Skip to content

Bump step-security/harden-runner from 2.5.1 to 2.6.0 #812

Bump step-security/harden-runner from 2.5.1 to 2.6.0

Bump step-security/harden-runner from 2.5.1 to 2.6.0 #812

Workflow file for this run

name: BVT
on:
workflow_dispatch:
push:
branches:
- main
- release/*
pull_request:
branches:
- main
- release/*
concurrency:
# Cancel any workflow currently in progress for the same PR.
# Allow running concurrently with any other commits.
group: bvt-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
permissions: read-all
jobs:
build-windows-kernel:
name: Build WinKernel
strategy:
fail-fast: false
matrix:
vec: [
{ config: "Debug", plat: "winkernel", os: "windows-2022", arch: "x64", tls: "schannel", test: "-Test" },
{ config: "Release", plat: "winkernel", os: "windows-2022", arch: "x64", tls: "schannel", test: "-Test" }
]
uses: ./.github/workflows/build-reuse-winkernel.yml
with:
config: ${{ matrix.vec.config }}
plat: ${{ matrix.vec.plat }}
os: ${{ matrix.vec.os }}
arch: ${{ matrix.vec.arch }}
tls: ${{ matrix.vec.tls }}
test: ${{ matrix.vec.test }}
build-windows:
name: Build WinUser
strategy:
fail-fast: false
matrix:
vec: [
{ config: "Debug", plat: "windows", os: "windows-2019", arch: "x64", tls: "openssl", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2019", arch: "x64", tls: "openssl3", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "schannel", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "schannel", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "openssl", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "openssl3", test: "-Test" },
{ config: "Release", plat: "windows", os: "windows-2022", arch: "x64", tls: "schannel", test: "-Test" }
]
uses: ./.github/workflows/build-reuse-win.yml
with:
config: ${{ matrix.vec.config }}
plat: ${{ matrix.vec.plat }}
os: ${{ matrix.vec.os }}
arch: ${{ matrix.vec.arch }}
tls: ${{ matrix.vec.tls }}
sanitize: ${{ matrix.vec.sanitize }}
test: ${{ matrix.vec.test }}
build-unix:
name: Build Unix
strategy:
fail-fast: false
matrix:
vec: [
{ config: "Debug", plat: "linux", os: "ubuntu-20.04", arch: "x64", tls: "openssl", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "linux", os: "ubuntu-20.04", arch: "x64", tls: "openssl", systemcrypto: "-UseSystemOpenSSLCrypto", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "linux", os: "ubuntu-20.04", arch: "x64", tls: "openssl3", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "linux", os: "ubuntu-22.04", arch: "x64", tls: "openssl", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "linux", os: "ubuntu-22.04", arch: "x64", tls: "openssl3", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "linux", os: "ubuntu-22.04", arch: "x64", tls: "openssl3", systemcrypto: "-UseSystemOpenSSLCrypto", sanitize: "-Sanitize", test: "-Test" },
]
uses: ./.github/workflows/build-reuse-unix.yml
with:
config: ${{ matrix.vec.config }}
plat: ${{ matrix.vec.plat }}
os: ${{ matrix.vec.os }}
arch: ${{ matrix.vec.arch }}
tls: ${{ matrix.vec.tls }}
systemcrypto: ${{ matrix.vec.systemcrypto }}
sanitize: ${{ matrix.vec.sanitize }}
test: ${{ matrix.vec.test }}
bvt:
name: BVT
needs: [build-windows, build-unix]
strategy:
fail-fast: false
matrix:
vec: [
{ config: "Debug", plat: "linux", os: "ubuntu-20.04", arch: "x64", tls: "openssl", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "linux", os: "ubuntu-20.04", arch: "x64", tls: "openssl", systemcrypto: "-UseSystemOpenSSLCrypto", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "linux", os: "ubuntu-20.04", arch: "x64", tls: "openssl3", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "linux", os: "ubuntu-22.04", arch: "x64", tls: "openssl", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "linux", os: "ubuntu-22.04", arch: "x64", tls: "openssl3", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "linux", os: "ubuntu-22.04", arch: "x64", tls: "openssl3", systemcrypto: "-UseSystemOpenSSLCrypto", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2019", arch: "x64", tls: "openssl", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2019", arch: "x64", tls: "openssl3", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "schannel", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "schannel", xdp: "-UseXdp", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "schannel", xdp: "-UseXdp", useqtip: "-UseQtip", sanitize: "-Sanitize", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "openssl", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "openssl", xdp: "-UseXdp", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "openssl", xdp: "-UseXdp", useqtip: "-UseQtip", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "openssl3", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "openssl3", xdp: "-UseXdp", test: "-Test" },
{ config: "Debug", plat: "windows", os: "windows-2022", arch: "x64", tls: "openssl3", xdp: "-UseXdp", useqtip: "-UseQtip", test: "-Test" },
{ config: "Debug", plat: "windows", os: "WSPrerelease", arch: "x64", tls: "schannel", test: "-Test" },
{ config: "Release", plat: "windows", os: "WSPrerelease", arch: "x64", tls: "schannel", test: "-Test" },
]
runs-on: ${{ matrix.vec.plat == 'windows' && matrix.vec.os == 'WSPrerelease' && fromJson('[''self-hosted'', ''1ES.Pool=1es-msquic-pool'', ''1ES.ImageOverride=WSPrerelease'']') || matrix.vec.os }}
steps:
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Download Build Artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
if: matrix.vec.plat == 'windows'
with: # note that BVT for WSPrerelease uses binaries built on windows-2022.
name: ${{ matrix.vec.config }}-${{ matrix.vec.plat }}-${{ matrix.vec.os == 'WSPrerelease' && 'windows-2022' || matrix.vec.os }}-${{ matrix.vec.arch }}-${{ matrix.vec.tls }}${{ matrix.vec.sanitize }}${{ matrix.vec.test }}
path: artifacts
- name: Download Build Artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
if: matrix.vec.plat == 'linux'
with:
name: ${{ matrix.vec.config }}-${{ matrix.vec.plat }}-${{ matrix.vec.os }}-${{ matrix.vec.arch }}-${{ matrix.vec.tls }}${{ matrix.vec.systemcrypto }}${{ matrix.vec.sanitize }}${{ matrix.vec.test }}
path: artifacts
- name: Fix permissions for Unix
if: matrix.vec.plat == 'linux' || matrix.vec.plat == 'macos'
run: |
sudo chmod -R 777 artifacts
- name: Prepare Machine
run: scripts/prepare-machine.ps1 -Tls ${{ matrix.vec.tls }} -ForTest ${{ matrix.vec.xdp }}
shell: pwsh
- name: Install ETW Manifest
if: matrix.vec.plat == 'windows'
shell: pwsh
run: |
$MsQuicDll = ".\artifacts\bin\windows\${{ matrix.vec.arch }}_${{ matrix.vec.config }}_${{ matrix.vec.tls }}\msquic.dll"
$ManifestPath = ".\src\manifest\MsQuicEtw.man"
wevtutil.exe um $ManifestPath
wevtutil.exe im $ManifestPath /rf:$($MsQuicDll) /mf:$($MsQuicDll)
- name: Test
if: matrix.vec.os == 'WSPrerelease'
shell: pwsh
timeout-minutes: 120
run: scripts/test.ps1 -Config ${{ matrix.vec.config }} -Arch ${{ matrix.vec.arch }} -Tls ${{ matrix.vec.tls }} -GHA -LogProfile Full.Light -GenerateXmlResults ${{ matrix.vec.xdp }} ${{ matrix.vec.qtip }}
- name: Test
if: matrix.vec.os != 'WSPrerelease'
shell: pwsh
timeout-minutes: 120
run: scripts/test.ps1 -Config ${{ matrix.vec.config }} -Arch ${{ matrix.vec.arch }} -Tls ${{ matrix.vec.tls }} -OsRunner ${{ matrix.vec.os }} -GHA -LogProfile Full.Light -GenerateXmlResults ${{ matrix.vec.xdp }} ${{ matrix.vec.qtip }}
- name: Upload on Failure
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
if: failure()
with:
name: BVT-${{ matrix.vec.config }}-${{ matrix.vec.plat }}-${{ matrix.vec.os }}-${{ matrix.vec.arch }}-${{ matrix.vec.tls }}${{ matrix.vec.xdp }}${{ matrix.vec.qtip }}${{ matrix.vec.systemcrypto }}${{ matrix.vec.sanitize }}
path: artifacts
bvt-kernel:
name: BVT Kernel
needs: [build-windows, build-windows-kernel]
strategy:
fail-fast: false
matrix:
vec: [
{ config: "Debug", plat: "winkernel", os: "windows-2022", arch: "x64", tls: "schannel", test: "-Test" },
{ config: "Release", plat: "winkernel", os: "windows-2022", arch: "x64", tls: "schannel", test: "-Test" },
{ config: "Debug", plat: "winkernel", os: "WSPrerelease", arch: "x64", tls: "schannel", test: "-Test" },
{ config: "Release", plat: "winkernel", os: "WSPrerelease", arch: "x64", tls: "schannel", test: "-Test" },
]
runs-on: ${{ matrix.vec.plat == 'winkernel' && matrix.vec.os == 'WSPrerelease' && fromJson('[''self-hosted'', ''1ES.Pool=1es-msquic-pool'', ''1ES.ImageOverride=WSPrerelease'']') || matrix.vec.os }}
steps:
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Download Build Artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with: # note that BVT for WSPrerelease uses binaries built on windows-2022.
name: ${{ matrix.vec.config }}-${{ matrix.vec.plat }}-${{ matrix.vec.os == 'WSPrerelease' && 'windows-2022' || matrix.vec.os }}-${{ matrix.vec.arch }}-${{ matrix.vec.tls }}${{ matrix.vec.test }}
path: artifacts
- name: Download Build Artifacts for Testing From WinUser
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with: # note that BVT for WSPrerelease uses binaries built on windows-2022.
name: ${{ matrix.vec.config }}-windows-${{ matrix.vec.os == 'WSPrerelease' && 'windows-2022' || matrix.vec.os }}-${{ matrix.vec.arch }}-${{ matrix.vec.tls }}${{ matrix.vec.test }}
path: artifacts
- name: Prepare Machine
shell: pwsh
run: scripts/prepare-machine.ps1 -ForTest -ForKernel
- name: Install ETW Manifest
shell: pwsh
run: |
$MsQuicDll = ".\artifacts\bin\windows\${{ matrix.vec.arch }}_${{ matrix.vec.config }}_${{ matrix.vec.tls }}\msquic.dll"
$ManifestPath = ".\src\manifest\MsQuicEtw.man"
wevtutil.exe um $ManifestPath
wevtutil.exe im $ManifestPath /rf:$($MsQuicDll) /mf:$($MsQuicDll)
- name: Test
shell: pwsh
timeout-minutes: 90
run: scripts/test.ps1 -Config ${{ matrix.vec.config }} -Arch ${{ matrix.vec.arch }} -Tls ${{ matrix.vec.tls }} -GHA -LogProfile Full.Light -GenerateXmlResults -Kernel -Filter -*ValidateConfiguration:*ValidAlpnLengths:*ResumeRejection*:*ClientCertificate*:*LoadBalanced*
- name: Upload on Failure
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
if: failure()
with:
name: BVT-Kernel-${{ matrix.vec.config }}-${{ matrix.vec.plat }}-${{ matrix.vec.os }}-${{ matrix.vec.arch }}-${{ matrix.vec.tls }}
path: artifacts
interop-winlatest:
name: Interop WinPrerelease
needs: [build-windows]
strategy:
fail-fast: false
matrix:
vec: [
{ config: "Release", plat: "windows", os: "windows-2022", arch: "x64", tls: "schannel", test: "-Test" },
]
runs-on:
- self-hosted
- "1ES.Pool=1es-msquic-pool"
- "1ES.ImageOverride=WSPrerelease"
steps:
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
fetch-depth: 0
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
name: ${{ matrix.vec.config }}-${{ matrix.vec.plat }}-${{ matrix.vec.os }}-${{ matrix.vec.arch }}-${{ matrix.vec.tls }}${{ matrix.vec.sanitize }}${{ matrix.vec.test }}
path: artifacts
- name: Prepare Machine
run: scripts/prepare-machine.ps1 -ForTest ${{ matrix.vec.xdp }}
shell: pwsh
- name: Interop
shell: pwsh
run: scripts/interop.ps1 -Config ${{ matrix.vec.config }} -Arch ${{ matrix.vec.arch }} -Tls ${{ matrix.vec.tls }} -GHA -GenerateXmlResults
- name: Upload results
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
with:
name: InteropWinlatest-${{ matrix.vec.config }}-${{ matrix.vec.plat }}-${{ matrix.vec.os }}-${{ matrix.vec.arch }}-${{ matrix.vec.tls }}${{ matrix.vec.xdp }}
path: artifacts