1name: CI 2 3# For testing, you can set variables in your repo (Repo -> Settings -> 4# Security -> Actions -> Variables) to restrict the tests that are run. 5# The supported variables are: 6# 7# RUN_ONLY_TARGET_CONFIG: Run only the single matching target and config, 8# separated by spaces, eg "ubuntu-latest default". All other tests will 9# fail immediately. 10# 11# LTESTS: Override the set of tests run. 12 13on: 14 push: 15 paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/*.sh', '.github/workflows/c-cpp.yml' ] 16 pull_request: 17 paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/*.sh', '.github/workflows/c-cpp.yml' ] 18 19jobs: 20 ci: 21 name: "${{ matrix.target }} ${{ matrix.config }}" 22 if: github.repository != 'openssh/openssh-portable-selfhosted' 23 strategy: 24 fail-fast: false 25 matrix: 26 # First we test all OSes in the default configuration. 27 target: 28 - ubuntu-22.04 29 - ubuntu-latest 30 - ubuntu-22.04-arm 31 - ubuntu-24.04-arm 32 - macos-13 33 - macos-14 34 - macos-15 35 - windows-2022 36 - windows-2025 37 config: [default] 38 # Then we include any extra configs we want to test for specific VMs. 39 # Valgrind slows things down quite a bit, so start them first. 40 include: 41 - { target: windows-2022, config: cygwin-release } 42 - { target: windows-2025, config: cygwin-release } 43 - { target: ubuntu-22.04, config: c89 } 44 - { target: ubuntu-22.04, config: clang-11 } 45 - { target: ubuntu-22.04, config: clang-12-Werror } 46 - { target: ubuntu-22.04, config: clang-14 } 47 - { target: ubuntu-22.04, config: clang-sanitize-address } 48 - { target: ubuntu-22.04, config: clang-sanitize-undefined } 49 - { target: ubuntu-22.04, config: gcc-9 } 50 - { target: ubuntu-22.04, config: gcc-11-Werror } 51 - { target: ubuntu-22.04, config: gcc-12-Werror } 52 - { target: ubuntu-22.04, config: gcc-sanitize-address } 53 - { target: ubuntu-22.04, config: gcc-sanitize-undefined } 54 - { target: ubuntu-22.04, config: hardenedmalloc } 55 - { target: ubuntu-22.04, config: heimdal } 56 - { target: ubuntu-22.04, config: kitchensink } 57 - { target: ubuntu-22.04, config: krb5 } 58 - { target: ubuntu-22.04, config: libedit } 59 - { target: ubuntu-22.04, config: pam } 60 - { target: ubuntu-22.04, config: selinux } 61 - { target: ubuntu-22.04, config: sk } 62 - { target: ubuntu-22.04, config: valgrind-1 } 63 - { target: ubuntu-22.04, config: valgrind-2 } 64 - { target: ubuntu-22.04, config: valgrind-3 } 65 - { target: ubuntu-22.04, config: valgrind-4 } 66 - { target: ubuntu-22.04, config: valgrind-unit } 67 - { target: ubuntu-22.04, config: without-openssl } 68 - { target: ubuntu-latest, config: gcc-14 } 69 - { target: ubuntu-latest, config: clang-15 } 70 - { target: ubuntu-latest, config: clang-19 } 71 - { target: ubuntu-latest, config: boringssl } 72 - { target: ubuntu-latest, config: aws-lc } 73 - { target: ubuntu-latest, config: libressl-master } 74 - { target: ubuntu-latest, config: libressl-3.2.7 } 75 - { target: ubuntu-latest, config: libressl-3.3.6 } 76 - { target: ubuntu-latest, config: libressl-3.4.3 } 77 - { target: ubuntu-latest, config: libressl-3.5.4 } 78 - { target: ubuntu-latest, config: libressl-3.6.3 } 79 - { target: ubuntu-latest, config: libressl-3.7.3 } 80 - { target: ubuntu-latest, config: libressl-3.8.4 } 81 - { target: ubuntu-latest, config: libressl-3.9.2 } 82 - { target: ubuntu-latest, config: libressl-4.0.0 } 83 - { target: ubuntu-latest, config: libressl-4.1.0 } 84 - { target: ubuntu-latest, config: openssl-master } 85 - { target: ubuntu-latest, config: openssl-noec } 86 - { target: ubuntu-latest, config: openssl-1.1.1 } 87 - { target: ubuntu-latest, config: openssl-1.1.1t } 88 - { target: ubuntu-latest, config: openssl-1.1.1w } 89 - { target: ubuntu-latest, config: openssl-3.0.0 } 90 - { target: ubuntu-latest, config: openssl-3.0.18 } 91 - { target: ubuntu-latest, config: openssl-3.1.0 } 92 - { target: ubuntu-latest, config: openssl-3.1.8 } 93 - { target: ubuntu-latest, config: openssl-3.2.6 } 94 - { target: ubuntu-latest, config: openssl-3.3.5 } 95 - { target: ubuntu-latest, config: openssl-3.4.0 } 96 - { target: ubuntu-latest, config: openssl-3.4.3 } 97 - { target: ubuntu-latest, config: openssl-3.5.0 } 98 - { target: ubuntu-latest, config: openssl-3.5.3 } # keep 99 - { target: ubuntu-latest, config: openssl-3.5.4 } 100 - { target: ubuntu-latest, config: openssl-1.1.1_stable } 101 - { target: ubuntu-latest, config: openssl-3.0 } # stable branch 102 - { target: ubuntu-latest, config: openssl-3.1 } # stable branch 103 - { target: ubuntu-latest, config: openssl-3.2 } # stable branch 104 - { target: ubuntu-latest, config: openssl-3.3 } # stable branch 105 - { target: ubuntu-latest, config: openssl-3.4 } # stable branch 106 - { target: ubuntu-latest, config: openssl-3.5 } # stable branch 107 - { target: ubuntu-latest, config: openssl-3.6 } # stable branch 108 - { target: ubuntu-latest, config: putty-versions } 109 - { target: ubuntu-latest, config: zlib-develop } 110 - { target: ubuntu-latest, config: tcmalloc } 111 - { target: ubuntu-latest, config: musl } 112 - { target: ubuntu-22.04-arm, config: kitchensink } 113 - { target: ubuntu-24.04-arm, config: kitchensink } 114 - { target: macos-13, config: pam } 115 - { target: macos-14, config: pam } 116 - { target: macos-15, config: pam } 117 runs-on: ${{ matrix.target }} 118 env: 119 EPHEMERAL_VM: yes 120 steps: 121 - name: check RUN_ONLY_TARGET_CONFIG 122 if: vars.RUN_ONLY_TARGET_CONFIG != '' 123 run: sh -c 'if [ "${{ vars.RUN_ONLY_TARGET_CONFIG }}" != "${{ matrix.target }} ${{matrix.config }}" ]; then exit 1; else exit 0; fi' 124 - name: set cygwin git params 125 if: ${{ startsWith(matrix.target, 'windows') }} 126 run: git config --global core.autocrlf input 127 - name: install cygwin 128 id: cygwin_install 129 if: ${{ startsWith(matrix.target, 'windows') }} 130 uses: cygwin/cygwin-install-action@master 131 env: 132 CYGWIN: "winsymlinks:native" 133 - uses: actions/checkout@main 134 - name: setup CI system 135 run: sh ./.github/setup_ci.sh ${{ matrix.config }} ${{ matrix.target }} 136 env: 137 CYGWIN_SETUP: ${{ steps.cygwin_install.outputs.setup }} 138 - name: autoreconf 139 run: sh -c autoreconf 140 - name: configure 141 run: sh ./.github/configure.sh ${{ matrix.config }} 142 - name: save config 143 uses: actions/upload-artifact@main 144 with: 145 name: ${{ matrix.target }}-${{ matrix.config }}-config 146 path: config.h 147 - name: make clean 148 run: make clean 149 - name: make 150 run: make 151 - name: make tests 152 run: sh ./.github/run_test.sh ${{ matrix.config }} 153 env: 154 TEST_SSH_UNSAFE_PERMISSIONS: 1 155 TEST_SSH_HOSTBASED_AUTH: yes 156 LTESTS: ${{ vars.LTESTS }} 157 - name: test OpenSSL3 ABI compatibility 158 if: ${{ startsWith(matrix.config, 'openssl-3') }} 159 run: | 160 sh .github/install_libcrypto.sh -a ${{ matrix.config }} /opt/openssl 161 sh .github/run_test.sh ${{ matrix.config }} 162 - name: show logs 163 if: failure() 164 run: for i in regress/failed*.log; do echo ====; echo logfile $i; echo =====; cat $i; done 165 - name: chown logs 166 if: failure() 167 run: test -x "$(which sudo 2>&1)" && sudo chown -R "${LOGNAME}" regress 168 - name: save logs 169 if: failure() 170 uses: actions/upload-artifact@main 171 with: 172 name: ${{ matrix.target }}-${{ matrix.config }}-logs 173 path: | 174 config.h 175 config.log 176 regress/ 177