From adbc13cdda467f6f6829d96f16f44573bca33122 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Tue, 17 Dec 2024 01:17:36 -0600 Subject: [PATCH] Move CI to GitHub Actions (#321) * create build and test workflow for openssl3 Signed-off-by: Alex Bozarth * add curl and httpd workflows also update openssl3 workflow to only use the available 4 cores Signed-off-by: Alex Bozarth * make building against latest liboqs optional move the build against liboqs/oqsprovider matrix builds to a triggerable option not run automatically Signed-off-by: Alex Bozarth * Add nginx workflow and generic curl tests Signed-off-by: Alex Bozarth * Add openssh workflow Signed-off-by: Alex Bozarth * Create a callable workflow to trigger all builds Signed-off-by: Alex Bozarth * add h2load workflow Signed-off-by: Alex Bozarth * add haproxy workflow Signed-off-by: Alex Bozarth * locust workflow note this workflow does not include tests Signed-off-by: Alex Bozarth * wireshark workflow note this workflow does not include tests Signed-off-by: Alex Bozarth * mosquitto Signed-off-by: Alex Bozarth * ngtcp2 Signed-off-by: Alex Bozarth * openvpn Signed-off-by: Alex Bozarth * add push to openssl3 Signed-off-by: Alex Bozarth * dont push on pr Signed-off-by: Alex Bozarth * Update QUIC to work on PRs Signed-off-by: Alex Bozarth * turn off old ci Signed-off-by: Alex Bozarth * Update locust workflow with tests Based on suggestions from @davidgca Signed-off-by: Alex Bozarth * remove old CI Signed-off-by: Alex Bozarth * Add push to rest of the workflows Signed-off-by: Alex Bozarth * Switch from qemu to runners Signed-off-by: Alex Bozarth * Update all workflows to use runner Signed-off-by: Alex Bozarth * dont push when using liboqs and oqsprovider main Signed-off-by: Alex Bozarth * Add docs Signed-off-by: Alex Bozarth * Add weekly cron job with build_main true Signed-off-by: Alex Bozarth * Update name for better badge readability Signed-off-by: Alex Bozarth --------- Signed-off-by: Alex Bozarth --- .circleci/config.yml | 680 ------------------------ .github/workflow-templates/template.yml | 100 ++++ .github/workflows/build.yml | 100 ++++ .github/workflows/curl.yml | 157 ++++++ .github/workflows/h2load.yml | 108 ++++ .github/workflows/haproxy.yml | 111 ++++ .github/workflows/httpd.yml | 111 ++++ .github/workflows/linux.yml | 113 ---- .github/workflows/locust.yml | 135 +++++ .github/workflows/mosquitto.yml | 102 ++++ .github/workflows/nginx.yml | 112 ++++ .github/workflows/ngtcp2.yml | 132 +++++ .github/workflows/openssh.yml | 98 ++++ .github/workflows/openssl3.yml | 99 ++++ .github/workflows/openvpn.yml | 99 ++++ .github/workflows/push-manifest.yml | 41 ++ .github/workflows/quic.yml | 9 + .github/workflows/wireshark.yml | 92 ++++ CONTRIBUTING.md | 25 + README.md | 33 +- 20 files changed, 1649 insertions(+), 808 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/workflow-templates/template.yml create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/curl.yml create mode 100644 .github/workflows/h2load.yml create mode 100644 .github/workflows/haproxy.yml create mode 100644 .github/workflows/httpd.yml delete mode 100644 .github/workflows/linux.yml create mode 100644 .github/workflows/locust.yml create mode 100644 .github/workflows/mosquitto.yml create mode 100644 .github/workflows/nginx.yml create mode 100644 .github/workflows/ngtcp2.yml create mode 100644 .github/workflows/openssh.yml create mode 100644 .github/workflows/openssl3.yml create mode 100644 .github/workflows/openvpn.yml create mode 100644 .github/workflows/push-manifest.yml create mode 100644 .github/workflows/wireshark.yml create mode 100644 CONTRIBUTING.md diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 550cb1ed..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,680 +0,0 @@ -version: 2.1 - -parameters: - new_openssl_commit: - type: boolean - default: false - -# CircleCI doesn't handle large file sets properly for local builds -# https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051 -localCheckout: - &localCheckout - run: |- - git config --global --add safe.directory /tmp/_circleci_local_build_repo - PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd) - mkdir -p ${PROJECT_PATH} - cd /tmp/_circleci_local_build_repo - git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH} - cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH} - -jobs: - ubuntu_x64_provider: - description: Building and pushing oqsprovider demo Docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build Provider - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-ossl3-img . && - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main -t oqs-ossl3-img-main . - working_directory: openssl3 - - run: - name: Spot-test Provider -- One baseline and one hybrid QSC alg - command: | - docker run --rm --name oqs-ossl3 oqs-ossl3-img sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && - docker run --rm --name oqs-ossl3 oqs-ossl3-img sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" - - run: - name: Spot-test Provider -- One baseline and one hybrid QSC alg (main/master) - command: | - docker run --rm --name oqs-ossl3-main oqs-ossl3-img-main sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && - docker run --rm --name oqs-ossl3-main oqs-ossl3-img-main sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push oqsprovider image - command: | - docker tag oqs-ossl3-img $TARGETNAME/oqs-ossl3:latest && - docker push $TARGETNAME/oqs-ossl3:latest - # The resource_class feature allows configuring CPU and RAM resources for each job. Different resource classes are available for different executors. https://circleci.com/docs/2.0/configuration-reference/#resourceclass - resource_class: large - - ubuntu_x64_nginx: - description: Building and pushing OQS-nginx and OQS-curl generic demo Docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build OQS nginx - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-nginx-img . && - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main -t oqs-nginx-img-main . - working_directory: nginx - - run: - name: Build curl with generic liboqs - command: | - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" -t oqs-curl-generic . && - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main -t oqs-curl-generic-main . - working_directory: curl - - run: - name: Test Curl with generic liboqs - command: | - docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 -it oqs-curl-generic perftest.sh - - run: - name: Test Curl with generic liboqs (main/master) - command: | - docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 -it oqs-curl-generic-main perftest.sh - - run: - name: Test nginx and curl generic - command: | - docker network create nginx-test && - docker run --network nginx-test --detach --rm --name oqs-nginx oqs-nginx-img && - sleep 2 && - docker run --network nginx-test oqs-curl-generic curl -k https://oqs-nginx:4433 - - run: - name: Test nginx and curl generic (main/master) - command: | - docker network create nginx-test-main && - docker run --network nginx-test-main --detach --rm --name oqs-nginx-main oqs-nginx-img-main && - sleep 2 && - docker run --network nginx-test-main oqs-curl-generic-main curl -k https://oqs-nginx-main:4433 - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push nginx and curl generic image - command: | - docker tag oqs-curl-generic $TARGETNAME/curl:latest && - docker push $TARGETNAME/curl:latest && - docker tag oqs-nginx-img $TARGETNAME/nginx:latest && - docker push $TARGETNAME/nginx:latest - -# Not actively maintained: - ubuntu_x64_openlitespeed: - description: Building and pushing OQS-openlitespeed demo Docker images - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build openlitespeed with liboqs - command: | - docker build -f Dockerfile-server -t oqs-openlitespeed . - working_directory: openlitespeed - - run: - name: Test oqs-openlitespeed using public oqs-msquic - command: | - docker network create oqsls-test && - docker run --network oqsls-test --detach --rm --name lsws oqs-openlitespeed bash -c "/root/serverstart.sh && /usr/local/lsws/bin/lswsctrl start && sleep 100" && - sleep 20 && - docker run --rm --network oqsls-test -it openquantumsafe/msquic-reach bash -c "wget http://lsws/CA.crt && SSL_CERT_FILE=CA.crt TLS_DEFAULT_GROUPS=p521_kyber1024 quicreach lsws --port 443 --stats" - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push openlitespeed image - command: | - docker tag oqs-openlitespeed $TARGETNAME/openlitespeed:latest && - docker push $TARGETNAME/openlitespeed:latest - -# Not actively maintained: - ubuntu_x64_quic: - description: Building and pushing OQS-QUIC-nginx and OQS-msquic demo Docker images - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build OQS QUIC nginx - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -f Dockerfile-server -t oqs-quic-nginx-img . - working_directory: quic - - run: - name: Build msquic with liboqs - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -f Dockerfile-client -t oqs-msquic . - working_directory: quic - - run: - name: Test oqs-msquic against baseline QUIC test server - command: | - docker run -it oqs-msquic bash -c "quicreach quic.nginx.org" - - run: - name: Test oqs-nginx-quic and oqs-msquic - command: | - docker network create quic-test && - docker run --network quic-test --detach --rm --name nginx oqs-quic-nginx-img && - sleep 100 && - docker run --network quic-test -it oqs-msquic bash -c "cd /root && wget nginx:5999/CA.crt && TLS_DEFAULT_GROUPS=frodo640aes SSL_CERT_FILE=/root/CA.crt quicreach nginx --port 6001" - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push nginx-quic and msquic images - command: | - docker tag oqs-msquic $TARGETNAME/msquic-reach:latest && - docker push $TARGETNAME/msquic-reach:latest && - docker tag oqs-quic-nginx-img $TARGETNAME/nginx-quic:latest && - docker push $TARGETNAME/nginx-quic:latest - - ubuntu_x64_httpd: - description: Building and pushing OQS-httpd and OQS-curl dev demo Docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build Apache httpd - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-httpd-img . && - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main -t oqs-httpd-img-main . - working_directory: httpd - - run: - name: Build Curl (dev) - command: | - # The CircleCI executor offers 35 cores, but using - # all of them might exhaust memory - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-curl . && - docker build --build-arg MAKE_DEFINES="-j 18" --target dev -t oqs-curl-dev . && - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main -t oqs-curl-main . - working_directory: curl - - run: - name: Test Curl (dev) - command: | - docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 -it oqs-curl perftest.sh - - run: - name: Test Curl (dev) (main/master) - command: | - docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 -it oqs-curl-main perftest.sh - - run: - name: Test httpd using curl (dev) - command: | - docker network create httpd-test && - docker run --network httpd-test --detach --rm --name oqs-httpd oqs-httpd-img && - sleep 2 && - docker run --network httpd-test oqs-curl curl -k https://oqs-httpd:4433 --curves kyber768 - - run: - name: Test httpd using curl (dev) (main/master) - command: | - docker network create httpd-test-main && - docker run --network httpd-test-main --detach --rm --name oqs-httpd2 oqs-httpd-img-main && - sleep 2 && - docker run --network httpd-test-main oqs-curl-main curl -k https://oqs-httpd2:4433 --curves kyber768 - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push httpd and curl dev images - command: | - docker tag oqs-curl $TARGETNAME/curl:optimized && - docker push $TARGETNAME/curl:optimized && - docker tag oqs-curl-dev $TARGETNAME/curl-dev && - docker push $TARGETNAME/curl-dev && - docker tag oqs-httpd-img $TARGETNAME/httpd:latest && - docker push $TARGETNAME/httpd:latest - -# Not actively maintained: - ubuntu_x64_haproxy: - description: Building OQS-based HAproxy docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build HAproxy - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-haproxy-img . - working_directory: haproxy - - run: - name: Test HAproxy using public OQS curl - command: | - docker network create haproxy-test && - docker run --network haproxy-test --detach --rm --name oqs-haproxy oqs-haproxy-img && - sleep 4 && - docker run --network haproxy-test openquantumsafe/curl curl -k https://oqs-haproxy:4433 - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push OQS HAproxy image - command: | - docker tag oqs-haproxy-img $TARGETNAME/haproxy:latest && - docker push $TARGETNAME/haproxy:latest - - ubuntu_x64_openvpn: - description: Building OQS-based OpenVPN docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker: - version: 20.10.2 - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build OpenVPN (main/master) - command: | - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main --build-arg OPENVPN_TAG=master -t oqs-openvpn . - working_directory: openvpn - - run: - name: Test OpenVPN using local docker network (main/master) - command: | - ./test.sh dilithium5 p521_kyber1024 - working_directory: openvpn - - run: - name: Build OpenVPN - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-openvpn . - working_directory: openvpn - - run: - name: Test OpenVPN using local docker network - command: | - ./test.sh dilithium5 p521_kyber1024 - working_directory: openvpn - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push OQS OpenVPN image - command: | - docker tag oqs-openvpn $TARGETNAME/openvpn:latest && - docker push $TARGETNAME/openvpn:latest - -# Not actively maintained: - ubuntu_x64_mosquitto: - description: Building OQS-based Mosquitto docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build Mosquitto - command: | - docker build -t oqs-mosquitto . - working_directory: mosquitto - - run: - name: Test Mosquitto using local docker network - command: | - docker network create --subnet=192.168.0.0/16 mosquitto-test && - docker run --network mosquitto-test --ip 192.168.0.2 -it --rm --name oqs-mosquitto-broker -e "BROKER_IP=192.168.0.2" -e "EXAMPLE=broker-start.sh" -d oqs-mosquitto && - docker run --network mosquitto-test --ip 192.168.0.3 -it --rm --name oqs-mosquitto-subscriber -e "BROKER_IP=192.168.0.2" -e "SUB_IP=192.168.0.3" -e "EXAMPLE=subscriber-start.sh" -d oqs-mosquitto && - docker run --network mosquitto-test --ip 192.168.0.4 -it --rm --name oqs-mosquitto-publisher -e "BROKER_IP=192.168.0.2" -e "PUB_IP=192.168.0.4" -e "EXAMPLE=publisher-start.sh" -d oqs-mosquitto && - sleep 2 && - docker logs oqs-mosquitto-publisher | grep "Client_pub sending PUBLISH" && - docker logs oqs-mosquitto-subscriber | grep "Hello world" - working_directory: mosquitto - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push OQS Mosquitto image - command: | - docker tag oqs-mosquitto $TARGETNAME/mosquitto:latest && - docker push $TARGETNAME/mosquitto:latest - -# Not actively maintained: - ubuntu_x64_wireshark: - description: Building OQS-based wireshark docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build wireshark image - command: | - docker build -t $TARGETNAME/wireshark . - working_directory: wireshark - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push wireshark image - command: | - docker push $TARGETNAME/wireshark - - ubuntu_x64_ngtcp2: - description: Building OQS-based ngtcp2 docker image - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build ngtcp2 server and client - command: | - docker build -t oqs-ngtcp2-server -f Dockerfile-server . && - docker build -t oqs-ngtcp2-client -f Dockerfile-client . - working_directory: ngtcp2 - - run: - name: Build ngtcp2 server and client (main/master) - command: | - docker build --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main --build-arg NGHTTP3_TAG=main --build-arg NGTCP2_TAG=main -t oqs-ngtcp2-server-main -f Dockerfile-server . && - docker build --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main --build-arg NGHTTP3_TAG=main --build-arg NGTCP2_TAG=main -t oqs-ngtcp2-client-main -f Dockerfile-client . - working_directory: ngtcp2 - - run: - name: Test ngtcp2 using local docker network - command: | - docker network create ngtcp2-test - docker run --network ngtcp2-test --name oqs-ngtcp2server oqs-ngtcp2-server & - docker run --network ngtcp2-test -it --name oqs-ngtcp2client oqs-ngtcp2-client sh -c 'qtlsclient --exit-on-first-stream-close --groups kyber512 oqs-ngtcp2server 6000' - docker logs oqs-ngtcp2client | grep "QUIC handshake has been confirmed" - docker rm oqs-ngtcp2client - docker stop oqs-ngtcp2server - docker rm oqs-ngtcp2server - docker network rm ngtcp2-test - working_directory: ngtcp2 - - run: - name: Test ngtcp2 using local docker network (main/master) - command: | - docker network create ngtcp2-test-main - docker run --network ngtcp2-test-main --name oqs-ngtcp2server-main oqs-ngtcp2-server-main & - docker run --network ngtcp2-test-main -it --name oqs-ngtcp2client-main oqs-ngtcp2-client-main sh -c 'qtlsclient --exit-on-first-stream-close --groups kyber512 oqs-ngtcp2server-main 6000' - docker logs oqs-ngtcp2client | grep "QUIC handshake has been confirmed" - docker rm oqs-ngtcp2client-main - docker stop oqs-ngtcp2server-main - docker rm oqs-ngtcp2server-main - docker network rm ngtcp2-test-main - working_directory: ngtcp2 - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push OQS ngtcp2 image - command: | - docker tag oqs-ngtcp2-server $TARGETNAME/ngtcp2-server:latest && - docker tag oqs-ngtcp2-client $TARGETNAME/ngtcp2-client:latest && - docker push $TARGETNAME/ngtcp2-server:latest && - docker push $TARGETNAME/ngtcp2-client:latest - - ubuntu_x64_openssh: - description: A template for building and pushing OQS demo Docker images on - Ubuntu that do not use OQS-OpenSSL, but rather liboqs in another form - (e.g. OQS-OpenSSH) - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Test OpenSSH - command: | - docker build --build-arg MAKE_DEFINES="-j 18" -t oqs-openssh-img . && - docker run --rm --name oqs-openssh oqs-openssh-img connect-test.sh - working_directory: openssh - - run: - name: Test OpenSSH (main/master) - command: | - docker build --build-arg LIBOQS_RELEASE=main --build-arg MAKE_DEFINES="-j 18" -t oqs-openssh-img-main . && - docker run --rm --name oqs-openssh-main oqs-openssh-img-main connect-test.sh - working_directory: openssh - - when: - condition: - equal: [ main, << pipeline.git.branch >> ] - steps: - - run: - name: Push openssh image - command: | - docker tag oqs-openssh-img $TARGETNAME/openssh:latest && - docker push $TARGETNAME/openssh:latest - -# Not actively maintained: - ubuntu_x64_envoy: - description: Building and pushing OQS-enabled envoy - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Install curl and Docker Compose - environment: - COMPOSE_VERSION: '1.29.2' - command: | - apt-get update && apt-get install curl - curl -L "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o ~/docker-compose - chmod +x ~/docker-compose - mv ~/docker-compose /usr/local/bin/docker-compose - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build OQS envoy - no_output_timeout: "1h" - command: | - docker build -t envoy-oqs . - working_directory: envoy - - run: - name: Test OQS envoy TLS servers using built OQS envoy - command: | - docker create -v /data --name certsvolume openquantumsafe/ci-ubuntu-focal-x86_64:latest && - docker cp $(pwd)/certs/gen_cert.sh certsvolume:/data && - docker run -it --user root --volumes-from certsvolume -w /data --name keygen openquantumsafe/curl sh -c "/data/gen_cert.sh" && - docker cp keygen:/data/. $(pwd)/certs && - docker-compose pull && - docker-compose up --build -d && - docker-compose ps && - sleep 10 && - docker run --network host -it openquantumsafe/curl curl -v -k https://localhost:10000 -e SIG_ALG=dilithium3 - working_directory: envoy/tls - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push envoy image - command: | - docker tag envoy-oqs $TARGETNAME/envoy:latest && - docker push $TARGETNAME/envoy:latest - - ubuntu_x64_h2load: - description: Building and pushing OQS-h2load demo Docker images - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN - --password-stdin - - run: - name: Build h2load with liboqs - command: | - docker build -t oqs-h2load . - working_directory: h2load - - run: - name: Build h2load with liboqs (main/master) - command: | - docker build --build-arg OPENSSL_TAG=master --build-arg LIBOQS_TAG=main --build-arg OQSPROVIDER_TAG=main --build-arg NGHTTP2_TAG=master -t oqs-h2load-main . - working_directory: h2load - - run: - name: Test oqs-h2load using public oqs-nginx - command: | - docker network create h2load-test && - docker run --network h2load-test --detach --rm --name oqs-nginx openquantumsafe/nginx && - docker run --network h2load-test oqs-h2load sh -c "h2load -n 100 -c 10 https://oqs-nginx:4433 --groups kyber512" - - run: - name: Test oqs-h2load using public oqs-nginx (main/master) - command: | - docker network create h2load-test-main && - docker run --network h2load-test-main --detach --rm --name oqs-nginx-main openquantumsafe/nginx && - docker run --network h2load-test-main oqs-h2load-main sh -c "h2load -n 100 -c 10 https://oqs-nginx-main:4433 --groups kyber512" - - when: - condition: - or: - - equal: [ main, << pipeline.git.branch >> ] - - equal: [ true, << pipeline.parameters.new_openssl_commit >> ] - steps: - - run: - name: Push h2load image - command: | - docker tag oqs-h2load $TARGETNAME/h2load:latest && - docker push $TARGETNAME/h2load:latest - -workflows: - version: 2.1 - build: - jobs: - - ubuntu_x64_provider: - context: openquantumsafe - - ubuntu_x64_nginx: - context: openquantumsafe - #- ubuntu_x64_quic: - # context: openquantumsafe - - ubuntu_x64_httpd: - context: openquantumsafe - #- ubuntu_x64_haproxy: - # context: openquantumsafe - # - ubuntu_x64_openvpn: - # context: openquantumsafe - #- ubuntu_x64_mosquitto: - # context: openquantumsafe - # - ubuntu_x64_ngtcp2: - # context: openquantumsafe - - ubuntu_x64_openssh: - context: openquantumsafe - # Disabled in CI as failing to conclude test properly as per - # https://github.com/open-quantum-safe/oqs-demos/pull/167#issuecomment-1383673300 - # - ubuntu_x64_openlitespeed: - # context: openquantumsafe - #- ubuntu_x64_wireshark: - # context: openquantumsafe - # Disable as it takes too long on OQS CCI plan - #- ubuntu_x64_envoy: - # context: openquantumsafe - # - ubuntu_x64_h2load: - # context: openquantumsafe diff --git a/.github/workflow-templates/template.yml b/.github/workflow-templates/template.yml new file mode 100644 index 00000000..2f9442ce --- /dev/null +++ b/.github/workflow-templates/template.yml @@ -0,0 +1,100 @@ +# This is a template workflow for a new demo +# To get started replace all instances of with the name of your demo below and add the demo to the build.yml workflow +name: + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/.yml', '/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/.yml', '/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: + + - name: Test + run: | + echo "Add tests here" + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..b914ff27 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,100 @@ +name: OQS Demos + +on: + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + schedule: # run with "build_main: true" weekly on Mon at 1:01 + - cron: '1 1 * * 1' + +jobs: + curl: + uses: ./.github/workflows/curl.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + h2load: + uses: ./.github/workflows/h2load.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + haproxy: + uses: ./.github/workflows/haproxy.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + httpd: + uses: ./.github/workflows/httpd.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + locust: + uses: ./.github/workflows/locust.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + mosquitto: + uses: ./.github/workflows/mosquitto.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + nginx: + uses: ./.github/workflows/nginx.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + ngtcp2: + uses: ./.github/workflows/ngtcp2.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + openssh: + uses: ./.github/workflows/openssh.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + openssl3: + uses: ./.github/workflows/openssl3.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + openvpn: + uses: ./.github/workflows/openvpn.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} + + wireshark: + uses: ./.github/workflows/wireshark.yml + with: + build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} + release_tag: ${{ inputs.release_tag }} diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml new file mode 100644 index 00000000..672ca264 --- /dev/null +++ b/.github/workflows/curl.yml @@ -0,0 +1,157 @@ +name: curl + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/curl.yml', 'curl/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/curl.yml', 'curl/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: curl + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-curl + + - name: Build the Docker image (dev) + uses: docker/build-push-action@v6 + with: + load: true + context: curl + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + target: dev + tags: oqs-curl-dev + + - name: Build the Docker image (with generic liboqs) + uses: docker/build-push-action@v6 + with: + load: true + context: curl + build-args: | + MAKE_DEFINES=-j4 + LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-curl-generic + + - name: Test curl and curl generic + run: | + docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl perftest.sh && + docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl-generic perftest.sh + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: curl + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/curl:optimized-${{ matrix.arch }} + openquantumsafe/curl:optimized-${{ matrix.arch }} + + - name: Push Docker image to registries (dev) + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: curl + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + target: dev + tags: | + ghcr.io/${{ github.repository_owner }}/curl-dev:latest-${{ matrix.arch }} + openquantumsafe/curl-dev:latest-${{ matrix.arch }} + + - name: Push Docker image to registries (with generic liboqs) + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: curl + build-args: | + MAKE_DEFINES=-j4 + LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/curl:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/curl:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: curl + release_tag: optimized + - uses: ./.github/workflows/manifest + with: + image_name: curl-dev + release_tag: latest + - uses: ./.github/workflows/manifest + with: + image_name: curl + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/h2load.yml b/.github/workflows/h2load.yml new file mode 100644 index 00000000..ca697dab --- /dev/null +++ b/.github/workflows/h2load.yml @@ -0,0 +1,108 @@ +name: h2load + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/h2load.yml', 'h2load/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/h2load.yml', 'h2load/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: h2load + build-args: | + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-h2load + + - name: Build the nginx Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: nginx + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-nginx + + - name: Test h2load using nginx + run: | + docker network create h2load-test && + docker run --network h2load-test --detach --rm --name oqs-nginx oqs-nginx && + docker run --network h2load-test oqs-h2load sh -c "h2load -n 100 -c 10 https://oqs-nginx:4433 --groups kyber512" + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: h2load + build-args: | + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/h2load:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/h2load:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: h2load + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml new file mode 100644 index 00000000..8d1bfd07 --- /dev/null +++ b/.github/workflows/haproxy.yml @@ -0,0 +1,111 @@ +name: haproxy + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/haproxy.yml', 'haproxy/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/haproxy.yml', 'haproxy/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: haproxy + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-haproxy + + - name: Build the curl Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: curl + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-curl + + - name: Test haproxy using curl + run: | + docker network create haproxy-test && + docker run --network haproxy-test --detach --rm --name oqs-haproxy oqs-haproxy && + sleep 4 && + docker run --network haproxy-test oqs-curl curl -k https://oqs-haproxy:4433 + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: haproxy + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/haproxy:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/haproxy:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: haproxy + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml new file mode 100644 index 00000000..fb1c3997 --- /dev/null +++ b/.github/workflows/httpd.yml @@ -0,0 +1,111 @@ +name: httpd + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/httpd.yml', 'httpd/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/httpd.yml', 'httpd/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the httpd Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: httpd + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-httpd + + - name: Build the curl Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: curl + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-curl + + - name: Test httpd using curl + run: | + docker network create httpd-test && + docker run --network httpd-test --detach --rm --name oqs-httpd oqs-httpd && + sleep 2 && + docker run --network httpd-test oqs-curl curl -k https://oqs-httpd:4433 --curves kyber768 + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: httpd + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/httpd:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/httpd:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: httpd + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml deleted file mode 100644 index cf96496c..00000000 --- a/.github/workflows/linux.yml +++ /dev/null @@ -1,113 +0,0 @@ -name: Docker images - -on: - push: - branches: [ '*' ] - pull_request: - branches: [ "main" ] - repository_dispatch: - types: [ '*' ] - -env: - REGISTRY_IMAGE: openquantumsafe/openssl3 - -jobs: - build: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - platform: - - linux/amd64 -# - linux/arm/v6 -# - linux/arm/v7 - - linux/arm64 - steps: - - - name: Checkout - uses: actions/checkout@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY_IMAGE }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push OpenSSL3+oqs-provider by digest - id: build - uses: docker/build-push-action@v4 - with: - context: openssl3 - platforms: ${{ matrix.platform }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Export digest - run: | - mkdir -p /tmp/digests - digest="${{ steps.build.outputs.digest }}" - touch "/tmp/digests/${digest#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v3 - with: - name: digests - path: /tmp/digests/* - if-no-files-found: error - retention-days: 1 - - merge: - runs-on: ubuntu-latest - needs: - - build - if: github.ref == 'refs/heads/main' - steps: - - - name: Download digests - uses: actions/download-artifact@v3 - with: - name: digests - path: /tmp/digests - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY_IMAGE }} - tags: | - type=sha,enable=true,prefix=commit- - type=raw,value=latest,enable=true - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Create manifest list and push - working-directory: /tmp/digests - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) - - - name: Inspect image - run: | - docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} - diff --git a/.github/workflows/locust.yml b/.github/workflows/locust.yml new file mode 100644 index 00000000..cdacba46 --- /dev/null +++ b/.github/workflows/locust.yml @@ -0,0 +1,135 @@ +name: locust + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/locust.yml', 'locust/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/locust.yml', 'locust/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: locust + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + oqs-locust + oqs-locust:0.0.1 + + # Launch the Locust environment with a single worker for this test case. + - name: Launch Locust in Docker Compose + working-directory: ./locust + run: | + LOGGER_LEVEL=DEBUG HOST=https://localhost:4433 GROUP=kyber768 docker compose up -d --scale worker=1 + - run: sleep 10 + + # Start the OpenSSL quantum-safe server inside the Locust worker container. + - name: Start OpenSSL server + working-directory: ./locust + run: | + docker exec -d locust-worker-1 openssl s_server \ + -cert bin/CA.crt \ + -key bin/CA.key \ + -www \ + -tls1_3 \ + -groups kyber768 + - run: sleep 10 + + # Trigger the Locust load test by sending a POST request to the Locust master API. + - name: Run Locust load test + working-directory: ./locust + run: | + curl -X POST -H 'content-type: application/x-www-form-urlencoded' \ + --data-raw 'user_count=1&spawn_rate=1&host=https%3A%2F%2Flocalhost%3A4433&run_time=30s' \ + http://localhost:8189/swarm + + # Allow the test to complete by waiting longer than the specified run-time. + - name: Wait for test to finish + run: sleep 70 + + # Fetch the Locust test results in CSV format using the /stats/requests API. + - name: Download and Check JSON report + working-directory: ./locust + run: | + curl 'http://localhost:8189/stats/requests/csv' -o results.out && + cat results.out && + grep kyber768 results.out + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: locust + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/locust:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/locust:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: locust + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml new file mode 100644 index 00000000..30b1d0a8 --- /dev/null +++ b/.github/workflows/mosquitto.yml @@ -0,0 +1,102 @@ +name: mosquitto + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/mosquitto.yml', 'mosquitto/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/mosquitto.yml', 'mosquitto/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: mosquitto + build-args: | + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-mosquitto + + - name: Test mosquitto using local docker network + run: | + docker network create --subnet=192.168.0.0/16 mosquitto-test && + docker run --network mosquitto-test --ip 192.168.0.2 -it --rm --name oqs-mosquitto-broker -e "BROKER_IP=192.168.0.2" -e "EXAMPLE=broker-start.sh" -d oqs-mosquitto && + docker run --network mosquitto-test --ip 192.168.0.3 -it --rm --name oqs-mosquitto-subscriber -e "BROKER_IP=192.168.0.2" -e "SUB_IP=192.168.0.3" -e "EXAMPLE=subscriber-start.sh" -d oqs-mosquitto && + docker run --network mosquitto-test --ip 192.168.0.4 -it --rm --name oqs-mosquitto-publisher -e "BROKER_IP=192.168.0.2" -e "PUB_IP=192.168.0.4" -e "EXAMPLE=publisher-start.sh" -d oqs-mosquitto && + sleep 2 && + docker logs oqs-mosquitto-publisher | grep "Client_pub sending PUBLISH" && + docker logs oqs-mosquitto-subscriber | grep "Hello world" + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: mosquitto + build-args: | + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/mosquitto:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/mosquitto:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: mosquitto + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml new file mode 100644 index 00000000..407a99c5 --- /dev/null +++ b/.github/workflows/nginx.yml @@ -0,0 +1,112 @@ +name: nginx + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/nginx.yml', 'nginx/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/nginx.yml', 'nginx/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: nginx + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-nginx + + - name: Build the curl Docker image (with generic liboqs) + uses: docker/build-push-action@v6 + with: + load: true + context: curl + build-args: | + MAKE_DEFINES=-j4 + LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic" + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-curl-generic + + - name: Test nginx with curl generic + run: | + docker network create nginx-test && + docker run --network nginx-test --detach --rm --name oqs-nginx oqs-nginx && + sleep 2 && + docker run --network nginx-test oqs-curl-generic curl -k https://oqs-nginx:4433 + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: nginx + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/nginx:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/nginx:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: nginx + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/ngtcp2.yml b/.github/workflows/ngtcp2.yml new file mode 100644 index 00000000..c0d72921 --- /dev/null +++ b/.github/workflows/ngtcp2.yml @@ -0,0 +1,132 @@ +name: ngtcp2 + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/ngtcp2.yml', 'ngtcp2/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/ngtcp2.yml', 'ngtcp2/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the server Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: ngtcp2 + file: ngtcp2/Dockerfile-server + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-ngtcp2-server + + - name: Build the client Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: ngtcp2 + file: ngtcp2/Dockerfile-client + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-ngtcp2-client + + - name: Test ngtcp2 using local docker network + run: | + docker network create ngtcp2-test && + docker run --network ngtcp2-test --detach --name oqs-ngtcp2server oqs-ngtcp2-server && + docker run --network ngtcp2-test --name oqs-ngtcp2client oqs-ngtcp2-client sh -c 'qtlsclient --exit-on-first-stream-close --groups kyber512 oqs-ngtcp2server 6000' && + docker logs oqs-ngtcp2client 2>&1 | grep "QUIC handshake has been confirmed" + + - name: Push server Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: ngtcp2 + file: ngtcp2/Dockerfile-server + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/ngtcp2-server:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/ngtcp2-server:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + - name: Push client Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: ngtcp2 + file: ngtcp2/Dockerfile-client + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/ngtcp2-client:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/ngtcp2-client:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: ngtcp2-server + release_tag: ${{ inputs.release_tag || 'latest' }} + - uses: ./.github/workflows/manifest + with: + image_name: ngtcp2-client + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml new file mode 100644 index 00000000..cfb23ad9 --- /dev/null +++ b/.github/workflows/openssh.yml @@ -0,0 +1,98 @@ +name: openssh + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/openssh.yml', 'openssh/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/openssh.yml', 'openssh/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: openssh + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-openssh + + - name: Test openssh + run: | + docker run --rm --name oqs-openssh oqs-openssh connect-test.sh + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: openssh + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/openssh:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/openssh:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: openssh + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml new file mode 100644 index 00000000..d920629b --- /dev/null +++ b/.github/workflows/openssl3.yml @@ -0,0 +1,99 @@ +name: openssl3 + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/openssl3.yml', 'openssl3/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/openssl3.yml', 'openssl3/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: openssl3 + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-ossl3 + + - name: Test openssl3 with provider - one baseline and one hybrid QSC algorithm + run: | + docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "openssl list -providers; /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups kyber768 --CAfile /opt/openssl32/bin/CA.crt" && + docker run --rm --name oqs-ossl3 oqs-ossl3 sh -c "KEM_ALG=p521_frodo1344aes /opt/openssl32/bin/serverstart.sh; sleep 2; echo 'GET /' | openssl s_client -connect localhost --groups p521_frodo1344aes --CAfile /opt/openssl32/bin/CA.crt" + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: openssl3 + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/openssl3:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/openssl3:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: openssl3 + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml new file mode 100644 index 00000000..1ae765c9 --- /dev/null +++ b/.github/workflows/openvpn.yml @@ -0,0 +1,99 @@ +name: openvpn + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/openvpn.yml', 'openvpn/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/openvpn.yml', 'openvpn/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: openvpn + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-openvpn + + - name: Test openvpn + working-directory: ./openvpn + run: | + sh ./test.sh dilithium5 p521_kyber1024 + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: openvpn + build-args: | + MAKE_DEFINES=-j4 + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/openvpn:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/openvpn:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: openvpn + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/push-manifest.yml b/.github/workflows/push-manifest.yml new file mode 100644 index 00000000..a1a12d5e --- /dev/null +++ b/.github/workflows/push-manifest.yml @@ -0,0 +1,41 @@ +name: push-manifest + +on: + workflow_call: + inputs: + image_name: + description: "Which docker image to push to" + required: true + type: string + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +jobs: + push: + runs-on: ubuntu-latest + steps: + - uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push multiarch image to ghcr.io + run: | + docker manifest create ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }} \ + --amend ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }}-x86_64 \ + --amend ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }}-arm64 && + docker manifest push ghcr.io/${{ github.repository_owner }}/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }} + + - name: Push multiarch image to DockerHub + run: | + docker manifest create openquantumsafe/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }} \ + --amend openquantumsafe/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }}-x86_64 \ + --amend openquantumsafe/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }}-arm64 && + docker manifest push openquantumsafe/${{ inputs.image_name }}:${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/quic.yml b/.github/workflows/quic.yml index e550aa6c..d9e66903 100644 --- a/.github/workflows/quic.yml +++ b/.github/workflows/quic.yml @@ -12,6 +12,7 @@ on: env: TARGET_NAME: openquantumsafe + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} jobs: test-push: @@ -21,9 +22,16 @@ jobs: - uses: actions/checkout@v4 - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.push == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Create a shared volume run: docker volume create shared-1 shell: bash @@ -50,6 +58,7 @@ jobs: curl --cacert /certs/CA.crt --http3-only https://host.docker.internal --curves hqc192 -vvvv shell: bash - name: Push Docker images to Docker Hub + if: env.push == 'true' run: | docker push $TARGET_NAME/curl-quic:latest docker push $TARGET_NAME/nginx-quic:latest diff --git a/.github/workflows/wireshark.yml b/.github/workflows/wireshark.yml new file mode 100644 index 00000000..2131fd74 --- /dev/null +++ b/.github/workflows/wireshark.yml @@ -0,0 +1,92 @@ +name: wireshark + +on: + push: + branches: [ 'main' ] + paths: ['.github/workflows/wireshark.yml', 'wireshark/**'] + pull_request: + branches: [ 'main' ] + paths: ['.github/workflows/wireshark.yml', 'wireshark/**'] + workflow_call: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + workflow_dispatch: + inputs: + build_main: + description: "Build using liboqs and oqsprovider main branches" + required: false + default: false + type: boolean + release_tag: + description: "Which docker tag to push to" + required: false + type: string + +env: + build-args: | + LIBOQS_TAG=main + OQSPROVIDER_TAG=main + push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + +jobs: + build: + strategy: + fail-fast: false + matrix: + include: + - arch: x86_64 + runner: ubuntu-latest + - arch: arm64 + runner: oqs-arm64 + runs-on: ${{ matrix.runner }} + steps: + - uses: actions/checkout@v4 + - uses: docker/login-action@v3 + if: env.push == 'true' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the Docker image + uses: docker/build-push-action@v6 + with: + load: true + context: wireshark + build-args: | + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: oqs-wireshark + + - name: Push Docker image to registries + if: env.push == 'true' + uses: docker/build-push-action@v6 + with: + push: true + context: wireshark + build-args: | + ${{ (inputs.build_main == 'true') && env.build-args || null }} + tags: | + ghcr.io/${{ github.repository_owner }}/wireshark:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + openquantumsafe/wireshark:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }} + + push: + if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} + needs: build + runs-on: ubuntu-latest + steps: + - uses: ./.github/workflows/manifest + with: + image_name: wireshark + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..e1eec281 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,25 @@ +# Contributing new quantum-safe application integrations + +All submissions must meet acceptance criteria given below. Demos may be removed if they no longer meet the acceptance criteria. + +## Documentation requirements + +- Purpose of integration and upstream (code origin) location must be clearly documented. +- README must contain all steps to build the OQS-enabled code. +- An optional USAGE file must be present if the integration can be built into a docker image. + +## Execution requirements + +- If possible, a Dockerfile should be provided such as to automate the integration completely. In this case, a separate USAGE file must be available that shall document usage of the docker file at [docker hub](https://hub.docker.com/orgs/openquantumsafe/repositories). +- If a docker file is provided, it is expected that build-and-test code is added to the continuous integration environment testing (see below). + +## Maintenance + +We hope the contributor will intend to help update the integration over time as the upstream code bases as well as the underlying algorithms and APIs evolve. + +## Continuous Integration + +Each demo should have it's own GitHub Actions workflow to handle building, testing, and pushing its Docker image. An [example template](.github/workflow-templates/template.yml) is provided to get started. + +A workflow should run the build and test steps whenever changes are detected for the integration in a pull request or push to main. +The push step should only be triggered when the workflow is run on the main branch of the upstream repository (not forks) and not when building against the latest liboqs and oqs-provider code. \ No newline at end of file diff --git a/README.md b/README.md index 39b15d3f..aa812b0b 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ -[![GitHub actions](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/linux.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/linux.yml) +[![openssl](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openssl3.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openssl3.yml) [![QUIC](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/quic.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/quic.yml) -[![open-quantum-safe](https://circleci.com/gh/open-quantum-safe/oqs-demos.svg?style=svg)](https://app.circleci.com/pipelines/github/open-quantum-safe/oqs-demos) oqs-demos ========= @@ -11,7 +10,7 @@ A repository of instructions (with associated patches and scripts) to enable, th In most cases, Dockerfiles encode the instructions for ease-of-use: Just do `docker build -t .`. For more detailed usage instructions (parameters, algorithms, etc.) refer to the README for each package. Pre-built Docker images may also be available. -As the level of interest in providing and maintaining these integrations for public consumption has fallen, the packages are tagged with the github monikers of the persons willing to keep supporting them or the term "Unmaintained". If that tag is listed, no CI and github support for the integration is available and the code shall be seen as a snapshot that once worked only. +As the level of interest in providing and maintaining these integrations for public consumption has fallen, the packages are tagged with the github monikers of the persons willing to keep supporting them or the term "Unmaintained". If that tag is listed, no github support for the integration is available and the code shall be seen as a snapshot that once worked only. We are explicitly soliciting contributors to maintain those integrations labelled "Unmaintained". @@ -19,18 +18,18 @@ Currently available integrations at their respective support level: | | **Build instructions** | **Pre-built Docker image or binary files** | Support | |-------------------|----------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -------- | -| **curl** | [Github: oqs-demos/curl](curl) | [Dockerhub: openquantumsafe/curl](https://hub.docker.com/repository/docker/openquantumsafe/curl), [Dockerhub: openquantumsafe/curl-quic](https://hub.docker.com/repository/docker/openquantumsafe/curl-quic) | Maintained: @baentsch, @pi-314159 -| **Apache httpd** | [Github: oqs-demos/httpd](httpd) | [Dockerhub: openquantumsafe/httpd](https://hub.docker.com/repository/docker/openquantumsafe/httpd) | Maintained: @baentsch -| **nginx** | [Github: oqs-demos/nginx](nginx) | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx), [Dockerhub: openquantumsafe/nginx-quic](https://hub.docker.com/repository/docker/openquantumsafe/nginx-quic) | Maintained: @baentsch, @bhess, @pi-314159 +| **curl** | [Github: oqs-demos/curl](curl) | [Dockerhub: openquantumsafe/curl](https://hub.docker.com/repository/docker/openquantumsafe/curl), [Dockerhub: openquantumsafe/curl-quic](https://hub.docker.com/repository/docker/openquantumsafe/curl-quic) | [![curl](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/curl.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/curl.yml) Maintained: @baentsch, @pi-314159 +| **Apache httpd** | [Github: oqs-demos/httpd](httpd) | [Dockerhub: openquantumsafe/httpd](https://hub.docker.com/repository/docker/openquantumsafe/httpd) | [![httpd](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/httpd.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/httpd.yml) Maintained: @baentsch +| **nginx** | [Github: oqs-demos/nginx](nginx) | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx), [Dockerhub: openquantumsafe/nginx-quic](https://hub.docker.com/repository/docker/openquantumsafe/nginx-quic) | [![nginx](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/nginx.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/nginx.yml) Maintained: @baentsch, @bhess, @pi-314159 | **Chromium** | [Github: oqs-demos/chromium](chromium) (limited support) | - | Maintained: @pi-314159 -| **Locust** | [Github: oqs-demos/locust](locust) | - | Maintained: @davidgca -| **Wireshark** | [Github: oqs-demos/wireshark](wireshark) | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark) | Maintained: @hayyaaf -| **OpenSSH** | [Github: oqs-demos/openssh](openssh) | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh) | Unmaintained -| **OpenVPN** | [Github: oqs-demos/openvpn](openvpn) | [Dockerhub: openquantumsafe/openvpn](https://hub.docker.com/repository/docker/openquantumsafe/openvpn) | Unmaintained -| **ngtcp2** | [Github: oqs-demos/ngtcp2](ngtcp2) | Dockerhub: [Server: openquantumsafe/ngtcp2-server](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-server), [Client: openquantumsafe/ngtcp2-client](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-client) | Unmaintained -| **h2load** | [Github: oqs-demos/h2load](h2load) | [ Dockerhub: openquantumsafe/h2load](https://hub.docker.com/repository/docker/openquantumsafe/h2load) | Unmaintained -| **HAproxy** | [Github: oqs-demos/haproxy](haproxy) | [Dockerhub: openquantumsafe/haproxy](https://hub.docker.com/repository/docker/openquantumsafe/haproxy) | Unmaintained -| **Mosquitto** | [Github: oqs-demos/mosquitto](mosquitto) | [Dockerhub: openquantumsafe/mosquitto](https://hub.docker.com/repository/docker/openquantumsafe/mosquitto) | Unmaintained +| **Locust** | [Github: oqs-demos/locust](locust) | - | [![locust](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/locust.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/locust.yml) Maintained: @davidgca +| **Wireshark** | [Github: oqs-demos/wireshark](wireshark) | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark) | [![wireshark](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/wireshark.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/wireshark.yml) Maintained: @hayyaaf +| **OpenSSH** | [Github: oqs-demos/openssh](openssh) | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh) | [![openssh](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openssh.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openssh.yml) Unmaintained +| **OpenVPN** | [Github: oqs-demos/openvpn](openvpn) | [Dockerhub: openquantumsafe/openvpn](https://hub.docker.com/repository/docker/openquantumsafe/openvpn) | [![openvpn](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openvpn.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/openvpn.yml) Unmaintained +| **ngtcp2** | [Github: oqs-demos/ngtcp2](ngtcp2) | Dockerhub: [Server: openquantumsafe/ngtcp2-server](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-server), [Client: openquantumsafe/ngtcp2-client](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-client) | [![ngtcp2](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/ngtcp2.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/ngtcp2.yml) Unmaintained +| **h2load** | [Github: oqs-demos/h2load](h2load) | [ Dockerhub: openquantumsafe/h2load](https://hub.docker.com/repository/docker/openquantumsafe/h2load) | [![h2load](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/h2load.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/h2load.yml) Unmaintained +| **HAproxy** | [Github: oqs-demos/haproxy](haproxy) | [Dockerhub: openquantumsafe/haproxy](https://hub.docker.com/repository/docker/openquantumsafe/haproxy) | [![haproxy](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/haproxy.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/haproxy.yml) Unmaintained +| **Mosquitto** | [Github: oqs-demos/mosquitto](mosquitto) | [Dockerhub: openquantumsafe/mosquitto](https://hub.docker.com/repository/docker/openquantumsafe/mosquitto) | [![mosquitto](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/mosquitto.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/mosquitto.yml) Unmaintained | **Epiphany** | [Github: oqs-demos/epiphany](epiphany) | [Dockerhub: openquantumsafe/epiphany](https://hub.docker.com/repository/docker/openquantumsafe/epiphany) | Deprecated | **OpenLiteSpeed** | [Github: oqs-demos/openlitespeed](openlitespeed) | [ Dockerhub: openquantumsafe/openlitespeed](https://hub.docker.com/repository/docker/openquantumsafe/openlitespeed) | Deprecated | **Envoy** | [Github: oqs-demos/envoy](envoy) | [ Dockerhub: openquantumsafe/envoy](https://hub.docker.com/repository/docker/openquantumsafe/envoy) | Deprecated @@ -38,9 +37,13 @@ Currently available integrations at their respective support level: It should be possible to use the openssl (s_client) and curl clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using `oqs-provider v0.7.0` and `liboqs v0.11.0`) but no guarantees are given for software not explicitly labelled with the name of a person offering support for it. Since [OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl) no longer maintains the same set of algorithms, software that depends on OQS-BoringSSL (e.g., nginx-quic and curl-quic) may not fully (inter)operate with the test server. +When updates to an integration with a Dockerfile are pushed to `main`, an updated `latest` image is pushed to DockerHub and ghcr.io with support for both x86_64 and arm64. + +The build and test CI is run against the latest code in liboqs and oqs-provider weekly. + ## Contributing -Contributions are gratefully welcomed. See our [Contributing Guide](https://github.com/open-quantum-safe/oqs-demos/wiki/Contributing-guide) for more details. +Contributions are gratefully welcomed. See our [Contributing Guide](CONTRIBUTING.md) for more details. ## License