1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
name: CI
# For testing, you can set variables in your repo (Repo -> Settings ->
# Security -> Actions -> Variables) to restrict the tests that are run.
# The supported variables are:
#
# RUN_ONLY_TARGET_CONFIG: Run only the single matching target and config,
# separated by spaces, eg "ubuntu-latest default". All other tests will
# fail immediately.
#
# LTESTS: Override the set of tests run.
on:
push:
paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/*.sh', '.github/workflows/c-cpp.yml' ]
pull_request:
paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/*.sh', '.github/workflows/c-cpp.yml' ]
jobs:
ci:
name: "${{ matrix.target }} ${{ matrix.config }}"
if: github.repository != 'openssh/openssh-portable-selfhosted'
strategy:
fail-fast: false
matrix:
# First we test all OSes in the default configuration.
target:
- ubuntu-22.04
- ubuntu-latest
- ubuntu-22.04-arm
- ubuntu-24.04-arm
- macos-13
- macos-14
- macos-15
- windows-2022
- windows-2025
config: [default]
# Then we include any extra configs we want to test for specific VMs.
# Valgrind slows things down quite a bit, so start them first.
include:
- { target: windows-2022, config: cygwin-release }
- { target: windows-2025, config: cygwin-release }
- { target: ubuntu-22.04, config: c89 }
- { target: ubuntu-22.04, config: clang-11 }
- { target: ubuntu-22.04, config: clang-12-Werror }
- { target: ubuntu-22.04, config: clang-14 }
- { target: ubuntu-22.04, config: clang-sanitize-address }
- { target: ubuntu-22.04, config: clang-sanitize-undefined }
- { target: ubuntu-22.04, config: gcc-9 }
- { target: ubuntu-22.04, config: gcc-11-Werror }
- { target: ubuntu-22.04, config: gcc-12-Werror }
- { target: ubuntu-22.04, config: gcc-sanitize-address }
- { target: ubuntu-22.04, config: gcc-sanitize-undefined }
- { target: ubuntu-22.04, config: hardenedmalloc }
- { target: ubuntu-22.04, config: heimdal }
- { target: ubuntu-22.04, config: kitchensink }
- { target: ubuntu-22.04, config: krb5 }
- { target: ubuntu-22.04, config: libedit }
- { target: ubuntu-22.04, config: pam }
- { target: ubuntu-22.04, config: selinux }
- { target: ubuntu-22.04, config: sk }
- { target: ubuntu-22.04, config: valgrind-1 }
- { target: ubuntu-22.04, config: valgrind-2 }
- { target: ubuntu-22.04, config: valgrind-3 }
- { target: ubuntu-22.04, config: valgrind-4 }
- { target: ubuntu-22.04, config: valgrind-unit }
- { target: ubuntu-22.04, config: without-openssl }
- { target: ubuntu-latest, config: gcc-14 }
- { target: ubuntu-latest, config: clang-15 }
- { target: ubuntu-latest, config: clang-19 }
- { target: ubuntu-latest, config: boringssl }
- { target: ubuntu-latest, config: aws-lc }
- { target: ubuntu-latest, config: libressl-master }
- { target: ubuntu-latest, config: libressl-3.2.7 }
- { target: ubuntu-latest, config: libressl-3.3.6 }
- { target: ubuntu-latest, config: libressl-3.4.3 }
- { target: ubuntu-latest, config: libressl-3.5.4 }
- { target: ubuntu-latest, config: libressl-3.6.3 }
- { target: ubuntu-latest, config: libressl-3.7.3 }
- { target: ubuntu-latest, config: libressl-3.8.4 }
- { target: ubuntu-latest, config: libressl-3.9.2 }
- { target: ubuntu-latest, config: libressl-4.0.0 }
- { target: ubuntu-latest, config: libressl-4.1.0 }
- { target: ubuntu-latest, config: openssl-master }
- { target: ubuntu-latest, config: openssl-noec }
- { target: ubuntu-latest, config: openssl-1.1.1 }
- { target: ubuntu-latest, config: openssl-1.1.1t }
- { target: ubuntu-latest, config: openssl-1.1.1w }
- { target: ubuntu-latest, config: openssl-3.0.0 }
- { target: ubuntu-latest, config: openssl-3.0.18 }
- { target: ubuntu-latest, config: openssl-3.1.0 }
- { target: ubuntu-latest, config: openssl-3.1.8 }
- { target: ubuntu-latest, config: openssl-3.2.6 }
- { target: ubuntu-latest, config: openssl-3.3.5 }
- { target: ubuntu-latest, config: openssl-3.4.0 }
- { target: ubuntu-latest, config: openssl-3.4.3 }
- { target: ubuntu-latest, config: openssl-3.5.0 }
- { target: ubuntu-latest, config: openssl-3.5.3 } # keep
- { target: ubuntu-latest, config: openssl-3.5.4 }
- { target: ubuntu-latest, config: openssl-1.1.1_stable }
- { target: ubuntu-latest, config: openssl-3.0 } # stable branch
- { target: ubuntu-latest, config: openssl-3.1 } # stable branch
- { target: ubuntu-latest, config: openssl-3.2 } # stable branch
- { target: ubuntu-latest, config: openssl-3.3 } # stable branch
- { target: ubuntu-latest, config: openssl-3.4 } # stable branch
- { target: ubuntu-latest, config: openssl-3.5 } # stable branch
- { target: ubuntu-latest, config: openssl-3.6 } # stable branch
- { target: ubuntu-latest, config: putty-versions }
- { target: ubuntu-latest, config: zlib-develop }
- { target: ubuntu-latest, config: tcmalloc }
- { target: ubuntu-latest, config: musl }
- { target: ubuntu-22.04-arm, config: kitchensink }
- { target: ubuntu-24.04-arm, config: kitchensink }
- { target: macos-13, config: pam }
- { target: macos-14, config: pam }
- { target: macos-15, config: pam }
runs-on: ${{ matrix.target }}
env:
EPHEMERAL_VM: yes
steps:
- name: check RUN_ONLY_TARGET_CONFIG
if: vars.RUN_ONLY_TARGET_CONFIG != ''
run: sh -c 'if [ "${{ vars.RUN_ONLY_TARGET_CONFIG }}" != "${{ matrix.target }} ${{matrix.config }}" ]; then exit 1; else exit 0; fi'
- name: set cygwin git params
if: ${{ startsWith(matrix.target, 'windows') }}
run: git config --global core.autocrlf input
- name: install cygwin
id: cygwin_install
if: ${{ startsWith(matrix.target, 'windows') }}
uses: cygwin/cygwin-install-action@master
env:
CYGWIN: "winsymlinks:native"
- uses: actions/checkout@main
- name: setup CI system
run: sh ./.github/setup_ci.sh ${{ matrix.config }} ${{ matrix.target }}
env:
CYGWIN_SETUP: ${{ steps.cygwin_install.outputs.setup }}
- name: autoreconf
run: sh -c autoreconf
- name: configure
run: sh ./.github/configure.sh ${{ matrix.config }}
- name: save config
uses: actions/upload-artifact@main
with:
name: ${{ matrix.target }}-${{ matrix.config }}-config
path: config.h
- name: make clean
run: make clean
- name: make
run: make
- name: make tests
run: sh ./.github/run_test.sh ${{ matrix.config }}
env:
TEST_SSH_UNSAFE_PERMISSIONS: 1
TEST_SSH_HOSTBASED_AUTH: yes
LTESTS: ${{ vars.LTESTS }}
- name: test OpenSSL3 ABI compatibility
if: ${{ startsWith(matrix.config, 'openssl-3') }}
run: |
sh .github/install_libcrypto.sh -a ${{ matrix.config }} /opt/openssl
sh .github/run_test.sh ${{ matrix.config }}
- name: show logs
if: failure()
run: for i in regress/failed*.log; do echo ====; echo logfile $i; echo =====; cat $i; done
- name: chown logs
if: failure()
run: test -x "$(which sudo 2>&1)" && sudo chown -R "${LOGNAME}" regress
- name: save logs
if: failure()
uses: actions/upload-artifact@main
with:
name: ${{ matrix.target }}-${{ matrix.config }}-logs
path: |
config.h
config.log
regress/
|
