PQC: Implement draft RFC for ML-KEM with X25519 #118
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code Tests | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
jobs: | |
build: # cache both dist and tests (non-lightweight only), based on commit hash | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
- name: Check for cached folders | |
id: cache-full | |
uses: actions/cache@v4 | |
with: | |
path: | | |
dist | |
test/lib | |
key: cache-${{ github.sha }} | |
- name: Build dist and tests | |
if: steps.cache-full.outputs.cache-hit != 'true' | |
run: | | |
npm ci | |
npm run build-test | |
node: | |
strategy: | |
fail-fast: false # if tests for one version fail, continue with the rest | |
matrix: | |
node-version: [18.x, 20.x, 22.x] | |
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/ | |
name: Node ${{ matrix.node-version }} | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- run: npm ci --ignore-scripts # for mocha | |
- name: Retrieve cached folders | |
uses: actions/cache/restore@v4 | |
id: cache-full | |
with: | |
# test/lib is not needed, but the path must be specified fully for a cache-hit | |
path: | | |
dist | |
test/lib | |
key: cache-${{ github.sha }} | |
# ignore cache miss, since it was taken care of the `build` step and it should never occur here | |
- run: npm test | |
test-browsers-latest: | |
name: Browsers (latest) | |
needs: build | |
strategy: | |
fail-fast: false # if tests for one version fail, continue with the rest | |
matrix: | |
# run on all main platforms to test platform-specific code, if present | |
# (e.g. webkit's WebCrypto API implementation is different in macOS vs Linux) | |
# TODO: windows-latest fails to fetch resources from the wtr server; investigate if the problem is with path declaration or permissions | |
runner: ['ubuntu-latest', 'macos-latest'] | |
runs-on: ${{ matrix.runner }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
- name: Retrieve cached built folders | |
uses: actions/cache/restore@v4 | |
id: cache-full | |
with: | |
path: | | |
dist | |
test/lib | |
key: cache-${{ github.sha }} | |
- name: Install dependencies | |
# cannot use `--ignore-scripts` since playwright seems to use it to set ENV vars | |
run: | | |
npm pkg delete scripts.prepare | |
npm ci | |
- name: Get Playwright version and cache location | |
id: playwright-version | |
run: | | |
PLAYWRIGHT_VERSION=$(npm ls playwright --depth=0 | grep playwright | sed 's/.*@//') | |
echo "version=$PLAYWRIGHT_VERSION" >> $GITHUB_OUTPUT | |
PLAYWRIGHT_CACHE=${{ fromJSON('{"ubuntu-latest": "~/.cache/ms-playwright", "macos-latest": "~/Library/Caches/ms-playwright"}')[matrix.runner] }} | |
echo "playwright_cache=$PLAYWRIGHT_CACHE" >> $GITHUB_OUTPUT | |
- name: Check for cached browsers | |
id: cache-playwright-browsers | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.playwright-version.outputs.playwright_cache }} | |
key: playwright-browsers-${{ matrix.runner }}-${{ steps.playwright-version.outputs.version }} | |
- name: Install browsers | |
if: steps.cache-playwright-browsers.outputs.cache-hit != 'true' | |
run: | | |
npx playwright install --with-deps chromium | |
npx playwright install --with-deps firefox | |
- name: Install WebKit # caching not possible, external shared libraries required | |
run: npx playwright install --with-deps webkit | |
- name: Run browser tests | |
run: npm run test-browser:ci -- --static-logging | |
- name: Run browser tests (lightweight) # overwrite test/lib | |
run: | | |
npm run build-test --lightweight | |
npm run test-browser:ci -- --static-logging | |
test-browsers-compatibility: | |
name: Browsers (older, on Browserstack) | |
runs-on: ubuntu-latest | |
needs: test-browsers-latest | |
env: # credentials need hardcoding for now since Github secrets aren't accessible on pull requests from forks | |
BROWSERSTACK_USERNAME: openpgpjs_PlY4Uq885CQ | |
BROWSERSTACK_ACCESS_KEY: VjgBVRMxNVBj7SjJFiau | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
- name: Generate self-signed HTTPS certificates for web-test-runner server | |
uses: kofemann/[email protected] | |
with: | |
hostcert: '127.0.0.1.pem' | |
hostkey: '127.0.0.1-key.pem' | |
cachain: 'ca-chain.pem' | |
- name: Adjust HTTPS certificates permissions | |
run: sudo chown runner:docker *.pem | |
- name: Install dependencies | |
run: npm ci --ignore-scripts | |
- name: Retrieve cached dist folder | |
uses: actions/cache/restore@v4 | |
id: cache-full | |
with: | |
path: | | |
dist | |
test/lib | |
key: cache-${{ github.sha }} | |
- name: Wait for other Browserstack tests to finish | |
uses: softprops/turnstyle@v1 | |
with: | |
poll-interval-seconds: 30 | |
abort-after-seconds: 900 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run browserstack tests | |
run: npm run test-browserstack -- --static-logging | |
- name: Run browserstack tests (lightweight) # overwrite test/lib | |
run: | | |
npm run build-test --lightweight | |
npm run test-browserstack -- --static-logging | |
env: | |
LIGHTWEIGHT: true | |
types: | |
name: Type definitions | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
- run: npm ci --ignore-scripts # TS | |
- name: Retrieve cached folders | |
uses: actions/cache/restore@v4 | |
id: cache-full | |
with: | |
path: | | |
dist | |
test/lib | |
key: cache-${{ github.sha }} | |
- run: npm run test-type-definitions | |
lint: | |
name: ESLint | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
- run: npm ci --ignore-scripts # linter | |
- name: Retrieve cached folders | |
uses: actions/cache/restore@v4 | |
id: cache-full | |
with: | |
path: | | |
dist | |
test/lib | |
key: cache-${{ github.sha }} | |
- run: npm run lint |