Sie befinden sich hier: start » en » Internal Documentation » OpenSSL 3.6 Build Documentation » 7. CI/CD » 7.1 GitHub Actions

Inhaltsverzeichnis

7.1 GitHub Actions

This page shows how to automatically build OpenSSL with GitHub Actions.

What is GitHub Actions?

GitHub Actions is GitHub's CI/CD platform:

  • Directly integrated in GitHub
  • Free for public repositories
  • YAML-based configuration

Basic Concepts

Term Meaning
—————
Workflow The entire automation (.yml file)
Job A group of steps (e.g. „build-windows“)
Step A single command or action
Runner The server that executes the job
Artifact The result (e.g. the DLLs)

Create Workflow File

Create the file .github/workflows/build-openssl.yml: 

# OpenSSL Build Workflow
name: Build OpenSSL 3.6
 
# When to build?
on:
  push:
    branches: [ main ]           # On push to main
  pull_request:
    branches: [ main ]           # On pull requests
  workflow_dispatch:             # Start manually
  schedule:
    - cron: '0 2 * * 0'          # Every Sunday 2:00 AM

jobs:
  # ============================================
  # Windows x64 Build
  # ============================================
  build-windows:
    runs-on: windows-latest

    steps:
      # 1. Checkout repository
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: true
 
      # 2. Install Perl
      - name: Install Strawberry Perl
        run: choco install strawberryperl -y
 
      # 3. Install NASM
      - name: Install NASM
        run: choco install nasm -y
 
      # 4. Build
      - name: Build OpenSSL
        shell: cmd
        run: |
          call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
          set PATH=C:\Strawberry\perl\bin;C:\Program Files\NASM;%PATH%
          cd src
          perl Configure VC-WIN64A --prefix=%GITHUB_WORKSPACE%\bin
          nmake
          nmake install_sw

      # 5. Verify version
      - name: Verify Build
        run: |
          bin\bin\openssl.exe version -a
          bin\bin\openssl.exe list -signature-algorithms | findstr mldsa

      # 6. Upload artifact
      - name: Upload Artifact
        uses: actions/upload-artifact@v4
        with:
          name: openssl-3.6.0-win-x64
          path: bin/
          retention-days: 30
 
  # ============================================
  # Linux x64 Build
  # ============================================
  build-linux:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install Dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y build-essential perl nasm

      - name: Build OpenSSL
        run: |
          cd src
          ./Configure linux-x86_64 --prefix=$GITHUB_WORKSPACE/linux-build
          make -j$(nproc)
          make install

      - name: Verify Build
        run: |
          linux-build/bin/openssl version -a

      - name: Upload Artifact
        uses: actions/upload-artifact@v4
        with:
          name: openssl-3.6.0-linux-x64
          path: linux-build/
          retention-days: 30

Workflow Structure Explained

Trigger (on:)

on:
  push:
    branches: [ main ]      # Only main branch
    paths:
      - 'src/**'            # Only if src/ changed
  workflow_dispatch:        # Manually in GitHub UI

Jobs

jobs:
  job-name:
    runs-on: windows-latest   # or ubuntu-latest
    needs: [other-jobs]       # Dependencies
    if: github.event_name == 'push'  # Condition

Steps

steps:
  - name: Descriptive Name
    uses: action/name@v4      # Pre-built action
    with:
      parameter: value

  - name: Shell Command
    run: echo "Hello"
    shell: bash               # or cmd, pwsh

Secrets for Private Builds

If you publish private builds:

1. Create Secret in GitHub

Repository → Settings → Secrets → New secret

  • NUGET_API_KEY - Your NuGet key
  • AZURE_STORAGE_KEY - For blob upload

2. Use in Workflow

- name: Publish NuGet
  run: dotnet nuget push *.nupkg --api-key ${{ secrets.NUGET_API_KEY }}
  env:
    NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}

Create Release

Automatically create release on tag: 

on:
  push:
    tags:
      - 'v*'    # e.g. v3.6.0

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
 
      # ... Build steps ...

      - name: Create Release
        uses: softprops/action-gh-release@v1
        with:
          files: |
            openssl-3.6.0-win-x64.zip
            openssl-3.6.0-linux-x64.tar.gz
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Matrix Builds

Multiple configurations at once: 

jobs:
  build:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [windows-latest, ubuntu-latest]
        include:
          - os: windows-latest
            target: VC-WIN64A
          - os: ubuntu-latest
            target: linux-x86_64

    steps:
      - name: Configure
        run: perl Configure ${{ matrix.target }}

Start Workflow Manually

  1. Go to „Actions“ tab in GitHub
  2. Select the workflow
  3. Click „Run workflow“
  4. Select branch
  5. Click „Run workflow“

Common Problems

"nmake: command not found"

Visual Studio environment not loaded: 

- name: Build
  shell: cmd
  run: |
    call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
    nmake

Build takes too long

Use cache: 

- name: Cache OpenSSL Build
  uses: actions/cache@v4
  with:
    path: src/
    key: openssl-${{ hashFiles('src/VERSION') }}

Continue to

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

Zuletzt geändert: on 2026/01/29 at 09:23 PM

Seiten-Werkzeuge