Enhance Side Channel resistance of TPM2 RSA Decryption Wrapper #6262
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# (C) 2020,2022 Jack Lloyd | |
# (C) 2022 René Meusel, Rohde & Schwarz Cybersecurity | |
# | |
# Botan is released under the Simplified BSD License (see license.txt) | |
name: ci | |
permissions: | |
contents: read | |
# implicitly all other scopes not listed become none | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
# cancel running workflows when new commits are being pushed in pull requests | |
# but not on the master branch | |
concurrency: | |
group: ${{ github.workflow }} @ ${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
windows: | |
name: "Windows" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: shared | |
arch: x86_64 | |
host_os: windows-2022 | |
- target: static | |
arch: x86_64 | |
host_os: windows-2022 | |
- target: amalgamation | |
arch: x86_64 | |
host_os: windows-2022 | |
- target: shared | |
arch: x86 | |
host_os: windows-2022 | |
runs-on: ${{ matrix.host_os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Read Repository Configuration | |
uses: ./.github/actions/read-repo-config | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-msvc-${{ matrix.arch }}-${{ matrix.target }} | |
arch: ${{ matrix.arch }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='msvc' --make-tool='ninja' --cpu='${{ matrix.arch }}' --test-results-dir=junit_results ${{ matrix.target }} | |
linux: | |
name: "Linux" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- compiler: gcc | |
target: shared | |
- compiler: gcc | |
target: amalgamation | |
- compiler: gcc | |
target: static | |
- compiler: clang | |
target: shared | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Read Repository Configuration | |
uses: ./.github/actions/read-repo-config | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: linux-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --test-results-dir=junit_results ${{ matrix.target }} | |
macos: | |
name: "macOS" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: shared | |
compiler: xcode | |
os: macos-13 | |
- target: amalgamation | |
compiler: xcode | |
os: macos-13 | |
- target: shared | |
compiler: xcode | |
os: macos-14 # uses Apple Silicon | |
- target: amalgamation | |
compiler: xcode | |
os: macos-14 # uses Apple Silicon | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Read Repository Configuration | |
uses: ./.github/actions/read-repo-config | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: macos-${{ matrix.compiler }}-${{ matrix.os }}-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --test-results-dir=junit_results ${{ matrix.target }} | |
clang-tidy: | |
name: "Clang Tidy" | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Read Repository Configuration | |
uses: ./.github/actions/read-repo-config | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: clang-tidy | |
cache-key: linux-x86_64-clang-tidy | |
- name: Configure Build | |
run: python3 ./configure.py --cc=clang --build-targets=shared,cli,tests,examples,bogo_shim --build-fuzzers=test --with-boost --with-sqlite --with-zlib --with-lzma --with-bzip2 --with-tpm2 | |
- name: Run Clang Tidy | |
run: | | |
./src/scripts/ci/gh_get_changes_in_pr.py $(git rev-parse HEAD) --api-token=${{ secrets.GITHUB_TOKEN }} | \ | |
python3 ./src/scripts/dev_tools/run_clang_tidy.py --verbose --take-file-list-from-stdin --export-fixes-dir=clang_tidy_diagnostics | |
- name: Display Clang Tidy Results | |
if: failure() | |
run: ./src/scripts/ci/gh_clang_tidy_fixes_in_pr.py clang_tidy_diagnostics | |
analysis: | |
name: "Analysis" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: coverage | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: sanitizer | |
compiler: clang | |
host_os: ubuntu-24.04 | |
- target: valgrind | |
compiler: clang | |
host_os: ubuntu-24.04 | |
- target: fuzzers | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: lint | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: format | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: limbo | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
runs-on: ${{ matrix.host_os }} | |
env: | |
COVERALLS_REPO_TOKEN: pbLoTMBxC1DFvbws9WfrzVOvfEdEZTcCS | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: ./source | |
- name: Read Repository Configuration | |
uses: ./source/.github/actions/read-repo-config | |
- name: Fetch BoringSSL fork for BoGo tests | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ env.BORINGSSL_REPO }} | |
ref: ${{ env.BORINGSSL_BRANCH }} | |
path: ./boringssl | |
if: matrix.target == 'coverage' || matrix.target == 'sanitizer' | |
- name: Setup Build Agent | |
uses: ./source/.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./source/src/scripts/ci_build.py --root-dir=${{ github.workspace }}/source --build-dir=${{ github.workspace }}/build --boringssl-dir=${{ github.workspace }}/boringssl --cc='${{ matrix.compiler }}' --make-tool='${{ matrix.make_tool }}' --test-results-dir=junit_results ${{ matrix.target }} | |
specials: | |
name: "Special" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: examples | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: minimized | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: bsi | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: docs | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: no_pcurves | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
runs-on: ${{ matrix.host_os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: ./source | |
- name: Read Repository Configuration | |
uses: ./source/.github/actions/read-repo-config | |
- name: Setup Build Agent | |
uses: ./source/.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./source/src/scripts/ci_build.py --root-dir=${{ github.workspace }}/source --build-dir=${{ github.workspace }}/build --boringssl-dir=${{ github.workspace }}/boringssl --cc='${{ matrix.compiler }}' --test-results-dir=junit_results ${{ matrix.target }} | |
x-compile: | |
name: "Cross" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: cross-i386 | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: cross-arm32 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-arm64 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-ppc64 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-mips64 | |
compiler: gcc | |
host_os: ubuntu-24.04 | |
- target: cross-android-arm64 | |
compiler: clang | |
host_os: ubuntu-24.04 | |
- target: static | |
compiler: gcc | |
host_os: windows-2022 | |
make_tool: make | |
- target: cross-ios-arm64 | |
compiler: xcode | |
host_os: macos-13 | |
runs-on: ${{ matrix.host_os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Read Repository Configuration | |
uses: ./.github/actions/read-repo-config | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-xcompile-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --make-tool='${{ matrix.make_tool }}' --test-results-dir=junit_results ${{ matrix.target }} |