diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml index 61409b4d8ad..10ec6a1aa35 100644 --- a/.github/workflows/haproxy.yml +++ b/.github/workflows/haproxy.yml @@ -7,6 +7,9 @@ on: pull_request: types: [opened, synchronize, reopened, ready_for_review] branches: [ '*' ] + # Daily run on master reseeds the shared cache (see save step below). + schedule: + - cron: '0 4 * * *' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -71,8 +74,8 @@ jobs: run: tar -xf build-dir.tgz # check cache for haproxy if not there then download it - - name: Check haproxy cache - uses: actions/cache@v5 + - name: Restore haproxy cache + uses: actions/cache/restore@v5 id: cache-haproxy with: path: build-dir/haproxy-${{matrix.haproxy_ref}} @@ -87,6 +90,14 @@ jobs: path: build-dir/haproxy-${{matrix.haproxy_ref}} fetch-depth: 1 + # Only master (the daily schedule) saves, so all PRs share one entry. + - name: Save haproxy cache + if: github.ref == 'refs/heads/master' && steps.cache-haproxy.outputs.cache-hit != 'true' + uses: actions/cache/save@v5 + with: + path: build-dir/haproxy-${{matrix.haproxy_ref}} + key: haproxy-${{matrix.haproxy_ref}} + - name: Build haproxy working-directory: build-dir/haproxy-${{matrix.haproxy_ref}} run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index a860006cb07..d663f5db253 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -7,6 +7,9 @@ on: pull_request: types: [opened, synchronize, reopened, ready_for_review] branches: [ '*' ] + # Daily run on master reseeds the shared cache (see save steps below). + schedule: + - cron: '40 5 * * *' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -72,7 +75,7 @@ jobs: timeout-minutes: 10 steps: - name: Checking if we have hostap in cache - uses: actions/cache@v5 + uses: actions/cache/restore@v5 id: cache with: path: hostap @@ -82,6 +85,14 @@ jobs: if: steps.cache.outputs.cache-hit != 'true' run: git clone https://w1.fi/hostap.git hostap + # Only master (the daily schedule) saves, so all PRs share one entry. + - name: Save hostap cache + if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true' + uses: actions/cache/save@v5 + with: + path: hostap + key: hostap-repo + - name: tar hostap run: tar -zcf hostap.tgz hostap @@ -101,7 +112,7 @@ jobs: needs: checkout_hostap steps: - name: Checking if we have kernel in cache - uses: actions/cache@v5 + uses: actions/cache/restore@v5 id: cache with: path: linux/linux @@ -133,6 +144,14 @@ jobs: cd linux yes "" | ARCH=um make -j $(nproc) + # Only master (the daily schedule) saves, so all PRs share one entry. + - name: Save kernel cache + if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true' + uses: actions/cache/save@v5 + with: + path: linux/linux + key: hostap-linux-${{ env.LINUX_REF }} + - name: Upload kernel binary uses: actions/upload-artifact@v6 with: diff --git a/.github/workflows/mbedtls.yml b/.github/workflows/mbedtls.yml index 21f7139277b..a6fcc04d558 100644 --- a/.github/workflows/mbedtls.yml +++ b/.github/workflows/mbedtls.yml @@ -7,6 +7,9 @@ on: pull_request: types: [opened, synchronize, reopened, ready_for_review] branches: [ '*' ] + # Daily run on master reseeds the shared cache (see save steps below). + schedule: + - cron: '20 4 * * *' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -25,7 +28,7 @@ jobs: timeout-minutes: 10 steps: - name: Checking if we have mbed in cache - uses: actions/cache@v5 + uses: actions/cache/restore@v5 id: cache with: path: mbedtls @@ -54,6 +57,28 @@ jobs: openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem + # Only master (the daily schedule) saves, so all PRs share one entry. + - name: Save mbedtls cache + if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true' + uses: actions/cache/save@v5 + with: + path: mbedtls + key: mbedtls-${{ env.MBED_REF }} + + # On a cache miss, hand the freshly built mbedtls to mbedtls_test via an + # artifact so it is not compiled a second time in the same run. + - name: tar mbedtls + if: steps.cache.outputs.cache-hit != 'true' + run: tar -zcf mbedtls.tgz mbedtls + + - name: Upload mbedtls build + if: steps.cache.outputs.cache-hit != 'true' + uses: actions/upload-artifact@v6 + with: + name: mbedtls-build + path: mbedtls.tgz + retention-days: 1 + mbedtls_test: name: Test interop with mbedtls if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }} @@ -64,33 +89,25 @@ jobs: - name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT) run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6 + # Restore only: the build_mbedtls job (master/schedule) owns the save. - name: Checking if we have mbed in cache - uses: actions/cache@v5 + uses: actions/cache/restore@v5 id: cache with: path: mbedtls key: mbedtls-${{ env.MBED_REF }} - - name: Checkout mbedtls (fallback on cache miss) + # On a cache miss, reuse the build_mbedtls artifact instead of + # recompiling. master restores from the cache above instead. + - name: Download mbedtls build (fallback on cache miss) if: steps.cache.outputs.cache-hit != 'true' - uses: actions/checkout@v5 + uses: actions/download-artifact@v7 with: - repository: Mbed-TLS/mbedtls - ref: ${{ env.MBED_REF }} - path: mbedtls - fetch-depth: 1 + name: mbedtls-build - - name: Compile mbedtls (fallback on cache miss) + - name: untar mbedtls (fallback on cache miss) if: steps.cache.outputs.cache-hit != 'true' - working-directory: mbedtls - run: | - git submodule update --init - mkdir build - cd build - cmake .. - make -j$(nproc) - openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem - openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem + run: tar -xf mbedtls.tgz - name: Build wolfSSL uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/msys2.yml b/.github/workflows/msys2.yml index 43a7075bb1f..e7a9644bb92 100644 --- a/.github/workflows/msys2.yml +++ b/.github/workflows/msys2.yml @@ -27,6 +27,9 @@ jobs: msystem: msys update: true install: git gcc autotools base-devel autoconf netcat + # Per-PR cache entries can't be shared across PRs; the action + # offers no master-only save, so disable caching entirely. + cache: false - name: configure wolfSSL run: ./autogen.sh && ./configure --disable-sys-ca-certs CFLAGS="-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DNO_WRITE_TEMP_FILES" - name: build wolfSSL diff --git a/.github/workflows/nss.yml b/.github/workflows/nss.yml index ef20dfd200c..338c9684414 100644 --- a/.github/workflows/nss.yml +++ b/.github/workflows/nss.yml @@ -9,6 +9,9 @@ on: pull_request: types: [opened, synchronize, reopened, ready_for_review] branches: [ '*' ] + # Daily run on master reseeds the shared cache (see save steps below). + schedule: + - cron: '40 4 * * *' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -33,7 +36,7 @@ jobs: fetch-depth: 1 - name: Checking if we have nss in cache - uses: actions/cache@v5 + uses: actions/cache/restore@v5 id: cache with: path: dist @@ -63,6 +66,28 @@ jobs: cd nss ./build.sh + # Only master (the daily schedule) saves, so all PRs share one entry. + - name: Save nss cache + if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true' + uses: actions/cache/save@v5 + with: + path: dist + key: nss-${{ env.NSS_REF }} + + # On a cache miss, hand the freshly built dist/ to nss_test via an + # artifact so nss is not compiled a second time in the same run. + - name: tar nss dist + if: steps.cache.outputs.cache-hit != 'true' + run: tar -zcf nss-dist.tgz dist + + - name: Upload nss build + if: steps.cache.outputs.cache-hit != 'true' + uses: actions/upload-artifact@v6 + with: + name: nss-build + path: nss-dist.tgz + retention-days: 1 + nss_test: name: Test interop with nss if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }} @@ -70,42 +95,25 @@ jobs: needs: build_nss timeout-minutes: 30 steps: + # Restore only: the build_nss job (master/schedule) owns the save. - name: Checking if we have nss in cache - uses: actions/cache@v5 + uses: actions/cache/restore@v5 id: cache with: path: dist key: nss-${{ env.NSS_REF }} - - name: Checkout wolfSSL CI actions (fallback on cache miss) - if: steps.cache.outputs.cache-hit != 'true' - uses: actions/checkout@v5 - with: - sparse-checkout: .github/actions - fetch-depth: 1 - - - name: Install dependencies (fallback on cache miss) + # On a cache miss, reuse the build_nss artifact instead of recompiling. + # master restores from the cache above instead. + - name: Download nss build (fallback on cache miss) if: steps.cache.outputs.cache-hit != 'true' - uses: ./.github/actions/install-apt-deps + uses: actions/download-artifact@v7 with: - packages: gyp ninja-build - ghcr-debs-tag: ubuntu-24.04-full + name: nss-build - - name: Checkout nss (fallback on cache miss) + - name: untar nss dist (fallback on cache miss) if: steps.cache.outputs.cache-hit != 'true' - uses: actions/checkout@v5 - with: - repository: nss-dev/nss - ref: ${{ env.NSS_REF }} - path: nss - fetch-depth: 1 - - - name: Compile nss (fallback on cache miss) - if: steps.cache.outputs.cache-hit != 'true' - run: | - hg clone https://hg.mozilla.org/projects/nspr - cd nss - ./build.sh + run: tar -xf nss-dist.tgz - name: Build wolfSSL uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml index df01855e3e7..4cbe22b92c8 100644 --- a/.github/workflows/ntp.yml +++ b/.github/workflows/ntp.yml @@ -7,6 +7,9 @@ on: pull_request: types: [opened, synchronize, reopened, ready_for_review] branches: [ '*' ] + # Daily run on master reseeds the shared cache (see save step below). + schedule: + - cron: '0 5 * * *' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -70,7 +73,7 @@ jobs: # Avoid DoS'ing ntp site so cache the tar.gz - name: Check if we have ntp - uses: actions/cache@v5 + uses: actions/cache/restore@v5 id: cache with: path: ntp-${{ matrix.ref }}.tar.gz @@ -81,6 +84,14 @@ jobs: run: | wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz + # Only master (the daily schedule) saves, so all PRs share one entry. + - name: Save ntp cache + if: github.ref == 'refs/heads/master' && steps.cache.outputs.cache-hit != 'true' + uses: actions/cache/save@v5 + with: + path: ntp-${{ matrix.ref }}.tar.gz + key: ntp-${{ matrix.ref }}.tar.gz + - name: Extract ntp run: | tar -xf ntp-${{ matrix.ref }}.tar.gz diff --git a/.github/workflows/pic32mz-sim.yml b/.github/workflows/pic32mz-sim.yml index d7e3d5beb15..daa215b739b 100644 --- a/.github/workflows/pic32mz-sim.yml +++ b/.github/workflows/pic32mz-sim.yml @@ -5,6 +5,7 @@ on: push: branches: [ 'master', 'main', 'release/**' ] pull_request: + types: [opened, synchronize, reopened, ready_for_review] branches: [ '*' ] # Weekend cron and manual workflow_dispatch refresh the shared ghcr build # cache that PR runs read (cache-to below is gated to those two events). @@ -34,7 +35,7 @@ permissions: jobs: pic32mz_sim: name: wolfCrypt on PIC32MZ ${{ matrix.chip_label }} (${{ matrix.port_label }}) - if: github.repository_owner == 'wolfssl' + if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }} runs-on: ubuntu-24.04 timeout-minutes: 30 strategy: diff --git a/.github/workflows/threadx.yml b/.github/workflows/threadx.yml index 437e9b58d33..aa44193af9c 100644 --- a/.github/workflows/threadx.yml +++ b/.github/workflows/threadx.yml @@ -6,6 +6,12 @@ on: pull_request: types: [opened, synchronize, reopened, ready_for_review] branches: [ '*' ] + # Daily run on master reseeds the shared cache (see save step below). + schedule: + - cron: '20 5 * * *' + +env: + NETXDUO_REF: v6.4.3_rel jobs: build: @@ -15,22 +21,30 @@ jobs: timeout-minutes: 10 steps: - - name: Cache NetXDuo bundle + - name: Restore NetXDuo bundle cache id: cache-netxduo - uses: actions/cache@v5 + uses: actions/cache/restore@v5 with: - path: ./v6.4.3_rel.tar.gz - key: netxduo-bundle-v6.4.3_rel + path: ./${{ env.NETXDUO_REF }}.tar.gz + key: netxduo-bundle-${{ env.NETXDUO_REF }} - name: Download NetXDuo bundle if not cached if: steps.cache-netxduo.outputs.cache-hit != 'true' run: | - wget https://github.com/eclipse-threadx/netxduo/archive/refs/tags/v6.4.3_rel.tar.gz + wget https://github.com/eclipse-threadx/netxduo/archive/refs/tags/${{ env.NETXDUO_REF }}.tar.gz + + # Only master (the daily schedule) saves, so all PRs share one entry. + - name: Save NetXDuo bundle cache + if: github.ref == 'refs/heads/master' && steps.cache-netxduo.outputs.cache-hit != 'true' + uses: actions/cache/save@v5 + with: + path: ./${{ env.NETXDUO_REF }}.tar.gz + key: netxduo-bundle-${{ env.NETXDUO_REF }} - name: Extract NetXDuo bundle run: | mkdir -p netxduo_src - tar -xzf v6.4.3_rel.tar.gz -C netxduo_src --strip-components=1 + tar -xzf ${{ env.NETXDUO_REF }}.tar.gz -C netxduo_src --strip-components=1 - name: Install NetXDuo Dependencies working-directory: ./netxduo_src