Skip to content

Commit

Permalink
Move CI to GitHub Actions (open-quantum-safe#321)
Browse files Browse the repository at this point in the history
* create build and test workflow for openssl3

Signed-off-by: Alex Bozarth <[email protected]>

* add curl and httpd workflows

also update openssl3 workflow to only use the available 4 cores

Signed-off-by: Alex Bozarth <[email protected]>

* make building against latest liboqs optional

move the build against liboqs/oqsprovider matrix builds
to a triggerable option not run automatically

Signed-off-by: Alex Bozarth <[email protected]>

* Add nginx workflow and generic curl tests

Signed-off-by: Alex Bozarth <[email protected]>

* Add openssh workflow

Signed-off-by: Alex Bozarth <[email protected]>

* Create a callable workflow to trigger all builds

Signed-off-by: Alex Bozarth <[email protected]>

* add h2load workflow

Signed-off-by: Alex Bozarth <[email protected]>

* add haproxy workflow

Signed-off-by: Alex Bozarth <[email protected]>

* locust workflow

note this workflow does not include tests

Signed-off-by: Alex Bozarth <[email protected]>

* wireshark workflow

note this workflow does not include tests

Signed-off-by: Alex Bozarth <[email protected]>

* mosquitto

Signed-off-by: Alex Bozarth <[email protected]>

* ngtcp2

Signed-off-by: Alex Bozarth <[email protected]>

* openvpn

Signed-off-by: Alex Bozarth <[email protected]>

* add push to openssl3

Signed-off-by: Alex Bozarth <[email protected]>

* dont push on pr

Signed-off-by: Alex Bozarth <[email protected]>

* Update QUIC to work on PRs

Signed-off-by: Alex Bozarth <[email protected]>

* turn off old ci

Signed-off-by: Alex Bozarth <[email protected]>

* Update locust workflow with tests

Based on suggestions from @davidgca

Signed-off-by: Alex Bozarth <[email protected]>

* remove old CI

Signed-off-by: Alex Bozarth <[email protected]>

* Add push to rest of the workflows

Signed-off-by: Alex Bozarth <[email protected]>

* Switch from qemu to runners

Signed-off-by: Alex Bozarth <[email protected]>

* Update all workflows to use runner

Signed-off-by: Alex Bozarth <[email protected]>

* dont push when using liboqs and oqsprovider main

Signed-off-by: Alex Bozarth <[email protected]>

* Add docs

Signed-off-by: Alex Bozarth <[email protected]>

* Add weekly cron job with build_main true

Signed-off-by: Alex Bozarth <[email protected]>

* Update name for better badge readability

Signed-off-by: Alex Bozarth <[email protected]>

---------

Signed-off-by: Alex Bozarth <[email protected]>
  • Loading branch information
ajbozarth authored Dec 17, 2024
1 parent ed4b911 commit adbc13c
Show file tree
Hide file tree
Showing 20 changed files with 1,649 additions and 808 deletions.
680 changes: 0 additions & 680 deletions .circleci/config.yml

This file was deleted.

100 changes: 100 additions & 0 deletions .github/workflow-templates/template.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
# This is a template workflow for a new demo
# To get started replace all instances of <demo_name> with the name of your demo below and add the demo to the build.yml workflow
name: <demo_name>

on:
push:
branches: [ 'main' ]
paths: ['.github/workflows/<demo_name>.yml', '<demo_name>/**']
pull_request:
branches: [ 'main' ]
paths: ['.github/workflows/<demo_name>.yml', '<demo_name>/**']
workflow_call:
inputs:
build_main:
description: "Build using liboqs and oqsprovider main branches"
required: false
default: false
type: boolean
release_tag:
description: "Which docker tag to push to"
required: false
type: string
workflow_dispatch:
inputs:
build_main:
description: "Build using liboqs and oqsprovider main branches"
required: false
default: false
type: boolean
release_tag:
description: "Which docker tag to push to"
required: false
type: string

env:
build-args: |
LIBOQS_TAG=main
OQSPROVIDER_TAG=main
push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }}

jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- arch: x86_64
runner: ubuntu-latest
- arch: arm64
runner: oqs-arm64
runs-on: ${{ matrix.runner }}
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
if: env.push == 'true'
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build the Docker image
uses: docker/build-push-action@v6
with:
load: true
context: <demo_name>
build-args: |
MAKE_DEFINES=-j4
${{ (inputs.build_main == 'true') && env.build-args || null }}
tags: <demo_name>

- name: Test <demo_name>
run: |
echo "Add tests here"
- name: Push Docker image to registries
if: env.push == 'true'
uses: docker/build-push-action@v6
with:
push: true
context: <demo_name>
build-args: |
MAKE_DEFINES=-j4
${{ (inputs.build_main == 'true') && env.build-args || null }}
tags: |
ghcr.io/${{ github.repository_owner }}/<demo_name>:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }}
openquantumsafe/<demo_name>:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }}
push:
if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }}
needs: build
runs-on: ubuntu-latest
steps:
- uses: ./.github/workflows/manifest
with:
image_name: <demo_name>
release_tag: ${{ inputs.release_tag || 'latest' }}
100 changes: 100 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
name: OQS Demos

on:
workflow_call:
inputs:
build_main:
description: "Build using liboqs and oqsprovider main branches"
required: false
default: false
type: boolean
release_tag:
description: "Which docker tag to push to"
required: false
type: string
workflow_dispatch:
inputs:
build_main:
description: "Build using liboqs and oqsprovider main branches"
required: false
default: false
type: boolean
release_tag:
description: "Which docker tag to push to"
required: false
type: string
schedule: # run with "build_main: true" weekly on Mon at 1:01
- cron: '1 1 * * 1'

jobs:
curl:
uses: ./.github/workflows/curl.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

h2load:
uses: ./.github/workflows/h2load.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

haproxy:
uses: ./.github/workflows/haproxy.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

httpd:
uses: ./.github/workflows/httpd.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

locust:
uses: ./.github/workflows/locust.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

mosquitto:
uses: ./.github/workflows/mosquitto.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

nginx:
uses: ./.github/workflows/nginx.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

ngtcp2:
uses: ./.github/workflows/ngtcp2.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

openssh:
uses: ./.github/workflows/openssh.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

openssl3:
uses: ./.github/workflows/openssl3.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

openvpn:
uses: ./.github/workflows/openvpn.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}

wireshark:
uses: ./.github/workflows/wireshark.yml
with:
build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
release_tag: ${{ inputs.release_tag }}
157 changes: 157 additions & 0 deletions .github/workflows/curl.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
name: curl

on:
push:
branches: [ 'main' ]
paths: ['.github/workflows/curl.yml', 'curl/**']
pull_request:
branches: [ 'main' ]
paths: ['.github/workflows/curl.yml', 'curl/**']
workflow_call:
inputs:
build_main:
description: "Build using liboqs and oqsprovider main branches"
required: false
default: false
type: boolean
release_tag:
description: "Which docker tag to push to"
required: false
type: string
workflow_dispatch:
inputs:
build_main:
description: "Build using liboqs and oqsprovider main branches"
required: false
default: false
type: boolean
release_tag:
description: "Which docker tag to push to"
required: false
type: string

env:
build-args: |
LIBOQS_TAG=main
OQSPROVIDER_TAG=main
push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }}

jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- arch: x86_64
runner: ubuntu-latest
- arch: arm64
runner: oqs-arm64
runs-on: ${{ matrix.runner }}
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
if: env.push == 'true'
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build the Docker image
uses: docker/build-push-action@v6
with:
load: true
context: curl
build-args: |
MAKE_DEFINES=-j4
${{ (inputs.build_main == 'true') && env.build-args || null }}
tags: oqs-curl

- name: Build the Docker image (dev)
uses: docker/build-push-action@v6
with:
load: true
context: curl
build-args: |
MAKE_DEFINES=-j4
${{ (inputs.build_main == 'true') && env.build-args || null }}
target: dev
tags: oqs-curl-dev

- name: Build the Docker image (with generic liboqs)
uses: docker/build-push-action@v6
with:
load: true
context: curl
build-args: |
MAKE_DEFINES=-j4
LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic"
${{ (inputs.build_main == 'true') && env.build-args || null }}
tags: oqs-curl-generic

- name: Test curl and curl generic
run: |
docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl perftest.sh &&
docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl-generic perftest.sh
- name: Push Docker image to registries
if: env.push == 'true'
uses: docker/build-push-action@v6
with:
push: true
context: curl
build-args: |
MAKE_DEFINES=-j4
${{ (inputs.build_main == 'true') && env.build-args || null }}
tags: |
ghcr.io/${{ github.repository_owner }}/curl:optimized-${{ matrix.arch }}
openquantumsafe/curl:optimized-${{ matrix.arch }}
- name: Push Docker image to registries (dev)
if: env.push == 'true'
uses: docker/build-push-action@v6
with:
push: true
context: curl
build-args: |
MAKE_DEFINES=-j4
${{ (inputs.build_main == 'true') && env.build-args || null }}
target: dev
tags: |
ghcr.io/${{ github.repository_owner }}/curl-dev:latest-${{ matrix.arch }}
openquantumsafe/curl-dev:latest-${{ matrix.arch }}
- name: Push Docker image to registries (with generic liboqs)
if: env.push == 'true'
uses: docker/build-push-action@v6
with:
push: true
context: curl
build-args: |
MAKE_DEFINES=-j4
LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic"
${{ (inputs.build_main == 'true') && env.build-args || null }}
tags: |
ghcr.io/${{ github.repository_owner }}/curl:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }}
openquantumsafe/curl:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }}
push:
if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }}
needs: build
runs-on: ubuntu-latest
steps:
- uses: ./.github/workflows/manifest
with:
image_name: curl
release_tag: optimized
- uses: ./.github/workflows/manifest
with:
image_name: curl-dev
release_tag: latest
- uses: ./.github/workflows/manifest
with:
image_name: curl
release_tag: ${{ inputs.release_tag || 'latest' }}
Loading

0 comments on commit adbc13c

Please sign in to comment.