chore(deps): update src/openvpn digest to 6db186e (release/2.7) #9897
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The name of our workflow | |
| name: Build | |
| on: | |
| push: | |
| pull_request: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkoutjobs | |
| jobs: | |
| msvc: | |
| strategy: | |
| matrix: | |
| arch: [x86, amd64, arm64] | |
| env: | |
| CMAKE: cmake.exe | |
| WIX: ${{ github.workspace }}\wix\ | |
| JsignJar: ${{ github.workspace }}\jsign.jar | |
| SigningStoreType: GOOGLECLOUD | |
| SigningKeyStore: ${{ secrets.GOOGLE_CLOUD_KMS_KEYRING }} | |
| SigningStoreKeyName: ${{ secrets.GOOGLE_CLOUD_KMS_KEY }} | |
| SigningCertificateFile: ${{ github.workspace }}/certificate.pem | |
| VCPKG_BINARY_SOURCES: clear;files,${{ github.workspace }}/vcpkg_cache,readwrite | |
| name: 'openvpn-build' | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout openvpn-build | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Restore vcpkg cache | |
| id: vcpkg-restore | |
| uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: "${{ github.workspace }}/vcpkg_cache" | |
| key: vcpkg-${{ matrix.arch }}-${{ hashFiles('**/src/openvpn/contrib/vcpkg-manifests/windows/vcpkg.json', '**/src/vcpkg/ports/openssl/vcpkg.json') }} | |
| restore-keys: | | |
| vcpkg-${{ matrix.arch }}- | |
| - name: Install vcpkg | |
| uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 | |
| with: | |
| vcpkgDirectory: '${{ github.workspace }}/src/vcpkg' | |
| vcpkgJsonGlob: '**/src/openvpn/contrib/vcpkg-manifests/windows/vcpkg.json' | |
| - name: Get latest CMake and ninja | |
| uses: lukka/get-cmake@bb2faa721a800324b726fec00f7c1ff7641964d1 # v4.2.0 | |
| - name: Install rst2html | |
| run: python -m pip install --upgrade pip docutils | |
| - name: Setup MSVC prompt | |
| uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 | |
| - name: Set up Java | |
| uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0 | |
| if: ${{ env.SigningKeyStore != '' }} | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| - name: Download Jsign | |
| if: ${{ env.SigningKeyStore != '' }} | |
| run: | | |
| Invoke-WebRequest -Uri "https://github.com/ebourg/jsign/releases/download/6.0/jsign-6.0.jar" -OutFile jsign.jar | |
| - name: Install Wix 3.14.1 | |
| run: | | |
| Invoke-WebRequest -Uri "https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314-binaries.zip" -OutFile wix.zip | |
| Expand-Archive -Path .\wix.zip -DestinationPath wix\bin | |
| - name: Bump version | |
| working-directory: windows-msi | |
| if: ${{ ! startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| $NewProductCode = (New-Guid).ToString().ToUpper() | |
| $BuildVersion = 10000 + [int]$env:GITHUB_RUN_NUMBER | |
| $NewProductVersion = "2.6.$BuildVersion" | |
| echo $NewProductCode $NewProductVersion | |
| $version_m4 = (Get-Content version.m4) | |
| $version_m4 -replace '^define\(\[PRODUCT_CODE\], \[\{(?<ProductCode>.*)\}]\)', "define([PRODUCT_CODE], [{${NewProductCode}}])" ` | |
| -replace '^define\(\[PRODUCT_VERSION\], \[(.*?)\]\)', "define([PRODUCT_VERSION], [${NewProductVersion}])" | Out-File -Encoding ASCII version.m4 | |
| - name: Authenticate to Google Cloud | |
| id: 'auth' | |
| uses: 'google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093' # v3 | |
| if: ${{ env.SigningKeyStore != '' }} | |
| with: | |
| create_credentials_file: false | |
| token_format: 'access_token' | |
| workload_identity_provider: ${{ secrets.GOOGLE_CLOUD_WIP }} | |
| service_account: ${{ secrets.GOOGLE_CLOUD_SERVICE_ACCOUNT }} | |
| access_token_lifetime: '600s' | |
| - name: Build and Sign | |
| working-directory: windows-msi | |
| env: | |
| SigningStorePass: ${{ steps.auth.outputs.access_token }} | |
| if: ${{ env.SigningKeyStore != '' }} | |
| run: | | |
| echo "${{ secrets.SIGNING_CERTIFICATE }}" >${{ github.workspace }}/certificate.pem | |
| ./build-and-package.ps1 -sign -arch ${{ matrix.arch }} | |
| - name: Build | |
| working-directory: windows-msi | |
| if: ${{ env.SigningKeyStore == '' }} | |
| run: | | |
| ./build-and-package.ps1 -arch ${{ matrix.arch }} | |
| - name: Get openvpn commit id | |
| working-directory: src/openvpn | |
| run: | | |
| $commit = git rev-parse --short HEAD | |
| echo "OPENVPN_COMMIT=$commit" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append | |
| - name: Get datetime | |
| run: | | |
| $dt = Get-Date -Format "yyyyMMddThhmm" | |
| echo "DATETIME=${dt}" >> $Env:GITHUB_ENV | |
| - name: Archive artifacts | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: openvpn-msi-${{ env.DATETIME }}-${{ env.OPENVPN_COMMIT }}-${{ matrix.arch }} | |
| path: ${{ github.workspace }}\windows-msi\image\*-${{ matrix.arch }}.msi | |
| - name: Save vcpkg cache | |
| if: steps.vcpkg-restore.outputs.cache-hit != 'true' | |
| id: vcpkg-save | |
| uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: "${{ github.workspace }}/vcpkg_cache" | |
| key: ${{ steps.vcpkg-restore.outputs.cache-primary-key }} | |
| run_tclient_tests: | |
| name: Run t_client tests on AWS | |
| needs: msvc | |
| runs-on: msitest | |
| if: ${{ github.repository == 'openvpn/openvpn-build' && github.event_name != 'pull_request' }} | |
| env: | |
| AWS_REGION : "eu-west-1" | |
| steps: | |
| - name: configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Clone openvpn-windows-test repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| repository: openvpn/openvpn-windows-test | |
| ref: master | |
| path: openvpn-windows-test | |
| - name: Install SSH key for tclient host | |
| uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2.7.0 | |
| with: | |
| key: ${{ secrets.SSH_KEY_FOR_TCLIENT_HOST }} | |
| known_hosts: unnecessary | |
| - name: Cleanup old artifacts | |
| run: | |
| rm -fr msi | |
| - name: Get artifacts | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| pattern: "openvpn-msi-*-amd64" | |
| path: msi | |
| - name: Run AWS test | |
| working-directory: openvpn-windows-test | |
| shell: pwsh | |
| run: | | |
| Install-Module -Name AWS.Tools.Installer -Force | |
| Install-AWSToolsModule AWS.Tools.EC2 -Force | |
| .\Start-AWSTest.ps1 -SSH_KEY ~/.ssh/id_rsa -MSI_PATH $(Get-ChildItem ../msi/*.msi | select -ExpandProperty FullName) | |
| - name: Archive openvpn logs | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: ${{ always() }} | |
| with: | |
| name: t_client_openvpn_logs | |
| path: openvpn-windows-test/openvpn-logs.zip | |
| upload_msis: | |
| needs: run_tclient_tests | |
| name: upload-msis | |
| runs-on: ubuntu-24.04 | |
| if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/master' && github.repository == 'openvpn/openvpn-build' }} | |
| steps: | |
| - name: Install knock | |
| run: sudo apt install knockd | |
| - name: Get artifacts | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| path: msi | |
| - name: Flatten and rename artifacts | |
| working-directory: msi | |
| run: | | |
| find -name '*.msi' -printf "%p\n" | while read f; do mv -v $f $(dirname $f).msi; rm -rvf $(dirname $f); done | |
| rm -rf t_client_openvpn_logs | |
| rm -rf openvpn-debian | |
| find | |
| - name: Knock ports on remote | |
| run: knock -d 500 ${{ secrets.MSI_UPLOAD_REMOTE_HOST }} ${{ secrets.MSI_UPLOAD_REMOTE_KNOCK_SEQUENCE }} ; sleep 1 | |
| - name: Copy MSI to remote | |
| working-directory: msi | |
| run: | | |
| set -x | |
| eval $(ssh-agent -s) | |
| mkdir -v -m 700 $HOME/.ssh | |
| ssh-keyscan -H ${{ secrets.MSI_UPLOAD_REMOTE_HOST }} > $HOME/.ssh/known_hosts | |
| echo "${{ secrets.MSI_UPLOAD_PRIVATE_KEY }}" > $HOME/.ssh/key | |
| chmod 400 $HOME/.ssh/key | |
| scp -i $HOME/.ssh/key *.msi ${{ secrets.MSI_UPLOAD_USERNAME }}@${{ secrets.MSI_UPLOAD_REMOTE_HOST }}:${{ secrets.MSI_UPLOAD_REMOTE_PATH }} | |
| debian: | |
| strategy: | |
| matrix: | |
| runner: [ubuntu-24.04, ubuntu-24.04-arm] | |
| include: | |
| - runner: ubuntu-24.04 | |
| arch: amd64 | |
| - runner: ubuntu-24.04-arm | |
| arch: arm64 | |
| name: Build Debian packages | |
| runs-on: "${{ matrix.runner }}" | |
| env: | |
| CHROOT_CONF: chroots/chroot.d.tar | |
| OPENVPN_CURRENT_TAG: HEAD | |
| OPENVPN_DCO_CURRENT_TAG: HEAD | |
| steps: | |
| - name: Checkout openvpn-build | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| # for sbuild | |
| sudo apt-get install -y sbuild git quilt debhelper dkms dh-dkms | |
| # for ./configure && make dist | |
| sudo apt-get install -y autoconf automake libcap-ng-dev libssl-dev python3-docutils | |
| - name: Prepare release files | |
| working-directory: release | |
| run: | | |
| ln -s vars.example vars | |
| mkdir ../output | |
| - name: Create local tag and files | |
| working-directory: release | |
| if: ${{ ! startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| # we need to have ability to git tag the versions | |
| # we do not push those tags | |
| git config --global user.name "gha_user" | |
| git config --global user.email "[email protected]" | |
| export USE_LOCAL_SOURCE=1 | |
| echo USE_LOCAL_SOURCE=1 >> $GITHUB_ENV | |
| ./version-and-tags.sh | |
| ./create-release-files.sh | |
| # So that the caches expire after a while | |
| - name: Get Date for cache key | |
| id: get-date | |
| run: | | |
| echo "date=$(/bin/date -u '+%Y%m')" >> $GITHUB_OUTPUT | |
| - name: Restore cached chroots | |
| id: chroots-restore | |
| uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: | | |
| debian-sbuild/chroots | |
| key: chroots-${{ matrix.arch }}-${{ hashFiles(format('**/config/variants.{0}.conf', matrix.arch)) }}-${{ steps.get-date.outputs.date }} | |
| restore-keys: | | |
| chroots-${{ matrix.arch }}-${{ hashFiles(format('**/config/variants.{0}.conf', matrix.arch)) }}- | |
| chroots-${{ matrix.arch }}- | |
| - name: Prepare environment | |
| working-directory: debian-sbuild | |
| run: | | |
| [ ! -f "$CHROOT_CONF" ] || ( tar -xvf "$CHROOT_CONF" -C chroots; sudo install -m644 chroots/chroot.d/* /etc/schroot/chroot.d/ ) | |
| sudo chown root:root chroots/*.tar.gz || true | |
| scripts/setup.sh | |
| sudo scripts/setup_chroots.sh | |
| sudo scripts/update-all.sh | |
| sudo sbuild-adduser runner | |
| tar -cvf "$CHROOT_CONF" -C /etc/schroot/ chroot.d/ | |
| - name: Save chroots | |
| if: steps.chroots-restore.outputs.cache-hit != 'true' | |
| id: chroots-save | |
| uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: | | |
| debian-sbuild/chroots | |
| key: ${{ steps.chroots-restore.outputs.cache-primary-key }} | |
| - name: Prepare package build | |
| working-directory: debian-sbuild | |
| run: | | |
| scripts/prepare-all.sh | |
| # includes work-around for https://github.com/actions/runner-images/issues/9932 | |
| # (sg and newgrp require password to run) | |
| - name: Build packages | |
| working-directory: debian-sbuild | |
| run: | | |
| sudo gpasswd -r sbuild | |
| sg sbuild ./scripts/build-all.sh | |
| - name: Archive packages | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: openvpn-debian-${{ matrix.arch }} | |
| path: | | |
| output |