Download OpenSSL source tarballs from GitHub #43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Build: Ubuntu 24.04' | |
| on: | |
| push: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| env: | |
| GH_API_ROOT: https://api.github.com/repos/p5-net-ssleay/ci-libssl | |
| GH_UPLOAD_ROOT: https://uploads.github.com/repos/p5-net-ssleay/ci-libssl | |
| jobs: | |
| libressl: | |
| name: LibreSSL ${{ matrix.version }} | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: | |
| # LibreSSL 2.0 | |
| - '2.0.5' | |
| - '2.0.6' | |
| # LibreSSL 2.1 | |
| - '2.1.5' | |
| - '2.1.6' | |
| - '2.1.7' | |
| - '2.1.8' | |
| - '2.1.9' | |
| - '2.1.10' | |
| # LibreSSL 2.2 | |
| - '2.2.2' | |
| - '2.2.3' | |
| - '2.2.4' | |
| - '2.2.5' | |
| - '2.2.6' | |
| - '2.2.7' | |
| - '2.2.8' | |
| - '2.2.9' | |
| # LibreSSL 2.3 | |
| - '2.3.3' | |
| - '2.3.4' | |
| - '2.3.5' | |
| - '2.3.6' | |
| - '2.3.7' | |
| - '2.3.8' | |
| - '2.3.9' | |
| - '2.3.10' | |
| # LibreSSL 2.4 | |
| - '2.4.2' | |
| - '2.4.3' | |
| - '2.4.4' | |
| - '2.4.5' | |
| # LibreSSL 2.5 | |
| - '2.5.3' | |
| - '2.5.4' | |
| - '2.5.5' | |
| # LibreSSL 2.6 | |
| - '2.6.3' | |
| - '2.6.4' | |
| - '2.6.5' | |
| # LibreSSL 2.7 | |
| - '2.7.2' | |
| - '2.7.3' | |
| - '2.7.4' | |
| - '2.7.5' | |
| # LibreSSL 2.8 | |
| - '2.8.2' | |
| - '2.8.3' | |
| # LibreSSL 2.9 | |
| - '2.9.2' | |
| # LibreSSL 3.0 | |
| - '3.0.2' | |
| # LibreSSL 3.1 | |
| - '3.1.1' | |
| - '3.1.2' | |
| - '3.1.3' | |
| - '3.1.4' | |
| - '3.1.5' | |
| # LibreSSL 3.2 | |
| - '3.2.2' | |
| - '3.2.3' | |
| - '3.2.4' | |
| - '3.2.5' | |
| - '3.2.6' | |
| - '3.2.7' | |
| # LibreSSL 3.3 | |
| - '3.3.3' | |
| - '3.3.4' | |
| - '3.3.5' | |
| - '3.3.6' | |
| # LibreSSL 3.4 | |
| - '3.4.1' | |
| - '3.4.2' | |
| - '3.4.3' | |
| # LibreSSL 3.5 | |
| - '3.5.2' | |
| - '3.5.3' | |
| - '3.5.4' | |
| # LibreSSL 3.6 | |
| - '3.6.1' | |
| - '3.6.2' | |
| - '3.6.3' | |
| # LibreSSL 3.7 | |
| - '3.7.2' | |
| - '3.7.3' | |
| # LibreSSL 3.8 | |
| - '3.8.2' | |
| steps: | |
| - name: Check out ci-libssl repository | |
| uses: actions/checkout@v3 | |
| - name: Restore cached LibreSSL source tarball | |
| uses: actions/cache@v3 | |
| with: | |
| path: libressl-${{ matrix.version }}.tar.gz | |
| key: libressl-${{ matrix.version }} | |
| - name: Download LibreSSL source tarball | |
| run: | | |
| if [ ! -f libressl-${{ matrix.version }}.tar.gz ]; then | |
| curl \ | |
| --fail \ | |
| -o libressl-${{ matrix.version }}.tar.gz \ | |
| https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${{ matrix.version }}.tar.gz | |
| fi | |
| - name: Extract LibreSSL source tarball | |
| run: | | |
| tar xf libressl-${{ matrix.version }}.tar.gz | |
| - name: Configure LibreSSL | |
| working-directory: libressl-${{ matrix.version }} | |
| run: | | |
| config_opts="" | |
| # Engine support was removed in LibreSSL 2.2.2 | |
| if echo ${{ matrix.version }} | grep -q '^2\.\([01]\|2\.[01]\)'; then | |
| config_opts="$config_opts --with-enginesdir=$HOME/libssl/lib/engines" | |
| fi | |
| # Don't install man pages | |
| sed -i -e '/^ac_config_files=/s#man/Makefile##' configure | |
| sed -i -e '/^SUBDIRS = /s/man//' Makefile.am | |
| sed -i -e '/^SUBDIRS = /s/man//' Makefile.in | |
| sed -i -e '/^DIST_SUBDIRS = /s/man//' Makefile.in | |
| rm -f man/Makefile.* | |
| if [ -f apps/openssl/Makefile.am ]; then | |
| sed -i -e '/dist_man_MANS = /s/openssl\.1//' apps/openssl/Makefile.am | |
| sed -i -e '/dist_man_MANS = /s/openssl\.1//' apps/openssl/Makefile.in | |
| fi | |
| # Don't build libtls | |
| sed -i -e '/^ac_config_files=/s#tls/Makefile##' configure | |
| sed -i -e '/^SUBDIRS = /s/tls//' Makefile.am | |
| sed -i -e '/^SUBDIRS = /s/tls//' Makefile.in | |
| rm -f tls/Makefile | |
| sed -i -e '/^ac_config_files=/s#libtls\.pc##' configure | |
| sed -i -e '/^pkgconfig_DATA = /s/libtls\.pc//' Makefile.am | |
| sed -i -e '/^pkgconfig_DATA = /s/libtls\.pc//' Makefile.in | |
| sed -i -e '/^include_HEADERS = /s/tls\.h//' include/Makefile.am | |
| sed -i -e '/^include_HEADERS = /s/tls\.h//' include/Makefile.in | |
| # Don't build the nc or ocspcheck apps (they use libtls) | |
| if [ -d apps/nc ]; then | |
| sed -i -e '/^ac_config_files=/s#apps/nc/Makefile##' configure | |
| sed -i -e '/^SUBDIRS = /s/nc//' apps/Makefile.am | |
| sed -i -e '/^SUBDIRS = /s/nc//' apps/Makefile.in | |
| rm -f apps/nc/Makefile.* | |
| fi | |
| if [ -d apps/ocspcheck ]; then | |
| sed -i -e '/^ac_config_files=/s#apps/ocspcheck/Makefile##' configure | |
| sed -i -e '/^SUBDIRS = /s/ocspcheck//' apps/Makefile.am | |
| sed -i -e '/^SUBDIRS = /s/ocspcheck//' apps/Makefile.in | |
| rm -f apps/nc/Makefile.* | |
| fi | |
| # Don't build tests (some of them rely on libtls) | |
| if echo ${{ matrix.version }} | grep -q '^\(2\|3\.0\)'; then | |
| sed -i -e '/^ac_config_files=/s#tests/Makefile##' configure | |
| sed -i -e '/^SUBDIRS = /s/tests//' Makefile.am | |
| sed -i -e '/^SUBDIRS = /s/tests//' Makefile.in | |
| rm -f tests/Makefile.* | |
| else | |
| config_opts="$config_opts --disable-tests" | |
| fi | |
| CFLAGS="-fPIC" \ | |
| ./configure \ | |
| --prefix=$HOME/libssl \ | |
| --enable-shared \ | |
| --disable-static \ | |
| --with-openssldir=$HOME/libssl \ | |
| $config_opts | |
| - name: Build LibreSSL | |
| working-directory: libressl-${{ matrix.version }} | |
| run: | | |
| make | |
| - name: Install LibreSSL | |
| working-directory: libressl-${{ matrix.version }} | |
| run: | | |
| make install | |
| # The default configuration file isn't installed by "make install" in | |
| # LibreSSL 2.1 and below, and LibreSSL 2.0 doesn't ship a default | |
| # configuration at all | |
| if [ ! -f $HOME/libssl/openssl.cnf ]; then | |
| if [ -f apps/openssl.cnf ]; then | |
| install -m0644 apps/openssl.cnf $HOME/libssl/openssl.cnf | |
| else | |
| cat > $HOME/libssl/openssl.cnf << ' EOF' | |
| [ req ] | |
| distinguished_name = req_distinguished_name | |
| attributes = req_attributes | |
| [ req_distinguished_name ] | |
| countryName = Country Name (2 letter code) | |
| countryName_min = 2 | |
| countryName_max = 2 | |
| stateOrProvinceName = State or Province Name (full name) | |
| localityName = Locality Name (eg, city) | |
| 0.organizationName = Organization Name (eg, company) | |
| organizationalUnitName = Organizational Unit Name (eg, section) | |
| commonName = Common Name (eg, fully qualified host name) | |
| commonName_max = 64 | |
| emailAddress = Email Address | |
| emailAddress_max = 64 | |
| [ req_attributes ] | |
| challengePassword = A challenge password | |
| challengePassword_min = 4 | |
| challengePassword_max = 20 | |
| EOF | |
| fi | |
| fi | |
| - name: Minify LibreSSL installation | |
| run: | | |
| ls -aslR $HOME/libssl | |
| du -sh $HOME/libssl | |
| echo ================================ | |
| cd $HOME/libssl | |
| # We don't need the static libraries | |
| rm -f $HOME/libssl/lib/*.a | |
| # We don't need the libtool files | |
| rm -f $HOME/libssl/lib/*.la | |
| cd | |
| ls -aslR $HOME/libssl | |
| du -sh $HOME/libssl | |
| - name: Create LibreSSL binary tarball | |
| id: tarball | |
| run: | | |
| cd $HOME | |
| tar \ | |
| --sort=name \ | |
| --owner=root:0 \ | |
| --group=root:0 \ | |
| --mtime='UTC 2020-01-01' \ | |
| -cJf libressl-${{ matrix.version }}.tar.xz \ | |
| libssl | |
| - name: Obtain GitHub App installation access token | |
| id: gh_app | |
| run: | | |
| token="$(npx obtain-github-app-installation-access-token ci ${{ secrets.GH_APP_CREDENTIALS_TOKEN }})" | |
| echo "::add-mask::$token" | |
| echo "token=$token" >> $GITHUB_OUTPUT | |
| - name: Create GitHub release for LibreSSL ${{ matrix.version }} | |
| id: release | |
| run: | | |
| release="$( \ | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| $GH_API_ROOT/releases/tags/libressl-${{ matrix.version }} \ | |
| || \ | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -X POST \ | |
| -d '{ | |
| "tag_name": "libressl-${{ matrix.version }}", | |
| "target_commitish": "${{ github.sha }}", | |
| "name": "LibreSSL ${{ matrix.version }}", | |
| "draft": false, | |
| "prerelease": false | |
| }' \ | |
| $GH_API_ROOT/releases \ | |
| )" | |
| release_id="$(echo "$release" | jq -r .id)" | |
| target_commit="$(echo "$release" | jq -r .target_commitish)" | |
| asset_id="$(echo "$release" | jq -r '[ .assets[] | select(.name == "libressl-${{ matrix.version }}-ubuntu-24.04.tar.xz") ] | first.id')" | |
| echo "release_id=$release_id" >> $GITHUB_OUTPUT | |
| echo "target_commit=$target_commit" >> $GITHUB_OUTPUT | |
| echo "asset_id=$asset_id" >> $GITHUB_OUTPUT | |
| - name: Update commit hash for libressl-${{ matrix.version }} tag | |
| run: | | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -X PATCH \ | |
| -d '{ | |
| "sha": "${{ github.sha }}", | |
| "force": true | |
| }' \ | |
| $GH_API_ROOT/git/refs/tags/libressl-${{ matrix.version }} | |
| if: ${{ github.sha != steps.release.outputs.target_commit }} | |
| - name: Update target commit hash for GitHub release | |
| run: | | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -X PATCH \ | |
| -d '{ | |
| "target_commitish": "${{ github.sha }}" | |
| }' \ | |
| $GH_API_ROOT/releases/${{ steps.release.outputs.release_id }} | |
| if: ${{ github.sha != steps.release.outputs.target_commit }} | |
| - name: Upload GitHub release asset | |
| run: | | |
| if [ "${{ steps.release.outputs.asset_id }}" != "null" ]; then | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -X DELETE \ | |
| $GH_API_ROOT/releases/assets/${{ steps.release.outputs.asset_id }} | |
| fi | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -H "Content-Type: application/x-xz" \ | |
| -X POST \ | |
| --data-binary "@$HOME/libressl-${{ matrix.version }}.tar.xz" \ | |
| $GH_UPLOAD_ROOT/releases/${{ steps.release.outputs.release_id }}/assets?name=libressl-${{ matrix.version }}-ubuntu-24.04.tar.xz | |
| openssl: | |
| name: OpenSSL ${{ matrix.version }} | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: | |
| # OpenSSL 0.9.8 | |
| - '0.9.8' | |
| - '0.9.8a' | |
| - '0.9.8b' | |
| - '0.9.8c' | |
| - '0.9.8d' | |
| - '0.9.8e' | |
| - '0.9.8f' | |
| - '0.9.8g' | |
| - '0.9.8h' | |
| - '0.9.8i' | |
| - '0.9.8j' | |
| - '0.9.8k' | |
| - '0.9.8l' | |
| - '0.9.8m' | |
| - '0.9.8n' | |
| - '0.9.8o' | |
| - '0.9.8p' | |
| - '0.9.8q' | |
| - '0.9.8r' | |
| - '0.9.8s' | |
| - '0.9.8t' | |
| - '0.9.8u' | |
| - '0.9.8v' | |
| - '0.9.8w' | |
| - '0.9.8x' | |
| - '0.9.8y' | |
| - '0.9.8za' | |
| - '0.9.8zb' | |
| - '0.9.8zc' | |
| - '0.9.8zd' | |
| - '0.9.8ze' | |
| - '0.9.8zf' | |
| - '0.9.8zg' | |
| - '0.9.8zh' | |
| # OpenSSL 1.0.0 | |
| - '1.0.0' | |
| - '1.0.0a' | |
| - '1.0.0b' | |
| - '1.0.0c' | |
| - '1.0.0d' | |
| - '1.0.0e' | |
| - '1.0.0f' | |
| - '1.0.0g' | |
| - '1.0.0h' | |
| - '1.0.0i' | |
| - '1.0.0j' | |
| - '1.0.0k' | |
| - '1.0.0l' | |
| - '1.0.0m' | |
| - '1.0.0n' | |
| - '1.0.0o' | |
| - '1.0.0p' | |
| - '1.0.0q' | |
| - '1.0.0r' | |
| - '1.0.0s' | |
| - '1.0.0t' | |
| # OpenSSL 1.0.1 | |
| - '1.0.1' | |
| - '1.0.1a' | |
| - '1.0.1b' | |
| - '1.0.1c' | |
| - '1.0.1d' | |
| - '1.0.1e' | |
| - '1.0.1f' | |
| - '1.0.1g' | |
| - '1.0.1h' | |
| - '1.0.1i' | |
| - '1.0.1j' | |
| - '1.0.1k' | |
| - '1.0.1l' | |
| - '1.0.1m' | |
| - '1.0.1n' | |
| - '1.0.1o' | |
| - '1.0.1p' | |
| - '1.0.1q' | |
| - '1.0.1r' | |
| - '1.0.1s' | |
| - '1.0.1t' | |
| - '1.0.1u' | |
| # OpenSSL 1.0.2 | |
| - '1.0.2' | |
| - '1.0.2a' | |
| - '1.0.2b' | |
| - '1.0.2c' | |
| - '1.0.2d' | |
| - '1.0.2e' | |
| - '1.0.2f' | |
| - '1.0.2g' | |
| - '1.0.2h' | |
| - '1.0.2i' | |
| - '1.0.2j' | |
| - '1.0.2k' | |
| - '1.0.2l' | |
| - '1.0.2m' | |
| - '1.0.2n' | |
| - '1.0.2o' | |
| - '1.0.2p' | |
| - '1.0.2q' | |
| - '1.0.2r' | |
| - '1.0.2s' | |
| - '1.0.2t' | |
| - '1.0.2u' | |
| # OpenSSL 1.1.0 | |
| - '1.1.0' | |
| - '1.1.0a' | |
| - '1.1.0b' | |
| - '1.1.0c' | |
| - '1.1.0d' | |
| - '1.1.0e' | |
| - '1.1.0f' | |
| - '1.1.0g' | |
| - '1.1.0h' | |
| - '1.1.0i' | |
| - '1.1.0j' | |
| - '1.1.0k' | |
| - '1.1.0l' | |
| # OpenSSL 1.1.1 | |
| - '1.1.1' | |
| - '1.1.1a' | |
| - '1.1.1b' | |
| - '1.1.1c' | |
| - '1.1.1d' | |
| - '1.1.1e' | |
| - '1.1.1f' | |
| - '1.1.1g' | |
| - '1.1.1h' | |
| - '1.1.1i' | |
| - '1.1.1j' | |
| - '1.1.1k' | |
| - '1.1.1l' | |
| - '1.1.1m' | |
| - '1.1.1n' | |
| - '1.1.1o' | |
| - '1.1.1p' | |
| - '1.1.1q' | |
| # 1.1.1r was withdrawn | |
| - '1.1.1s' | |
| - '1.1.1t' | |
| - '1.1.1u' | |
| - '1.1.1v' | |
| - '1.1.1w' | |
| # OpenSSL 3.0 | |
| - '3.0.0' | |
| - '3.0.1' | |
| - '3.0.2' | |
| - '3.0.3' | |
| - '3.0.4' | |
| - '3.0.5' | |
| # 3.0.6 was withdrawn | |
| - '3.0.7' | |
| - '3.0.8' | |
| - '3.0.9' | |
| - '3.0.10' | |
| - '3.0.11' | |
| - '3.0.12' | |
| # OpenSSL 3.1 | |
| - '3.1.0' | |
| - '3.1.1' | |
| - '3.1.2' | |
| - '3.1.3' | |
| - '3.1.4' | |
| # OpenSSL 3.2 | |
| - '3.2.0' | |
| steps: | |
| - name: Check out ci-libssl repository | |
| uses: actions/checkout@v3 | |
| - name: Restore cached OpenSSL source tarball | |
| uses: actions/cache@v3 | |
| with: | |
| path: openssl-${{ matrix.version }}.tar.gz | |
| key: openssl-${{ matrix.version }} | |
| - name: Download OpenSSL source tarball | |
| run: | | |
| if [ ! -f openssl-${{ matrix.version }}.tar.gz ]; then | |
| case "${{ matrix.version }}" in | |
| 3.*) | |
| tag="openssl-${{ matrix.version }}" | |
| ;; | |
| *) | |
| tag="OpenSSL_$(echo "${{ matrix.version }} | tr . _)" | |
| ;; | |
| esac | |
| curl \ | |
| --fail \ | |
| -o openssl-${{ matrix.version }}.tar.gz \ | |
| https://github.com/openssl/openssl/releases/download/$tag/openssl-${{ matrix.version }}.tar.gz | |
| fi | |
| - name: Extract OpenSSL source tarball | |
| run: | | |
| tar xf openssl-${{ matrix.version }}.tar.gz | |
| - name: Configure OpenSSL | |
| working-directory: openssl-${{ matrix.version }} | |
| run: | | |
| config_opts="" | |
| # OpenSSL 1.0.0 and above install libraries to PREFIX/lib64 on x86_64 | |
| # by default - install them to PREFIX/lib for consistency with OpenSSL | |
| # 0.9.8 | |
| if echo ${{ matrix.version }} | grep -qv '^0'; then | |
| config_opts="$config_opts --libdir=lib" | |
| fi | |
| # ASM has all kinds of problems on x86_64 in OpenSSL 0.9.8 and 1.0.0 | |
| if echo ${{ matrix.version }} | grep -q '^\(0\.9\.8\|1\.0\.0\)'; then | |
| config_opts="$config_opts no-asm" | |
| sed -i -e 's/^\(my \$no_asm\)=0;/\1=1;/' Configure | |
| fi | |
| # 1.1.0c and above don't add RPATH to OpenSSL binary when non-standard | |
| # prefix is in use (https://github.com/openssl/openssl/issues/1740) - | |
| # add it explicitly | |
| if echo ${{ matrix.version }} | grep -q '^\(1\.1\.0[c-l]\|1\.1\.1\|3\)'; then | |
| config_opts="$config_opts -Wl,--enable-new-dtags,-rpath,\$(LIBRPATH)" | |
| fi | |
| # glob() has been replaced with bsd_glob() in File::Glob | |
| if echo ${{ matrix.version }} | grep -q '^1\.1'; then | |
| for i in Configure test/build.info util/process_docs.pl; do | |
| sed -i -e "s#'File::Glob' => qw/glob/#'File::Glob' => qw/bsd_glob/#g" $i | |
| done | |
| fi | |
| ./config \ | |
| --prefix=$HOME/libssl \ | |
| --openssldir=$HOME/libssl \ | |
| -Wa,--noexecstack \ | |
| -fPIC \ | |
| enable-shared \ | |
| $config_opts | |
| - name: Build OpenSSL | |
| working-directory: openssl-${{ matrix.version }} | |
| run: | | |
| make depend || true | |
| make | |
| - name: Install OpenSSL | |
| working-directory: openssl-${{ matrix.version }} | |
| run: | | |
| make install_sw | |
| make install_ssldirs || true | |
| - name: Minify OpenSSL installation | |
| run: | | |
| ls -aslR $HOME/libssl | |
| du -sh $HOME/libssl | |
| echo ================================ | |
| cd $HOME/libssl | |
| # Don't keep unnecessary engines | |
| for i in 4758cca aep atalla capi chil cswift gmp gost loader_attic nuron padlock sureware ubsec; do | |
| if echo ${{ matrix.version }} | grep -q '^3\.'; then | |
| rm -f $HOME/libssl/lib/engines-3/$i.so | |
| elif echo ${{ matrix.version }} | grep -q '^1\.1'; then | |
| rm -f $HOME/libssl/lib/engines-1.1/$i.so | |
| else | |
| rm -f $HOME/libssl/lib/engines/lib$i.so | |
| fi | |
| done | |
| # These utilities aren't necessary for testing Net-SSLeay | |
| rm -f $HOME/libssl/bin/c_rehash | |
| rm -rf $HOME/libssl/misc | |
| # We don't need the static libraries | |
| rm -f $HOME/libssl/lib/*.a | |
| cd | |
| ls -aslR $HOME/libssl | |
| du -sh $HOME/libssl | |
| - name: Create OpenSSL binary tarball | |
| id: tarball | |
| run: | | |
| cd $HOME | |
| tar \ | |
| --sort=name \ | |
| --owner=root:0 \ | |
| --group=root:0 \ | |
| --mtime='UTC 2020-01-01' \ | |
| -cJf openssl-${{ matrix.version }}.tar.xz \ | |
| libssl | |
| - name: Obtain GitHub App installation access token | |
| id: gh_app | |
| run: | | |
| token="$(npx obtain-github-app-installation-access-token ci ${{ secrets.GH_APP_CREDENTIALS_TOKEN }})" | |
| echo "::add-mask::$token" | |
| echo "token=$token" >> $GITHUB_OUTPUT | |
| - name: Create GitHub release for OpenSSL ${{ matrix.version }} | |
| id: release | |
| run: | | |
| release="$( \ | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| $GH_API_ROOT/releases/tags/openssl-${{ matrix.version }} \ | |
| || \ | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -X POST \ | |
| -d '{ | |
| "tag_name": "openssl-${{ matrix.version }}", | |
| "target_commitish": "${{ github.sha }}", | |
| "name": "OpenSSL ${{ matrix.version }}", | |
| "draft": false, | |
| "prerelease": false | |
| }' \ | |
| $GH_API_ROOT/releases \ | |
| )" | |
| release_id="$(echo "$release" | jq -r .id)" | |
| target_commit="$(echo "$release" | jq -r .target_commitish)" | |
| asset_id="$(echo "$release" | jq -r '[ .assets[] | select(.name == "openssl-${{ matrix.version }}-ubuntu-24.04.tar.xz") ] | first.id')" | |
| echo "release_id=$release_id" >> $GITHUB_OUTPUT | |
| echo "target_commit=$target_commit" >> $GITHUB_OUTPUT | |
| echo "asset_id=$asset_id" >> $GITHUB_OUTPUT | |
| - name: Update commit hash for openssl-${{ matrix.version }} tag | |
| run: | | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -X PATCH \ | |
| -d '{ | |
| "sha": "${{ github.sha }}", | |
| "force": true | |
| }' \ | |
| $GH_API_ROOT/git/refs/tags/openssl-${{ matrix.version }} | |
| if: ${{ github.sha != steps.release.outputs.target_commit }} | |
| - name: Update target commit hash for GitHub release | |
| run: | | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -X PATCH \ | |
| -d '{ | |
| "target_commitish": "${{ github.sha }}" | |
| }' \ | |
| $GH_API_ROOT/releases/${{ steps.release.outputs.release_id }} | |
| if: ${{ github.sha != steps.release.outputs.target_commit }} | |
| - name: Upload GitHub release asset | |
| run: | | |
| if [ "${{ steps.release.outputs.asset_id }}" != "null" ]; then | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -X DELETE \ | |
| $GH_API_ROOT/releases/assets/${{ steps.release.outputs.asset_id }} | |
| fi | |
| curl \ | |
| --fail \ | |
| -H "Authorization: Bearer ${{ steps.gh_app.outputs.token }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -H "Content-Type: application/x-xz" \ | |
| -X POST \ | |
| --data-binary "@$HOME/openssl-${{ matrix.version }}.tar.xz" \ | |
| $GH_UPLOAD_ROOT/releases/${{ steps.release.outputs.release_id }}/assets?name=openssl-${{ matrix.version }}-ubuntu-24.04.tar.xz |