -u <(find include -name '*.h' -printf '%f\n' | sort) <(find "${HOME}/temp/include" -name '*.h' -printf '%f\n' | sort)
diff -u <(find docs -name '*.3' -printf '%f\n' | grep -v template | sort) <(find "$HOME"/temp/share/man/man3 -name '*.3' -printf '%f\n' | sort)
diff -u <(find include -name '*.h' -printf '%f\n' | sort) <(find "$HOME"/temp/include -name '*.h' -printf '%f\n' | sort)
rm -rf libssh2-99.98.97
- name: 'cmake configure'
if: ${{ matrix.build == 'cmake' }}
env:
MATRIX_COMPILER: '${{ matrix.compiler }}'
run: |
if [ '${{ matrix.crypto }}' = 'BoringSSL' ] || \
[ '${{ matrix.crypto }}' = 'AWS-LC' ] || \
[ '${{ matrix.crypto }}' = 'LibreSSL' ] || \
[[ '${{ matrix.crypto }}' = 'OpenSSL-'* ]]; then
if [ "${MATRIX_CRYPTO}" = 'BoringSSL' ] || \
[ "${MATRIX_CRYPTO}" = 'AWS-LC' ] || \
[ "${MATRIX_CRYPTO}" = 'LibreSSL' ] || \
[[ "${MATRIX_CRYPTO}" = 'OpenSSL-'* ]]; then
crypto='OpenSSL'
elif [[ '${{ matrix.crypto }}' = 'mbedTLS-'* ]]; then
elif [[ "${MATRIX_CRYPTO}" = 'mbedTLS-'* ]]; then
crypto='mbedTLS'
elif [[ '${{ matrix.crypto }}' = 'wolfSSL-'* ]]; then
elif [[ "${MATRIX_CRYPTO}" = 'wolfSSL-'* ]]; then
crypto='wolfSSL'
else
crypto='${{ matrix.crypto }}'
crypto="${MATRIX_CRYPTO}"
fi
[ -d "$HOME/usr" ] && options+=" -DCMAKE_PREFIX_PATH=$HOME/usr"
[ '${{ matrix.arch }}' = 'i386' ] && options+=' -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_VERSION=1 -DCMAKE_SYSTEM_PROCESSOR=${{ matrix.arch }} -DCMAKE_C_FLAGS=-m32'
[ -d "$HOME"/usr ] && options+=" -DCMAKE_PREFIX_PATH=$HOME/usr"
[ "${MATRIX_ARCH}" = 'i386' ] && options+=" -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_VERSION=1 -DCMAKE_SYSTEM_PROCESSOR=${MATRIX_ARCH} -DCMAKE_C_FLAGS=-m32"
[ "${MATRIX_COMPILER}" = 'clang-tidy' ] && options+=' -DLIBSSH2_CLANG_TIDY=ON'
cmake -B bld -G Ninja ${options} $TOOLCHAIN_OPTION \
-DCMAKE_UNITY_BUILD=ON \
-DENABLE_WERROR=ON \
-DCRYPTO_BACKEND=${crypto} \
-DENABLE_ZLIB_COMPRESSION=${{ matrix.zlib }} \
${{ matrix.compiler == 'clang-tidy' && '-DLIBSSH2_CLANG_TIDY=ON' || '' }} \
-DENABLE_ZLIB_COMPRESSION="${MATRIX_ZLIB}" \
|| { cat bld/CMakeFiles/CMake*.yaml; false; }
- name: 'cmake build'
@ -555,8 +563,8 @@ jobs:
if: ${{ matrix.build == 'cmake' }}
timeout-minutes: 10
run: |
export OPENSSH_SERVER_IMAGE=ghcr.io/libssh2/ci_tests_openssh_server:$(git rev-parse --short=20 HEAD:tests/openssh_server)
[ -d "$HOME/usr" ] && export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$HOME/usr/lib"
export OPENSSH_SERVER_IMAGE; OPENSSH_SERVER_IMAGE=ghcr.io/libssh2/ci_tests_openssh_server:$(git rev-parse --short=20 HEAD:tests/openssh_server)
[ -d "$HOME"/usr ] && export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$HOME/usr/lib"
cd bld && ctest -VV --output-on-failure
build_linux_cross_mingw64:
@ -573,12 +581,15 @@ jobs:
env:
MAKEFLAGS: -j 5
TRIPLET: 'x86_64-w64-mingw32'
MATRIX_BUILD: '${{ matrix.build }}'
steps:
- name: 'install packages'
env:
INSTALL_PACKAGES: ${{ matrix.compiler == 'clang-tidy' && 'clang' || '' }}
run: |
sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -o Dpkg::Use-Pty=0 install mingw-w64 \
${{ matrix.compiler == 'clang-tidy' && 'clang' || '' }}
${INSTALL_PACKAGES}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
@ -589,9 +600,11 @@ jobs:
run: autoreconf -fi
- name: 'configure'
env:
MATRIX_COMPILER: '${{ matrix.compiler }}'
run: |
if [ '${{ matrix.build }}' = 'cmake' ]; then
if [ '${{ matrix.compiler }}' = 'clang-tidy' ]; then
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
if [ "${MATRIX_COMPILER}" = 'clang-tidy' ]; then
options+=' -DLIBSSH2_CLANG_TIDY=ON'
options+=' -DCMAKE_C_COMPILER=clang'
options+=" -DCMAKE_RC_COMPILER=llvm-windres-$(clang -dumpversion | cut -d '.' -f 1)"
@ -600,13 +613,14 @@ jobs:
fi
cmake -B bld -G Ninja \
-DCMAKE_SYSTEM_NAME=Windows \
-DCMAKE_C_COMPILER_TARGET=${TRIPLET} \
-DCMAKE_C_COMPILER_TARGET="${TRIPLET}" \
-DCMAKE_UNITY_BUILD=ON \
-DENABLE_WERROR=ON \
${options} \
|| { cat bld/CMakeFiles/CMake*.yaml; false; }
else
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \
mkdir bld && cd bld
../configure --enable-werror --enable-debug \
--host="${TRIPLET}" \
--disable-dependency-tracking \
|| { tail -n 1000 config.log; false; }
@ -614,7 +628,7 @@ jobs:
- name: 'build'
run: |
if [ '${{ matrix.build }}' = 'cmake' ]; then
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
cmake --build bld
else
make -C bld
@ -650,9 +664,10 @@ jobs:
timeout-minutes: 10
shell: D:\cygwin\bin\bash.exe '{0}'
run: |
export PATH="/usr/bin:$(cygpath ${SYSTEMROOT})/System32"
PATH="/usr/bin:$(cygpath ${SYSTEMROOT})/System32"
autoreconf -fi
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \
mkdir bld && cd bld
../configure --enable-werror --enable-debug \
--with-crypto=openssl \
--disable-docker-tests \
--disable-dependency-tracking || { tail -n 1000 config.log; false; }
@ -664,7 +679,7 @@ jobs:
timeout-minutes: 10
shell: D:\cygwin\bin\bash.exe '{0}'
run: |
export PATH="/usr/bin:$(cygpath ${SYSTEMROOT})/System32"
PATH="/usr/bin:$(cygpath ${SYSTEMROOT})/System32"
cmake -B bld -G Ninja \
-DCMAKE_UNITY_BUILD=ON \
-DENABLE_WERROR=ON \
@ -698,6 +713,9 @@ jobs:
- { build: 'cmake' , sys: clang64, crypto: OpenSSL, env: clang-x86_64 }
- { build: 'cmake' , sys: mingw64, crypto: OpenSSL, env: x86_64, test: 'uwp' }
- { build: 'cmake' , sys: mingw64, crypto: OpenSSL, env: x86_64, test: 'no-options' }
env:
MATRIX_CRYPTO: '${{ matrix.crypto }}'
MATRIX_ENV: '${{ matrix.env }}'
steps:
- uses: msys2/setup-msys2@d44ca8e88d8b43d56cf5670f91747359d5537f97 # v2
if: ${{ matrix.sys == 'msys' }}
@ -726,12 +744,13 @@ jobs:
SSHD: 'C:/Program Files/Git/usr/bin/sshd.exe'
shell: msys2 {0}
run: |
if [ '${{ matrix.crypto }}' = 'wincng' ] && [[ '${{ matrix.env }}' = 'clang'* ]]; then
if [ "${MATRIX_CRYPTO}" = 'wincng' ] && [[ "${MATRIX_ENV}" = 'clang'* ]]; then
options='--enable-ecdsa-wincng'
fi
# sshd tests sometimes hang
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \
--with-crypto=${{ matrix.crypto }} \
mkdir bld && cd bld
../configure --enable-werror --enable-debug \
--with-crypto="${MATRIX_CRYPTO}" \
--disable-docker-tests \
--disable-sshd-tests \
${options} \
@ -749,19 +768,21 @@ jobs:
- name: 'cmake configure'
if: ${{ matrix.build == 'cmake' }}
shell: msys2 {0}
env:
MATRIX_TEST: '${{ matrix.test }}'
run: |
if [[ '${{ matrix.env }}' = 'clang'* ]]; then
if [[ "${MATRIX_ENV}" = 'clang'* ]]; then
options='-DCMAKE_C_COMPILER=clang'
else
options='-DCMAKE_C_COMPILER=gcc'
fi
if [ '${{ matrix.test }}' = 'uwp' ]; then
if [ "${MATRIX_TEST}" = 'uwp' ]; then
options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0'
pacman --noconfirm --ask 20 --noprogressbar --sync --needed 'mingw-w64-${{ matrix.env }}-winstorecompat-git'
pacman --noconfirm --ask 20 --noprogressbar --sync --needed "mingw-w64-${MATRIX_ENV}-winstorecompat-git"
specs="$(realpath gcc-specs-uwp)"
gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp -lwindowsappcompat/' -e 's/-lmsvcrt/-lmsvcr120_app/' > "${specs}"
cflags="-specs=$(cygpath -w "${specs}") -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP"
elif [ '${{ matrix.test }}' = 'no-options' ]; then
elif [ "${MATRIX_TEST}" = 'no-options' ]; then
options+=' -DLIBSSH2_NO_DEPRECATED=ON'
cflags='-DLIBSSH2_NO_MD5 -DLIBSSH2_NO_MD5_PEM -DLIBSSH2_NO_HMAC_RIPEMD -DLIBSSH2_DSA_ENABLE -DLIBSSH2_NO_AES_CBC -DLIBSSH2_NO_AES_CTR -DLIBSSH2_NO_BLOWFISH -DLIBSSH2_NO_RC4 -DLIBSSH2_NO_CAST -DLIBSSH2_NO_3DES'
else
@ -772,7 +793,7 @@ jobs:
-DCMAKE_UNITY_BUILD=ON \
-DENABLE_WERROR=ON \
-DENABLE_DEBUG_LOGGING=ON \
-DCRYPTO_BACKEND=${{ matrix.crypto }} \
-DCRYPTO_BACKEND="${MATRIX_CRYPTO}" \
-DENABLE_ZLIB_COMPRESSION=ON \
-DRUN_DOCKER_TESTS=OFF \
-DRUN_SSHD_TESTS=OFF \
@ -811,28 +832,37 @@ jobs:
persist-credentials: false
- name: 'cmake configure'
shell: bash
env:
MATRIX_ARCH: '${{ matrix.arch }}'
MATRIX_CRYPTO: '${{ matrix.crypto }}'
MATRIX_PLAT: '${{ matrix.plat }}'
MATRIX_WINCND_ECDSA: '${{ matrix.wincng_ecdsa }}'
MATRIX_LOG: '${{ matrix.log }}'
MATRIX_SHARED: '${{ matrix.shared }}'
MATRIX_ZLIB: '${{ matrix.zlib }}'
MATRIX_UNITY: '${{ matrix.unity }}'
run: |
options=''
archgen=${{ matrix.arch }}; [ "${archgen}" = 'x86' ] && archgen='Win32'
if [ '${{ matrix.plat }}' = 'uwp' ]; then
archgen="${MATRIX_ARCH}"; [ "${archgen}" = 'x86' ] && archgen='Win32'
if [ "${MATRIX_PLAT}" = 'uwp' ]; then
system='WindowsStore'
options+=' -DCMAKE_SYSTEM_VERSION=10.0'
else
system='Windows'
fi
[ '${{ matrix.crypto }}' = 'WinCNG' ] && options+=' -DENABLE_ECDSA_WINCNG=${{ matrix.wincng_ecdsa }}'
[ "${MATRIX_CRYPTO}" = 'WinCNG' ] && options+=" -DENABLE_ECDSA_WINCNG=${MATRIX_WINCND_ECDSA}"
cmake -B bld ${options} \
-DCMAKE_SYSTEM_NAME=${system} \
-DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake \
-DCMAKE_GENERATOR_PLATFORM=${archgen} \
-DVCPKG_TARGET_TRIPLET=${{ matrix.arch }}-${{ matrix.plat }} \
-DVCPKG_TARGET_TRIPLET="${MATRIX_ARCH}-${MATRIX_PLAT}" \
-DCMAKE_VS_GLOBALS=TrackFileAccess=false \
-DCMAKE_UNITY_BUILD=${{ matrix.unity }} \
-DCMAKE_UNITY_BUILD="${MATRIX_UNITY}" \
-DENABLE_WERROR=ON \
-DENABLE_DEBUG_LOGGING=${{ matrix.log }} \
-DBUILD_SHARED_LIBS=${{ matrix.shared }} \
-DCRYPTO_BACKEND=${{ matrix.crypto }} \
-DENABLE_ZLIB_COMPRESSION=${{ matrix.zlib }} \
-DENABLE_DEBUG_LOGGING="${MATRIX_LOG}" \
-DBUILD_SHARED_LIBS="${MATRIX_SHARED}" \
-DCRYPTO_BACKEND="${MATRIX_CRYPTO}" \
-DENABLE_ZLIB_COMPRESSION="${MATRIX_ZLIB}" \
-DRUN_DOCKER_TESTS=OFF \
-DRUN_SSHD_TESTS=OFF \
|| { cat bld/CMakeFiles/CMake*.yaml; false; }
@ -856,31 +886,34 @@ jobs:
crypto:
- name: 'OpenSSL 3'
install: openssl
configure: --with-crypto=openssl --with-libssl-prefix="$(brew --prefix)/opt/openssl"
cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR="$(brew --prefix)/opt/openssl"
configure: --with-crypto=openssl --with-libssl-prefix=/opt/homebrew/opt/openssl
cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl
- name: 'OpenSSL 1.1'
install: openssl@1.1
configure: --with-crypto=openssl --with-libssl-prefix="$(brew --prefix)/opt/openssl@1.1"
cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR="$(brew --prefix)/opt/openssl@1.1"
configure: --with-crypto=openssl --with-libssl-prefix=/opt/homebrew/opt/openssl@1.1
cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl@1.1
- name: 'LibreSSL'
install: libressl
configure: --with-crypto=openssl --with-libssl-prefix="$(brew --prefix)/opt/libressl"
cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR="$(brew --prefix)/opt/libressl"
configure: --with-crypto=openssl --with-libssl-prefix=/opt/homebrew/opt/libressl
cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl
- name: 'Libgcrypt'
install: libgcrypt
configure: --with-crypto=libgcrypt --with-libgcrypt-prefix="$(brew --prefix)"
configure: --with-crypto=libgcrypt --with-libgcrypt-prefix=/opt/homebrew
cmake: -DCRYPTO_BACKEND=Libgcrypt
- name: 'mbedTLS'
install: mbedtls
configure: --with-crypto=mbedtls --with-libmbedcrypto-prefix="$(brew --prefix)"
configure: --with-crypto=mbedtls --with-libmbedcrypto-prefix=/opt/homebrew
cmake: -DCRYPTO_BACKEND=mbedTLS
- name: 'wolfSSL'
install: wolfssl
configure: --with-crypto=wolfssl --with-libwolfssl-prefix="$(brew --prefix)"
configure: --with-crypto=wolfssl --with-libwolfssl-prefix=/opt/homebrew
cmake: -DCRYPTO_BACKEND=wolfSSL
steps:
- name: 'install packages'
run: brew install ${{ matrix.build == 'autotools' && 'automake libtool' || '' }} ${{ matrix.crypto.install }}
env:
INSTALL_PACKAGES: ${{ matrix.build == 'autotools' && 'automake libtool' || '' }}
MATRIX_INSTALL: '${{ matrix.crypto.install }}'
run: brew install ${INSTALL_PACKAGES} ${MATRIX_INSTALL}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
@ -889,9 +922,12 @@ jobs:
run: autoreconf -fi
- name: 'autotools configure'
if: ${{ matrix.build == 'autotools' }}
env:
MATRIX_CONFIGURE: '${{ matrix.crypto.configure }}'
run: |
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \
--with-libz ${{ matrix.crypto.configure }} \
mkdir bld && cd bld
../configure --enable-werror --enable-debug \
--with-libz ${MATRIX_CONFIGURE} \
--disable-docker-tests \
--disable-sshd-tests \
--disable-dependency-tracking || { tail -n 1000 config.log; false; }
@ -905,8 +941,10 @@ jobs:
run: make -C bld check V=1 || { cat bld/tests/*.log; false; }
- name: 'cmake configure'
if: ${{ matrix.build == 'cmake' }}
env:
MATRIX_GENERATE: '${{ matrix.crypto.cmake }}'
run: |
cmake -B bld -G Ninja ${{ matrix.crypto.cmake }} \
cmake -B bld -G Ninja ${MATRIX_GENERATE} \
-DCMAKE_UNITY_BUILD=ON \
-DENABLE_WERROR=ON \
-DENABLE_DEBUG_LOGGING=ON \
@ -1013,7 +1051,8 @@ jobs:
# https://ports.freebsd.org/
sudo pkg install -y autoconf automake libtool
autoreconf -fi
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \
mkdir bld && cd bld
../configure --enable-werror --enable-debug \
--with-crypto=openssl \
--disable-docker-tests \
--disable-dependency-tracking || { tail -n 1000 config.log; false; }
@ -1036,7 +1075,8 @@ jobs:
prepare: pkg install build-essential libtool
run: |
autoreconf -fi
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \
mkdir bld && cd bld
../configure --enable-werror --enable-debug \
--with-crypto=openssl \
--disable-docker-tests \
--disable-dependency-tracking || { tail -n 1000 config.log; false; }

4
.github/workflows/cifuzz.yml vendored
View File

@ -18,13 +18,13 @@ jobs:
steps:
- name: Build Fuzzers
id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses]
with:
oss-fuzz-project-name: 'libssh2'
dry-run: false
language: c
- name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master # zizmor: ignore[unpinned-uses]
with:
oss-fuzz-project-name: 'libssh2'
fuzz-seconds: 600

15
.github/workflows/openssh_server.yml vendored
View File

@ -24,15 +24,22 @@
#
# SPDX-License-Identifier: BSD-3-Clause
# https://docs.github.com/actions/use-cases-and-examples/publishing-packages/publishing-docker-images
name: OpenSSH Server Docker Image
on:
push:
branches: [ master ]
permissions: {}
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
@ -50,21 +57,23 @@ jobs:
- shell: bash
id: poll
run: docker manifest inspect ghcr.io/${{ github.repository_owner }}/ci_tests_openssh_server:${{ steps.hash.outputs.hash }}
continue-on-error: true
env:
HASH: '${{ steps.hash.outputs.hash }}'
run: docker manifest inspect "ghcr.io/${GITHUB_REPOSITORY_OWNER}/ci_tests_openssh_server:${HASH}"
- uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5
if: ${{ steps.poll.outcome == 'failure' }}
id: meta
with:
images: ghcr.io/${{ github.repository_owner }}/ci_tests_openssh_server
tags: |
type=raw,value=${{ steps.hash.outputs.hash }}
if: ${{ steps.poll.outcome == 'failure' }}
- uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
if: ${{ steps.poll.outcome == 'failure' }}
with:
context: ./tests/openssh_server
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
if: ${{ steps.poll.outcome == 'failure' }}