fix: heap-buffer-overflow READ in wolfSSL_i2c_ASN1_INTEGER via CRL revoked serial #1451
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Zephyr 4.x tests | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'release/**' ] | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| build: | |
| name: ${{ matrix.zephyr-ref }} | ${{ matrix.board }} | ${{ matrix.sample }}${{ matrix.extra-conf != '' && ' | extlibc' || '' }} | |
| if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }} | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 60 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| zephyr-ref: [ v4.1.0, v4.3.0, v4.4.0 ] | |
| board: [ native_sim, frdm_rw612/rw612 ] | |
| sample: [ wolfssl_tls_sock, wolfssl_test, wolfssl_benchmark ] | |
| extra-conf: [ '', external_libc.conf ] | |
| exclude: | |
| # external_libc overlay is native_sim-only in the original Jenkins matrix | |
| - board: frdm_rw612/rw612 | |
| extra-conf: external_libc.conf | |
| steps: | |
| - name: Checkout test driver | |
| uses: actions/checkout@v5 | |
| with: | |
| sparse-checkout: .github/scripts/zephyr-4.x | |
| fetch-depth: 1 | |
| - name: Free disk space | |
| run: | | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc \ | |
| /opt/hostedtoolcache/CodeQL "$AGENT_TOOLSDIRECTORY" || true | |
| docker system prune -af || true | |
| df -h / | |
| - name: Resolve wolfSSL repo and branch | |
| id: src | |
| run: | | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| # Fetch via upstream PR ref so renames, deletes, or visibility changes on the fork do not break us. | |
| # Use the /merge ref (PR merged into the base branch) instead of /head so we test master+PR, | |
| # picking up fixes already on master rather than testing the PR branch in isolation. | |
| echo "repo=https://github.com/${{ github.repository }}" >> "$GITHUB_OUTPUT" | |
| echo "branch=refs/pull/${{ github.event.pull_request.number }}/merge" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "repo=https://github.com/${{ github.repository }}" >> "$GITHUB_OUTPUT" | |
| echo "branch=${{ github.ref_name }}" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Build and run sample | |
| working-directory: .github/scripts/zephyr-4.x | |
| run: | | |
| EXTRA_CONF_ARG="" | |
| if [[ -n "${{ matrix.extra-conf }}" ]]; then | |
| EXTRA_CONF_ARG="--extra-conf ${{ matrix.extra-conf }}" | |
| fi | |
| bash ./zephyr-test.sh \ | |
| -r "${{ steps.src.outputs.repo }}" \ | |
| -b "${{ steps.src.outputs.branch }}" \ | |
| -z "${{ matrix.zephyr-ref }}" \ | |
| -t "${{ matrix.board }}" \ | |
| -s "${{ matrix.sample }}" \ | |
| $EXTRA_CONF_ARG | |
| - name: Upload logs on failure | |
| if: failure() | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: zephyr-4.x-${{ matrix.zephyr-ref }}-${{ matrix.sample }}-${{ strategy.job-index }} | |
| path: .github/scripts/zephyr-4.x/logs/ | |
| retention-days: 5 | |
| if-no-files-found: ignore | |
| # Stage Membrowse artifacts only for the cells we want to track on the | |
| # Membrowse dashboard. Keep this tight to avoid duplicate target_name | |
| # entries on the dashboard and unnecessary artifact uploads. | |
| - name: Upload Membrowse artifacts (selected cells only) | |
| if: > | |
| success() && | |
| matrix.zephyr-ref == 'v4.3.0' && | |
| matrix.sample == 'wolfssl_test' && | |
| matrix.extra-conf == '' | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: membrowse-zephyr-${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612' }} | |
| path: | | |
| .github/scripts/zephyr-4.x/artifacts/${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612-rw612' }}-wolfssl_test/zephyr.elf | |
| .github/scripts/zephyr-4.x/artifacts/${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612-rw612' }}-wolfssl_test/linker.cmd | |
| .github/scripts/zephyr-4.x/artifacts/${{ matrix.board == 'native_sim' && 'native_sim' || 'frdm_rw612-rw612' }}-wolfssl_test/zephyr.map | |
| if-no-files-found: warn | |
| retention-days: 1 |