.github/workflows/build.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

name: build
on:
  push:
    paths:
      - '*.c'
      - '.github/workflows/*'
      - 'Makefile'
  pull_request:
    paths:
      - '*.c'
      - '.github/workflows/*'
      - 'Makefile'
  workflow_dispatch:
  release:
    types:
      - created

env:
  OPENSSL_VERSION: 3.0.3
  SCCACHE_VERSION: 0.2.15

jobs:
  build-linux:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        triple:
        - aarch64-linux-musl
        - x86_64-linux-musl

    env:
      TOOLCHAIN: ${{ matrix.triple }}-cross
      TRIPLE: ${{ matrix.triple }}

    steps:
    - uses: actions/checkout@v1
      with:
        submodules: recursive

    - name: Cache Deps
      uses: actions/cache@v3
      id: cache-deps
      with:
        path: |
          ~/.cache/sccache
          ~/dep_src
          ~/build
        key: build-linux-${{ matrix.triple }}

    - name: setup environment
      run: |
        export DOWNLOAD_PATH=${HOME}/dep_src
        export DEP_PATH=${HOME}/build
        mkdir -p ${DOWNLOAD_PATH} ${DEP_PATH}
        echo "DOWNLOAD_PATH=${DOWNLOAD_PATH}" >> $GITHUB_ENV
        echo "DEP_PATH=${DEP_PATH}" >> $GITHUB_ENV
        echo "ARCH=$(echo ${{ matrix.triple }} | cut -d- -f 1)" >> $GITHUB_ENV
        echo "${HOME}/${TOOLCHAIN}/bin" >> $GITHUB_PATH
        echo "CC=sccache ${TRIPLE}-gcc" >> $GITHUB_ENV
        echo "CXX=sccache ${TRIPLE}-g++" >> $GITHUB_ENV
        echo "AR=${TRIPLE}-gcc-ar" >> $GITHUB_ENV
        echo "NM=${TRIPLE}-gcc-nm" >> $GITHUB_ENV
        echo "RANLIB=${TRIPLE}-gcc-ranlib" >> $GITHUB_ENV
        echo "CFLAGS=-Os -fPIC -fno-pie -no-pie -static -flto -ffunction-sections -fdata-sections" >> $GITHUB_ENV
        echo "LDFLAGS=-Wl,--gc-sections -Wl,-strip-all -flto" >> $GITHUB_ENV

    - name: setup toolchain
      if: steps.cache-deps.outputs.cache-hit != true
      run: |
        # Download Toolchain
        wget -q -nc -P ${DOWNLOAD_PATH} https://musl.cc/${TOOLCHAIN}.tgz
        tar xf ${DOWNLOAD_PATH}/${TOOLCHAIN}.tgz -C ${HOME}

        # Download sccache
        wget -q -nc -P ${DOWNLOAD_PATH} \
          https://github.com/mozilla/sccache/releases/download/v${SCCACHE_VERSION}/sccache-v${SCCACHE_VERSION}-x86_64-unknown-linux-musl.tar.gz
        tar xf ${DOWNLOAD_PATH}/sccache-v${SCCACHE_VERSION}-x86_64-unknown-linux-musl.tar.gz -C ${HOME}
        mv ${HOME}/sccache-v${SCCACHE_VERSION}-x86_64-unknown-linux-musl/sccache ${HOME}/${TOOLCHAIN}/bin
        chmod +x ${HOME}/${TOOLCHAIN}/bin/sccache

    - name: build openssl
      if: steps.cache-deps.outputs.cache-hit != true
      run: |
        export PLATFORM="linux-${ARCH}"

        wget -q -nc -P ${DOWNLOAD_PATH} https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz
        tar xf ${DOWNLOAD_PATH}/openssl-${OPENSSL_VERSION}.tar.gz -C ${DEP_PATH}
        cd ${DEP_PATH}/openssl-${OPENSSL_VERSION}
        ./config --prefix=/usr --static -static ${PLATFORM}
        make -j$(nproc) build_generated libcrypto.a

        echo "CPPFLAGS=${CPPFLAGS} -I${DEP_PATH}/openssl-${OPENSSL_VERSION}/include" >> $GITHUB_ENV
        echo "LDFLAGS=${LDFLAGS} -L${DEP_PATH}/openssl-${OPENSSL_VERSION}" >> $GITHUB_ENV

    - name: build
      run: |
        make -j$(nproc) \
          LDFLAGS="-static ${LDFLAGS}"
        ${TRIPLE}-strip trustcache

    - uses: actions/upload-artifact@v1
      with:
        name: trustcache_linux_${{ env.ARCH }}
        path: trustcache

    - name: Upload Release Asset Linux
      uses: actions/upload-release-asset@v1
      if: ${{ github.event_name == 'release' }}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        upload_url: ${{ github.event.release.upload_url }}
        asset_path: trustcache
        asset_name: trustcache_linux_${{ env.ARCH }}
        asset_content_type: application/octet-stream

  build-macos:
    runs-on: macos-11
    strategy:
      matrix:
        arch:
        - x86_64
        - arm64
    env:
      ARCH: ${{ matrix.arch }}
    steps:
    - uses: actions/checkout@v1
      with:
        submodules: recursive

    - name: setup environment
      run: |
        echo "CC=clang -arch ${ARCH} -mmacosx-version-min=10.13" >> $GITHUB_ENV
        echo "CFLAGS=-Os -flto=thin" >> $GITHUB_ENV

    - name: build
      run: |
        make -j$(sysctl -n hw.ncpu) \
          COMMONCRYPTO=1
        strip trustcache

    - uses: actions/upload-artifact@v1
      with:
        name: trustcache_macos_${{ matrix.arch }}
        path: trustcache

    - name: Upload Release Asset Linux
      uses: actions/upload-release-asset@v1
      if: ${{ github.event_name == 'release' }}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        upload_url: ${{ github.event.release.upload_url }}
        asset_path: trustcache
        asset_name: trustcache_macos_${{ matrix.arch }}
        asset_content_type: application/octet-stream