AWS-LC #136
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AWS-LC | |
| on: | |
| schedule: | |
| - cron: "0 0 * * 4" | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| Test: | |
| name: ${{ matrix.name }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - name: AWS-LC | |
| command: "from matrix import determine_latest_aws_lc; print(determine_latest_aws_lc(''))" | |
| - name: AWS-LC (FIPS) | |
| command: "from matrix import determine_latest_aws_lc_fips; print(determine_latest_aws_lc_fips(''))" | |
| if: ${{ github.repository_owner == 'haproxy' || github.event_name == 'workflow_dispatch' }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Determine latest AWS-LC release | |
| id: get_aws_lc_release | |
| run: | | |
| result=$(cd .github && python3 -c "${{ matrix.command }}") | |
| echo $result | |
| echo "result=$result" >> $GITHUB_OUTPUT | |
| - name: Cache AWS-LC | |
| id: cache_aws_lc | |
| uses: actions/cache@v5 | |
| with: | |
| path: '~/opt/' | |
| key: ssl-${{ steps.get_aws_lc_release.outputs.result }}-Ubuntu-latest-gcc | |
| - name: Install apt dependencies | |
| run: | | |
| sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none | |
| sudo apt-get --no-install-recommends -y install socat gdb jose | |
| - name: Install AWS-LC | |
| if: ${{ steps.cache_ssl.outputs.cache-hit != 'true' }} | |
| run: env ${{ steps.get_aws_lc_release.outputs.result }} scripts/build-ssl.sh | |
| - name: Compile HAProxy | |
| run: | | |
| make -j$(nproc) ERR=1 CC=gcc TARGET=linux-glibc \ | |
| USE_OPENSSL_AWSLC=1 USE_QUIC=1 \ | |
| SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include \ | |
| DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT" \ | |
| ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/" | |
| sudo make install | |
| - name: Show HAProxy version | |
| id: show-version | |
| run: | | |
| ldd $(which haproxy) | |
| haproxy -vv | |
| echo "version=$(haproxy -vq)" >> $GITHUB_OUTPUT | |
| - uses: ./.github/actions/setup-vtest | |
| - name: Run VTest for HAProxy | |
| id: vtest | |
| run: | | |
| make reg-tests VTEST_PROGRAM=${{ github.workspace }}/vtest/vtest REGTESTS_TYPES=default,bug,devel | |
| - name: Run Unit tests | |
| id: unittests | |
| run: | | |
| make unit-tests | |
| - name: Show VTest results | |
| if: ${{ failure() && steps.vtest.outcome == 'failure' }} | |
| run: | | |
| for folder in ${TMPDIR:-/tmp}/haregtests-*/vtc.*; do | |
| printf "::group::" | |
| cat $folder/INFO | |
| cat $folder/LOG | |
| echo "::endgroup::" | |
| done | |
| exit 1 | |
| - name: Show coredumps | |
| if: ${{ failure() && steps.vtest.outcome == 'failure' }} | |
| run: | | |
| failed=false | |
| shopt -s nullglob | |
| for file in /tmp/core.*; do | |
| failed=true | |
| printf "::group::" | |
| gdb -ex 'thread apply all bt full' ./haproxy $file | |
| echo "::endgroup::" | |
| done | |
| if [ "$failed" = true ]; then | |
| exit 1; | |
| fi | |
| - name: Show Unit-Tests results | |
| if: ${{ failure() && steps.unittests.outcome == 'failure' }} | |
| run: | | |
| for result in ${TMPDIR:-/tmp}/ha-unittests-*/results/res.*; do | |
| printf "::group::" | |
| cat $result | |
| echo "::endgroup::" | |
| done | |
| exit 1 |