From 171fcb069026b7985b30a661a3aeb73036bafb57 Mon Sep 17 00:00:00 2001 From: maxirmx Date: Tue, 18 Apr 2023 18:55:50 +0300 Subject: [PATCH] Refactored MacOS workflow to use GHA and homebrew capabilities --- .github/workflows/macos.yml | 125 +++++++++++++++++++++++--------- Brewfile | 10 +-- ci/env-macos.inc.sh | 14 ---- ci/lib/install_functions.inc.sh | 24 ------ ci/tests/ci-tests.sh | 47 +++++++++--- 5 files changed, 128 insertions(+), 92 deletions(-) delete mode 100644 ci/env-macos.inc.sh diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index d8599bcf7..56fc2d563 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -1,3 +1,28 @@ +# Copyright (c) 2023 [Ribose Inc](https://www.ribose.com). +# All rights reserved. +# This file is a part of rnp +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + name: macos on: @@ -5,6 +30,7 @@ on: branches: - main - 'release/**' + - maxirmx-refactor-macos paths-ignore: - '/*.sh' - '/.*' @@ -30,56 +56,85 @@ on: concurrency: group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' cancel-in-progress: true - -env: - CORES: 2 - BUILD_MODE: normal - GPG_VERSION: stable - USE_STATIC_DEPENDENCIES: yes - + jobs: tests: - name: ${{ matrix.os }} [CC ${{ matrix.env.CC }}; GnuPG stable] + name: ${{ matrix.os }} [ backend ${{ matrix.backend }}, shared libs ${{ matrix.shared_libs }} ] runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: +# On MacOS gcc is alias of clang these days os: [macos-11, macos-12] - env: - - CC: gcc - CXX: g++ - - CC: clang - CXX: clang++ + backend: [ 'botan' ] + shared_libs: [ 'on' ] + include: + - { os: 'macos-11', backend: 'openssl@1.1', shared_libs: 'on' } + - { os: 'macos-12', backend: 'openssl@3', shared_libs: 'on' } + - { os: 'macos-12', backend: 'botan', shared_libs: 'off' } + if: "!contains(github.event.head_commit.message, 'skip ci')" - env: ${{ matrix.env }} timeout-minutes: 250 + steps: - uses: actions/checkout@v3 with: fetch-depth: 1 submodules: true - - name: Setup environment + + - name: Configure openssl 1.1 backend + if: ${{ matrix.backend == 'openssl@1.1' }} run: | - . ci/gha/setup-env.inc.sh - ci/install_noncacheable_dependencies.sh - - name: Cache - id: cache - uses: actions/cache@v3 - with: - path: ${{ env.CACHE_DIR }} - key: ${{ github.workflow }}-${{ matrix.os }}-${{ env.BUILD_MODE }}-${{ matrix.env.CC }}-gpg-${{ env.GPG_VERSION }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/**') }} - - name: Build cache - if: steps.cache.outputs.cache-hit != 'true' + echo "brew \"openssl@1.1\"" >> Brewfile + echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl@1.1)" >> $GITHUB_ENV + echo "CRYPTO_BACKEND=openssl" >> $GITHUB_ENV + + - name: Configure openssl 3 backend + if: ${{ matrix.backend == 'openssl@3' }} + run: | + echo "brew \"openssl@3\"" >> Brewfile + echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl@3)" >> $GITHUB_ENV + echo "CRYPTO_BACKEND=openssl" >> $GITHUB_ENV + + - name: Configure botan backend + if: ${{ matrix.backend == 'botan' }} run: | - set -x - ci/install_cacheable_dependencies.sh - - name: tests + echo "brew \"botan\"" >> Brewfile + echo "CRYPTO_BACKEND=botan" >> $GITHUB_ENV + + - name: Install dependencies + run: brew bundle + + - name: Configure run: | - ci/run.sh - - name: symbol-visibility + echo "CORES=$(sysctl -n hw.ncpu)" >> $GITHUB_ENV + echo "RNP_INSTALL=$PWD/rnp-install" >> $GITHUB_ENV + cmake -B build -DBUILD_SHARED_LIBS=${{ matrix.shared_libs }} \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX="$PWD/rnp-install" \ + -DDOWNLOAD_GTEST=OFF \ + -DCRYPTO_BACKEND=${{ env.CRYPTO_BACKEND }} . + + - name: Build + run: cmake --build build --config Release --parallel ${{ env.CORES }} + + - name: Install + run: cmake --install build + + - name: Test run: | - set -euxo pipefail - nm --extern-only --defined-only --demangle $RNP_INSTALL/lib/librnp.dylib > exports - [ $(grep -c dst_close exports) == "0" ] - [ $(grep -c Botan exports) == "0" ] - [ $(grep -c _rnp_version_string_full exports) == "1" ] + mkdir -p "build/Testing/Temporary" + cp "cmake/CTestCostData.txt" "build/Testing/Temporary" + export PATH="$PWD/build/src/lib:$PATH" + ctest --parallel ${{ env.CORES }} --test-dir build -C Debug --output-on-failure + + - name: Checkout shell test framework + if: ${{ matrix.shared_libs == 'on' }} + uses: actions/checkout@v3 + with: + repository: kward/shunit2 + path: ci/tests/shunit2 + + - name: Run additional ci tests + if: ${{ matrix.shared_libs == 'on' }} + run: zsh -o shwordsplit -- ci/tests/ci-tests.sh diff --git a/Brewfile b/Brewfile index 83d92c79d..1860110fd 100755 --- a/Brewfile +++ b/Brewfile @@ -1,11 +1,7 @@ -brew "openssl@1.1" -brew "make" brew "cmake" -brew "autoconf" -brew "automake" -brew "libtool" brew "pkg-config" +brew "googletest" brew "gnupg" -brew "wget" brew "python" - +brew "json-c" +brew "asciidoc" diff --git a/ci/env-macos.inc.sh b/ci/env-macos.inc.sh deleted file mode 100644 index c3de3037b..000000000 --- a/ci/env-macos.inc.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -export PATH=/usr/local/bin:$PATH -brew_prefix=$(brew --prefix) -: "${CXXFLAGS:=}" -: "${LDFLAGS:=}" -export CXXFLAGS="${CXXFLAGS} -I${brew_prefix}/include" -export LDFLAGS="$LDFLAGS -L${brew_prefix}/lib" - -: "${CORES:=$(sysctl -n hw.ncpu)}" -export CORES - -export MAKE=make - diff --git a/ci/lib/install_functions.inc.sh b/ci/lib/install_functions.inc.sh index d7667ddba..98acc8209 100644 --- a/ci/lib/install_functions.inc.sh +++ b/ci/lib/install_functions.inc.sh @@ -54,30 +54,6 @@ run() { . ci/lib/cacheable_install_functions.inc.sh -macos_install() { - brew update-reset - # homebrew fails because `openssl` is a symlink while it tries to remove a directory. - rm /usr/local/Cellar/openssl || true - # homebrew fails to update python 3.9.1 to 3.9.1.1 due to unlinking failure - rm /usr/local/bin/2to3 || true - # homebrew fails to update python from 3.9 to 3.10 due to another unlinking failure - rm /usr/local/bin/idle3 || true - rm /usr/local/bin/pydoc3 || true - rm /usr/local/bin/python3 || true - rm /usr/local/bin/python3-config || true - # homebrew fails to update python from 3.11.0 to 3.11.1 - rm /usr/local/bin/2to3-3.11 || true - rm /usr/local/bin/idle3.11 || true - rm /usr/local/bin/pydoc3.11 || true - rm /usr/local/bin/python3.11 || true - rm /usr/local/bin/python3.11-config || true - # homebrew fails to update openssl@1.1 1.1.1l to 1.1.1l_1 due to linking failure of nghttp2.h - brew unlink nghttp2 || true - brew update - brew bundle - ensure_automake -} - freebsd_install() { local packages=( git diff --git a/ci/tests/ci-tests.sh b/ci/tests/ci-tests.sh index d9843c144..8cc8f86f0 100755 --- a/ci/tests/ci-tests.sh +++ b/ci/tests/ci-tests.sh @@ -28,6 +28,7 @@ set -o errexit -o pipefail -o noclobber -o nounset DIR0="$( cd "$( dirname "$0" )" && pwd )" +SHUNIT_PARENT="$0" # Defaults applicable to 'normal' installation and not build environment : "${BOTAN_INSTALL:=/usr}" @@ -38,15 +39,21 @@ DIR0="$( cd "$( dirname "$0" )" && pwd )" : "${ENABLE_IDEA:=}" test_symbol_visibility() { - if [[ "$OSTYPE" == "msys" ]]; then + case "$OSTYPE" in + msys) mkdir tmp wget -O tmp/Dependencies_x64_Release.zip https://github.com/lucasg/Dependencies/releases/download/v1.10/Dependencies_x64_Release.zip 7z x tmp/Dependencies_x64_Release.zip -otmp tmp/Dependencies -exports "$RNP_INSTALL"/bin/librnp.dll > exports rm -rf tmp - else + ;; + darwin*) + nm --defined-only -g $RNP_INSTALL/lib/librnp.dylib > exports + ;; + *) nm --defined-only -g "$RNP_INSTALL"/lib64/librnp*.so > exports - fi + esac + assertEquals "Unexpected: 'dst_close' is in exports" 0 "$(grep -c dst_close exports)" assertEquals "Unexpected: 'Botan' is in exports" 0 "$(grep -c Botan exports)" assertEquals "Unexpected: 'OpenSSL' is in exports" 0 "$(grep -c OpenSSL exports)" @@ -67,7 +74,8 @@ test_supported_features() { # Old versions say ${unsupported[@]} is unbound if empty unsupported=( NOOP ) - botan_only=( TWOFISH EAX brainpoolP256r1 brainpoolP384r1 brainpoolP512r1) + botan_only=( TWOFISH EAX ) + brainpool=( rainpoolP256r1 brainpoolP384r1 brainpoolP512r1 ) sm2=( SM2 SM4 SM3 "SM2 P-256" ) # SM2 @@ -86,30 +94,45 @@ test_supported_features() { supported+=(IDEA) fi - if [[ "$OSTYPE" == "msys" ]]; then + case "$OSTYPE" in + msys) so_folder="bin" - else + botan_only+=("${brainpool[@]}") + ;; + darwin*) + so_folder="lib" + support+=("${brainpool[@]}") + ;; + *) so_folder="lib64" - fi + botan_only+=("${brainpool[@]}") + esac if [[ "${CRYPTO_BACKEND:-}" == "openssl" ]]; then unsupported+=("${botan_only[@]}") - library_path="${BOTAN_INSTALL}/$so_folder:${JSONC_INSTALL}/$so_folder:${RNP_INSTALL}/$so_folder" + library_path="${JSONC_INSTALL}/$so_folder:${RNP_INSTALL}/$so_folder" else supported+=("${botan_only[@]}") - library_path="${JSONC_INSTALL}/$so_folder:${RNP_INSTALL}/$so_folder" + library_path="${BOTAN_INSTALL}/$so_folder:${JSONC_INSTALL}/$so_folder:${RNP_INSTALL}/$so_folder" + fi + + if [[ "$OSTYPE" == darwin* ]]; then + export DYLD_LIBRARY_PATH="$library_path" + else + export LD_LIBRARY_PATH="$library_path" fi - LD_LIBRARY_PATH="$library_path" "$RNP_INSTALL"/bin/rnp --version > rnp-version + "$RNP_INSTALL"/bin/rnp --version > rnp-version + for feature in "${supported[@]}" do fea="$(grep -ci "$feature" rnp-version)" - assertTrue "Unexpected unsupported feature: '$feature'" "[ $fea -ge 1 ]" + assertTrue "Unexpected unsupported feature: '$feature'" "[[ $fea -ge 1 ]]" done for feature in "${unsupported[@]}" do fea="$(grep -ci "$feature" rnp-version)" - assertTrue "Unexpected supported feature: '$feature'" "[ $fea == 0 ]" + assertTrue "Unexpected supported feature: '$feature'" "[[ $fea == 0 ]]" done rm -f rnp-version