====== 7.1 GitHub Actions ======
Questa pagina mostra come compilare OpenSSL automaticamente con GitHub Actions.
----
===== Cos'è GitHub Actions? =====
**GitHub Actions** è la piattaforma CI/CD di GitHub:
* Integrata direttamente in GitHub
* Gratuita per repository pubblici
* Configurazione basata su YAML
----
===== Concetti Base =====
| Termine | Significato |
|---------|-------------|
| **Workflow** | L'intera automazione (file .yml) |
| **Job** | Un gruppo di step (es. "build-windows") |
| **Step** | Un singolo comando o Action |
| **Runner** | Il server che esegue il job |
| **Artifact** | Il risultato (es. le DLL) |
----
===== Creare il File Workflow =====
Create il file ''.github/workflows/build-openssl.yml'':
# Workflow Build OpenSSL
name: Build OpenSSL 3.6
# Quando compilare?
on:
push:
branches: [ main ] # Su push a main
pull_request:
branches: [ main ] # Su Pull Request
workflow_dispatch: # Avvio manuale
schedule:
- cron: '0 2 * * 0' # Ogni domenica alle 2:00
jobs:
# ============================================
# Build Windows x64
# ============================================
build-windows:
runs-on: windows-latest
steps:
# 1. Checkout repository
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
# 2. Installare Perl
- name: Install Strawberry Perl
run: choco install strawberryperl -y
# 3. Installare NASM
- name: Install NASM
run: choco install nasm -y
# 4. Build
- name: Build OpenSSL
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
set PATH=C:\Strawberry\perl\bin;C:\Program Files\NASM;%PATH%
cd src
perl Configure VC-WIN64A --prefix=%GITHUB_WORKSPACE%\bin
nmake
nmake install_sw
# 5. Verificare versione
- name: Verify Build
run: |
bin\bin\openssl.exe version -a
bin\bin\openssl.exe list -signature-algorithms | findstr mldsa
# 6. Caricare artefatto
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: openssl-3.6.0-win-x64
path: bin/
retention-days: 30
# ============================================
# Build Linux x64
# ============================================
build-linux:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install -y build-essential perl nasm
- name: Build OpenSSL
run: |
cd src
./Configure linux-x86_64 --prefix=$GITHUB_WORKSPACE/linux-build
make -j$(nproc)
make install
- name: Verify Build
run: |
linux-build/bin/openssl version -a
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: openssl-3.6.0-linux-x64
path: linux-build/
retention-days: 30
----
===== Struttura Workflow Spiegata =====
==== Trigger (on:) ====
on:
push:
branches: [ main ] # Solo branch main
paths:
- 'src/**' # Solo se src/ è modificato
workflow_dispatch: # Manuale nella UI GitHub
==== Jobs ====
jobs:
job-name:
runs-on: windows-latest # oppure ubuntu-latest
needs: [altri-jobs] # Dipendenze
if: github.event_name == 'push' # Condizione
==== Step ====
steps:
- name: Nome descrittivo
uses: action/name@v4 # Action predefinita
with:
parametro: valore
- name: Comando Shell
run: echo "Hello"
shell: bash # oppure cmd, pwsh
----
===== Secrets per Build Privati =====
Se pubblicate build privati:
==== 1. Creare Secret in GitHub ====
Repository → Settings → Secrets → New secret
* ''NUGET_API_KEY'' - La vostra chiave NuGet
* ''AZURE_STORAGE_KEY'' - Per upload Blob
==== 2. Usare nel Workflow ====
- name: Publish NuGet
run: dotnet nuget push *.nupkg --api-key ${{ secrets.NUGET_API_KEY }}
env:
NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
----
===== Creare Release =====
Release automatico con tag:
on:
push:
tags:
- 'v*' # es. v3.6.0
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# ... step di build ...
- name: Create Release
uses: softprops/action-gh-release@v1
with:
files: |
openssl-3.6.0-win-x64.zip
openssl-3.6.0-linux-x64.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
----
===== Matrix Build =====
Più configurazioni contemporaneamente:
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [windows-latest, ubuntu-latest]
include:
- os: windows-latest
target: VC-WIN64A
- os: ubuntu-latest
target: linux-x86_64
steps:
- name: Configure
run: perl Configure ${{ matrix.target }}
----
===== Avviare Workflow Manualmente =====
- Andate alla tab "Actions" in GitHub
- Selezionate il workflow
- Cliccate "Run workflow"
- Selezionate il branch
- Cliccate "Run workflow"
----
===== Problemi Comuni =====
==== "nmake: command not found" ====
Ambiente Visual Studio non caricato:
- name: Build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake
==== Build troppo lento ====
Usare cache:
- name: Cache OpenSSL Build
uses: actions/cache@v4
with:
path: src/
key: openssl-${{ hashFiles('src/VERSION') }}
----
===== Continua con =====
* [[.:azure-devops|Pipeline Azure DevOps]]
* [[.:.:start|Torna alla panoramica]]
----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//