The attribute plugin is not available, 2fa disabled

7.1 GitHub Actions

This page shows how to automatically build OpenSSL with GitHub Actions.


What is GitHub Actions?

GitHub Actions is GitHub's CI/CD platform:

  • Directly integrated in GitHub
  • Free for public repositories
  • YAML-based configuration

Basic Concepts

Term Meaning
—————
Workflow The entire automation (.yml file)
Job A group of steps (e.g. „build-windows“)
Step A single command or action
Runner The server that executes the job
Artifact The result (e.g. the DLLs)

Create Workflow File

Create the file .github/workflows/build-openssl.yml:

# OpenSSL Build Workflow
name: Build OpenSSL 3.6
 
# When to build?
on:
  push:
    branches: [ main ]           # On push to main
  pull_request:
    branches: [ main ]           # On pull requests
  workflow_dispatch:             # Start manually
  schedule:
    - cron: '0 2 * * 0'          # Every Sunday 2:00 AM

jobs:
  # ============================================
  # Windows x64 Build
  # ============================================
  build-windows:
    runs-on: windows-latest

    steps:
      # 1. Checkout repository
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: true
 
      # 2. Install Perl
      - name: Install Strawberry Perl
        run: choco install strawberryperl -y
 
      # 3. Install NASM
      - name: Install NASM
        run: choco install nasm -y
 
      # 4. Build
      - name: Build OpenSSL
        shell: cmd
        run: |
          call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
          set PATH=C:\Strawberry\perl\bin;C:\Program Files\NASM;%PATH%
          cd src
          perl Configure VC-WIN64A --prefix=%GITHUB_WORKSPACE%\bin
          nmake
          nmake install_sw

      # 5. Verify version
      - name: Verify Build
        run: |
          bin\bin\openssl.exe version -a
          bin\bin\openssl.exe list -signature-algorithms | findstr mldsa

      # 6. Upload artifact
      - name: Upload Artifact
        uses: actions/upload-artifact@v4
        with:
          name: openssl-3.6.0-win-x64
          path: bin/
          retention-days: 30
 
  # ============================================
  # Linux x64 Build
  # ============================================
  build-linux:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install Dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y build-essential perl nasm

      - name: Build OpenSSL
        run: |
          cd src
          ./Configure linux-x86_64 --prefix=$GITHUB_WORKSPACE/linux-build
          make -j$(nproc)
          make install

      - name: Verify Build
        run: |
          linux-build/bin/openssl version -a

      - name: Upload Artifact
        uses: actions/upload-artifact@v4
        with:
          name: openssl-3.6.0-linux-x64
          path: linux-build/
          retention-days: 30

Workflow Structure Explained

Trigger (on:)

on:
  push:
    branches: [ main ]      # Only main branch
    paths:
      - 'src/**'            # Only if src/ changed
  workflow_dispatch:        # Manually in GitHub UI

Jobs

jobs:
  job-name:
    runs-on: windows-latest   # or ubuntu-latest
    needs: [other-jobs]       # Dependencies
    if: github.event_name == 'push'  # Condition

Steps

steps:
  - name: Descriptive Name
    uses: action/name@v4      # Pre-built action
    with:
      parameter: value

  - name: Shell Command
    run: echo "Hello"
    shell: bash               # or cmd, pwsh

Secrets for Private Builds

If you publish private builds:

1. Create Secret in GitHub

Repository → Settings → Secrets → New secret

  • NUGET_API_KEY - Your NuGet key
  • AZURE_STORAGE_KEY - For blob upload

2. Use in Workflow

- name: Publish NuGet
  run: dotnet nuget push *.nupkg --api-key ${{ secrets.NUGET_API_KEY }}
  env:
    NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}

Create Release

Automatically create release on tag:

on:
  push:
    tags:
      - 'v*'    # e.g. v3.6.0

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
 
      # ... Build steps ...

      - name: Create Release
        uses: softprops/action-gh-release@v1
        with:
          files: |
            openssl-3.6.0-win-x64.zip
            openssl-3.6.0-linux-x64.tar.gz
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Matrix Builds

Multiple configurations at once:

jobs:
  build:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [windows-latest, ubuntu-latest]
        include:
          - os: windows-latest
            target: VC-WIN64A
          - os: ubuntu-latest
            target: linux-x86_64

    steps:
      - name: Configure
        run: perl Configure ${{ matrix.target }}

Start Workflow Manually

  1. Go to „Actions“ tab in GitHub
  2. Select the workflow
  3. Click „Run workflow“
  4. Select branch
  5. Click „Run workflow“

Common Problems

"nmake: command not found"

Visual Studio environment not loaded:

- name: Build
  shell: cmd
  run: |
    call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
    nmake

Build takes too long

Use cache:

- name: Cache OpenSSL Build
  uses: actions/cache@v4
  with:
    path: src/
    key: openssl-${{ hashFiles('src/VERSION') }}

Continue to


Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

Zuletzt geändert: on 2026/01/29 at 09:23 PM