====== 7.1 GitHub Actions ======
This page shows how to automatically build OpenSSL with GitHub Actions.
----
===== What is GitHub Actions? =====
**GitHub Actions** is GitHub's CI/CD platform:
* Directly integrated in GitHub
* Free for public repositories
* YAML-based configuration
----
===== Basic Concepts =====
| Term | Meaning |
|------|---------|
| **Workflow** | The entire automation (.yml file) |
| **Job** | A group of steps (e.g. "build-windows") |
| **Step** | A single command or action |
| **Runner** | The server that executes the job |
| **Artifact** | The result (e.g. the DLLs) |
----
===== Create Workflow File =====
Create the file ''.github/workflows/build-openssl.yml'':
# OpenSSL Build Workflow
name: Build OpenSSL 3.6
# When to build?
on:
push:
branches: [ main ] # On push to main
pull_request:
branches: [ main ] # On pull requests
workflow_dispatch: # Start manually
schedule:
- cron: '0 2 * * 0' # Every Sunday 2:00 AM
jobs:
# ============================================
# Windows x64 Build
# ============================================
build-windows:
runs-on: windows-latest
steps:
# 1. Checkout repository
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
# 2. Install Perl
- name: Install Strawberry Perl
run: choco install strawberryperl -y
# 3. Install NASM
- name: Install NASM
run: choco install nasm -y
# 4. Build
- name: Build OpenSSL
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
set PATH=C:\Strawberry\perl\bin;C:\Program Files\NASM;%PATH%
cd src
perl Configure VC-WIN64A --prefix=%GITHUB_WORKSPACE%\bin
nmake
nmake install_sw
# 5. Verify version
- name: Verify Build
run: |
bin\bin\openssl.exe version -a
bin\bin\openssl.exe list -signature-algorithms | findstr mldsa
# 6. Upload artifact
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: openssl-3.6.0-win-x64
path: bin/
retention-days: 30
# ============================================
# Linux x64 Build
# ============================================
build-linux:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install -y build-essential perl nasm
- name: Build OpenSSL
run: |
cd src
./Configure linux-x86_64 --prefix=$GITHUB_WORKSPACE/linux-build
make -j$(nproc)
make install
- name: Verify Build
run: |
linux-build/bin/openssl version -a
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: openssl-3.6.0-linux-x64
path: linux-build/
retention-days: 30
----
===== Workflow Structure Explained =====
==== Trigger (on:) ====
on:
push:
branches: [ main ] # Only main branch
paths:
- 'src/**' # Only if src/ changed
workflow_dispatch: # Manually in GitHub UI
==== Jobs ====
jobs:
job-name:
runs-on: windows-latest # or ubuntu-latest
needs: [other-jobs] # Dependencies
if: github.event_name == 'push' # Condition
==== Steps ====
steps:
- name: Descriptive Name
uses: action/name@v4 # Pre-built action
with:
parameter: value
- name: Shell Command
run: echo "Hello"
shell: bash # or cmd, pwsh
----
===== Secrets for Private Builds =====
If you publish private builds:
==== 1. Create Secret in GitHub ====
Repository → Settings → Secrets → New secret
* ''NUGET_API_KEY'' - Your NuGet key
* ''AZURE_STORAGE_KEY'' - For blob upload
==== 2. Use in Workflow ====
- name: Publish NuGet
run: dotnet nuget push *.nupkg --api-key ${{ secrets.NUGET_API_KEY }}
env:
NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
----
===== Create Release =====
Automatically create release on tag:
on:
push:
tags:
- 'v*' # e.g. v3.6.0
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# ... Build steps ...
- name: Create Release
uses: softprops/action-gh-release@v1
with:
files: |
openssl-3.6.0-win-x64.zip
openssl-3.6.0-linux-x64.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
----
===== Matrix Builds =====
Multiple configurations at once:
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [windows-latest, ubuntu-latest]
include:
- os: windows-latest
target: VC-WIN64A
- os: ubuntu-latest
target: linux-x86_64
steps:
- name: Configure
run: perl Configure ${{ matrix.target }}
----
===== Start Workflow Manually =====
- Go to "Actions" tab in GitHub
- Select the workflow
- Click "Run workflow"
- Select branch
- Click "Run workflow"
----
===== Common Problems =====
==== "nmake: command not found" ====
Visual Studio environment not loaded:
- name: Build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake
==== Build takes too long ====
Use cache:
- name: Cache OpenSSL Build
uses: actions/cache@v4
with:
path: src/
key: openssl-${{ hashFiles('src/VERSION') }}
----
===== Continue to =====
* [[.:azure-devops|Azure DevOps Pipelines]]
* [[.:.:start|Back to Overview]]
----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//