Move CI to GitHub Actions (#321)

* create build and test workflow for openssl3 Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * add curl and httpd workflows also update openssl3 workflow to only use the available 4 cores Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * make building against latest liboqs optional move the build against liboqs/oqsprovider matrix builds to a triggerable option not run automatically Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Add nginx workflow and generic curl tests Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Add openssh workflow Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Create a callable workflow to trigger all builds Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * add h2load workflow Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * add haproxy workflow Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * locust workflow note this workflow does not include tests Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * wireshark workflow note this workflow does not include tests Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * mosquitto Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * ngtcp2 Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * openvpn Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * add push to openssl3 Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * dont push on pr Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Update QUIC to work on PRs Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * turn off old ci Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Update locust workflow with tests Based on suggestions from @davidgca Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * remove old CI Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Add push to rest of the workflows Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Switch from qemu to runners Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Update all workflows to use runner Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * dont push when using liboqs and oqsprovider main Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Add docs Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Add weekly cron job with build_main true Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> * Update name for better badge readability Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com> --------- Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com>
open-quantum-safe · Dec 17, 2024 · adbc13c · adbc13c
1 parent ed4b911
commit adbc13c
Show file tree

Hide file tree

Showing 20 changed files with 1,649 additions and 808 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.github/workflow-templates/template.yml b/.github/workflow-templates/template.yml
@@ -0,0 +1,100 @@
+# This is a template workflow for a new demo
+# To get started replace all instances of <demo_name> with the name of your demo below and add the demo to the build.yml workflow
+name: <demo_name>
+
+on:
+  push:
+    branches: [ 'main' ]
+    paths: ['.github/workflows/<demo_name>.yml', '<demo_name>/**']
+  pull_request:
+    branches: [ 'main' ]
+    paths: ['.github/workflows/<demo_name>.yml', '<demo_name>/**']
+  workflow_call:
+    inputs:
+      build_main:
+        description: "Build using liboqs and oqsprovider main branches"
+        required: false
+        default: false
+        type: boolean
+      release_tag:
+        description: "Which docker tag to push to"
+        required: false
+        type: string
+  workflow_dispatch:
+    inputs:
+      build_main:
+        description: "Build using liboqs and oqsprovider main branches"
+        required: false
+        default: false
+        type: boolean
+      release_tag:
+        description: "Which docker tag to push to"
+        required: false
+        type: string
+
+env:
+  build-args: |
+    LIBOQS_TAG=main
+    OQSPROVIDER_TAG=main
+  push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request'  && inputs.build_main != 'true' }}
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: x86_64
+            runner: ubuntu-latest
+          - arch: arm64
+            runner: oqs-arm64
+    runs-on: ${{ matrix.runner }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/login-action@v3
+        if: env.push == 'true'
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build the Docker image
+        uses: docker/build-push-action@v6
+        with:
+          load: true
+          context: <demo_name>
+          build-args: |
+            MAKE_DEFINES=-j4
+            ${{ (inputs.build_main == 'true') && env.build-args || null }}
+          tags: <demo_name>
+
+      - name: Test <demo_name>
+        run: |
+          echo "Add tests here"
+
+      - name: Push Docker image to registries
+        if: env.push == 'true'
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          context: <demo_name>
+          build-args: |
+            MAKE_DEFINES=-j4
+            ${{ (inputs.build_main == 'true') && env.build-args || null }}
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/<demo_name>:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }}
+            openquantumsafe/<demo_name>:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }}
+
+  push:
+    if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request'  && inputs.build_main != 'true' }}
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ./.github/workflows/manifest
+        with:
+          image_name: <demo_name>
+          release_tag: ${{ inputs.release_tag || 'latest' }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,100 @@
+name: OQS Demos
+
+on:
+  workflow_call:
+    inputs:
+      build_main:
+        description: "Build using liboqs and oqsprovider main branches"
+        required: false
+        default: false
+        type: boolean
+      release_tag:
+        description: "Which docker tag to push to"
+        required: false
+        type: string
+  workflow_dispatch:
+    inputs:
+      build_main:
+        description: "Build using liboqs and oqsprovider main branches"
+        required: false
+        default: false
+        type: boolean
+      release_tag:
+        description: "Which docker tag to push to"
+        required: false
+        type: string
+  schedule: # run with "build_main: true" weekly on Mon at 1:01
+    - cron: '1 1 * * 1'
+
+jobs:
+  curl:
+    uses: ./.github/workflows/curl.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  h2load:
+    uses: ./.github/workflows/h2load.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  haproxy:
+    uses: ./.github/workflows/haproxy.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  httpd:
+    uses: ./.github/workflows/httpd.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  locust:
+    uses: ./.github/workflows/locust.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  mosquitto:
+    uses: ./.github/workflows/mosquitto.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  nginx:
+    uses: ./.github/workflows/nginx.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  ngtcp2:
+    uses: ./.github/workflows/ngtcp2.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  openssh:
+    uses: ./.github/workflows/openssh.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  openssl3:
+    uses: ./.github/workflows/openssl3.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  openvpn:
+    uses: ./.github/workflows/openvpn.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
+
+  wireshark:
+    uses: ./.github/workflows/wireshark.yml
+    with:
+      build_main: ${{ !contains(inputs.build_main == 'true', 'false') }}
+      release_tag: ${{ inputs.release_tag }}
diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml
@@ -0,0 +1,157 @@
+name: curl
+
+on:
+  push:
+    branches: [ 'main' ]
+    paths: ['.github/workflows/curl.yml', 'curl/**']
+  pull_request:
+    branches: [ 'main' ]
+    paths: ['.github/workflows/curl.yml', 'curl/**']
+  workflow_call:
+    inputs:
+      build_main:
+        description: "Build using liboqs and oqsprovider main branches"
+        required: false
+        default: false
+        type: boolean
+      release_tag:
+        description: "Which docker tag to push to"
+        required: false
+        type: string
+  workflow_dispatch:
+    inputs:
+      build_main:
+        description: "Build using liboqs and oqsprovider main branches"
+        required: false
+        default: false
+        type: boolean
+      release_tag:
+        description: "Which docker tag to push to"
+        required: false
+        type: string
+
+env:
+  build-args: |
+    LIBOQS_TAG=main
+    OQSPROVIDER_TAG=main
+  push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request'  && inputs.build_main != 'true' }}
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: x86_64
+            runner: ubuntu-latest
+          - arch: arm64
+            runner: oqs-arm64
+    runs-on: ${{ matrix.runner }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/login-action@v3
+        if: env.push == 'true'
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build the Docker image
+        uses: docker/build-push-action@v6
+        with:
+          load: true
+          context: curl
+          build-args: |
+            MAKE_DEFINES=-j4
+            ${{ (inputs.build_main == 'true') && env.build-args || null }}
+          tags: oqs-curl
+
+      - name: Build the Docker image (dev)
+        uses: docker/build-push-action@v6
+        with:
+          load: true
+          context: curl
+          build-args: |
+            MAKE_DEFINES=-j4
+            ${{ (inputs.build_main == 'true') && env.build-args || null }}
+          target: dev
+          tags: oqs-curl-dev
+
+      - name: Build the Docker image (with generic liboqs)
+        uses: docker/build-push-action@v6
+        with:
+          load: true
+          context: curl
+          build-args: |
+            MAKE_DEFINES=-j4
+            LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic"
+            ${{ (inputs.build_main == 'true') && env.build-args || null }}
+          tags: oqs-curl-generic
+
+      - name: Test curl and curl generic
+        run: |
+          docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl perftest.sh &&
+          docker run -e TEST_TIME=5 -e KEM_ALG=kyber768 -e SIG_ALG=dilithium3 oqs-curl-generic perftest.sh
+
+      - name: Push Docker image to registries
+        if: env.push == 'true'
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          context: curl
+          build-args: |
+            MAKE_DEFINES=-j4
+            ${{ (inputs.build_main == 'true') && env.build-args || null }}
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/curl:optimized-${{ matrix.arch }}
+            openquantumsafe/curl:optimized-${{ matrix.arch }}
+
+      - name: Push Docker image to registries (dev)
+        if: env.push == 'true'
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          context: curl
+          build-args: |
+            MAKE_DEFINES=-j4
+            ${{ (inputs.build_main == 'true') && env.build-args || null }}
+          target: dev
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/curl-dev:latest-${{ matrix.arch }}
+            openquantumsafe/curl-dev:latest-${{ matrix.arch }}
+
+      - name: Push Docker image to registries (with generic liboqs)
+        if: env.push == 'true'
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          context: curl
+          build-args: |
+            MAKE_DEFINES=-j4
+            LIBOQS_BUILD_DEFINES="-DOQS_OPT_TARGET=generic"
+            ${{ (inputs.build_main == 'true') && env.build-args || null }}
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/curl:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }}
+            openquantumsafe/curl:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }}
+
+  push:
+    if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request'  && inputs.build_main != 'true' }}
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ./.github/workflows/manifest
+        with:
+          image_name: curl
+          release_tag: optimized
+      - uses: ./.github/workflows/manifest
+        with:
+          image_name: curl-dev
+          release_tag: latest
+      - uses: ./.github/workflows/manifest
+        with:
+          image_name: curl
+          release_tag: ${{ inputs.release_tag || 'latest' }}