Use a matrix for nightly valgrind (Take 5) #71
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# (C) 2023 Jack Lloyd | |
# (C) 2023 Fabian Albert, Rohde & Schwarz Cybersecurity | |
# | |
# Botan is released under the Simplified BSD License (see license.txt) | |
name: nightly | |
permissions: | |
contents: read | |
# implicitly all other scopes not listed become none | |
on: | |
workflow_dispatch: | |
push: | |
paths: | |
# Run if a pull request changes this workflow to | |
# validate it works properly before merging. | |
- '.github/workflows/nightly.yml' | |
schedule: | |
# runs every day at 3:23 AM UTC | |
- cron: '23 3 * * *' | |
jobs: | |
sanitizer: | |
name: "Sanitizers" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: sanitizer | |
compiler: msvc | |
host_os: windows-2022 | |
make_tool: ninja | |
- target: sanitizer | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
runs-on: ${{ matrix.host_os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: ./source | |
- name: Fetch BoringSSL fork for BoGo tests | |
uses: actions/checkout@v4 | |
with: | |
repository: randombit/boringssl | |
ref: rene/runner-20241016 | |
path: ./boringssl | |
- name: Setup Build Agent | |
uses: ./source/.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./source/src/scripts/ci_build.py --root-dir=${{ github.workspace }}/source --build-dir=${{ github.workspace }}/build --boringssl-dir=${{ github.workspace }}/boringssl --cc='${{ matrix.compiler }}' --make-tool='${{ matrix.make_tool }}' --test-results-dir=junit_results ${{ matrix.target }} | |
x-compile: | |
name: "Cross" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: cross-alpha | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-hppa64 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-m68k | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-mips | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-ppc32 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-sh4 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-sparc64 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-riscv64 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-s390x | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-android-arm64-amalgamation | |
compiler: clang | |
host_os: ubuntu-24.04 | |
- target: cross-arm64-amalgamation | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: emscripten | |
compiler: emcc | |
host_os: macos-14 | |
- target: sde | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
runs-on: ${{ matrix.host_os }} | |
env: | |
ANDROID_NDK: android-ndk-r26 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-xcompile-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --make-tool='${{ matrix.make_tool }}' --test-results-dir=junit_results ${{ matrix.target }} | |
clang_tidy: | |
name: "clang-tidy" | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: clang-tidy | |
cache-key: linux-x86_64-clang-tidy | |
- name: Install dependencies | |
run: sudo apt-get -qq install libboost-dev libbz2-dev liblzma-dev libsqlite3-dev | |
- name: Configure Build | |
run: python3 ./configure.py --cc=clang --build-targets=shared,cli,tests,examples,bogo_shim --build-fuzzers=test --with-boost --with-sqlite --with-zlib --with-lzma --with-bzip2 | |
- name: Run Clang Tidy | |
run: python3 ./src/scripts/dev_tools/run_clang_tidy.py --verbose | |
valgrind: | |
name: "valgrind" | |
strategy: | |
fail-fast: false | |
# Targets: | |
# - valgrind-full: all tests on valgrind, aiming to catch memory bugs | |
# - valgrind: reduced set of tests on valgrind, aiming to catch memory bugs | |
# - valgrind-ct-full: all tests on valgrind, aiming to catch secret-dependent execution issues | |
# - valgrind-ct: reduced set of tests on valgrind, aiming to catch secret-dependent execution issues | |
matrix: | |
# Run a matrix of compiler and optimization flag combinations to maximize | |
# the signal of secret-dependent execution issues introduced by compilers. | |
compiler: ["clang", "gcc"] | |
cxxflags: ["-O1", "-O2", "-O3"] | |
target: ["valgrind-ct-full"] | |
include: | |
- compiler: clang | |
cxxflags: "-O3" | |
target: "valgrind-full" # memory bug detection | |
- compiler: clang | |
cxxflags: "-Os" | |
# Clang's -Os generated binary is fast enough to run the full test suite. | |
target: "valgrind-ct-full" | |
- compiler: gcc | |
cxxflags: "-Os" | |
# GCC with -Os generates a much slower binary, that won't finish | |
# before timing out on GH Actions, so we run a reduced set of tests. | |
target: "valgrind-ct-reduced" | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Create Cache Key Hash | |
run: | | |
# Hashing the optimization flag value as this might contain spaces. | |
hash=$(echo "${{ matrix.cxxflags }}" | sha256sum | head -c 10) | |
echo "CACHE_KEY_HASH=${hash}" >> $GITHUB_ENV | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: valgrind-full | |
cache-key: linux-x86_64-${ matrix.compiler }-${{ matrix.target }}-${{ env.CACHE_KEY_HASH }} | |
- name: Valgrind Checks | |
run: python3 ./src/scripts/ci_build.py --make-tool=make --cc=${{ matrix.compiler }} --custom-optimization-flags="${{ matrix.cxxflags }}" ${{ matrix.target }} | |
hybrid_tls_interop: | |
name: "PQ/T TLS 1.3" | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: hybrid-tls13-interop-test | |
cache-key: linux-x86_64-hybrid_tls | |
- name: Hybrid PQ/T TLS 1.3 Online Interop Checks | |
run: python3 ./src/scripts/ci_build.py --cc=gcc --make-tool=make hybrid-tls13-interop-test | |
tls_anvil_server_test: | |
name: "TLS-Anvil (server)" | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Fetch Botan Repository | |
uses: actions/checkout@v4 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: tlsanvil | |
cache-key: linux-x86_64-tlsanvil | |
- name: Build and Test Botan Server with TLS-Anvil | |
run: > | |
python3 ./src/scripts/ci/ci_tlsanvil_test.py | |
--botan-dir . | |
--test-target server | |
--parallel $(nproc) | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: tls-anvil-server-test-results | |
path: | | |
./TestSuiteResults/ | |
./logs/ | |
- name: Check TLS-Anvil Test Results | |
run: python3 ./src/scripts/ci/ci_tlsanvil_check.py --verbose ./TestSuiteResults |