| name: Continuous integration |
| |
| on: |
| push: |
| pull_request: |
| schedule: |
| # Run every day at midnight UTC |
| - cron: '0 0 * * *' |
| |
| jobs: |
| boringssl_clone: |
| # This step ensures that all builders have the same version of BoringSSL |
| runs-on: ubuntu-latest |
| |
| steps: |
| - name: Clone BoringSSL repo |
| run: | |
| git clone --depth 1 --filter=blob:none --no-checkout https://github.com/google/boringssl.git "${{ runner.temp }}/boringssl" |
| echo Using BoringSSL commit: $(cd "${{ runner.temp }}/boringssl"; git rev-parse HEAD) |
| |
| - name: Archive BoringSSL source |
| uses: actions/upload-artifact@v4 |
| with: |
| name: boringssl-source |
| path: ${{ runner.temp }}/boringssl |
| retention-days: 1 |
| include-hidden-files: true |
| if-no-files-found: error |
| |
| build: |
| needs: boringssl_clone |
| |
| strategy: |
| fail-fast: false |
| matrix: |
| platform: [ubuntu-latest, macos-latest, windows-latest] |
| include: |
| - platform: ubuntu-latest |
| tools_url: https://dl.google.com/android/repository/commandlinetools-linux-9477386_latest.zip |
| - platform: macos-latest |
| tools_url: https://dl.google.com/android/repository/commandlinetools-mac-9477386_latest.zip |
| - platform: windows-latest |
| tools_url: https://dl.google.com/android/repository/commandlinetools-win-9477386_latest.zip |
| |
| runs-on: ${{ matrix.platform }} |
| |
| steps: |
| - name: Set up JDK 11 for toolchains |
| uses: actions/setup-java@v1.4.3 |
| with: |
| java-version: 11 |
| |
| - name: Set runner-specific environment variables |
| shell: bash |
| run: | |
| echo "ANDROID_HOME=${{ runner.temp }}/android-sdk" >> $GITHUB_ENV |
| echo "ANDROID_SDK_ROOT=${{ runner.temp }}/android-sdk" >> $GITHUB_ENV |
| echo "BORINGSSL_HOME=${{ runner.temp }}/boringssl" >> $GITHUB_ENV |
| echo "SDKMANAGER=${{ runner.temp }}/android-sdk/cmdline-tools/bin/sdkmanager" >> $GITHUB_ENV |
| echo "M2_REPO=${{ runner.temp }}/m2" >> $GITHUB_ENV |
| |
| - uses: actions/checkout@v2 |
| |
| - name: Setup Linux environment |
| if: runner.os == 'Linux' |
| run: | |
| echo "CC=clang" >> $GITHUB_ENV |
| echo "CXX=clang++" >> $GITHUB_ENV |
| |
| sudo dpkg --add-architecture i386 |
| sudo add-apt-repository ppa:openjdk-r/ppa |
| sudo apt-get -qq update |
| sudo apt-get -qq install -y --no-install-recommends \ |
| gcc-multilib \ |
| g++-multilib \ |
| ninja-build \ |
| openjdk-11-jre-headless |
| |
| - name: Setup macOS environment |
| if: runner.os == 'macOS' |
| run: | |
| brew update || echo update failed |
| brew install ninja || echo update failed |
| |
| - name: install Go |
| uses: actions/setup-go@v1 |
| with: |
| go-version: '1.19.3' |
| |
| - name: Setup Windows environment |
| if: runner.os == 'Windows' |
| run: | |
| choco install nasm -y |
| choco install ninja -y |
| |
| - name: Fetch BoringSSL source |
| uses: actions/download-artifact@v4 |
| with: |
| name: boringssl-source |
| path: ${{ runner.temp }}/boringssl |
| |
| - name: Checkout BoringSSL master branch |
| shell: bash |
| run: | |
| cd "$BORINGSSL_HOME" |
| git checkout --progress --force -B master |
| |
| - name: Build BoringSSL x86 and ARM MacOS |
| if: runner.os == 'macOS' |
| env: |
| # For compatibility, but 10.15 target requires 16-byte stack alignment. |
| MACOSX_DEPLOYMENT_TARGET: 10.13 |
| run: | |
| mkdir -p "$BORINGSSL_HOME/build.x86" |
| pushd "$BORINGSSL_HOME/build.x86" |
| cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -DCMAKE_OSX_ARCHITECTURES=x86_64 -GNinja .. |
| ninja |
| popd |
| |
| mkdir -p "$BORINGSSL_HOME/build.arm" |
| pushd "$BORINGSSL_HOME/build.arm" |
| cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -DCMAKE_OSX_ARCHITECTURES=arm64 -GNinja .. |
| ninja |
| popd |
| |
| - name: Build BoringSSL 64-bit Linux |
| if: runner.os == 'Linux' |
| run: | |
| mkdir -p "$BORINGSSL_HOME/build64" |
| pushd "$BORINGSSL_HOME/build64" |
| cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -GNinja .. |
| ninja |
| popd |
| |
| - name: Build BoringSSL 64-bit Windows |
| if: runner.os == 'Windows' |
| run: | |
| cd $Env:BORINGSSL_HOME |
| |
| & $Env:GITHUB_WORKSPACE\.github\workflows\vsenv.ps1 -arch x64 -hostArch x64 |
| mkdir build64 |
| pushd build64 |
| cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -DCMAKE_MSVC_RUNTIME_LIBRARY=MultiThreaded -GNinja .. |
| ninja |
| popd |
| |
| - name: Setup Android environment |
| shell: bash |
| if: runner.os == 'Linux' |
| run: | |
| cd "${{ runner.temp }}" |
| curl -L "${{ matrix.tools_url }}" -o android-tools.zip |
| mkdir -p "$ANDROID_HOME" |
| unzip -q android-tools.zip -d "$ANDROID_HOME" |
| yes | "$SDKMANAGER" --sdk_root="$ANDROID_HOME" --licenses || true |
| "$SDKMANAGER" --sdk_root="$ANDROID_HOME" tools |
| "$SDKMANAGER" --sdk_root="$ANDROID_HOME" platform-tools |
| "$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'build-tools;30.0.3' |
| "$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'platforms;android-26' |
| "$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'extras;android;m2repository' |
| "$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'ndk;25.2.9519653' |
| "$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'cmake;3.22.1' |
| |
| - name: Build with Gradle |
| shell: bash |
| run: ./gradlew assemble -PcheckErrorQueue |
| |
| - name: Test with Gradle |
| shell: bash |
| run: ./gradlew test -PcheckErrorQueue |
| |
| - name: Other checks with Gradle |
| shell: bash |
| run: ./gradlew check -PcheckErrorQueue |
| |
| - name: Publish to local Maven repo |
| shell: bash |
| run: ./gradlew publishToMavenLocal -Dmaven.repo.local="$M2_REPO" |
| |
| - name: Upload Maven respository |
| uses: actions/upload-artifact@v4 |
| with: |
| name: m2repo-${{ runner.os }} |
| path: ${{ runner.temp }}/m2 |
| |
| - name: Build test JAR with dependencies |
| if: runner.os == 'Linux' |
| shell: bash |
| run: ./gradlew :conscrypt-openjdk:testJar -PcheckErrorQueue |
| |
| - name: Upload test JAR with dependencies |
| if: runner.os == 'Linux' |
| uses: actions/upload-artifact@v4 |
| with: |
| name: testjar |
| path: openjdk/build/libs/conscrypt-openjdk-*-tests.jar |
| if-no-files-found: error |
| |
| uberjar: |
| needs: build |
| |
| runs-on: ubuntu-latest |
| |
| steps: |
| - uses: actions/checkout@v2 |
| |
| - name: Set runner-specific environment variables |
| shell: bash |
| run: | |
| echo "M2_REPO=${{ runner.temp }}/m2" >> $GITHUB_ENV |
| echo "BORINGSSL_HOME=${{ runner.temp }}/boringssl" >> $GITHUB_ENV |
| |
| - name: Fetch BoringSSL source |
| uses: actions/download-artifact@v4 |
| with: |
| name: boringssl-source |
| path: ${{ runner.temp }}/boringssl |
| |
| - name: Make fake BoringSSL directories |
| shell: bash |
| run: | |
| # TODO: remove this when the check is only performed when building. |
| # BoringSSL is not needed during the UberJAR build, but the |
| # assertion to check happens regardless of whether the project |
| # needs it. |
| mkdir -p "${{ runner.temp }}/boringssl/build64" |
| mkdir -p "${{ runner.temp }}/boringssl/include" |
| |
| - name: Download Maven repository for Linux |
| uses: actions/download-artifact@v4 |
| with: |
| name: m2repo-Linux |
| path: ${{ runner.temp }}/m2 |
| |
| - name: Download Maven repository for MacOS |
| uses: actions/download-artifact@v4 |
| with: |
| name: m2repo-macOS |
| path: ${{ runner.temp }}/m2 |
| |
| - name: Download Maven repository for Windows |
| uses: actions/download-artifact@v4 |
| with: |
| name: m2repo-Windows |
| path: ${{ runner.temp }}/m2 |
| |
| - name: Build UberJAR with Gradle |
| shell: bash |
| run: | |
| ./gradlew :conscrypt-openjdk-uber:build -Dorg.conscrypt.openjdk.buildUberJar=true -Dmaven.repo.local="$M2_REPO" |
| |
| - name: Publish UberJAR to Maven Local |
| shell: bash |
| run: | |
| ./gradlew :conscrypt-openjdk-uber:publishToMavenLocal -Dorg.conscrypt.openjdk.buildUberJar=true -Dmaven.repo.local="$M2_REPO" |
| |
| - name: Upload Maven respository |
| uses: actions/upload-artifact@v4 |
| with: |
| name: m2repo-uber |
| path: ${{ runner.temp }}/m2 |
| |
| openjdk-test: |
| needs: uberjar |
| |
| strategy: |
| fail-fast: false |
| matrix: |
| platform: [ubuntu-latest, macos-latest, windows-latest] |
| java: [8, 9, 11] |
| include: |
| - java: 8 |
| suite_class: "org.conscrypt.Conscrypt(OpenJdk)?Suite" |
| - java: 9 |
| suite_class: "org.conscrypt.Conscrypt(OpenJdk)?Suite" |
| - java: 11 |
| suite_class: "org.conscrypt.Conscrypt(OpenJdk)?Suite" |
| |
| runs-on: ${{ matrix.platform }} |
| |
| steps: |
| - name: Set up Java |
| uses: actions/setup-java@v1 |
| with: |
| java-version: ${{ matrix.java }} |
| |
| - name: Download UberJAR |
| uses: actions/download-artifact@v4 |
| with: |
| name: m2repo-uber |
| path: m2 |
| |
| - name: Download Test JAR with Dependencies |
| uses: actions/download-artifact@v4 |
| with: |
| name: testjar |
| path: testjar |
| |
| - name: Download JUnit runner |
| shell: bash |
| run: mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:copy -Dartifact=org.junit.platform:junit-platform-console-standalone:1.6.2 -DoutputDirectory=. -Dmdep.stripVersion=true |
| |
| - name: Run JUnit tests |
| shell: bash |
| run: | |
| DIR="$(find m2/org/conscrypt/conscrypt-openjdk-uber -maxdepth 1 -mindepth 1 -type d -print)" |
| VERSION="${DIR##*/}" |
| TESTJAR="$(find testjar -name '*-tests.jar')" |
| java -jar junit-platform-console-standalone.jar -cp "$DIR/conscrypt-openjdk-uber-$VERSION.jar:$TESTJAR" -n='${{ matrix.suite_class }}' --scan-classpath --reports-dir=results --fail-if-no-tests |
| |
| - name: Archive test results |
| if: ${{ always() }} |
| uses: actions/upload-artifact@v4 |
| with: |
| name: test-results-${{ matrix.platform }}-${{ matrix.java }} |
| path: results |