From b406c929acd02f978b776c8cef10c3251d6faf7a Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 26 Nov 2025 10:28:26 +0100 Subject: [PATCH 1/2] ci: Move env variables to env Signed-off-by: Jakub Jelen --- .github/workflows/ci.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 935b6085..1b2b29d1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -135,7 +135,8 @@ jobs: TEST_PKCS11_MODULE: /usr/lib/softhsm/libsofthsm2.so SOFTHSM2_CONF: /tmp/softhsm2.conf RUSTFLAGS: "-D warnings" - run: RUST_BACKTRACE=1 cargo test --target ${{ matrix.target }} + RUST_BACKTRACE: 1 + run: cargo test --target ${{ matrix.target }} build-windows: name: Build on Windows @@ -156,10 +157,11 @@ jobs: env: KRYOPTIC_CONF: /tmp/kryoptic.sql TEST_PKCS11_MODULE: /usr/lib64/pkcs11/libkryoptic_pkcs11.so + RUST_BACKTRACE: 1 run: | - RUST_BACKTRACE=1 cargo build && - RUST_BACKTRACE=1 cargo build --all-features && - RUST_BACKTRACE=1 cargo test + cargo build && + cargo build --all-features && + cargo test links: name: Check links From f17e54f50c8904fa1e77fb5f61e813fbd0bc7cfa Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 26 Nov 2025 11:13:54 +0100 Subject: [PATCH 2/2] Run tests against kryoptic main Fixes: #311 Signed-off-by: Jakub Jelen --- .github/workflows/ci.yml | 18 ---- .../{kryoptic-fips.yml => kryoptic.yml} | 94 +++++++++++++++++-- 2 files changed, 86 insertions(+), 26 deletions(-) rename .github/workflows/{kryoptic-fips.yml => kryoptic.yml} (62%) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1b2b29d1..80d13093 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -145,24 +145,6 @@ jobs: - uses: actions/checkout@v4 - run: cargo check --all-features --workspace --all-targets - tests-kryoptic: - name: Run tests against Kryoptic - runs-on: ubuntu-latest - container: fedora:rawhide - steps: - - name: Install dependencies - run: dnf -y install git cargo clang-devel kryoptic - - uses: actions/checkout@v4 - - name: Test script - env: - KRYOPTIC_CONF: /tmp/kryoptic.sql - TEST_PKCS11_MODULE: /usr/lib64/pkcs11/libkryoptic_pkcs11.so - RUST_BACKTRACE: 1 - run: | - cargo build && - cargo build --all-features && - cargo test - links: name: Check links runs-on: ubuntu-latest diff --git a/.github/workflows/kryoptic-fips.yml b/.github/workflows/kryoptic.yml similarity index 62% rename from .github/workflows/kryoptic-fips.yml rename to .github/workflows/kryoptic.yml index 0ff5ce85..315cf4b0 100644 --- a/.github/workflows/kryoptic-fips.yml +++ b/.github/workflows/kryoptic.yml @@ -1,11 +1,14 @@ --- -name: Test kryoptic FIPS module +name: Test kryoptic on: [push, pull_request, workflow_dispatch] +env: + KRYOPTIC_REVISION: main + jobs: - build: - name: Test kryoptic FIPS module + tests-kryoptic: + name: Run tests against Kryoptic runs-on: ubuntu-22.04 container: quay.io/fedora/fedora:latest steps: @@ -25,6 +28,83 @@ jobs: path: "/var/cache/libdnf5" key: fedora-dnf-${{ steps.get-date.outputs.date }} + - name: Install Dependencies + run: | + dnf -y install git cargo clang-devel openssl-devel sqlite-devel + + - name: DNF cache + if: ${{ steps.cache-dnf.outputs.cache-hit != 'true' }} + uses: actions/cache/save@v4 + with: + path: "/var/cache/libdnf5" + key: fedora-dnf-${{ steps.get-date.outputs.date }} + + ###################### + ### kryoptic build ### + ###################### + - name: Setup kryoptic + run: | + cd .. + git clone https://github.com/latchset/kryoptic.git \ + --depth 1 --single-branch --revision "$KRYOPTIC_REVISION" kryoptic + + - name: Generate lock file + run: | + cd ../kryoptic && + cargo generate-lockfile + + - name: Cache Rust dependencies + uses: actions/cache@v4 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + ../kryoptic/target/ + key: fedora-cargo-${{ hashFiles('**/Cargo.lock') }} + + - name: Build kryoptic + run: | + FEATURES="standard,pqc,nssdb" + + cd ../kryoptic && + cargo build -vv --features "$FEATURES" + + - name: Checkout rust-cryptoki + uses: actions/checkout@v4 + + ################# + ### the tests ### + ################# + - name: Run test script + env: + KRYOPTIC_CONF: /tmp/kryoptic.sql + TEST_PKCS11_MODULE: /__w/rust-cryptoki/kryoptic/target/debug/libkryoptic_pkcs11.so + RUST_BACKTRACE: 1 + run: cargo build --all-features && cargo test + + tests-kryoptic-fips: + name: Run tests against Kryoptic FIPS module + runs-on: ubuntu-22.04 + container: quay.io/fedora/fedora:latest + steps: + ################# + ### DNF cache ### + ################# + - name: Get Date for DNF cache entry + id: get-date + run: | + echo "date=$(/bin/date -u "+%Y%V")" >> $GITHUB_OUTPUT + shell: bash + + - name: Restore DNF cache + uses: actions/cache/restore@v4 + id: cache-dnf + with: + path: "/var/cache/libdnf5" + key: fedora-dnf-fips-${{ steps.get-date.outputs.date }} + - name: Install Dependencies run: | dnf -y install git cargo clang-devel openssl-devel sqlite-devel \ @@ -33,14 +113,14 @@ jobs: 'perl(IPC::Cmd)' 'perl(Pod::Html)' 'perl(Digest::SHA)' \ 'perl(Module::Load::Conditional)' 'perl(File::Temp)' \ 'perl(Test::Harness)' 'perl(Test::More)' 'perl(Math::BigInt)' \ - 'perl(Time::Piece)' zlib-devel sed sqlite-devel + 'perl(Time::Piece)' zlib-devel sed - name: DNF cache if: ${{ steps.cache-dnf.outputs.cache-hit != 'true' }} uses: actions/cache/save@v4 with: path: "/var/cache/libdnf5" - key: fedora-dnf-${{ steps.get-date.outputs.date }} + key: fedora-dnf-fips-${{ steps.get-date.outputs.date }} ##################### ### OpenSSL build ### @@ -82,8 +162,6 @@ jobs: ### kryoptic build ### ###################### - name: Setup kryoptic - env: - KRYOPTIC_REVISION: b38f56bf5dc281fa750146d0378fc62b7c23f95f run: | cd .. git clone https://github.com/latchset/kryoptic.git \ @@ -132,5 +210,5 @@ jobs: TEST_PKCS11_MODULE: /__w/rust-cryptoki/kryoptic/target/debug/libkryoptic_pkcs11.so OUT_DIR: /__w/rust-cryptoki/kryoptic/target/debug/deps/ RUST_BACKTRACE: 1 - run: cargo test + run: cargo build --all-features && cargo test