CMake improvements (add TPM module choice) - sync to configure #821
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: WolfTPM Build Tests | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Defaults (applied when not specified in matrix entries): | |
| # wolfssl_config: --enable-wolftpm --enable-pkcallbacks | |
| # wolfssl_cflags: "" | |
| # wolfssl_ref: master | |
| # wolftpm_config: --enable-swtpm | |
| # wolftpm_cflags: "" | |
| # test_command: "true" | |
| # needs_swtpm: true | |
| # needs_mono: false | |
| # needs_dist: false | |
| # needs_install: false | |
| # csharp_test: false | |
| # wolftpm_cc: "" | |
| include: | |
| # Default build with simulator | |
| - name: default | |
| test_command: "make check && WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh" | |
| needs_dist: true | |
| needs_install: true | |
| # CSharp wrapper tests | |
| - name: csharp | |
| test_command: "true" | |
| needs_mono: true | |
| needs_install: true | |
| csharp_test: true | |
| # No wolfCrypt | |
| - name: no-wolfcrypt | |
| wolftpm_config: --enable-swtpm --disable-wolfcrypt | |
| test_command: "make check && WOLFSSL_PATH=./wolfssl WOLFCRYPT_ENABLE=0 ./examples/run_examples.sh" | |
| # No wrapper | |
| - name: no-wrapper | |
| wolftpm_config: --enable-swtpm --disable-wrapper | |
| test_command: "./examples/native/native_test" | |
| # Small stack | |
| - name: smallstack | |
| wolftpm_config: --enable-swtpm --enable-smallstack | |
| test_command: "make check && WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh" | |
| # Infineon SLB9670 | |
| - name: slb9670 | |
| wolftpm_config: --enable-infineon=slb9670 | |
| # Infineon SLB9672 | |
| - name: slb9672 | |
| wolftpm_config: --enable-infineon=slb9672 | |
| # Infineon SLB9673 | |
| - name: slb9673 | |
| wolftpm_config: --enable-infineon=slb9673 --enable-i2c | |
| # STMicro ST33KTPM2 | |
| - name: st33ktpm2 | |
| wolftpm_config: --enable-st33 | |
| # Microchip | |
| - name: microchip | |
| wolftpm_config: --enable-microchip | |
| # Nuvoton | |
| - name: nuvoton | |
| wolftpm_config: --enable-nuvoton | |
| # TIS lock | |
| - name: tislock | |
| wolftpm_config: --enable-tislock | |
| needs_swtpm: false | |
| # Debug | |
| - name: debug | |
| wolftpm_config: --enable-debug | |
| needs_swtpm: false | |
| # Debug verbose | |
| - name: debug-verbose | |
| wolftpm_config: --enable-debug=verbose | |
| needs_swtpm: false | |
| # Debug IO | |
| - name: debug-io | |
| wolftpm_config: --enable-debug=io | |
| wolftpm_cflags: "-DWOLFTPM_DEBUG_TIMEOUT" | |
| needs_swtpm: false | |
| # AdvIO | |
| - name: advio | |
| wolftpm_config: --enable-advio | |
| needs_swtpm: false | |
| # Clang ASAN | |
| - name: clang-asan | |
| wolftpm_cflags: "-fsanitize=address -fno-omit-frame-pointer -g" | |
| wolftpm_cc: clang | |
| test_command: "make check && ASAN_OPTIONS=detect_leaks=1:abort_on_error=1 WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh" | |
| # Pedantic | |
| - name: pedantic | |
| wolftpm_config: "" | |
| wolftpm_cflags: "-Wpedantic" | |
| needs_swtpm: false | |
| # Not provisioning | |
| - name: no-provisioning | |
| wolftpm_config: --disable-provisioning | |
| needs_swtpm: false | |
| # Symmetric encryption | |
| - name: symmetric | |
| wolftpm_cflags: "-DWOLFTPM_USE_SYMMETRIC" | |
| test_command: "make check && WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh" | |
| # Software ECDHE | |
| - name: swecdhe | |
| wolftpm_cflags: "-DWOLFTPM2_USE_SW_ECDHE" | |
| test_command: "make check && WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh" | |
| # No ECC | |
| - name: no-ecc | |
| wolfssl_config: --enable-wolftpm --disable-ecc | |
| test_command: "make check && WOLFSSL_PATH=./wolfssl WOLFCRYPT_ECC=0 ./examples/run_examples.sh" | |
| needs_install: true | |
| # No RSA | |
| - name: no-rsa | |
| wolfssl_config: --enable-wolftpm --disable-rsa | |
| test_command: "make check && WOLFSSL_PATH=./wolfssl WOLFCRYPT_RSA=0 ./examples/run_examples.sh" | |
| needs_install: true | |
| # Default configure (no AES CFB, no PKCS7, no crypto cb, no cert gen) | |
| - name: default-configure | |
| wolfssl_config: "" | |
| wolfssl_cflags: "-DWOLFSSL_PUBLIC_MP" | |
| test_command: "make check && WOLFSSL_PATH=./wolfssl WOLFCRYPT_DEFAULT=1 ./examples/run_examples.sh" | |
| needs_install: true | |
| # No filesystem | |
| - name: no-filesystem | |
| wolfssl_config: --enable-wolftpm --disable-filesystem --enable-singlethreaded | |
| test_command: "make check && WOLFSSL_PATH=./wolfssl NO_FILESYSTEM=1 ./examples/run_examples.sh" | |
| needs_install: true | |
| # Old wolfSSL (v4.7.0) | |
| # Builds latest wolfSSL for examples/client/client and examples/server/server | |
| # Builds old wolfSSL (v4.7.0) for linking wolfTPM against older shared library | |
| - name: old-wolfssl | |
| test_command: "make check && WOLFSSL_PATH=./wolfssl NO_PUBASPRIV=1 ./examples/run_examples.sh" | |
| needs_install: true | |
| steps: | |
| - name: Checkout wolfTPM | |
| uses: actions/checkout@master | |
| - name: Checkout wolfSSL | |
| uses: actions/checkout@master | |
| with: | |
| repository: wolfssl/wolfssl | |
| path: wolfssl | |
| ref: ${{ matrix.wolfssl_ref || 'master' }} | |
| - name: Setup wolfSSL | |
| working-directory: ./wolfssl | |
| run: | | |
| ./autogen.sh | |
| WOLFSSL_CONFIG="${{ matrix.wolfssl_config || '--enable-wolftpm --enable-pkcallbacks' }}" | |
| WOLFSSL_CFLAGS="${{ matrix.wolfssl_cflags || '' }}" | |
| if [ -n "$WOLFSSL_CFLAGS" ]; then | |
| ./configure $WOLFSSL_CONFIG CFLAGS="$WOLFSSL_CFLAGS" | |
| else | |
| ./configure $WOLFSSL_CONFIG | |
| fi | |
| make | |
| sudo make install | |
| sudo ldconfig | |
| # For old-wolfssl test: checkout and build old wolfSSL for linking | |
| - name: Checkout old wolfSSL | |
| if: matrix.name == 'old-wolfssl' | |
| uses: actions/checkout@master | |
| with: | |
| repository: wolfssl/wolfssl | |
| path: wolfssl-old | |
| ref: v4.7.0-stable | |
| - name: Apply wolfssl-v4.7.0.patch to old wolfSSL | |
| if: matrix.name == 'old-wolfssl' | |
| working-directory: ./wolfssl-old | |
| run: | | |
| git apply ../.github/workflows/wolfssl-v4.7.0.patch | |
| - name: Setup old wolfSSL for linking | |
| if: matrix.name == 'old-wolfssl' | |
| working-directory: ./wolfssl-old | |
| run: | | |
| ./autogen.sh | |
| ./configure --enable-wolftpm --disable-examples CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_TEST_CERT -DWOLFSSL_KEY_GEN -DNO_WRITEV" | |
| make | |
| sudo make install | |
| sudo ldconfig | |
| - name: Setup ibmswtpm2 | |
| if: matrix.needs_swtpm == true || matrix.needs_swtpm == null | |
| uses: actions/checkout@master | |
| with: | |
| repository: kgoldman/ibmswtpm2 | |
| path: ibmswtpm2 | |
| - name: Generate TPM port | |
| if: matrix.needs_swtpm == true || matrix.needs_swtpm == null | |
| run: | | |
| # Generate deterministic port from matrix name (base 40000, spacing 2 for port+1) | |
| MATRIX_HASH=$(echo -n "${{ matrix.name }}" | cksum | cut -d' ' -f1) | |
| TPM_PORT=$((40000 + (MATRIX_HASH % 1000) * 2)) | |
| echo "TPM_PORT=$TPM_PORT" >> $GITHUB_ENV | |
| echo "TPM2_SWTPM_PORT=$TPM_PORT" >> $GITHUB_ENV | |
| echo "Generated TPM port: $TPM_PORT (matrix: ${{ matrix.name }})" | |
| - name: Start TPM simulator | |
| if: matrix.needs_swtpm == true || matrix.needs_swtpm == null | |
| working-directory: ./ibmswtpm2/src | |
| run: | | |
| make | |
| echo "Starting TPM simulator on port $TPM_PORT" | |
| ./tpm_server -port $TPM_PORT & | |
| - name: Install mono | |
| if: matrix.needs_mono == true | |
| run: | | |
| sudo apt-get install -y mono-mcs mono-tools-devel nunit nunit-console | |
| - name: Build wolfTPM | |
| run: | | |
| ./autogen.sh | |
| WOLFTPM_CONFIG="${{ matrix.wolftpm_config || '--enable-swtpm' }}" | |
| WOLFTPM_CFLAGS="${{ matrix.wolftpm_cflags || '' }}" | |
| WOLFTPM_CC="${{ matrix.wolftpm_cc || '' }}" | |
| # Add TPM port to configure if SWTPM is needed | |
| if [ -n "$TPM_PORT" ]; then | |
| WOLFTPM_CONFIG="$WOLFTPM_CONFIG --with-swtpm-port=$TPM_PORT" | |
| fi | |
| if [ -n "$WOLFTPM_CC" ]; then | |
| if [ -n "$WOLFTPM_CFLAGS" ]; then | |
| CC="$WOLFTPM_CC" ./configure $WOLFTPM_CONFIG CFLAGS="$WOLFTPM_CFLAGS" | |
| else | |
| CC="$WOLFTPM_CC" ./configure $WOLFTPM_CONFIG | |
| fi | |
| else | |
| if [ -n "$WOLFTPM_CFLAGS" ]; then | |
| ./configure $WOLFTPM_CONFIG CFLAGS="$WOLFTPM_CFLAGS" | |
| else | |
| ./configure $WOLFTPM_CONFIG | |
| fi | |
| fi | |
| make | |
| - name: Run tests | |
| if: matrix.test_command && matrix.test_command != 'true' | |
| run: ${{ matrix.test_command }} | |
| - name: Install | |
| if: matrix.needs_install == true | |
| run: | | |
| sudo make install | |
| sudo ldconfig | |
| - name: Build CSharp wrapper | |
| if: matrix.csharp_test == true | |
| working-directory: ./wrapper/CSharp | |
| run: | | |
| mcs wolfTPM.cs wolfTPM-tests.cs -r:/usr/lib/cli/nunit.framework-2.6.3/nunit.framework.dll -t:library | |
| LD_LIBRARY_PATH=../../src/.libs/:../../wolfssl/src/.libs/ nunit-console wolfTPM.dll -run=tpm_csharp_test.WolfTPMTest.TrySelfTest | |
| LD_LIBRARY_PATH=../../src/.libs/:../../wolfssl/src/.libs/ nunit-console wolfTPM.dll | |
| - name: Make dist | |
| if: matrix.needs_dist == true | |
| run: | | |
| make dist | |
| make distcheck | |
| - name: Upload failure logs | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: wolftpm-test-logs-${{ matrix.name }} | |
| path: | | |
| run.out | |
| test-suite.log | |
| wolftpm-*/_build/sub/test-suite.log | |
| retention-days: 5 |