name: Continuous integration on: push: pull_request: schedule: # Run every day at midnight UTC - cron: '0 0 * * *' jobs: boringssl_clone: # This step ensures that all builders have the same version of BoringSSL runs-on: ubuntu-latest steps: - name: Clone BoringSSL repo run: | git clone --depth 1 --filter=blob:none --no-checkout https://github.com/google/boringssl.git "${{ runner.temp }}/boringssl" echo Using BoringSSL commit: $(cd "${{ runner.temp }}/boringssl"; git rev-parse HEAD) - name: Archive BoringSSL source uses: actions/upload-artifact@v4 with: name: boringssl-source path: ${{ runner.temp }}/boringssl retention-days: 1 include-hidden-files: true if-no-files-found: error clang_format_check: # Only run on pull requests. if: ${{ startsWith(github.ref, 'refs/pull/') }} runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 - name: Get git-clang-format # Uses the most recent clang-format on Ubuntu. run: | sudo apt-get -qq update sudo apt-get -qq install -y --no-install-recommends clang-format - name: Run git-clang-format against source branch run: | git clang-format --style=file --diff origin/$GITHUB_BASE_REF '*.c' '*.h' '*.cc' '*.cpp' '*.java' build: needs: boringssl_clone strategy: fail-fast: false matrix: platform: [ubuntu-latest, macos-latest, windows-latest] include: - platform: ubuntu-latest tools_url: https://dl.google.com/android/repository/commandlinetools-linux-9477386_latest.zip - platform: macos-latest tools_url: https://dl.google.com/android/repository/commandlinetools-mac-9477386_latest.zip - platform: windows-latest tools_url: https://dl.google.com/android/repository/commandlinetools-win-9477386_latest.zip runs-on: ${{ matrix.platform }} steps: - name: Set up JDK 11 for toolchains uses: actions/setup-java@v4 with: distribution: 'zulu' java-version: 11 - name: Set runner-specific environment variables shell: bash run: | echo "ANDROID_HOME=${{ runner.temp }}/android-sdk" >> $GITHUB_ENV echo "ANDROID_SDK_ROOT=${{ runner.temp }}/android-sdk" >> $GITHUB_ENV echo "BORINGSSL_HOME=${{ runner.temp }}/boringssl" >> $GITHUB_ENV echo "SDKMANAGER=${{ runner.temp }}/android-sdk/cmdline-tools/bin/sdkmanager" >> $GITHUB_ENV echo "M2_REPO=${{ runner.temp }}/m2" >> $GITHUB_ENV - uses: actions/checkout@v4 - name: Setup Linux environment if: runner.os == 'Linux' run: | echo "CC=clang" >> $GITHUB_ENV echo "CXX=clang++" >> $GITHUB_ENV sudo dpkg --add-architecture i386 sudo add-apt-repository ppa:openjdk-r/ppa sudo apt-get -qq update sudo apt-get -qq install -y --no-install-recommends \ gcc-multilib \ g++-multilib \ ninja-build \ openjdk-11-jre-headless - name: Setup macOS environment if: runner.os == 'macOS' run: | brew update || echo update failed brew install ninja || echo update failed - name: Setup Windows environment if: runner.os == 'Windows' run: | choco install nasm -y choco install ninja -y - name: Fetch BoringSSL source uses: actions/download-artifact@v4 with: name: boringssl-source path: ${{ runner.temp }}/boringssl - name: Checkout BoringSSL master branch shell: bash run: | cd "$BORINGSSL_HOME" git checkout --progress --force -B master - name: Build BoringSSL x86 and ARM MacOS if: runner.os == 'macOS' env: # For compatibility, but 10.15 target requires 16-byte stack alignment. MACOSX_DEPLOYMENT_TARGET: 10.13 run: | mkdir -p "$BORINGSSL_HOME/build.x86" pushd "$BORINGSSL_HOME/build.x86" cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -DCMAKE_OSX_ARCHITECTURES=x86_64 -GNinja .. ninja popd mkdir -p "$BORINGSSL_HOME/build.arm" pushd "$BORINGSSL_HOME/build.arm" cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -DCMAKE_OSX_ARCHITECTURES=arm64 -GNinja .. ninja popd - name: Build BoringSSL 64-bit Linux if: runner.os == 'Linux' run: | mkdir -p "$BORINGSSL_HOME/build64" pushd "$BORINGSSL_HOME/build64" cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -GNinja .. ninja popd - name: Set up MSVC paths on Windows if: runner.os == 'Windows' uses: ilammy/msvc-dev-cmd@v1 with: arch: x64 - name: Build BoringSSL 64-bit Windows if: runner.os == 'Windows' run: | cd $Env:BORINGSSL_HOME mkdir build64 pushd build64 cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -DCMAKE_MSVC_RUNTIME_LIBRARY=MultiThreaded -GNinja .. ninja popd - name: Setup Android environment shell: bash if: runner.os == 'Linux' run: | cd "${{ runner.temp }}" curl -L "${{ matrix.tools_url }}" -o android-tools.zip mkdir -p "$ANDROID_HOME" unzip -q android-tools.zip -d "$ANDROID_HOME" yes | "$SDKMANAGER" --sdk_root="$ANDROID_HOME" --licenses || true "$SDKMANAGER" --sdk_root="$ANDROID_HOME" tools "$SDKMANAGER" --sdk_root="$ANDROID_HOME" platform-tools "$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'build-tools;30.0.3' "$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'platforms;android-26' "$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'extras;android;m2repository' "$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'ndk;25.2.9519653' "$SDKMANAGER" --sdk_root="$ANDROID_HOME" 'cmake;3.22.1' - name: Build with Gradle shell: bash run: ./gradlew assemble -PcheckErrorQueue - name: Test with Gradle shell: bash timeout-minutes: 15 run: ./gradlew check -PcheckErrorQueue - name: Publish to local Maven repo shell: bash run: ./gradlew publishToMavenLocal -Dmaven.repo.local="$M2_REPO" - name: Upload Maven respository uses: actions/upload-artifact@v4 with: name: m2repo-${{ runner.os }} path: ${{ runner.temp }}/m2 - name: Build test JAR with dependencies if: runner.os == 'Linux' shell: bash run: ./gradlew :conscrypt-openjdk:testJar -PcheckErrorQueue - name: Upload test JAR with dependencies if: runner.os == 'Linux' uses: actions/upload-artifact@v4 with: name: testjar path: openjdk/build/libs/conscrypt-openjdk-*-tests.jar if-no-files-found: error uberjar: needs: build runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Linux environment run: | echo "CC=clang" >> $GITHUB_ENV echo "CXX=clang++" >> $GITHUB_ENV sudo dpkg --add-architecture i386 sudo add-apt-repository ppa:openjdk-r/ppa sudo apt-get -qq update sudo apt-get -qq install -y --no-install-recommends \ gcc-multilib \ g++-multilib \ ninja-build \ openjdk-11-jre-headless - name: Set runner-specific environment variables shell: bash run: | echo "M2_REPO=${{ runner.temp }}/m2" >> $GITHUB_ENV echo "BORINGSSL_HOME=${{ runner.temp }}/boringssl" >> $GITHUB_ENV - name: Fetch BoringSSL source uses: actions/download-artifact@v4 with: name: boringssl-source path: ${{ runner.temp }}/boringssl - name: Checkout BoringSSL master branch shell: bash run: | cd "$BORINGSSL_HOME" git checkout --progress --force -B master - name: Build BoringSSL 64-bit Linux run: | mkdir -p "$BORINGSSL_HOME/build64" pushd "$BORINGSSL_HOME/build64" cmake -DCMAKE_POSITION_INDEPENDENT_CODE=TRUE -DCMAKE_BUILD_TYPE=Release -GNinja .. ninja popd # TODO(prb) remove build dependency above and go back to this. # - name: Make fake BoringSSL directories # shell: bash # run: | # # TODO: remove this when the check is only performed when building. # # BoringSSL is not needed during the UberJAR build, but the # # assertion to check happens regardless of whether the project # # needs it. # mkdir -p "${{ runner.temp }}/boringssl/build64" # mkdir -p "${{ runner.temp }}/boringssl/include" - name: Download Maven repository for Linux uses: actions/download-artifact@v4 with: name: m2repo-Linux path: ${{ runner.temp }}/m2 - name: Download Maven repository for MacOS uses: actions/download-artifact@v4 with: name: m2repo-macOS path: ${{ runner.temp }}/m2 - name: Download Maven repository for Windows uses: actions/download-artifact@v4 with: name: m2repo-Windows path: ${{ runner.temp }}/m2 - name: Build UberJAR with Gradle shell: bash run: | ./gradlew :conscrypt-openjdk-uber:build -Dorg.conscrypt.openjdk.buildUberJar=true -Dmaven.repo.local="$M2_REPO" - name: Publish UberJAR to Maven Local shell: bash run: | ./gradlew :conscrypt-openjdk-uber:publishToMavenLocal -Dorg.conscrypt.openjdk.buildUberJar=true -Dmaven.repo.local="$M2_REPO" - name: Upload Maven respository uses: actions/upload-artifact@v4 with: name: m2repo-uber path: ${{ runner.temp }}/m2 openjdk-test: needs: uberjar strategy: fail-fast: false matrix: platform: [ubuntu-latest, macos-13, macos-latest, windows-latest] java: [8, 11, 17, 21] dist: ['temurin', 'zulu'] include: - platform: ubuntu-latest separator: ':' - platform: macos-latest separator: ':' - platform: macos-13 separator: ':' - platform: windows-latest separator: ';' exclude: # Not available on Github runners - platform: macos-latest java: 8 dist: 'temurin' runs-on: ${{ matrix.platform }} steps: - name: Set up Java uses: actions/setup-java@v4 with: distribution: ${{ matrix.dist }} java-version: ${{ matrix.java }} - name: Download UberJAR uses: actions/download-artifact@v4 with: name: m2repo-uber path: m2 - name: Download Test JAR with Dependencies uses: actions/download-artifact@v4 with: name: testjar path: testjar - name: Download JUnit runner shell: bash run: mvn org.apache.maven.plugins:maven-dependency-plugin:3.8.0:copy -Dartifact=org.junit.platform:junit-platform-console-standalone:1.11.2 -DoutputDirectory=. -Dmdep.stripVersion=true - name: Run JUnit tests timeout-minutes: 15 shell: bash run: | DIR="$(find m2/org/conscrypt/conscrypt-openjdk-uber -maxdepth 1 -mindepth 1 -type d -print)" VERSION="${DIR##*/}" TESTJAR="$(find testjar -name '*-tests.jar')" # SIGTERM handler, e.g. for when tests hang and time out. # Send SIGQUIT to test process to get thread dump, give it # a few seconds to complete and then kill it. dump_threads() { echo "Generating stack dump." ps -fp "$TESTPID" kill -QUIT "$TESTPID" sleep 3 kill -KILL "$TESTPID" exit 1 } java -jar junit-platform-console-standalone.jar execute -cp "$DIR/conscrypt-openjdk-uber-$VERSION.jar${{ matrix.separator }}$TESTJAR" -n='org.conscrypt.ConscryptOpenJdkSuite' --scan-classpath --reports-dir=results --fail-if-no-tests & case $(uname -s) in Darwin|Linux) trap dump_threads SIGTERM SIGINT ;; *) # TODO: Probably won't work on Windows but thread dumps # work there already. ;; esac TESTPID=$! wait "$TESTPID" - name: Archive test results if: ${{ always() }} uses: actions/upload-artifact@v4 with: name: test-results-${{ matrix.platform }}-${{ matrix.java }}-${{ matrix.dist }} path: results