Skip to content

Use a matrix for nightly valgrind (Take 5) #71

Use a matrix for nightly valgrind (Take 5)

Use a matrix for nightly valgrind (Take 5) #71

Workflow file for this run

# (C) 2023 Jack Lloyd
# (C) 2023 Fabian Albert, Rohde & Schwarz Cybersecurity
#
# Botan is released under the Simplified BSD License (see license.txt)
name: nightly
permissions:
contents: read
# implicitly all other scopes not listed become none
on:
workflow_dispatch:
push:
paths:
# Run if a pull request changes this workflow to
# validate it works properly before merging.
- '.github/workflows/nightly.yml'
schedule:
# runs every day at 3:23 AM UTC
- cron: '23 3 * * *'
jobs:
sanitizer:
name: "Sanitizers"
strategy:
fail-fast: false
matrix:
include:
- target: sanitizer
compiler: msvc
host_os: windows-2022
make_tool: ninja
- target: sanitizer
compiler: gcc
host_os: ubuntu-24.04
runs-on: ${{ matrix.host_os }}
steps:
- uses: actions/checkout@v4
with:
path: ./source
- name: Fetch BoringSSL fork for BoGo tests
uses: actions/checkout@v4
with:
repository: randombit/boringssl
ref: rene/runner-20241016
path: ./boringssl
- name: Setup Build Agent
uses: ./source/.github/actions/setup-build-agent
with:
target: ${{ matrix.target }}
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-x86_64-${{ matrix.target }}
- name: Build and Test Botan
run: python3 ./source/src/scripts/ci_build.py --root-dir=${{ github.workspace }}/source --build-dir=${{ github.workspace }}/build --boringssl-dir=${{ github.workspace }}/boringssl --cc='${{ matrix.compiler }}' --make-tool='${{ matrix.make_tool }}' --test-results-dir=junit_results ${{ matrix.target }}
x-compile:
name: "Cross"
strategy:
fail-fast: false
matrix:
include:
- target: cross-alpha
compiler: gcc
host_os: ubuntu-24.04
- target: cross-hppa64
compiler: gcc
host_os: ubuntu-24.04
- target: cross-m68k
compiler: gcc
host_os: ubuntu-24.04
- target: cross-mips
compiler: gcc
host_os: ubuntu-24.04
- target: cross-ppc32
compiler: gcc
host_os: ubuntu-24.04
- target: cross-sh4
compiler: gcc
host_os: ubuntu-24.04
- target: cross-sparc64
compiler: gcc
host_os: ubuntu-24.04
- target: cross-riscv64
compiler: gcc
host_os: ubuntu-24.04
- target: cross-s390x
compiler: gcc
host_os: ubuntu-24.04
- target: cross-android-arm64-amalgamation
compiler: clang
host_os: ubuntu-24.04
- target: cross-arm64-amalgamation
compiler: gcc
host_os: ubuntu-24.04
- target: emscripten
compiler: emcc
host_os: macos-14
- target: sde
compiler: gcc
host_os: ubuntu-24.04
runs-on: ${{ matrix.host_os }}
env:
ANDROID_NDK: android-ndk-r26
steps:
- uses: actions/checkout@v4
- name: Setup Build Agent
uses: ./.github/actions/setup-build-agent
with:
target: ${{ matrix.target }}
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-xcompile-${{ matrix.target }}
- name: Build and Test Botan
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --make-tool='${{ matrix.make_tool }}' --test-results-dir=junit_results ${{ matrix.target }}
clang_tidy:
name: "clang-tidy"
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Setup Build Agent
uses: ./.github/actions/setup-build-agent
with:
target: clang-tidy
cache-key: linux-x86_64-clang-tidy
- name: Install dependencies
run: sudo apt-get -qq install libboost-dev libbz2-dev liblzma-dev libsqlite3-dev
- name: Configure Build
run: python3 ./configure.py --cc=clang --build-targets=shared,cli,tests,examples,bogo_shim --build-fuzzers=test --with-boost --with-sqlite --with-zlib --with-lzma --with-bzip2
- name: Run Clang Tidy
run: python3 ./src/scripts/dev_tools/run_clang_tidy.py --verbose
valgrind:
name: "valgrind"
strategy:
fail-fast: false
# Targets:
# - valgrind-full: all tests on valgrind, aiming to catch memory bugs
# - valgrind: reduced set of tests on valgrind, aiming to catch memory bugs
# - valgrind-ct-full: all tests on valgrind, aiming to catch secret-dependent execution issues
# - valgrind-ct: reduced set of tests on valgrind, aiming to catch secret-dependent execution issues
matrix:
# Run a matrix of compiler and optimization flag combinations to maximize
# the signal of secret-dependent execution issues introduced by compilers.
compiler: ["clang", "gcc"]
cxxflags: ["-O1", "-O2", "-O3"]
target: ["valgrind-ct-full"]
include:
- compiler: clang
cxxflags: "-O3"
target: "valgrind-full" # memory bug detection
- compiler: clang
cxxflags: "-Os"
# Clang's -Os generated binary is fast enough to run the full test suite.
target: "valgrind-ct-full"
- compiler: gcc
cxxflags: "-Os"
# GCC with -Os generates a much slower binary, that won't finish
# before timing out on GH Actions, so we run a reduced set of tests.
target: "valgrind-ct-reduced"
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Create Cache Key Hash
run: |
# Hashing the optimization flag value as this might contain spaces.
hash=$(echo "${{ matrix.cxxflags }}" | sha256sum | head -c 10)
echo "CACHE_KEY_HASH=${hash}" >> $GITHUB_ENV
- name: Setup Build Agent
uses: ./.github/actions/setup-build-agent
with:
target: valgrind-full
cache-key: linux-x86_64-${ matrix.compiler }-${{ matrix.target }}-${{ env.CACHE_KEY_HASH }}
- name: Valgrind Checks
run: python3 ./src/scripts/ci_build.py --make-tool=make --cc=${{ matrix.compiler }} --custom-optimization-flags="${{ matrix.cxxflags }}" ${{ matrix.target }}
hybrid_tls_interop:
name: "PQ/T TLS 1.3"
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Setup Build Agent
uses: ./.github/actions/setup-build-agent
with:
target: hybrid-tls13-interop-test
cache-key: linux-x86_64-hybrid_tls
- name: Hybrid PQ/T TLS 1.3 Online Interop Checks
run: python3 ./src/scripts/ci_build.py --cc=gcc --make-tool=make hybrid-tls13-interop-test
tls_anvil_server_test:
name: "TLS-Anvil (server)"
runs-on: ubuntu-24.04
steps:
- name: Fetch Botan Repository
uses: actions/checkout@v4
- name: Setup Build Agent
uses: ./.github/actions/setup-build-agent
with:
target: tlsanvil
cache-key: linux-x86_64-tlsanvil
- name: Build and Test Botan Server with TLS-Anvil
run: >
python3 ./src/scripts/ci/ci_tlsanvil_test.py
--botan-dir .
--test-target server
--parallel $(nproc)
- uses: actions/upload-artifact@v4
with:
name: tls-anvil-server-test-results
path: |
./TestSuiteResults/
./logs/
- name: Check TLS-Anvil Test Results
run: python3 ./src/scripts/ci/ci_tlsanvil_check.py --verbose ./TestSuiteResults