Skip to content

Build with Nix

Build with Nix #159

Workflow file for this run

name: Build
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
jobs:
applet:
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
java: [ "8", "11", "17"]
env:
JAVA_VERSION: ${{ matrix.java }}
name: Build applet with Java ${{ matrix.java }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: "temurin"
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
- name: Build applets
run: ./gradlew applet:buildJavaCard
- name: Test
run: ./gradlew applet:test
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: built-applet-${{ matrix.java }}
path: |
applet/build/javacard/*.cap
reader:
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
java: [ "17", "21"]
name: Build reader on Java ${{ matrix.java }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: "temurin"
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
- name: Build reader
run: ./gradlew reader:uberJar
- name: Test
run: ./gradlew reader:test
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: built-reader-${{ matrix.java }}
path: |
reader/build/libs/ECTesterReader.jar
standalone:
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
java: [ "17", "21"]
env:
# ffs: https://github.com/adoptium/adoptium-support/issues/485 !!!
# also, add the wolfcrypt JNI path
LD_LIBRARY_PATH: "/usr/lib/x86_64-linux-gnu/:${{github.workspace}}/ext/wolfcrypt-jni/lib/"
name: Build standalone on Java ${{ matrix.java }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
fetch-tags: true
fetch-depth: -1
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: "temurin"
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
- name: Setup libraries
run: |
sudo apt update
sudo apt install libtomcrypt-dev libtommath-dev libssl-dev libcrypto++-dev libgcrypt20-dev nettle-dev libbotan-2-dev libwolfssl-dev nasm
echo "BORINGSSL_VERSION=$(git submodule status ext/boringssl | cut -f2 -d' ' | cut -c1-10)" >> $GITHUB_ENV
echo "LIBRESSL_VERSION=$(git submodule status ext/libressl | cut -f2 -d' ' | cut -c1-10)" >> $GITHUB_ENV
echo "IPPCP_VERSION=$(git submodule status ext/ipp-crypto | cut -f2 -d' ' | cut -c1-10)" >> $GITHUB_ENV
echo "MBEDTLS_VERSION=$(git submodule status ext/mbedtls | cut -f2 -d' ' | cut -c1-10)" >> $GITHUB_ENV
echo "WOLFCRYPT_VERSION=$(git submodule status ext/wolfcrypt-jni | cut -f2 -d' ' | cut -c1-10)" >> $GITHUB_ENV
echo "WOLFSSL_VERSION=$(dpkg -s libwolfssl-dev | grep 'Version' | cut -f2 -d' ')" >> $GITHUB_ENV
- name: Cache libs
uses: actions/cache@v4
id: cache-libs
with:
key: libs-${{ env.BORINGSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.IPPCP_VERSION }}-${{ env.WOLFCRYPT_VERSION }}-${{ env.WOLFSSL_VERSION }}-${{ hashFiles('.github/workflows/build.yml') }}-${{ matrix.java }}
path: |
ext/boringssl/build/
ext/libressl/build/
ext/ipp-crypto/build/
ext/mbedtls/build/
ext/wolfcrypt-jni/lib/wolfcrypt-jni.jar
ext/wolfcrypt-jni/lib/libwolfcryptjni.so
- name: Build libs
if: steps.cache-libs.outputs.cache-hit != 'true'
run: |
# ------------ Build BoringSSL ------------
cd ext/boringssl
cmake -DBUILD_SHARED_LIBS=1 -Bbuild -G "Unix Makefiles"
cd build
make -j4 crypto
cd ../../..
# ------------ Build LibreSSL ------------
cd ext/libressl
./autogen.sh
cmake -DBUILD_SHARED_LIBS=ON -Bbuild -G "Unix Makefiles"
cd build
make -j4 crypto
cd ../../..
# ------------ Build IPP-crypto ------------
cd ext/ipp-crypto
CC=clang CXX=clang++ cmake CMakeLists.txt -Bbuild -DARCH=intel64 -G "Unix Makefiles"
cd build
make -j4
cd ../../..
# ------------ Build wolfcrypt-jni ------------
cd ext/wolfcrypt-jni
mkdir junit
wget -P junit/ https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
wget -P junit/ https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar
make -j4 -f makefile.linux
env JUNIT_HOME=junit/ ant build-jce-release
cd ../..
# ------------ Build mbedTLS ------------
cd ext/mbedtls
python -m venv virt
. virt/bin/activate
pip install -r scripts/basic.requirements.txt
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On -Bbuild -G "Unix Makefiles"
cd build
make -j4
cd ../../..
- name: Build standalone
run: |
./gradlew standalone:libs || true
./gradlew standalone:uberJar
- name: List libraries
run: ./gradlew standalone:run --args="list-libs"
- name: Test
run: ./gradlew standalone:test
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: built-standalone-${{ matrix.java }}
path: |
standalone/build/libs/ECTesterStandalone.jar
- name: Upload results
uses: actions/upload-artifact@v4
with:
name: results-standalone-${{ matrix.java }}
path: |
standalone/build/results/
- name: Upload code coverage
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: crocs-muni/ECTester