====== 7.1 GitHub Actions ======

Ta stran prikazuje, kako samodejno zgradite OpenSSL z GitHub Actions.

----

===== Kaj je GitHub Actions? =====

**GitHub Actions** je CI/CD platforma GitHub:
  * Neposredno integrirana v GitHub
  * Brezplačno za javne repozitorije
  * YAML-osnovana konfiguracija

----

===== Osnovni koncepti =====

| Pojem | Pomen |
|-------|-------|
| **Workflow** | Celotna avtomatizacija (.yml datoteka) |
| **Job** | Skupina korakov (npr. "build-windows") |
| **Step** | Posamezen ukaz ali Action |
| **Runner** | Strežnik, ki izvaja job |
| **Artifact** | Rezultat (npr. DLL-ji) |

----

===== Ustvarjanje datoteke Workflow =====

Ustvarite datoteko ''.github/workflows/build-openssl.yml'':

<code yaml>
# OpenSSL Build Workflow
name: Build OpenSSL 3.6

# Kdaj se gradi?
on:
  push:
    branches: [ main ]           # Ob push na main
  pull_request:
    branches: [ main ]           # Ob Pull Requests
  workflow_dispatch:             # Ročni zagon
  schedule:
    - cron: '0 2 * * 0'          # Vsako nedeljo ob 2:00

jobs:
  # ============================================
  # Windows x64 gradnja
  # ============================================
  build-windows:
    runs-on: windows-latest

    steps:
      # 1. Checkout repozitorija
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: true

      # 2. Namestitev Perl
      - name: Install Strawberry Perl
        run: choco install strawberryperl -y

      # 3. Namestitev NASM
      - name: Install NASM
        run: choco install nasm -y

      # 4. Gradnja
      - name: Build OpenSSL
        shell: cmd
        run: |
          call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
          set PATH=C:\Strawberry\perl\bin;C:\Program Files\NASM;%PATH%
          cd src
          perl Configure VC-WIN64A --prefix=%GITHUB_WORKSPACE%\bin
          nmake
          nmake install_sw

      # 5. Preverjanje različice
      - name: Verify Build
        run: |
          bin\bin\openssl.exe version -a
          bin\bin\openssl.exe list -signature-algorithms | findstr mldsa

      # 6. Nalaganje artefakta
      - name: Upload Artifact
        uses: actions/upload-artifact@v4
        with:
          name: openssl-3.6.0-win-x64
          path: bin/
          retention-days: 30

  # ============================================
  # Linux x64 gradnja
  # ============================================
  build-linux:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install Dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y build-essential perl nasm

      - name: Build OpenSSL
        run: |
          cd src
          ./Configure linux-x86_64 --prefix=$GITHUB_WORKSPACE/linux-build
          make -j$(nproc)
          make install

      - name: Verify Build
        run: |
          linux-build/bin/openssl version -a

      - name: Upload Artifact
        uses: actions/upload-artifact@v4
        with:
          name: openssl-3.6.0-linux-x64
          path: linux-build/
          retention-days: 30
</code>

----

===== Razlaga strukture Workflow =====

==== Sprožilec (on:) ====

<code yaml>
on:
  push:
    branches: [ main ]      # Samo main veja
    paths:
      - 'src/**'            # Samo če je src/ spremenjen
  workflow_dispatch:        # Ročno v GitHub UI
</code>

==== Jobs ====

<code yaml>
jobs:
  job-name:
    runs-on: windows-latest   # ali ubuntu-latest
    needs: [drugi-jobs]       # Odvisnosti
    if: github.event_name == 'push'  # Pogoj
</code>

==== Koraki ====

<code yaml>
steps:
  - name: Opisno ime
    uses: action/name@v4      # Vnaprej pripravljena Action
    with:
      parameter: vrednost

  - name: Shell ukaz
    run: echo "Hello"
    shell: bash               # ali cmd, pwsh
</code>

----

===== Secrets za zasebne gradnje =====

Če objavljate zasebne gradnje:

==== 1. Ustvarjanje Secret v GitHub ====

Repository → Settings → Secrets → New secret

  * ''NUGET_API_KEY'' - Vaš NuGet ključ
  * ''AZURE_STORAGE_KEY'' - Za Blob nalaganje

==== 2. Uporaba v Workflow ====

<code yaml>
- name: Publish NuGet
  run: dotnet nuget push *.nupkg --api-key ${{ secrets.NUGET_API_KEY }}
  env:
    NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
</code>

----

===== Ustvarjanje Release =====

Samodejno Release ob oznaki:

<code yaml>
on:
  push:
    tags:
      - 'v*'    # npr. v3.6.0

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      # ... koraki gradnje ...

      - name: Create Release
        uses: softprops/action-gh-release@v1
        with:
          files: |
            openssl-3.6.0-win-x64.zip
            openssl-3.6.0-linux-x64.tar.gz
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
</code>

----

===== Matrix gradnje =====

Več konfiguracij hkrati:

<code yaml>
jobs:
  build:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [windows-latest, ubuntu-latest]
        include:
          - os: windows-latest
            target: VC-WIN64A
          - os: ubuntu-latest
            target: linux-x86_64

    steps:
      - name: Configure
        run: perl Configure ${{ matrix.target }}
</code>

----

===== Ročni zagon Workflow =====

  - Pojdite na zavihek "Actions" v GitHub
  - Izberite Workflow
  - Kliknite "Run workflow"
  - Izberite vejo
  - Kliknite "Run workflow"

----

===== Pogoste težave =====

==== "nmake: command not found" ====

Okolje Visual Studio ni naloženo:

<code yaml>
- name: Build
  shell: cmd
  run: |
    call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
    nmake
</code>

==== Gradnja traja predolgo ====

Uporabite predpomnilnik:

<code yaml>
- name: Cache OpenSSL Build
  uses: actions/cache@v4
  with:
    path: src/
    key: openssl-${{ hashFiles('src/VERSION') }}
</code>

----

===== Naprej na =====

  * [[.:azure-devops|Azure DevOps Pipelines]]
  * [[wvds:sl:openssl:start|Nazaj na pregled]]

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//