Add true zero-allocation X.509 certificate verification under WOLFSSL_NO_MALLOC #2337
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SE050 simulator test | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'release/**' ] | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| branches: [ '*' ] | |
| # Weekend cron and manual workflow_dispatch refresh the shared ghcr build | |
| # cache that PR runs read (cache-to below is gated to those two events). | |
| schedule: | |
| - cron: '15 6 * * 6' | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| permissions: | |
| contents: read | |
| packages: write | |
| # Build the SE050 software simulator (https://github.com/wolfSSL/simulators, | |
| # SE050Sim/ subdirectory), build wolfSSL against its NXP Plug&Trust SDK + | |
| # simulator bridge, and run the wolfCrypt SE050 test binary against the | |
| # simulator TCP server. | |
| # | |
| # The simulator's own Dockerfile (Dockerfile.wolfcrypt) clones wolfSSL master. | |
| # We patch it to COPY the PR checkout instead so CI reflects the PR's source. | |
| env: | |
| SIMULATORS_REF: 745893640e21a15b7df8c70567c522953aba2f2c | |
| jobs: | |
| se050_sim: | |
| name: wolfCrypt against SE050 simulator | |
| if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }} | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout wolfSSL (PR source) | |
| uses: actions/checkout@v5 | |
| with: | |
| path: wolfssl-src | |
| - name: Clone SE050 simulator | |
| run: | | |
| git clone https://github.com/wolfSSL/simulators simulators | |
| cd simulators && git checkout "$SIMULATORS_REF" | |
| - name: Stage PR wolfSSL into simulator build context | |
| run: mv wolfssl-src simulators/SE050Sim/wolfssl | |
| - name: Patch Dockerfile to use PR wolfSSL instead of upstream master | |
| working-directory: simulators/SE050Sim | |
| run: | | |
| sed -i 's|^RUN git clone --depth 1 https://github.com/wolfSSL/wolfssl.git /app/wolfssl$|COPY wolfssl /app/wolfssl|' Dockerfile.wolfcrypt | |
| # Fail fast if the pattern drifted upstream -- better a clear error | |
| # than a CI run that silently tests master. | |
| grep -q '^COPY wolfssl /app/wolfssl$' Dockerfile.wolfcrypt | |
| ! grep -q 'git clone .*wolfssl\.git' Dockerfile.wolfcrypt | |
| - uses: docker/setup-buildx-action@v4 | |
| - name: Log in to ghcr (cache refresh on cron/manual dispatch) | |
| if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin | |
| - name: Build wolfCrypt-SE050 test image | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: simulators/SE050Sim | |
| file: simulators/SE050Sim/Dockerfile.wolfcrypt | |
| push: false | |
| load: true | |
| tags: wolfssl-se050-sim:ci | |
| cache-from: type=registry,ref=ghcr.io/wolfssl/wolfssl-sim-cache:se050 | |
| cache-to: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && 'type=registry,ref=ghcr.io/wolfssl/wolfssl-sim-cache:se050,mode=max' || '' }} | |
| - name: Run wolfCrypt tests against simulator | |
| run: docker run --rm wolfssl-se050-sim:ci |