Skip to content

Add true zero-allocation X.509 certificate verification under WOLFSSL_NO_MALLOC #2337

Add true zero-allocation X.509 certificate verification under WOLFSSL_NO_MALLOC

Add true zero-allocation X.509 certificate verification under WOLFSSL_NO_MALLOC #2337

Workflow file for this run

name: SE050 simulator test
# START OF COMMON SECTION
on:
push:
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
# Weekend cron and manual workflow_dispatch refresh the shared ghcr build
# cache that PR runs read (cache-to below is gated to those two events).
schedule:
- cron: '15 6 * * 6'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
permissions:
contents: read
packages: write
# Build the SE050 software simulator (https://github.com/wolfSSL/simulators,
# SE050Sim/ subdirectory), build wolfSSL against its NXP Plug&Trust SDK +
# simulator bridge, and run the wolfCrypt SE050 test binary against the
# simulator TCP server.
#
# The simulator's own Dockerfile (Dockerfile.wolfcrypt) clones wolfSSL master.
# We patch it to COPY the PR checkout instead so CI reflects the PR's source.
env:
SIMULATORS_REF: 745893640e21a15b7df8c70567c522953aba2f2c
jobs:
se050_sim:
name: wolfCrypt against SE050 simulator
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 30
steps:
- name: Checkout wolfSSL (PR source)
uses: actions/checkout@v5
with:
path: wolfssl-src
- name: Clone SE050 simulator
run: |
git clone https://github.com/wolfSSL/simulators simulators
cd simulators && git checkout "$SIMULATORS_REF"
- name: Stage PR wolfSSL into simulator build context
run: mv wolfssl-src simulators/SE050Sim/wolfssl
- name: Patch Dockerfile to use PR wolfSSL instead of upstream master
working-directory: simulators/SE050Sim
run: |
sed -i 's|^RUN git clone --depth 1 https://github.com/wolfSSL/wolfssl.git /app/wolfssl$|COPY wolfssl /app/wolfssl|' Dockerfile.wolfcrypt
# Fail fast if the pattern drifted upstream -- better a clear error
# than a CI run that silently tests master.
grep -q '^COPY wolfssl /app/wolfssl$' Dockerfile.wolfcrypt
! grep -q 'git clone .*wolfssl\.git' Dockerfile.wolfcrypt
- uses: docker/setup-buildx-action@v4
- name: Log in to ghcr (cache refresh on cron/manual dispatch)
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
- name: Build wolfCrypt-SE050 test image
uses: docker/build-push-action@v7
with:
context: simulators/SE050Sim
file: simulators/SE050Sim/Dockerfile.wolfcrypt
push: false
load: true
tags: wolfssl-se050-sim:ci
cache-from: type=registry,ref=ghcr.io/wolfssl/wolfssl-sim-cache:se050
cache-to: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && 'type=registry,ref=ghcr.io/wolfssl/wolfssl-sim-cache:se050,mode=max' || '' }}
- name: Run wolfCrypt tests against simulator
run: docker run --rm wolfssl-se050-sim:ci