From 4b65f3325bda8c8ce721a4b207019c95a81f56da Mon Sep 17 00:00:00 2001 From: JP Lomas Date: Thu, 12 Sep 2024 08:34:52 +0100 Subject: [PATCH 1/2] Actionlint workflow checking Integrate Actionlint to check GitHub workflows for errors as part of CI. It also fixes issues highlighted in other workflows, primarily the `checkout` version and missing property. Signed-off-by: JP Lomas --- .github/workflows/check_workflows.yml | 14 ++++++++++++++ .github/workflows/coding_style.yml | 2 +- .github/workflows/linux.yml | 8 ++++---- .github/workflows/macos.yml | 6 +++--- .github/workflows/standalone.yml | 4 ++-- .github/workflows/windows.yml | 20 +++++++++++--------- 6 files changed, 35 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/check_workflows.yml diff --git a/.github/workflows/check_workflows.yml b/.github/workflows/check_workflows.yml new file mode 100644 index 00000000..3bbb6650 --- /dev/null +++ b/.github/workflows/check_workflows.yml @@ -0,0 +1,14 @@ +name: Check GitHub workflows + +on: [pull_request, push, workflow_call] + +jobs: + workflowcheck: + name: Check validity of GitHub workflows + runs-on: ubuntu-latest + container: openquantumsafe/ci-ubuntu-latest:latest + steps: + - name: Checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 + - name: Ensure GitHub actions are valid + run: actionlint -shellcheck "" # run *without* shellcheck diff --git a/.github/workflows/coding_style.yml b/.github/workflows/coding_style.yml index e4304be6..e990a32a 100644 --- a/.github/workflows/coding_style.yml +++ b/.github/workflows/coding_style.yml @@ -14,7 +14,7 @@ jobs: run: apt-get update && apt-get install -y clang-format - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Check coding style using clang-format run: ./scripts/do_code_format.sh diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 9bbb3db6..0e4510c0 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -23,7 +23,7 @@ jobs: LIBOQS_BRANCH: "main" steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Full build run: OQSPROV_CMAKE_PARAMS=${{ matrix.cmake-params}} ./scripts/fullbuild.sh - name: Enable sibling oqsprovider for testing @@ -53,7 +53,7 @@ jobs: LIBOQS_BRANCH: "main" steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Full build run: OPENSSL_BRANCH=${{ matrix.ossl-branch }} ./scripts/fullbuild.sh - name: Enable sibling oqsprovider for testing @@ -103,7 +103,7 @@ jobs: OPENSSL_BRANCH: "openssl-3.1" steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Install dependencies run: apt-get update && apt-get install -y clang llvm ninja-build git cmake libclang-14-dev libclang-common-14-dev @@ -177,7 +177,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Install dependencies run: apt-get update && apt-get install -y ninja-build git cmake nodejs gcc-aarch64-linux-gnu libc6-dev-arm64-cross qemu-user diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index b8b130f4..5bfc8c5b 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -25,15 +25,15 @@ jobs: MAKE_PARAMS: -j 4 steps: - name: Checkout provider - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Checkout openssl - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 with: set-safe-directory: true repository: openssl/openssl path: openssl - name: checkout liboqs - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 with: set-safe-directory: true repository: open-quantum-safe/liboqs diff --git a/.github/workflows/standalone.yml b/.github/workflows/standalone.yml index ee227f99..9c763971 100644 --- a/.github/workflows/standalone.yml +++ b/.github/workflows/standalone.yml @@ -18,7 +18,7 @@ jobs: - name: Install prerequisites run: brew install liboqs - name: Checkout oqsprovider code - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Build and test oqsprovider # try this only if brew'd liboqs knows about ML-KEM: run: | @@ -46,7 +46,7 @@ jobs: - name: Update container run: apt update && apt install -y cmake ninja-build gcc libssl-dev git - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Full build run: LIBOQS_BRANCH=main ./scripts/fullbuild.sh - name: Test diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 384e376d..3747c7a2 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -18,6 +18,8 @@ jobs: platform: - arch: win64 oqsconfig: -DOQS_ALGS_ENABLED=STD + # empty `config` property here to prevent actionlint error (property "config" is not defined in object type) on line 62 below + config: # - arch: win32 # config: --strict-warnings no-fips enable-quic runs-on: ${{matrix.os}} @@ -29,9 +31,9 @@ jobs: MAKE_PARAMS: -j 4 steps: - name: Checkout provider - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Checkout openssl - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 with: set-safe-directory: true repository: openssl/openssl @@ -39,7 +41,7 @@ jobs: # TODO: Revert ref tag once openssl master doesn't crash any more ref: openssl-3.3.0 - name: checkout liboqs - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 with: set-safe-directory: true repository: open-quantum-safe/liboqs @@ -126,15 +128,15 @@ jobs: with: path: c:\openssl32 key: ${{ runner.os }}-msvcopenssl32 - - uses: actions/checkout@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Checkout OpenSSL master if: steps.cache-openssl32.outputs.cache-hit != 'true' - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 with: set-safe-directory: true repository: openssl/openssl path: openssl - - uses: actions/checkout@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 with: set-safe-directory: true repository: open-quantum-safe/liboqs @@ -240,15 +242,15 @@ jobs: with: path: c:\openssl32n key: ${{ runner.os }}-msvcopenssl32n - - uses: actions/checkout@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Checkout OpenSSL master if: steps.cache-openssl32n.outputs.cache-hit != 'true' - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 with: set-safe-directory: true repository: openssl/openssl path: openssl - - uses: actions/checkout@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 with: set-safe-directory: true repository: open-quantum-safe/liboqs From 17353d58fb8708a99a66d040c5a2b110ef61ca99 Mon Sep 17 00:00:00 2001 From: JP Lomas Date: Thu, 12 Sep 2024 11:04:16 +0100 Subject: [PATCH 2/2] Update CODEOWNERS Signed-off-by: JP Lomas --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index af0eb104..9d57fd03 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -5,6 +5,6 @@ /oqs-template/generate.yml @baentsch @bhess @feventura /CMakeLists.txt @baentsch @thb-sb /.circleci/config.yml @baentsch @thb-sb -/.github/workflows @baentsch @thb-sb +/.github/workflows @baentsch @thb-sb @jplomas /oqsprov/oqs_sig.c @baentsch @feventura /scripts/oqsprovider-pkcs12gen.sh @iyanmv