Sie befinden sich hier: start » it » Documentazione interna » Documentazione Build OpenSSL 3.6 » 7. CI/CD » 7.1 GitHub Actions

Inhaltsverzeichnis

7.1 GitHub Actions

Questa pagina mostra come compilare OpenSSL automaticamente con GitHub Actions.

Cos'è GitHub Actions?

GitHub Actions è la piattaforma CI/CD di GitHub:

  • Integrata direttamente in GitHub
  • Gratuita per repository pubblici
  • Configurazione basata su YAML

Concetti Base

Termine Significato
———————-
Workflow L'intera automazione (file .yml)
Job Un gruppo di step (es. „build-windows“)
Step Un singolo comando o Action
Runner Il server che esegue il job
Artifact Il risultato (es. le DLL)

Creare il File Workflow

Create il file .github/workflows/build-openssl.yml: 

# Workflow Build OpenSSL
name: Build OpenSSL 3.6
 
# Quando compilare?
on:
  push:
    branches: [ main ]           # Su push a main
  pull_request:
    branches: [ main ]           # Su Pull Request
  workflow_dispatch:             # Avvio manuale
  schedule:
    - cron: '0 2 * * 0'          # Ogni domenica alle 2:00

jobs:
  # ============================================
  # Build Windows x64
  # ============================================
  build-windows:
    runs-on: windows-latest

    steps:
      # 1. Checkout repository
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: true
 
      # 2. Installare Perl
      - name: Install Strawberry Perl
        run: choco install strawberryperl -y
 
      # 3. Installare NASM
      - name: Install NASM
        run: choco install nasm -y
 
      # 4. Build
      - name: Build OpenSSL
        shell: cmd
        run: |
          call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
          set PATH=C:\Strawberry\perl\bin;C:\Program Files\NASM;%PATH%
          cd src
          perl Configure VC-WIN64A --prefix=%GITHUB_WORKSPACE%\bin
          nmake
          nmake install_sw

      # 5. Verificare versione
      - name: Verify Build
        run: |
          bin\bin\openssl.exe version -a
          bin\bin\openssl.exe list -signature-algorithms | findstr mldsa

      # 6. Caricare artefatto
      - name: Upload Artifact
        uses: actions/upload-artifact@v4
        with:
          name: openssl-3.6.0-win-x64
          path: bin/
          retention-days: 30
 
  # ============================================
  # Build Linux x64
  # ============================================
  build-linux:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install Dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y build-essential perl nasm

      - name: Build OpenSSL
        run: |
          cd src
          ./Configure linux-x86_64 --prefix=$GITHUB_WORKSPACE/linux-build
          make -j$(nproc)
          make install

      - name: Verify Build
        run: |
          linux-build/bin/openssl version -a

      - name: Upload Artifact
        uses: actions/upload-artifact@v4
        with:
          name: openssl-3.6.0-linux-x64
          path: linux-build/
          retention-days: 30

Struttura Workflow Spiegata

Trigger (on:)

on:
  push:
    branches: [ main ]      # Solo branch main
    paths:
      - 'src/**'            # Solo se src/ è modificato
  workflow_dispatch:        # Manuale nella UI GitHub

Jobs

jobs:
  job-name:
    runs-on: windows-latest   # oppure ubuntu-latest
    needs: [altri-jobs]       # Dipendenze
    if: github.event_name == 'push'  # Condizione

Step

steps:
  - name: Nome descrittivo
    uses: action/name@v4      # Action predefinita
    with:
      parametro: valore

  - name: Comando Shell
    run: echo "Hello"
    shell: bash               # oppure cmd, pwsh

Secrets per Build Privati

Se pubblicate build privati:

1. Creare Secret in GitHub

Repository → Settings → Secrets → New secret

  • NUGET_API_KEY - La vostra chiave NuGet
  • AZURE_STORAGE_KEY - Per upload Blob

2. Usare nel Workflow

- name: Publish NuGet
  run: dotnet nuget push *.nupkg --api-key ${{ secrets.NUGET_API_KEY }}
  env:
    NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}

Creare Release

Release automatico con tag: 

on:
  push:
    tags:
      - 'v*'    # es. v3.6.0

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
 
      # ... step di build ...

      - name: Create Release
        uses: softprops/action-gh-release@v1
        with:
          files: |
            openssl-3.6.0-win-x64.zip
            openssl-3.6.0-linux-x64.tar.gz
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Matrix Build

Più configurazioni contemporaneamente: 

jobs:
  build:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [windows-latest, ubuntu-latest]
        include:
          - os: windows-latest
            target: VC-WIN64A
          - os: ubuntu-latest
            target: linux-x86_64

    steps:
      - name: Configure
        run: perl Configure ${{ matrix.target }}

Avviare Workflow Manualmente

  1. Andate alla tab „Actions“ in GitHub
  2. Selezionate il workflow
  3. Cliccate „Run workflow“
  4. Selezionate il branch
  5. Cliccate „Run workflow“

Problemi Comuni

"nmake: command not found"

Ambiente Visual Studio non caricato: 

- name: Build
  shell: cmd
  run: |
    call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
    nmake

Build troppo lento

Usare cache: 

- name: Cache OpenSSL Build
  uses: actions/cache@v4
  with:
    path: src/
    key: openssl-${{ hashFiles('src/VERSION') }}

Continua con

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

Zuletzt geändert: il 29/01/2026 alle 21:40

Seiten-Werkzeuge