Refactored MacOS workflow to use GHA and homebrew capabilities

.github/workflows/macos.yml

@@ -1,10 +1,36 @@
+# Copyright (c) 2023 [Ribose Inc](https://www.ribose.com).
+# All rights reserved.
+# This file is a part of rnp
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
 name: macos
 
 on:
   push:
     branches:
       - main
       - 'release/**'
+      - maxirmx-refactor-macos
     paths-ignore:
       - '/*.sh'
       - '/.*'
@@ -30,56 +56,85 @@ on:
 concurrency:
   group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}'
   cancel-in-progress: true
-
-env:
-  CORES: 2
-  BUILD_MODE: normal
-  GPG_VERSION: stable
-  USE_STATIC_DEPENDENCIES: yes
-
+
 jobs:
   tests:
-    name: ${{ matrix.os }} [CC ${{ matrix.env.CC }}; GnuPG stable]
+    name: ${{ matrix.os }} [ backend ${{ matrix.backend }}, shared libs ${{ matrix.shared_libs }} ]
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
+# On MacOS gcc is alias of clang these days         
         os: [macos-11, macos-12]
-        env:
-          - CC: gcc
-            CXX: g++
-          - CC: clang
-            CXX: clang++
+        backend: [ 'botan' ]
+        shared_libs: [ 'on' ]
+        include:
+          - { os: 'macos-11', backend: '[email protected]', shared_libs: 'on' }
+          - { os: 'macos-12', backend: 'openssl@3', shared_libs: 'on' }
+          - { os: 'macos-12', backend: 'botan', shared_libs: 'off' }
+
     if: "!contains(github.event.head_commit.message, 'skip ci')"
-    env: ${{ matrix.env }}
     timeout-minutes: 250
+
     steps:
       - uses: actions/checkout@v3
         with:
           fetch-depth: 1
           submodules: true
-      - name: Setup environment
+
+      - name: Configure openssl 1.1 backend
+        if: ${{ matrix.backend == '[email protected]' }}
         run: |
-          . ci/gha/setup-env.inc.sh
-          ci/install_noncacheable_dependencies.sh
-      - name: Cache
-        id: cache
-        uses: actions/cache@v3
-        with:
-          path: ${{ env.CACHE_DIR }}
-          key: ${{ github.workflow }}-${{ matrix.os }}-${{ env.BUILD_MODE }}-${{ matrix.env.CC }}-gpg-${{ env.GPG_VERSION }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/**') }}
-      - name: Build cache
-        if: steps.cache.outputs.cache-hit != 'true'
+          echo "brew \"[email protected]\"" >> Brewfile
+          echo "OPENSSL_ROOT_DIR=$(brew --prefix [email protected])" >> $GITHUB_ENV
+          echo "CRYPTO_BACKEND=openssl" >> $GITHUB_ENV
+
+      - name: Configure openssl 3 backend
+        if: ${{ matrix.backend == 'openssl@3' }}
+        run: |
+          echo "brew \"openssl@3\"" >> Brewfile
+          echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl@3)" >> $GITHUB_ENV
+          echo "CRYPTO_BACKEND=openssl" >> $GITHUB_ENV
+
+      - name: Configure botan backend
+        if: ${{ matrix.backend == 'botan' }}
         run: |
-          set -x
-          ci/install_cacheable_dependencies.sh
-      - name: tests
+          echo "brew \"botan\"" >> Brewfile
+          echo "CRYPTO_BACKEND=botan" >> $GITHUB_ENV
+
+      - name: Install dependencies
+        run: brew bundle
+
+      - name: Configure
         run: |
-          ci/run.sh
-      - name: symbol-visibility
+          echo "CORES=$(sysctl -n hw.ncpu)" >> $GITHUB_ENV
+          echo "RNP_INSTALL=$PWD/rnp-install" >> $GITHUB_ENV
+          cmake -B build -DBUILD_SHARED_LIBS=${{ matrix.shared_libs }}   \
+                         -DCMAKE_BUILD_TYPE=Release                      \
+                         -DCMAKE_INSTALL_PREFIX="$PWD/rnp-install"       \
+                         -DDOWNLOAD_GTEST=OFF                            \
+                         -DCRYPTO_BACKEND=${{ env.CRYPTO_BACKEND }}      .
+
+      - name: Build
+        run: cmake --build build --config Release --parallel ${{ env.CORES }}
+
+      - name: Install
+        run: cmake --install build
+
+      - name: Test
         run: |
-          set -euxo pipefail
-          nm --extern-only --defined-only --demangle $RNP_INSTALL/lib/librnp.dylib > exports
-          [ $(grep -c dst_close exports) == "0" ]
-          [ $(grep -c Botan exports) == "0" ]
-          [ $(grep -c _rnp_version_string_full exports) == "1" ]
+          mkdir -p "build/Testing/Temporary"
+          cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
+          export PATH="$PWD/build/src/lib:$PATH"
+          ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure
+
+      - name: Checkout shell test framework
+        if: ${{ matrix.shared_libs == 'on' }}
+        uses: actions/checkout@v3
+        with:
+          repository: kward/shunit2
+          path: ci/tests/shunit2
+
+      - name: Run additional ci tests
+        if: ${{ matrix.shared_libs == 'on' }}
+        run: zsh -o shwordsplit -- ci/tests/ci-tests.sh         

Brewfile

@@ -1,11 +1,7 @@
-brew "[email protected]"
-brew "make"
 brew "cmake"
-brew "autoconf"
-brew "automake"
-brew "libtool"
 brew "pkg-config"
+brew "googletest"
 brew "gnupg"
-brew "wget"
 brew "python"
-
+brew "json-c"
+brew "asciidoc"

ci/lib/install_functions.inc.sh

@@ -54,30 +54,6 @@ run() {
 
 . ci/lib/cacheable_install_functions.inc.sh
 
-macos_install() {
-  brew update-reset
-  # homebrew fails because `openssl` is a symlink while it tries to remove a directory.
-  rm /usr/local/Cellar/openssl || true
-  # homebrew fails to update python 3.9.1 to 3.9.1.1 due to unlinking failure
-  rm /usr/local/bin/2to3 || true
-  # homebrew fails to update python from 3.9 to 3.10 due to another unlinking failure
-  rm /usr/local/bin/idle3 || true
-  rm /usr/local/bin/pydoc3 || true
-  rm /usr/local/bin/python3 || true
-  rm /usr/local/bin/python3-config || true
-  # homebrew fails to update python from 3.11.0 to 3.11.1
-  rm /usr/local/bin/2to3-3.11 || true
-  rm /usr/local/bin/idle3.11 || true
-  rm /usr/local/bin/pydoc3.11 || true
-  rm /usr/local/bin/python3.11 || true
-  rm /usr/local/bin/python3.11-config || true
-  # homebrew fails to update [email protected] 1.1.1l to 1.1.1l_1 due to linking failure of nghttp2.h
-  brew unlink nghttp2 || true
-  brew update
-  brew bundle
-  ensure_automake
-}
-
 freebsd_install() {
   local packages=(
     git

ci/tests/ci-tests.sh

@@ -28,6 +28,7 @@
 set -o errexit -o pipefail -o noclobber -o nounset
 
 DIR0="$( cd "$( dirname "$0" )" && pwd )"
+SHUNIT_PARENT="$0"
 
 # Defaults applicable to 'normal' installation and not build environment
 : "${BOTAN_INSTALL:=/usr}"
@@ -38,15 +39,21 @@ DIR0="$( cd "$( dirname "$0" )" && pwd )"
 : "${ENABLE_IDEA:=}"
 
 test_symbol_visibility() {
-    if [[ "$OSTYPE" == "msys" ]]; then
+    case "$OSTYPE" in
+      msys)
         mkdir tmp
         wget -O tmp/Dependencies_x64_Release.zip https://github.com/lucasg/Dependencies/releases/download/v1.10/Dependencies_x64_Release.zip
         7z x tmp/Dependencies_x64_Release.zip -otmp
         tmp/Dependencies -exports "$RNP_INSTALL"/bin/librnp.dll  > exports
         rm -rf tmp
-    else
+        ;;
+      darwin*)
+        nm --defined-only -g $RNP_INSTALL/lib/librnp.dylib > exports
+        ;;
+      *)
         nm --defined-only -g "$RNP_INSTALL"/lib64/librnp*.so > exports
-    fi
+    esac   
+
     assertEquals "Unexpected: 'dst_close' is in exports" 0 "$(grep -c dst_close exports)"
     assertEquals "Unexpected: 'Botan' is in exports" 0 "$(grep -c Botan exports)"
     assertEquals "Unexpected: 'OpenSSL' is in exports" 0 "$(grep -c OpenSSL exports)"
@@ -67,7 +74,8 @@ test_supported_features() {
     # Old versions say ${unsupported[@]} is unbound if empty
     unsupported=( NOOP )
 
-    botan_only=( TWOFISH EAX brainpoolP256r1 brainpoolP384r1 brainpoolP512r1)
+    botan_only=( TWOFISH EAX )
+    brainpool=( rainpoolP256r1 brainpoolP384r1 brainpoolP512r1 )
     sm2=( SM2 SM4 SM3 "SM2 P-256" )
 
     # SM2
@@ -86,30 +94,45 @@ test_supported_features() {
         supported+=(IDEA)
     fi
 
-    if [[ "$OSTYPE" == "msys" ]]; then
+    case "$OSTYPE" in
+      msys)
         so_folder="bin"
-    else
+        botan_only+=("${brainpool[@]}")
+        ;;
+      darwin*)
+        so_folder="lib"
+        support+=("${brainpool[@]}")       
+        ;;
+      *)
         so_folder="lib64"
-    fi
+        botan_only+=("${brainpool[@]}")
+    esac   
 
     if [[ "${CRYPTO_BACKEND:-}" == "openssl" ]]; then
         unsupported+=("${botan_only[@]}")
-        library_path="${BOTAN_INSTALL}/$so_folder:${JSONC_INSTALL}/$so_folder:${RNP_INSTALL}/$so_folder"
+        library_path="${JSONC_INSTALL}/$so_folder:${RNP_INSTALL}/$so_folder"
     else
         supported+=("${botan_only[@]}")
-        library_path="${JSONC_INSTALL}/$so_folder:${RNP_INSTALL}/$so_folder"
+        library_path="${BOTAN_INSTALL}/$so_folder:${JSONC_INSTALL}/$so_folder:${RNP_INSTALL}/$so_folder"
+    fi
+
+    if [[ "$OSTYPE" == darwin* ]]; then
+        export DYLD_LIBRARY_PATH="$library_path" 
+    else
+        export LD_LIBRARY_PATH="$library_path"
     fi
 
-    LD_LIBRARY_PATH="$library_path" "$RNP_INSTALL"/bin/rnp --version > rnp-version
+    "$RNP_INSTALL"/bin/rnp --version > rnp-version
+
     for feature in "${supported[@]}"
     do
         fea="$(grep -ci "$feature" rnp-version)"
-        assertTrue "Unexpected unsupported feature: '$feature'" "[ $fea -ge 1 ]"
+        assertTrue "Unexpected unsupported feature: '$feature'" "[[ $fea -ge 1 ]]"
     done
     for feature in "${unsupported[@]}"
     do
         fea="$(grep -ci "$feature" rnp-version)"
-        assertTrue "Unexpected supported feature: '$feature'" "[ $fea == 0 ]"
+        assertTrue "Unexpected supported feature: '$feature'" "[[ $fea == 0 ]]"
     done
 
     rm -f rnp-version