From d13d060cac41f9e7bd6642d8ac32799d3c32191c Mon Sep 17 00:00:00 2001 From: David Kirov Date: Tue, 3 Dec 2024 11:36:56 +0100 Subject: [PATCH] Add FIPS workflow file --- .github/workflows/pr.yml | 5 +-- .github/workflows/test-fips.yml | 64 +++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/test-fips.yml diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 7d11bfae7ff43d..c9ee33d9c1a899 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -18,7 +18,8 @@ concurrency: jobs: test: - uses: ./.github/workflows/pr-test.yml + uses: ./.github/workflows/test-fips.yml with: - repo: core + platform: linux + runner: '["ubuntu-22.04"]' secrets: inherit diff --git a/.github/workflows/test-fips.yml b/.github/workflows/test-fips.yml new file mode 100644 index 00000000000000..ed3d08166a8ef8 --- /dev/null +++ b/.github/workflows/test-fips.yml @@ -0,0 +1,64 @@ +name: Test FIPS + +on: + workflow_call: + inputs: + platform: + required: true + type: string + runner: + required: true + type: string + +defaults: + run: + shell: bash + +jobs: + run: + name: FIPS test on "${{ inputs.platform }}" + runs-on: ${{ fromJson(inputs.runner) }} + + env: + FORCE_COLOR: "1" + DEBIAN_FRONTEND: "noninteractive" + LD_LIBRARY_PATH: /usr/local/lib + OPENSSL_CONF: /usr/local/ssl/openssl.cnf + OPENSSL_FIPS: 1 + PYTHON_VERSION: "3.12" + + steps: + + - uses: actions/checkout@v4 + + - name: Set up Python ${{ env.PYTHON_VERSION }} + uses: actions/setup-python@v5 + with: + python-version: "${{ env.PYTHON_VERSION }}" + cache: 'pip' + + - name: Install packages + run: | + sudo apt-get update && \ + sudo apt-get install -y --no-install-recommends \ + wget \ + gcc+ \ + make \ + linux-libc-dev \ + libc6-dev \ + perl \ + cargo \ + python3-dev && \ + sudo apt-get clean && \ + + - name: Install OpenSSL + run: | + wget https://www.openssl.org/source/openssl-3.0.0.tar.gz \ + && tar -xvzf openssl-3.0.0.tar.gz \ + && cd openssl-3.0.0 \ + && ./Configure enable-fips \ + && make \ + && make install + + - name: Install Cryptography + run: pip install cryptography