Add a tougher workflow building from a read-only source tree

openssl · Dec 2, 2023 · 25660b8 · 25660b8
1 parent 2d6eafc
commit 25660b8
Showing 1 changed file with 29 additions and 1 deletion.
diff --git a/.github/workflows/readonly-source.yml b/.github/workflows/readonly-source.yml
@@ -13,7 +13,9 @@ permissions:
   contents: read
 
 jobs:
-  readonly_source:
+  # readonly_source_default is a relatively light weight job.  It only
+  # configures what can be expected to be a fairly usual configuration.
+  readonly_source_default:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -34,3 +36,29 @@ jobs:
       - name: make test
         working-directory: build
         run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+
+  # readonly_source_extended is a tougher job.  It also loads all the
+  # submodules (by consequence, that has it run the fuzz tests), and adds
+  # external-tests to the default configuration as well.
+  readonly_source_extended:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: source
+          submodules: true
+      - name: make source read-only
+        run: chmod -R a-w source
+      - name: create build directory
+        run: mkdir build
+      - name: config
+        working-directory: build
+        run: |
+          ../source/Configure --banner=Configured enable-external-tests enable-fips enable-quic --strict-warnings
+          perl configdata.pm --dump
+      - name: make
+        working-directory: build
+        run: make -s -j4
+      - name: make test
+        working-directory: build
+        run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}