Build

Merge pull request #1 from sophos/feature/NCL-1802-Upgrade-OpenVPN-fo… #24

Workflow file for this run

	# The name of our workflow
	name: Build
	on:
	push:
	pull_request:

	jobs:
	checkuncrustify:
	name: "Check code style with Uncrustify"
	# Ubuntu 22.04 has uncrustify 0.72_f
	runs-on: ubuntu-22.04
	steps:
	- name: Install dependencies
	run: sudo apt update && sudo apt install -y uncrustify
	- name: Checkout OpenVPN
	uses: actions/checkout@v3
	with:
	path: openvpn
	- name: Show uncrustify version
	run: uncrustify --version
	- name: Run uncrustify
	run: ./dev-tools/reformat-all.sh
	working-directory: openvpn
	- name: Check for changes
	run: git diff --output=uncrustify-changes.patch
	working-directory: openvpn
	- name: Show changes on standard output
	run: git diff
	working-directory: openvpn
	- uses: actions/upload-artifact@v3
	with:
	name: uncrustify-changes.patch
	path: 'openvpn/uncrustify-changes.patch'
	- name: Set job status
	run: test ! -s uncrustify-changes.patch
	working-directory: openvpn

	mingw:
	strategy:
	fail-fast: false
	matrix:
	osslver: [1.1.1q, 3.0.5]
	target: [mingw64, mingw]
	include:
	- target: mingw64
	chost: x86_64-w64-mingw32
	- target: mingw
	chost: i686-w64-mingw32

	name: "gcc-mingw - ${{matrix.target}} - OSSL ${{ matrix.osslver }}"
	runs-on: ubuntu-22.04
	env:
	MAKEFLAGS: -j3
	LZO_VERSION: "2.10"
	PKCS11_HELPER_VERSION: "1.29.0"
	OPENSSL_VERSION: "${{ matrix.osslver }}"
	TAP_WINDOWS_VERSION: "9.23.3"
	steps:
	- name: Install dependencies
	run: sudo apt update && sudo apt install -y mingw-w64 libtool automake autoconf man2html unzip
	- name: Checkout OpenVPN
	uses: actions/checkout@v3
	with:
	path: openvpn

	- name: autoconf
	run: autoreconf -fvi
	working-directory: openvpn

	- name: Cache dependencies
	id: cache
	uses: actions/cache@v3
	with:
	path: '~/mingw/'
	key: ${{ matrix.target }}-mingw-${{ matrix.osslver }}-${{ env.LZO_VERSION }}-${{ env.PKCS11_HELPER_VERSION }}-${{ env.TAP_WINDOWS_VERSION }}

	# Repeating if: steps.cache.outputs.cache-hit != 'true'
	# on every step for building dependencies is ugly but
	# I haven't found a better solution so far.

	- name: Download mingw dependencies
	if: steps.cache.outputs.cache-hit != 'true'
	run: \|
	wget -c -P download-cache/ "https://build.openvpn.net/downloads/releases/tap-windows-${TAP_WINDOWS_VERSION}.zip"
	wget -c -P download-cache/ "https://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz"
	wget -c -P download-cache/ "https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${PKCS11_HELPER_VERSION}/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2"
	tar jxf "download-cache/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2"
	wget -c -P download-cache/ "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz" \|\| wget -c -P download-cache/ "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz"
	tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz"
	tar zxf "download-cache/lzo-${LZO_VERSION}.tar.gz"
	unzip download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip

	- name: Configure OpenSSL
	if: steps.cache.outputs.cache-hit != 'true'
	run: ./Configure --cross-compile-prefix=${{ matrix.chost }}- shared ${{ matrix.target }} no-capieng --prefix="${HOME}/mingw/opt" --openssldir="${HOME}/mingw/opt" -static-libgcc
	working-directory: "./openssl-${{ env.OPENSSL_VERSION }}"

	- name: Build OpenSSL
	if: steps.cache.outputs.cache-hit != 'true'
	run: make
	working-directory: "./openssl-${{ env.OPENSSL_VERSION }}"

	# OpenSSL 3.0.5 installs itself into mingw/opt/lib64 instead of
	# mingw/opt/lib, so we include both dirs in the following steps
	# (pkcs11-helper and OpenVPN) so the libraries will be found
	- name: Install OpenSSL
	if: steps.cache.outputs.cache-hit != 'true'
	run: make install
	working-directory: "./openssl-${{ env.OPENSSL_VERSION }}"

	- name: autoreconf pkcs11-helper
	if: steps.cache.outputs.cache-hit != 'true'
	run: autoreconf -iv
	working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}"

	- name: configure pkcs11-helper
	if: steps.cache.outputs.cache-hit != 'true'
	run: OPENSSL_LIBS="-L${HOME}/mingw/opt/lib -L${HOME}/mingw/opt/lib64 -lssl -lcrypto" OPENSSL_CFLAGS=-I$HOME/mingw/opt/include PKG_CONFIG_PATH=${HOME}/mingw/opt/lib/pkgconfig ./configure --host=${{ matrix.chost }} --program-prefix='' --libdir=${HOME}/mingw/opt/lib --prefix=${HOME}/mingw/opt --build=x86_64-pc-linux-gnu --disable-crypto-engine-gnutls --disable-crypto-engine-nss --disable-crypto-engine-polarssl --disable-crypto-engine-mbedtls
	working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}"

	- name: build pkcs11-helper
	if: steps.cache.outputs.cache-hit != 'true'
	run: make all
	working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}"

	- name: install pkcs11-helper
	if: steps.cache.outputs.cache-hit != 'true'
	run: make install
	working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}"

	- name: Configure lzo
	if: steps.cache.outputs.cache-hit != 'true'
	run: ./configure --host=${{ matrix.chost }} --program-prefix='' --libdir=${HOME}/mingw/opt/lib --prefix=${HOME}/mingw/opt --build=x86_64-pc-linux-gnu
	working-directory: "./lzo-${{ env.LZO_VERSION }}"

	- name: build lzo
	if: steps.cache.outputs.cache-hit != 'true'
	working-directory: "./lzo-${{ env.LZO_VERSION }}"
	run: make

	- name: install lzo
	if: steps.cache.outputs.cache-hit != 'true'
	working-directory: "./lzo-${{ env.LZO_VERSION }}"
	run: make install

	- name: copy tap-windows.h header
	if: steps.cache.outputs.cache-hit != 'true'
	run: cp ./tap-windows-${TAP_WINDOWS_VERSION}/include/tap-windows.h ${HOME}/mingw/opt/include/

	- name: configure OpenVPN
	run: PKG_CONFIG_PATH=${HOME}/mingw/opt/lib/pkgconfig LDFLAGS=-L$HOME/mingw/opt/lib CFLAGS=-I$HOME/mingw/opt/include OPENSSL_LIBS="-L${HOME}/opt/lib -L$HOME/mingw/opt/lib64 -lssl -lcrypto" OPENSSL_CFLAGS=-I$HOME/mingw/opt/include PREFIX=$HOME/mingw/opt LZO_CFLAGS=-I$HOME/mingw/opt/include LZO_LIBS="-L${HOME}/mingw/opt/lib -llzo2" ./configure --host=${{ matrix.chost }} --disable-lz4
	working-directory: openvpn

	- name: build OpenVPN
	run: make -j3
	working-directory: openvpn

	ubuntu:
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-18.04, ubuntu-20.04, ubuntu-22.04]
	sslpkg: [libmbedtls-dev]
	ssllib: [mbedtls]
	libname: [mbed TLS]

	include:
	- os: ubuntu-18.04
	sslpkg: "libssl1.0-dev"
	ssllib: openssl
	libname: OpenSSL 1.0.2
	- os: ubuntu-18.04
	sslpkg: "libssl-dev"
	libname: OpenSSL 1.1.1
	ssllib: openssl
	- os: ubuntu-20.04
	sslpkg: "libssl-dev"
	libname: OpenSSL 1.1.1
	ssllib: openssl
	- os: ubuntu-22.04
	sslpkg: "libssl-dev"
	libname: OpenSSL 3.0.2
	ssllib: openssl
	- os: ubuntu-20.04
	sslpkg: "libssl-dev"
	libname: OpenSSL 1.1.1
	ssllib: openssl
	extraconf: "--enable-iproute2"
	- os: ubuntu-20.04
	sslpkg: "libssl-dev"
	libname: OpenSSL 1.1.1
	ssllib: openssl
	extraconf: "--enable-async-push"
	- os: ubuntu-20.04
	sslpkg: "libssl-dev"
	libname: OpenSSL 1.1.1
	ssllib: openssl
	extraconf: "--disable-management"
	- os: ubuntu-20.04
	sslpkg: "libssl-dev"
	libname: OpenSSL 1.1.1
	ssllib: openssl
	extraconf: "--enable-small"
	- os: ubuntu-20.04
	sslpkg: "libssl-dev"
	libname: OpenSSL 1.1.1
	ssllib: openssl
	extraconf: "--disable-lzo --disable-lz4"
	- os: ubuntu-20.04
	sslpkg: "libssl-dev"
	libname: OpenSSL 1.1.1
	ssllib: openssl
	extraconf: "--enable-dco"
	nlpkg: "libnl-genl-3-dev"

	name: "gcc - ${{matrix.os}} - ${{matrix.libname}} ${{matrix.extraconf}}"
	env:
	SSLPKG: "${{matrix.sslpkg}}"
	NLPKG: "${{matrix.nlpkg}}"

	runs-on: ${{matrix.os}}
	steps:
	- name: Install dependencies
	run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} ${NLPKG}
	- name: Checkout OpenVPN
	uses: actions/checkout@v3
	- name: autoconf
	run: autoreconf -fvi
	- name: configure
	run: ./configure --with-crypto-library=${{matrix.ssllib}} ${{matrix.extraconf}} --enable-werror
	- name: make all
	run: make -j3
	- name: make check
	run: make check

	ubuntu-clang-asan:
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-20.04]
	ssllib: [mbedtls, openssl]

	name: "clang-asan - ${{matrix.os}} - ${{matrix.ssllib}}"

	runs-on: ${{matrix.os}}
	steps:
	- name: Install dependencies
	run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf libmbedtls-dev
	- name: Checkout OpenVPN
	uses: actions/checkout@v3
	- name: autoconf
	run: autoreconf -fvi
	- name: configure
	run: CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}}
	- name: make all
	run: make -j3
	- name: make check
	run: make check

	macos:
	strategy:
	fail-fast: false
	matrix:
	ssllib: [ openssl11, openssl3, libressl]
	build: [ normal, asan ]
	os: [macos-11, macos-12]
	include:
	- build: asan
	cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
	ldflags: -fsanitize=address
	# Our build system ignores LDFLAGS for plugins
	configureflags: --disable-plugin-auth-pam --disable-plugin-down-root
	- build: normal
	cflags: "-O2 -g"
	ldflags: ""
	configureflags: ""
	- ssllib: openssl11
	libdir: [email protected]
	configuressllib: ""
	- ssllib: openssl3
	libdir: openssl@3
	configuressllib: ""
	- ssllib: libressl
	libdir: libressl
	configuressllib: "--with-openssl-engine=no"

	runs-on: ${{matrix.os}}
	name: "${{matrix.os}} - ${{matrix.libdir}} - ${{matrix.build}}"
	env:
	CFLAGS: ${{ matrix.cflags }}
	LDFLAGS: ${{ matrix.ldflags }}
	OPENSSL_CFLAGS: "-I/usr/local/opt/${{matrix.libdir}}/include"
	OPENSSL_LIBS: "-L/usr/local/opt/${{matrix.libdir}}/lib -lcrypto -lssl"
	steps:
	- name: Install dependencies
	run: brew install [email protected] openssl@3 lzo lz4 man2html cmocka libtool automake autoconf libressl
	- name: Checkout OpenVPN
	uses: actions/checkout@v3
	- name: autoconf
	run: autoreconf -fvi
	- name: configure
	run: ./configure --enable-werror ${{matrix.configureflags}} ${{matrix.configuressllib}}
	- name: make all
	run: make -j4
	- name: make check
	run: make check

	msvc:
	strategy:
	fail-fast: false
	matrix:
	plat: [ARM64, Win32, x64]
	include:
	- plat: ARM64
	triplet: arm64
	- plat: Win32
	triplet: x86
	- plat: x64
	triplet: x64

	name: "msbuild - ${{matrix.triplet}} - openssl"
	env:
	BUILD_CONFIGURATION: Release
	VCPKG_OVERLAY_PORTS: ${{ github.workspace }}/contrib/vcpkg-ports
	VCPKG_OVERLAY_TRIPLETS: ${{ github.workspace }}/contrib/vcpkg-triplets

	runs-on: windows-latest
	steps:
	- uses: actions/checkout@v3

	- name: Add MSBuild to PATH
	uses: microsoft/[email protected]

	- name: Set up Python
	uses: actions/setup-python@v4
	with:
	python-version: '3.x'

	- name: Install rst2html
	run: python -m pip install --upgrade pip rst2html

	- name: Restore artifacts, or setup vcpkg (do not install any package)
	uses: lukka/run-vcpkg@v10
	with:
	vcpkgGitCommitId: 'cafd398be781144787573ca78390e951673c7055'
	appendedCacheKey: '${{matrix.triplet}}'

	- name: Run MSBuild consuming vcpkg.json
	working-directory: ${{env.GITHUB_WORKSPACE}}
	run: \|
	# workaround for GHA runner bug where vcpkg installation is detected at c:\vcpkg
	# see https://github.com/lukka/run-vcpkg/issues/170
	${{ github.workspace }}/vcpkg/vcpkg.exe integrate install
	msbuild /m /p:Configuration=${{env.BUILD_CONFIGURATION}} /p:Platform="${{ matrix.plat }}" .

	- name: Archive artifacts
	uses: actions/upload-artifact@v3
	with:
	name: artifacts-${{ matrix.plat }}
	path: \|
	${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.exe
	${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.dll
	${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.pdb
	doc/openvpn.8.html

	trigger_openvpn_build:
	runs-on: windows-latest
	needs: [checkuncrustify, mingw, ubuntu, ubuntu-clang-asan, macos, msvc]
	if: ${{ github.event_name != 'pull_request' && github.repository == 'openvpn/openvpn' && github.ref == 'refs/heads/master' }}

	steps:
	- name: Repository Dispatch
	uses: peter-evans/repository-dispatch@v2
	with:
	token: ${{ secrets.OPENVPN_BUILD_REPO_DISPATCH }}
	repository: openvpn/openvpn-build
	event-type: openvpn-commit

	libressl:
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-22.04]
	ssllib: [libressl]
	build: [ normal, asan ]
	configureflags: ["--with-openssl-engine=no"]
	include:
	- build: asan
	cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
	ldflags: -fsanitize=address
	cc: clang
	- build: normal
	cflags: "-O2 -g"
	ldflags: ""
	cc: gcc

	name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}"
	runs-on: ${{matrix.os}}
	env:
	CFLAGS: ${{ matrix.cflags }}
	LDFLAGS: ${{ matrix.ldflags }}
	CC: ${{matrix.cc}}

	steps:
	- name: Install dependencies
	run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev
	- name: "libressl: checkout"
	uses: actions/checkout@v3
	with:
	path: libressl
	repository: libressl-portable/portable
	ref: v3.5.3
	- name: "libressl: autogen.sh"
	run: ./autogen.sh
	working-directory: libressl
	- name: "libressl: autoconf"
	run: autoreconf -fvi
	working-directory: libressl
	- name: "libressl: configure"
	run: ./configure --enable-openvpn
	working-directory: libressl
	- name: "libressl: make all"
	run: make -j3
	working-directory: libressl
	- name: "libressl: make install"
	run: sudo make install
	working-directory: libressl
	- name: "ldconfig"
	run: sudo ldconfig
	- name: Checkout OpenVPN
	uses: actions/checkout@v3
	- name: autoconf
	run: autoreconf -fvi
	- name: configure
	run: ./configure --with-crypto-library=openssl ${{matrix.configureflags}}
	- name: make all
	run: make -j3
	- name: make check
	run: make check

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #1 from sophos/feature/NCL-1802-Upgrade-OpenVPN-fo… #24

Workflow file

Merge pull request #1 from sophos/feature/NCL-1802-Upgrade-OpenVPN-fo… #24

Jobs

Run details

Workflow file for this run