ci: add provider integration test matrix#415
Open
walterchris wants to merge 2 commits into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new GitHub Actions workflow that runs the three OpenSSL provider integration suites (cli, capi, nginx) across six OpenSSL 3.0.x distro containers in parallel, with nginx skipped on distros affected by the upstream STORE-dispatch bug. Each suite becomes its own PR check, expanding cross-distro coverage for the provider beyond the existing CodeQL/Rust workflows that pin a single OpenSSL build.
Changes:
- New
provider-matrix.ymlworkflow with a six-cell container matrix (Ubuntu 22.04/24.04, Debian 12, AlmaLinux/Rocky/RHEL UBI 9.2) andfail-fast: false. - Per-family (debian/rhel) bootstrap steps that install build deps, pin RHEL-family to the 9.2 vault for OpenSSL 3.0.7, and install the Rust toolchain pinned to 1.93.
- Builds
azihsm_api_nativeandazihsm_ossl_providerwith--features mock, installs the native lib into the system loader path, conditionally installs nginx 1.29.0, and invokes each suite viacargo nextestunder theci-provider-integrationprofile.
walterchris
force-pushed
the
openssl/ci-matrix
branch
2 times, most recently
from
6808ac5 to
d4b7efe
Compare
walterchris
force-pushed
the
openssl/ci-matrix
branch
from
d4b7efe to
72c75e9
Compare
walterchris
force-pushed
the
openssl/ci-matrix
branch
from
72c75e9 to
737bddd
Compare
11 tasks
rajesh-gali
reviewed
Jun 3, 2026
rajesh-gali
reviewed
Jun 3, 2026
walterchris
force-pushed
the
openssl/ci-matrix
branch
from
bbba8d3 to
a044038
Compare
walterchris
force-pushed
the
openssl/ci-matrix
branch
from
a044038 to
d06e7d6
Compare
This was referenced Jun 8, 2026
Open
walterchris
force-pushed
the
openssl/ci-matrix
branch
from
6b935e5 to
1c48338
Compare
Run the OpenSSL provider integration suites (cli + capi + nginx) across six OpenSSL 3.0.x distributions in parallel via GitHub Actions container jobs. Each cell is its own PR check (fail-fast: false). The nginx suite is skipped on distros whose OpenSSL predates the upstream STORE-dispatch fix (openssl#18262). Signed-off-by: Christian Walter <christian.walter@9elements.com>
walterchris
force-pushed
the
openssl/ci-matrix
branch
from
8b004b4 to
3a6dba4
Compare
Comment on lines
+177
to
+184
| - name: Install nginx 1.29.0 | ||
| if: matrix.nginx | ||
| run: | | ||
| codename=$(. /etc/os-release && echo "$VERSION_CODENAME") | ||
| host=$(. /etc/os-release && echo "$ID") | ||
| curl -fsSL -o /tmp/nginx.deb \ | ||
| "https://nginx.org/packages/mainline/${host}/pool/nginx/n/nginx/nginx_1.29.0-1~${codename}_amd64.deb" | ||
| apt-get install -y --no-install-recommends /tmp/nginx.deb |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Runs the OpenSSL provider integration suites (cli + capi + nginx) across five OpenSSL 3.0.x distributions in parallel. The nginx suite runs only where OpenSSL carries the complete STORE-dispatch fix (openssl#18262) — the 3.0.11/3.0.13 cells — and is skipped on 3.0.2 and the RHEL-family 3.0.7 cells.