- update `actions/checkout` from 6.0.0 to 6.0.1
- update `msys2/setup-msys2` from 2.29.0 to 2.30.0
- update `actions/cache` from 4.3.0 to 5.0.1
- update `cross-platform-actions/action` from 0.30.0 to 0.32.0
- update `actions/upload-artifact` from 5.0.0 to 6.0.0
- update `github/codeql-action` from 4.30.8 to 4.31.9
- update `docker/metadata-action` from 5.8.0 to 5.10.0
- update `actions/checkout` from 5.0.0 to 6.0.0
- update `cross-platform-actions/action` from 0.29.0 to 0.30.0
- update pip package `reuse` from 6.1.2 to 6.2.0
Closes#1755Closes#1756
To make configure step output more readable in case of a build error.
To expose configure logs for successful builds without adding clutter.
Also:
- set shell globally for Windows jobs.
- move all Cygwin files to `D:`.
Closes#1749
Drop the `git config --global core.autocrlf input` step in Cygwin jobs.
It's no longer necessary. Also saving ~10 seconds per job.
Quote the cmake variable for consistency.
Closes#1730
Tests started failing after touching `sshd_config`, which bumped
the test container from Debian Bookworm to Trixie, and openssh-server
from 9.2p1 to 10.0p1 with it. OpenSSH v10 no longer supports legacy KEX
algos `diffie-hellman-group*` and `diffie-hellman-group-exchange-*`,
making libssh2 require ECDSA or ED25519 to enable `curve25519-sha256*`
or `ecdh-sha2-*`, for the tests to succeed.
libgcrypt, stock Ubuntu wolfSSL, and WinCNG CI jobs broke.
- ED25519 is only supported with OpenSSL and LibreSSL 3.7+.
- ECDSA is supported by OpenSSL and mbedTLS (unless disabled),
by wolfSSL in certain cases (but not on Ubuntu 24.04 with the stock
v5.6.6 build), and by WinCNG when explicitly enabled, and targeting
Windows 10/2016 Server.
Fixed by:
- wolfSSL support received an ECDSA detection fix, that resolved
the issue with the stock Ubuntu builds, via:
b807dac921#1723
- WinCNG had ECDSA enabled in CI in the job running tests, via:
0f5843874b#1721
- to make CI pass, disable running tests with Libgcrypt in this patch.
An alternate option is to downgrade to Bookworm, with the undesired
effect that its openssh-server doesn't support ML-KEM and other modern
SSH features, meaning those could not be tested once implemented in
libssh2, e.g. in #1644.
Ref: https://www.openssh.com/txt/release-10.0
Ref: https://packages.debian.org/trixie/openssh-server
Ref: https://packages.debian.org/bookworm/openssh-server
Ref: https://packages.ubuntu.com/noble/libwolfssl-dev
Bug: https://github.com/libssh2/libssh2/pull/1718#issuecomment-3397142351
Follow-up to 4f9e6e0bfb#1718Closes#1720
To render in Git webviews as-is, to make it easier to edit, verify,
and to sync up with curl.
- add options to not build the `.3` man pages:
- autotools: `--disable-docs`
- cmake: `LIBSSH2_BUILD_DOCS=OFF`
- building `.3` man pages requires Perl after this patch.
- drop `mansyntax` and the shell / `grep` / GNU `man` tool requirements with it.
- scripts and most logic were copied from curl.
- add `cd2nroff` from curl, with edits to relax curl-specific checks.
- used `nroff2cd` (from curl) to convert from `.3` to `.md`. Then
manually fixed copyrights, inline function references and a couple
of other things.
Credits-to: Daniel Stenberg
Ref: eefcc1bda4
Ref: https://github.com/curl/curl/pull/12730
Ref: https://github.com/libssh2/www/issues/25#issuecomment-3289431671Closes#1660
- drop redundant `--parallel` cmake option for Ninja builds.
- use Ninja for aws-lc, also simplify the script.
- use global default `MAKEFLAGS`. This also makes certain
steps faster due to missing parallelism before this patch.
- enable `-DBUILD_OSSFUZZ=ON` in a cmake job.
- split Cygwin job into steps. To sync with others.
- sync Cygwin build type name with other jobs.
Closes#1684
To avoid littering the Actions cache.
Another, libssh2-specific issue is that the cache is bound to codeql
version, master commit hash and platform. But in libssh2 we buidl 4
different configurations on Linux, which caused these caching failures:
```
C (OpenSSL) Failed to save: Unable to reserve cache with key codeql-trap-1-2.23.0-cpp-5bd1baed82ada192a2ae7e9801882813853e4d87, another job may be creating this cache.
C (wolfSSL) Failed to save: Unable to reserve cache with key codeql-trap-1-2.23.0-cpp-5bd1baed82ada192a2ae7e9801882813853e4d87, another job may be creating this cache.
C (mbedTLS) Failed to save: Unable to reserve cache with key codeql-trap-1-2.23.0-cpp-5bd1baed82ada192a2ae7e9801882813853e4d87, another job may be creating this cache.
```
Ref: https://github.com/libssh2/libssh2/actions/runs/17744827522
It's probably something to fix, because it suggests that it's unexpected
to build multiple configs in a matrix. Perhaps it's better to build them
after each other in the build step. Though it's not yet clear how
the CodeQL engine is considering coverage for different build
configurations of the same codebase.
Ref: https://github.com/curl/curl/pull/18613
Ref: 9618c337d1
actions/upload-artifact from 4.6.1 to 4.6.2
cygwin/cygwin-install-action from 5 to 6
msys2/setup-msys2 from 2.26.0 to 2.29.0
Closes#1649Closes#1650Closes#1651
By micromanaging the project dependency and its inclusion into the test
project. It feels like an awkward construct, but perhaps better than
nothing.
It's also fragile because it's a static build with no assistance from
the external project (curl in this case). Mitigated in test by disabling
all dependencies and some features.
Since there is no special core cmake logic to be tested here, in CI
the test is tested really. To keep CI jobs at minimum, only add 3 of
them, taking 26s in total. (All 6 would take 203s.)
Follow-up to 77df767784#1589Closes#1637
