Set max-parallel 12 to address runner concurrency saturation, cleanup, use math matrix #240
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: wolfBoot as Library test | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| jobs: | |
| test-lib: | |
| # If jobs cancel, consider pinning to ubuntu-24.04 | |
| # The ubuntu-latest alias can point to different images during migrations (and sometimes be extra busy), | |
| # while ubuntu-24.04 always targets the 24.04 pool | |
| runs-on: ubuntu-latest | |
| # The timeout is run time after a runner starts, not time in queue | |
| timeout-minutes: 15 | |
| strategy: | |
| fail-fast: false | |
| # Limit concurrent jobs for scheduling problem on GitHub's hosted runner pool. | |
| max-parallel: 12 | |
| matrix: | |
| math: | |
| - "SPMATH=1 WOLFBOOT_SMALL_STACK=0" | |
| - "SPMATH=1 WOLFBOOT_SMALL_STACK=1" | |
| - "SPMATHALL=1 WOLFBOOT_SMALL_STACK=0" | |
| - "SPMATHALL=1 WOLFBOOT_SMALL_STACK=1" | |
| - "SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=0" | |
| - "SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=1" | |
| asym: [ed25519, ecc256, ecc384, ecc521, rsa2048, rsa3072, rsa4096, ed448] | |
| hash: [sha256, sha384, sha3] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: make clean | |
| run: | | |
| make keysclean && make -C tools/keytools clean && rm -f include/target.h | |
| - name: Build test-lib | |
| env: | |
| shell: bash | |
| ASYM: ${{ matrix.asym }} | |
| HASH: ${{ matrix.hash }} | |
| MATH: ${{ matrix.math }} | |
| run: | | |
| # Sample build | |
| build_once() { | |
| # Convert asym and hash to upper case, optionally add additional param | |
| make -j test-lib SIGN=${ASYM^^} HASH=${HASH^^} ${MATH} "$@" | |
| } | |
| set -euo pipefail | |
| # Get the reference config | |
| cp config/examples/library.config .config | |
| # Keytools | |
| make keytools | |
| ./tools/keytools/keygen --${ASYM} -g wolfboot_signing_private_key.der | |
| # Sign | |
| echo "Test" > test.bin | |
| ./tools/keytools/sign --${ASYM} --${HASH} test.bin wolfboot_signing_private_key.der 1 | |
| # First attempt | |
| if build_once >build.out 2>build.err; then | |
| echo "Success on first attempt" | |
| exit 0 | |
| fi | |
| # If it failed due to the TFM huge stack guard, retry with the flag | |
| if grep -q 'TFM will allocate 70\+ KB in the stack' build.err; then | |
| echo "Retrying with WOLFBOOT_HUGE_STACK=1 due to TFM stack requirement" | |
| build_once WOLFBOOT_HUGE_STACK=1 | |
| else | |
| echo "Build failed for another reason:" | |
| cat build.err | |
| exit 1 | |
| fi | |
| - name: Run test-lib | |
| run: | | |
| ./test-lib test_v1_signed.bin | |
| ./test-lib test_v1_signed.bin 2>&1 | grep "Firmware Valid" | |
| - name: Run test-lib (expect failure) | |
| run: | | |
| # Corrupt signed binary | |
| truncate -s -1 test_v1_signed.bin | |
| echo "A" >> test_v1_signed.bin | |
| ./test-lib test_v1_signed.bin | |
| ./test-lib test_v1_signed.bin 2>&1 | grep "Failure" |