Reduce risk of compiler value range propogation in FrodoKEM sampling #6177
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# (C) 2020,2022 Jack Lloyd | |
# (C) 2022 René Meusel, Rohde & Schwarz Cybersecurity | |
# | |
# Botan is released under the Simplified BSD License (see license.txt) | |
name: ci | |
permissions: | |
contents: read | |
# implicitly all other scopes not listed become none | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
# cancel running workflows when new commits are being pushed in pull requests | |
# but not on the master branch | |
concurrency: | |
group: ${{ github.workflow }} @ ${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
windows: | |
name: "Windows" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: shared | |
arch: x86_64 | |
host_os: windows-2022 | |
- target: static | |
arch: x86_64 | |
host_os: windows-2022 | |
- target: amalgamation | |
arch: x86_64 | |
host_os: windows-2022 | |
- target: shared | |
arch: x86 | |
host_os: windows-2022 | |
runs-on: ${{ matrix.host_os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-msvc-${{ matrix.arch }}-${{ matrix.target }} | |
arch: ${{ matrix.arch }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='msvc' --make-tool='ninja' --cpu='${{ matrix.arch }}' --test-results-dir=junit_results ${{ matrix.target }} | |
linux: | |
name: "Linux" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- compiler: gcc | |
target: shared | |
- compiler: gcc | |
target: amalgamation | |
- compiler: gcc | |
target: static | |
- compiler: clang | |
target: shared | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: linux-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --test-results-dir=junit_results ${{ matrix.target }} | |
macos: | |
name: "macOS" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: shared | |
compiler: xcode | |
os: macos-13 | |
- target: amalgamation | |
compiler: xcode | |
os: macos-13 | |
- target: shared | |
compiler: xcode | |
os: macos-14 # uses Apple Silicon | |
- target: amalgamation | |
compiler: xcode | |
os: macos-14 # uses Apple Silicon | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: macos-${{ matrix.compiler }}-${{ matrix.os }}-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --test-results-dir=junit_results ${{ matrix.target }} | |
clang-tidy: | |
name: "Clang Tidy" | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: clang-tidy | |
cache-key: linux-x86_64-clang-tidy | |
- name: Configure Build | |
run: python3 ./configure.py --cc=clang --build-targets=shared,cli,tests,examples,bogo_shim --build-fuzzers=test --with-boost --with-sqlite --with-zlib --with-lzma --with-bzip2 --with-tpm2 | |
- name: Run Clang Tidy | |
run: | | |
./src/scripts/ci/gh_get_changes_in_pr.py $(git rev-parse HEAD) --api-token=${{ secrets.GITHUB_TOKEN }} | \ | |
python3 ./src/scripts/dev_tools/run_clang_tidy.py --verbose --take-file-list-from-stdin --export-fixes-dir=clang_tidy_diagnostics | |
- name: Display Clang Tidy Results | |
if: failure() | |
run: ./src/scripts/ci/gh_clang_tidy_fixes_in_pr.py clang_tidy_diagnostics | |
analysis: | |
name: "Analysis" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: coverage | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: sanitizer | |
compiler: clang | |
host_os: ubuntu-24.04 | |
- target: valgrind | |
compiler: clang | |
host_os: ubuntu-24.04 | |
- target: fuzzers | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: lint | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: format | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: limbo | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
runs-on: ${{ matrix.host_os }} | |
env: | |
COVERALLS_REPO_TOKEN: pbLoTMBxC1DFvbws9WfrzVOvfEdEZTcCS | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: ./source | |
- name: Fetch BoringSSL fork for BoGo tests | |
uses: actions/checkout@v4 | |
with: | |
repository: randombit/boringssl | |
ref: rene/runner-20241016 | |
path: ./boringssl | |
if: matrix.target == 'coverage' || matrix.target == 'sanitizer' | |
- name: Setup Build Agent | |
uses: ./source/.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./source/src/scripts/ci_build.py --root-dir=${{ github.workspace }}/source --build-dir=${{ github.workspace }}/build --boringssl-dir=${{ github.workspace }}/boringssl --cc='${{ matrix.compiler }}' --make-tool='${{ matrix.make_tool }}' --test-results-dir=junit_results ${{ matrix.target }} | |
specials: | |
name: "Special" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: examples | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: minimized | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: bsi | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: docs | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: no_pcurves | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
runs-on: ${{ matrix.host_os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: ./source | |
- name: Setup Build Agent | |
uses: ./source/.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./source/src/scripts/ci_build.py --root-dir=${{ github.workspace }}/source --build-dir=${{ github.workspace }}/build --boringssl-dir=${{ github.workspace }}/boringssl --cc='${{ matrix.compiler }}' --test-results-dir=junit_results ${{ matrix.target }} | |
x-compile: | |
name: "Cross" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: cross-i386 | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: cross-arm32 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-arm64 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-ppc64 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-mips64 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-android-arm64 | |
compiler: clang | |
host_os: ubuntu-24.04 | |
- target: static | |
compiler: gcc | |
host_os: windows-2022 | |
make_tool: make | |
- target: cross-ios-arm64 | |
compiler: xcode | |
host_os: macos-13 | |
runs-on: ${{ matrix.host_os }} | |
env: | |
ANDROID_NDK: android-ndk-r26 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-xcompile-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --make-tool='${{ matrix.make_tool }}' --test-results-dir=junit_results ${{ matrix.target }} |