Hi, I have what I think it approaching the final 3 patches attached. I cleaned up the first patch so it just includes the code, makefile, and documentation changes to support AWS-LC. The second patch disables the one FFDH test when HAPRoxy is build with AWS-LC. Finally, the third patch does a few things: 1. Add support to matrix.py to find the latest release of AWS-LC, it would be a one line change to add AWS-LC to build on every push in matrix.py in the future 2. Update matrix.py to have a main function, this looks like a big change but is all whitespace. I did this because I needed a way to get the latest version in aws-lc.yml. I did that by invoking the determine_latest_aws_lc function in the GitHub action, I'm open to other suggestions 3. Add a weekly build of HAProxy with the latest release of AWS-LC with the same schedule as the other weekly jobs: Thursdays at 00:00
You can see an example of the run here [1]. Also, I discovered you can add `workflow_dispatch` to scheduled tasks so you can manually trigger them without having to tweak the cron schedule. [1] https://github.com/andrewhop/haproxy/actions/runs/6044112377 -- Andrew On 8/23/23, 3:14 AM, "William Lallemand" <wlallem...@haproxy.com <mailto:wlallem...@haproxy.com>> wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Hello, On Fri, Aug 18, 2023 at 11:32:17PM +0000, Hopkins, Andrew wrote: > Do you have a preference between 1 and 2? Where does that notification > go if something does break in the future? I prefer that we only do a weekly build for now, we already have too much things in the per push CI. The failures are sent via the github notifications to the maintainers. > I have added a dedicated USE_OPENSSL_AWSLC in the updated > 0001-BUILD-ssl-Build-with-new-cryptographic-library-AWS-LC.patch that > is attached. > I took this as an opportunity to add a few sanity checks > to catch obvious errors when compiling (wrong header files) or during > library startup (wrong libcrypto library). > That's great, thanks. I looks fine to me, but I would be better to split your first patch in 3 patches: - the part for the CI with scripts/build-ssl.sh and .github/matrix.py - the portage of the reg-tests - the Makefile and the .c files > I am going to be out of the office for a week so my response will be > delayed. > Ok, no worries. -- William Lallemand
0003-MINOR-ci-Add-a-weekly-CI-run-with-AWS-LC.patch
Description: 0003-MINOR-ci-Add-a-weekly-CI-run-with-AWS-LC.patch
0002-MINOR-test-skip-ssl_dh-test-when-HAProxy-is-built-wi.patch
Description: 0002-MINOR-test-skip-ssl_dh-test-when-HAProxy-is-built-wi.patch
0001-BUILD-ssl-Build-with-new-cryptographic-library-AWS-L.patch
Description: 0001-BUILD-ssl-Build-with-new-cryptographic-library-AWS-L.patch
