[openssl] master update

Dr. Paul Dale pauli at openssl.org
Wed May 19 03:09:02 UTC 2021 

The branch master has been updated
       via  753f1f24ac18e31eb6feaa9bde752f57a7bde9e7 (commit)
       via  a51ccd5be7cef0cb668a5ec98c491676db7714f4 (commit)
      from  47c88d453eabdf169861e984a0d5400b06b6d32b (commit)


- Log -----------------------------------------------------------------
commit 753f1f24ac18e31eb6feaa9bde752f57a7bde9e7
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 17 19:00:13 2021 +0200

    Avoid failing label removal if label is not there
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15309)

commit a51ccd5be7cef0cb668a5ec98c491676db7714f4
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 17 12:20:54 2021 +0200

    Separate FIPS checksum and labelling into different workflows
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15309)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/fips-checksums.yml | 60 ++++++++++++++++++++++++++++++++++++
 .github/workflows/fips-label.yml     | 48 +++++++++++++++++++++++++++++
 2 files changed, 108 insertions(+)
 create mode 100644 .github/workflows/fips-checksums.yml
 create mode 100644 .github/workflows/fips-label.yml

diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml
new file mode 100644
index 0000000000..973778b62f
--- /dev/null
+++ b/.github/workflows/fips-checksums.yml
@@ -0,0 +1,60 @@
+name: FIPS Checksums
+on: [pull_request]
+
+jobs:
+  compute-checksums:
+    runs-on: ubuntu-latest
+    steps:
+      - name: install unifdef
+        run: |
+            sudo apt-get update
+            sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
+      - uses: actions/checkout at v2
+        with:
+          ref: ${{ github.event.pull_request.base.sha }}
+      - name: create build dirs
+        run: |
+          mkdir ./build-pristine
+          mkdir ./build
+          mkdir ./empty
+          touch ./empty/placeholder
+      - name: config pristine
+        run: ../config enable-fips && perl configdata.pm --dump
+        working-directory: ./build-pristine
+      - name: make build_generated pristine
+        run: make -s build_generated
+        working-directory: ./build-pristine
+      - name: make fips-checksums pristine
+        run: make fips-checksums
+        working-directory: ./build-pristine
+      - uses: actions/checkout at v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          clean: false
+      - name: config
+        run: ../config enable-fips && perl configdata.pm --dump
+        working-directory: ./build
+      - name: make build_generated
+        run: make -s build_generated
+        working-directory: ./build
+      - name: make fips-checksums
+        run: make fips-checksums
+        working-directory: ./build
+      - name: update checksums pristine
+        run: touch providers/fips.checksum.new && make update-fips-checksums
+        working-directory: ./build-pristine
+      - name: make diff-fips-checksums
+        run: make diff-fips-checksums && echo "fips_unchanged=1" >> $GITHUB_ENV || echo "fips_changed=1" >> $GITHUB_ENV
+        working-directory: ./build
+      - name: save artifact fips_changed
+        if: ${{ env.fips_changed }}
+        uses: actions/upload-artifact at v2
+        with:
+          name: fips_changed
+          path: empty/
+      - name: save artifact fips_unchanged
+        if: ${{ env.fips_unchanged }}
+        uses: actions/upload-artifact at v2
+        with:
+          name: fips_unchanged
+          path: empty/
diff --git a/.github/workflows/fips-label.yml b/.github/workflows/fips-label.yml
new file mode 100644
index 0000000000..536b227260
--- /dev/null
+++ b/.github/workflows/fips-label.yml
@@ -0,0 +1,48 @@
+name: FIPS Changed Label
+on:
+  workflow_run:
+    workflows: ["FIPS Checksums"]
+    types:
+      - completed
+
+jobs:
+  apply-label:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.event == 'pull_request' }}
+    steps:
+      - name: 'Check artifact and apply'
+        if: ${{ github.event.workflow_run.conclusion == 'success' }}
+        uses: actions/github-script at v4
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: ${{ github.event.workflow_run.id }},
+            });
+            if ( artifacts.data.artifacts[0].name == 'fips_changed' ) {
+              github.issues.addLabels({
+                issue_number: ${{ github.event.workflow_run.pull_requests[0].number }},
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                labels: ['severity: fips change']
+              });
+            } else if ( artifacts.data.artifacts[0].name == 'fips_unchanged' ) {
+              var labels = await github.issues.listLabelsOnIssue({
+                issue_number: ${{ github.event.workflow_run.pull_requests[0].number }},
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+              });
+
+              for ( var label in labels.data ) {
+                if (labels.data[label].name == 'severity: fips change') {
+                  github.issues.removeLabel({
+                    issue_number: ${{ github.event.workflow_run.pull_requests[0].number }},
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    name: 'severity: fips change'
+                  });
+                }
+              }
+            }

More information about the openssl-commits mailing list