Build with Nix #206
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: [ "master" ] | |
pull_request: | |
branches: [ "master" ] | |
jobs: | |
applet: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
strategy: | |
matrix: | |
java: [ "8", "11", "17"] | |
env: | |
JAVA_VERSION: ${{ matrix.java }} | |
name: Build applet with Java ${{ matrix.java }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ matrix.java }} | |
distribution: "temurin" | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v3 | |
- name: Build applets | |
run: ./gradlew applet:buildJavaCard | |
- name: Test | |
run: ./gradlew applet:test | |
- name: Upload build artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: built-applet-${{ matrix.java }} | |
path: | | |
applet/build/javacard/*.cap | |
reader: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
strategy: | |
matrix: | |
java: [ "17", "21"] | |
name: Build reader on Java ${{ matrix.java }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ matrix.java }} | |
distribution: "temurin" | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v3 | |
- name: Build reader | |
run: ./gradlew reader:uberJar | |
- name: Test | |
run: ./gradlew reader:test | |
- name: Upload build artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: built-reader-${{ matrix.java }} | |
path: | | |
reader/build/libs/ECTesterReader.jar | |
- name: Upload code coverage | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
slug: crocs-muni/ECTester | |
standalone: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
strategy: | |
matrix: | |
java: [ "17", "21"] | |
env: | |
# ffs: https://github.com/adoptium/adoptium-support/issues/485 !!! | |
# also, add the wolfcrypt JNI path | |
LD_LIBRARY_PATH: "/usr/lib/x86_64-linux-gnu/:${{github.workspace}}/ext/wolfcrypt-jni/lib/" | |
name: Build standalone on Java ${{ matrix.java }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
fetch-tags: true | |
fetch-depth: -1 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ matrix.java }} | |
distribution: "temurin" | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v3 | |
- name: Setup libraries | |
run: | | |
sudo apt update | |
sudo apt install libtomcrypt-dev libtommath-dev libssl-dev libcrypto++-dev libgcrypt20-dev nettle-dev libbotan-2-dev libwolfssl-dev nasm | |
echo "BORINGSSL_VERSION=$(git submodule status ext/boringssl | cut -f2 -d' ' | cut -c1-10)" >> $GITHUB_ENV | |
echo "LIBRESSL_VERSION=$(git submodule status ext/libressl | cut -f2 -d' ' | cut -c1-10)" >> $GITHUB_ENV | |
echo "IPPCP_VERSION=$(git submodule status ext/ipp-crypto | cut -f2 -d' ' | cut -c1-10)" >> $GITHUB_ENV | |
echo "MBEDTLS_VERSION=$(git submodule status ext/mbedtls | cut -f2 -d' ' | cut -c1-10)" >> $GITHUB_ENV | |
echo "WOLFCRYPT_VERSION=$(git submodule status ext/wolfcrypt-jni | cut -f2 -d' ' | cut -c1-10)" >> $GITHUB_ENV | |
echo "WOLFSSL_VERSION=$(dpkg -s libwolfssl-dev | grep 'Version' | cut -f2 -d' ')" >> $GITHUB_ENV | |
- name: Cache libs | |
uses: actions/cache@v4 | |
id: cache-libs | |
with: | |
key: libs-${{ env.BORINGSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.IPPCP_VERSION }}-${{ env.WOLFCRYPT_VERSION }}-${{ env.WOLFSSL_VERSION }}-${{ hashFiles('.github/workflows/build.yml') }}-${{ matrix.java }} | |
path: | | |
ext/boringssl/build/ | |
ext/libressl/build/ | |
ext/ipp-crypto/build/ | |
ext/mbedtls/build/ | |
ext/wolfcrypt-jni/lib/wolfcrypt-jni.jar | |
ext/wolfcrypt-jni/lib/libwolfcryptjni.so | |
- name: Build libs | |
if: steps.cache-libs.outputs.cache-hit != 'true' | |
run: | | |
# ------------ Build BoringSSL ------------ | |
cd ext/boringssl | |
cmake -DBUILD_SHARED_LIBS=1 -Bbuild -G "Unix Makefiles" | |
cd build | |
make -j4 crypto | |
cd ../../.. | |
# ------------ Build LibreSSL ------------ | |
cd ext/libressl | |
./autogen.sh | |
cmake -DBUILD_SHARED_LIBS=ON -Bbuild -G "Unix Makefiles" | |
cd build | |
make -j4 crypto | |
cd ../../.. | |
# ------------ Build IPP-crypto ------------ | |
cd ext/ipp-crypto | |
CC=clang CXX=clang++ cmake CMakeLists.txt -Bbuild -DARCH=intel64 -G "Unix Makefiles" | |
cd build | |
make -j4 | |
cd ../../.. | |
# ------------ Build wolfcrypt-jni ------------ | |
cd ext/wolfcrypt-jni | |
mkdir junit | |
wget -P junit/ https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar | |
wget -P junit/ https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar | |
make -j4 -f makefile.linux | |
env JUNIT_HOME=junit/ ant build-jce-release | |
cd ../.. | |
# ------------ Build mbedTLS ------------ | |
cd ext/mbedtls | |
python -m venv virt | |
. virt/bin/activate | |
pip install -r scripts/basic.requirements.txt | |
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On -Bbuild -G "Unix Makefiles" | |
cd build | |
make -j4 | |
cd ../../.. | |
- name: Build standalone | |
run: | | |
./gradlew standalone:libs || true | |
./gradlew standalone:uberJar | |
- name: List libraries | |
run: ./gradlew standalone:run --args="list-libs" | |
- name: Test | |
run: ./gradlew standalone:test --continue | |
- name: Upload build artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: built-standalone-${{ matrix.java }} | |
path: | | |
standalone/build/libs/ECTesterStandalone.jar | |
- name: Upload results | |
uses: actions/upload-artifact@v4 | |
with: | |
name: results-standalone-${{ matrix.java }} | |
path: | | |
standalone/build/results/ | |
- name: Upload tests | |
uses: actions/upload-artifact@v4 | |
with: | |
name: tests-standalone-${{ matrix.java }} | |
path: | | |
standalone/build/reports/tests/test/ | |
- name: Upload code coverage | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
slug: crocs-muni/ECTester | |
- name: Upload test coverage | |
uses: codecov/test-results-action@v1 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
slug: crocs-muni/ECTester | |
files: >- | |
standalone/build/test-results/test/TEST-cz.crcs.ectester.standalone.AppTests.xml, standalone/build/test-results/test/TEST-cz.crcs.ectester.standalone.DeterministicTests.xml, | |
standalone/build/test-results/test/TEST-cz.crcs.ectester.standalone.IdentTests.xml, standalone/build/test-results/test/TEST-cz.crcs.ectester.standalone.LibTests.xml, | |
standalone/build/test-results/test/TEST-cz.crcs.ectester.standalone.OutputTests.xml |