Questa pagina mostra come compilare OpenSSL automaticamente con GitHub Actions.
GitHub Actions è la piattaforma CI/CD di GitHub:
| Termine | Significato |
| ——— | ————- |
| Workflow | L'intera automazione (file .yml) |
| Job | Un gruppo di step (es. „build-windows“) |
| Step | Un singolo comando o Action |
| Runner | Il server che esegue il job |
| Artifact | Il risultato (es. le DLL) |
Create il file .github/workflows/build-openssl.yml:
# Workflow Build OpenSSL name: Build OpenSSL 3.6 # Quando compilare? on: push: branches: [ main ] # Su push a main pull_request: branches: [ main ] # Su Pull Request workflow_dispatch: # Avvio manuale schedule: - cron: '0 2 * * 0' # Ogni domenica alle 2:00 jobs: # ============================================ # Build Windows x64 # ============================================ build-windows: runs-on: windows-latest steps: # 1. Checkout repository - name: Checkout uses: actions/checkout@v4 with: submodules: true # 2. Installare Perl - name: Install Strawberry Perl run: choco install strawberryperl -y # 3. Installare NASM - name: Install NASM run: choco install nasm -y # 4. Build - name: Build OpenSSL shell: cmd run: | call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat" set PATH=C:\Strawberry\perl\bin;C:\Program Files\NASM;%PATH% cd src perl Configure VC-WIN64A --prefix=%GITHUB_WORKSPACE%\bin nmake nmake install_sw # 5. Verificare versione - name: Verify Build run: | bin\bin\openssl.exe version -a bin\bin\openssl.exe list -signature-algorithms | findstr mldsa # 6. Caricare artefatto - name: Upload Artifact uses: actions/upload-artifact@v4 with: name: openssl-3.6.0-win-x64 path: bin/ retention-days: 30 # ============================================ # Build Linux x64 # ============================================ build-linux: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Install Dependencies run: | sudo apt-get update sudo apt-get install -y build-essential perl nasm - name: Build OpenSSL run: | cd src ./Configure linux-x86_64 --prefix=$GITHUB_WORKSPACE/linux-build make -j$(nproc) make install - name: Verify Build run: | linux-build/bin/openssl version -a - name: Upload Artifact uses: actions/upload-artifact@v4 with: name: openssl-3.6.0-linux-x64 path: linux-build/ retention-days: 30
on: push: branches: [ main ] # Solo branch main paths: - 'src/**' # Solo se src/ è modificato workflow_dispatch: # Manuale nella UI GitHub
jobs: job-name: runs-on: windows-latest # oppure ubuntu-latest needs: [altri-jobs] # Dipendenze if: github.event_name == 'push' # Condizione
steps: - name: Nome descrittivo uses: action/name@v4 # Action predefinita with: parametro: valore - name: Comando Shell run: echo "Hello" shell: bash # oppure cmd, pwsh
Se pubblicate build privati:
Repository → Settings → Secrets → New secret
NUGET_API_KEY - La vostra chiave NuGetAZURE_STORAGE_KEY - Per upload Blob- name: Publish NuGet run: dotnet nuget push *.nupkg --api-key ${{ secrets.NUGET_API_KEY }} env: NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
Release automatico con tag:
on: push: tags: - 'v*' # es. v3.6.0 jobs: release: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 # ... step di build ... - name: Create Release uses: softprops/action-gh-release@v1 with: files: | openssl-3.6.0-win-x64.zip openssl-3.6.0-linux-x64.tar.gz env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Più configurazioni contemporaneamente:
jobs: build: runs-on: ${{ matrix.os }} strategy: matrix: os: [windows-latest, ubuntu-latest] include: - os: windows-latest target: VC-WIN64A - os: ubuntu-latest target: linux-x86_64 steps: - name: Configure run: perl Configure ${{ matrix.target }}
Ambiente Visual Studio non caricato:
- name: Build shell: cmd run: | call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat" nmake
Usare cache:
- name: Cache OpenSSL Build uses: actions/cache@v4 with: path: src/ key: openssl-${{ hashFiles('src/VERSION') }}
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional