Improve user settings detection #325
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: wolfBoot as Library test | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| jobs: | |
| test-lib: | |
| # If jobs cancel, consider pinning to ubuntu-24.04 | |
| # The ubuntu-latest alias can point to different images during migrations (and sometimes be extra busy), | |
| # while ubuntu-24.04 always targets the 24.04 pool | |
| runs-on: ubuntu-latest | |
| # The timeout is run time after a runner starts, not time in queue | |
| timeout-minutes: 15 | |
| strategy: | |
| fail-fast: false | |
| # Limit concurrent jobs for scheduling problem on GitHub's hosted runner pool. | |
| max-parallel: 12 | |
| matrix: | |
| math: | |
| - "SPMATH=1 WOLFBOOT_SMALL_STACK=0" | |
| - "SPMATH=1 WOLFBOOT_SMALL_STACK=1" | |
| - "SPMATHALL=1 WOLFBOOT_SMALL_STACK=0" | |
| - "SPMATHALL=1 WOLFBOOT_SMALL_STACK=1" | |
| - "SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=0" | |
| - "SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=1" | |
| asym: [ed25519, ecc256, ecc384, ecc521, rsa2048, rsa3072, rsa4096, ed448] | |
| hash: [sha256, sha384, sha3] | |
| # See https://github.com/wolfSSL/wolfBoot/issues/614 regarding exclusions: | |
| exclude: | |
| - math: "SPMATH=1 WOLFBOOT_SMALL_STACK=1" | |
| - math: "SPMATHALL=1 WOLFBOOT_SMALL_STACK=1" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: make clean | |
| run: | | |
| make keysclean && make -C tools/keytools clean && rm -f include/target.h | |
| - name: Build test-lib | |
| env: | |
| shell: bash | |
| ASYM: ${{ matrix.asym }} | |
| HASH: ${{ matrix.hash }} | |
| MATH: ${{ matrix.math }} | |
| run: | | |
| # Sample build | |
| build_once() { | |
| # Convert asym and hash to upper case, optionally add additional param | |
| make -j test-lib SIGN=${ASYM^^} HASH=${HASH^^} ${MATH} "$@" | |
| } | |
| set -euo pipefail | |
| # Get the reference config | |
| cp config/examples/library.config .config | |
| # Keytools | |
| make keytools | |
| ./tools/keytools/keygen --${ASYM} -g wolfboot_signing_private_key.der | |
| # Sign | |
| echo "Test" > test.bin | |
| ./tools/keytools/sign --${ASYM} --${HASH} test.bin wolfboot_signing_private_key.der 1 | |
| # First attempt | |
| if build_once >build.out 2>build.err; then | |
| echo "Success on first attempt, WOLFBOOT_HUGE_STACK not applied." | |
| exit 0 | |
| fi | |
| # If it failed due to the TFM huge stack guard, retry with the flag | |
| if grep -Fq 'If this is OK, please compile with WOLFBOOT_HUGE_STACK=1' build.err; then | |
| echo "Retrying with WOLFBOOT_HUGE_STACK=1 due to stack requirement error." | |
| # Always print the entire message | |
| grep -Fn 'If this is OK, please compile with WOLFBOOT_HUGE_STACK=1' build.err || true | |
| # Try again with huge stack allowed | |
| build_once WOLFBOOT_HUGE_STACK=1 | |
| else | |
| echo "Build failed for another reason:" | |
| cat build.err | |
| exit 1 | |
| fi | |
| - name: Run test-lib | |
| run: | | |
| ./test-lib test_v1_signed.bin | |
| ./test-lib test_v1_signed.bin 2>&1 | grep "Firmware Valid" | |
| - name: Run test-lib (expect failure) | |
| run: | | |
| # Corrupt signed binary | |
| truncate -s -1 test_v1_signed.bin | |
| echo "A" >> test_v1_signed.bin | |
| ./test-lib test_v1_signed.bin | |
| ./test-lib test_v1_signed.bin 2>&1 | grep "Failure" |