1name: CI 2 3# For testing, you can set variables in your repo (Repo -> Settings -> 4# Security -> Actions -> Variables) to restrict the tests that are run. 5# The supported variables are: 6# 7# RUN_ONLY_TARGET_CONFIG: Run only the single matching target and config, 8# separated by spaces, eg "ubuntu-latest default". All other tests will 9# fail immediately. 10# 11# LTESTS: Override the set of tests run. 12 13on: 14 push: 15 paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/*.sh', '.github/workflows/c-cpp.yml' ] 16 pull_request: 17 paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/*.sh', '.github/workflows/c-cpp.yml' ] 18 19jobs: 20 ci: 21 name: "${{ matrix.target }} ${{ matrix.config }}" 22 if: github.repository != 'openssh/openssh-portable-selfhosted' 23 strategy: 24 fail-fast: false 25 matrix: 26 # First we test all OSes in the default configuration. 27 target: 28 - ubuntu-22.04 29 - ubuntu-latest 30 - ubuntu-22.04-arm 31 - ubuntu-24.04-arm 32 - macos-14 33 - macos-15 34 - macos-15-intel 35 - windows-2022 36 - windows-2025 37 config: [default] 38 # Then we include any extra configs we want to test for specific VMs. 39 # Valgrind slows things down quite a bit, so start them first. 40 include: 41 - { target: windows-2022, config: cygwin-release } 42 - { target: windows-2025, config: cygwin-release } 43 - { target: ubuntu-22.04, config: c89 } 44 - { target: ubuntu-22.04, config: clang-11 } 45 - { target: ubuntu-22.04, config: clang-12-Werror } 46 - { target: ubuntu-22.04, config: clang-14 } 47 - { target: ubuntu-22.04, config: clang-sanitize-address } 48 - { target: ubuntu-22.04, config: clang-sanitize-undefined } 49 - { target: ubuntu-22.04, config: gcc-9 } 50 - { target: ubuntu-22.04, config: gcc-11-Werror } 51 - { target: ubuntu-22.04, config: gcc-12-Werror } 52 - { target: ubuntu-22.04, config: gcc-sanitize-address } 53 - { target: ubuntu-22.04, config: gcc-sanitize-undefined } 54 - { target: ubuntu-22.04, config: hardenedmalloc } 55 - { target: ubuntu-22.04, config: heimdal } 56 - { target: ubuntu-22.04, config: kitchensink } 57 - { target: ubuntu-22.04, config: krb5 } 58 - { target: ubuntu-22.04, config: libedit } 59 - { target: ubuntu-22.04, config: pam } 60 - { target: ubuntu-22.04, config: selinux } 61 - { target: ubuntu-22.04, config: sk } 62 - { target: ubuntu-22.04, config: valgrind-1 } 63 - { target: ubuntu-22.04, config: valgrind-2 } 64 - { target: ubuntu-22.04, config: valgrind-3 } 65 - { target: ubuntu-22.04, config: valgrind-4 } 66 - { target: ubuntu-22.04, config: valgrind-pam-1 } 67 - { target: ubuntu-22.04, config: valgrind-unit } 68 - { target: ubuntu-22.04, config: without-openssl } 69 - { target: ubuntu-latest, config: gcc-14 } 70 - { target: ubuntu-latest, config: clang-15 } 71 - { target: ubuntu-latest, config: clang-19 } 72 - { target: ubuntu-latest, config: boringssl } 73 - { target: ubuntu-latest, config: aws-lc } 74 - { target: ubuntu-latest, config: libressl-master } 75 - { target: ubuntu-latest, config: libressl-3.2.7 } 76 - { target: ubuntu-latest, config: libressl-3.3.6 } 77 - { target: ubuntu-latest, config: libressl-3.4.3 } 78 - { target: ubuntu-latest, config: libressl-3.5.4 } 79 - { target: ubuntu-latest, config: libressl-3.6.3 } 80 - { target: ubuntu-latest, config: libressl-3.7.3 } 81 - { target: ubuntu-latest, config: libressl-3.8.4 } 82 - { target: ubuntu-latest, config: libressl-3.9.2 } 83 - { target: ubuntu-latest, config: libressl-4.0.1 } 84 - { target: ubuntu-latest, config: libressl-4.1.1 } 85 - { target: ubuntu-latest, config: libressl-4.2.0 } 86 - { target: ubuntu-latest, config: openssl-master } 87 - { target: ubuntu-latest, config: openssl-noec } 88 - { target: ubuntu-latest, config: openssl-1.1.1 } 89 - { target: ubuntu-latest, config: openssl-1.1.1t } 90 - { target: ubuntu-latest, config: openssl-1.1.1w } 91 - { target: ubuntu-latest, config: openssl-3.0.0 } 92 - { target: ubuntu-latest, config: openssl-3.0.18 } 93 - { target: ubuntu-latest, config: openssl-3.1.0 } 94 - { target: ubuntu-latest, config: openssl-3.1.8 } 95 - { target: ubuntu-latest, config: openssl-3.2.6 } 96 - { target: ubuntu-latest, config: openssl-3.3.5 } 97 - { target: ubuntu-latest, config: openssl-3.4.0 } 98 - { target: ubuntu-latest, config: openssl-3.4.3 } 99 - { target: ubuntu-latest, config: openssl-3.5.0 } 100 - { target: ubuntu-latest, config: openssl-3.5.3 } # keep 101 - { target: ubuntu-latest, config: openssl-3.5.4 } 102 - { target: ubuntu-latest, config: openssl-1.1.1_stable } 103 - { target: ubuntu-latest, config: openssl-3.0 } # stable branch 104 - { target: ubuntu-latest, config: openssl-3.1 } # stable branch 105 - { target: ubuntu-latest, config: openssl-3.2 } # stable branch 106 - { target: ubuntu-latest, config: openssl-3.3 } # stable branch 107 - { target: ubuntu-latest, config: openssl-3.4 } # stable branch 108 - { target: ubuntu-latest, config: openssl-3.5 } # stable branch 109 - { target: ubuntu-latest, config: openssl-3.6 } # stable branch 110 - { target: ubuntu-latest, config: putty-versions } 111 - { target: ubuntu-latest, config: zlib-develop } 112 - { target: ubuntu-latest, config: tcmalloc } 113 - { target: ubuntu-latest, config: musl } 114 - { target: ubuntu-22.04-arm, config: kitchensink } 115 - { target: ubuntu-24.04-arm, config: kitchensink } 116 - { target: macos-14, config: pam } 117 - { target: macos-15, config: pam } 118 runs-on: ${{ matrix.target }} 119 env: 120 EPHEMERAL_VM: yes 121 steps: 122 - name: check RUN_ONLY_TARGET_CONFIG 123 if: vars.RUN_ONLY_TARGET_CONFIG != '' 124 run: sh -c 'if [ "${{ vars.RUN_ONLY_TARGET_CONFIG }}" != "${{ matrix.target }} ${{matrix.config }}" ]; then exit 1; else exit 0; fi' 125 - name: set cygwin git params 126 if: ${{ startsWith(matrix.target, 'windows') }} 127 run: git config --global core.autocrlf input 128 - name: install cygwin 129 id: cygwin_install 130 if: ${{ startsWith(matrix.target, 'windows') }} 131 uses: cygwin/cygwin-install-action@master 132 env: 133 CYGWIN: "winsymlinks:native" 134 - uses: actions/checkout@main 135 - name: setup CI system 136 run: sh ./.github/setup_ci.sh ${{ matrix.config }} ${{ matrix.target }} 137 env: 138 CYGWIN_SETUP: ${{ steps.cygwin_install.outputs.setup }} 139 - name: autoreconf 140 run: sh -c autoreconf 141 - name: configure 142 run: sh ./.github/configure.sh ${{ matrix.config }} 143 - name: save config 144 uses: actions/upload-artifact@main 145 with: 146 name: ${{ matrix.target }}-${{ matrix.config }}-config 147 path: config.h 148 - name: make clean 149 run: make clean 150 - name: make 151 run: make 152 - name: make tests 153 run: sh ./.github/run_test.sh ${{ matrix.config }} 154 env: 155 TEST_SSH_UNSAFE_PERMISSIONS: 1 156 TEST_SSH_HOSTBASED_AUTH: yes 157 LTESTS: ${{ vars.LTESTS }} 158 - name: test OpenSSL3 ABI compatibility 159 if: ${{ startsWith(matrix.config, 'openssl-3') }} 160 run: | 161 sh .github/install_libcrypto.sh -a ${{ matrix.config }} /opt/openssl 162 sh .github/run_test.sh ${{ matrix.config }} 163 - name: show logs 164 if: failure() 165 run: for i in regress/failed*.log; do echo ====; echo logfile $i; echo =====; cat $i; done 166 - name: chown logs 167 if: failure() 168 run: test -x "$(which sudo 2>&1)" && sudo chown -R "${LOGNAME}" regress 169 - name: save logs 170 if: failure() 171 uses: actions/upload-artifact@main 172 with: 173 name: ${{ matrix.target }}-${{ matrix.config }}-logs 174 path: | 175 config.h 176 config.log 177 regress/ 178