Commit 19d73ef156 for strongswan.org
commit 19d73ef1564986a508b904f25adb9bf05a088862
Author: Tobias Brunner <tobias@strongswan.org>
Date: Tue Apr 21 09:56:18 2026 +0200
github: Move CI for Windows from AppVeyor to GitHub Actions
These are quite a bit faster than on AppVeyor (with ccache about a fifth,
without less than half - and they run concurrently).
We only keep the AppVeyor builds for now to test against those old
OpenSSL versions (1.1.1 and 1.0.2) for which there is still extended
support available. Even simplified like that they still take longer
than the builds on GA.
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 8adce49bd5..958a75e1ca 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -8,7 +8,6 @@ concurrency:
env:
TESTS_REDUCED_KEYLENGTHS: yes
- CCACHE_BASEDIR: ${{ github.workspace }}
CCACHE_COMPRESS: true
CCACHE_MAXSIZE: 200M
# since the compilers are newly installed every time, we have to use this to
@@ -35,6 +34,7 @@ jobs:
matrix:
test: [ win64, win32 ]
env:
+ CCACHE_BASEDIR: ${{ github.workspace }}
OS_NAME: linux
TEST: ${{ matrix.test }}
steps:
@@ -48,7 +48,7 @@ jobs:
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
- ccache -z
+ ccache -sz
- uses: ./.github/actions/default
- run: ccache -s
- if: ${{ failure() }}
@@ -57,3 +57,54 @@ jobs:
name: Logs ${{ github.job }}
path: config.log
retention-days: 5
+
+ native:
+ needs: pre-check
+ if: ${{ needs.pre-check.outputs.should_skip != 'true' }}
+ runs-on: windows-latest
+ strategy:
+ matrix:
+ include:
+ - msystem: mingw64
+ arch: x86_64
+ test: win64
+ - msystem: mingw32
+ arch: i686
+ test: win32
+ env:
+ OS_NAME: windows
+ TEST: ${{ matrix.test }}
+ defaults:
+ run:
+ shell: msys2 {0}
+ steps:
+ - uses: msys2/setup-msys2@v2
+ with:
+ msystem: ${{ matrix.msystem }}
+ - run: git config --global core.autocrlf input
+ shell: bash
+ - uses: actions/checkout@v6
+ - uses: actions/cache@v5
+ with:
+ path: ~\AppData\Local\ccache
+ key: ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.sha }}
+ restore-keys: |
+ ccache-${{ runner.os }}-${{ matrix.test }}-
+ - run: |
+ pacman --noconfirm -S --needed mingw-w64-${{ matrix.arch }}-ccache
+ ccache -sz
+ - run: ./scripts/test.sh deps
+ # GITHUB_ENV doesn't work, so set PATH here
+ - name: Build and run tests
+ run: |
+ PATH=/${{ matrix.msystem }}/lib/ccache/bin:$PATH
+ ./scripts/test.sh
+ # sometimes streaming/threading tests hang completely
+ timeout-minutes: 30
+ - run: ccache -s
+ - if: ${{ failure() }}
+ uses: actions/upload-artifact@v6
+ with:
+ name: Logs ${{ github.job }}
+ path: config.log
+ retention-days: 5
diff --git a/scripts/test.sh b/scripts/test.sh
index 79f8165c87..33c3afc790 100755
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -345,14 +345,9 @@ win*)
--enable-tnccs-20
--enable-pki --enable-swanctl --enable-socket-win
--enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
- # no make check for Windows binaries unless we run on a Windows host
- # building natively is slow, so don't build libimcv to save about 10 minutes
- if test "$APPVEYOR" != "True"; then
- TARGET=
- CONFIG="$CONFIG --enable-imc-attestation --enable-imv-attestation
- --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc"
- else
- CONFIG="$CONFIG --enable-openssl"
+ # on AppVeyor we only build against old OpenSSL versions
+ if test "$APPVEYOR" = "True"; then
+ CONFIG="--disable-defaults --enable-static --enable-pki --enable-openssl --enable-pem --enable-drbg"
CFLAGS="$CFLAGS -I$OPENSSL_DIR/include"
LDFLAGS="-L$OPENSSL_DIR/lib -fuse-ld=lld"
case "$IMG" in
@@ -362,19 +357,40 @@ win*)
;;
esac
export LDFLAGS
+ # no make check for Windows binaries unless we run on a Windows host
+ # building natively is slow, so don't build libimcv to save several minutes
+ elif test "$OS_NAME" != "windows"; then
+ TARGET=
+ CONFIG="$CONFIG --enable-imc-attestation --enable-imv-attestation
+ --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc"
+ DEPS="gcc-mingw-w64-base"
+ case "$TEST" in
+ win64)
+ DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
+ ;;
+ win32)
+ DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
+ ;;
+ esac
+ else
+ CONFIG="$CONFIG --enable-openssl --enable-drbg"
+ DEPS="base-devel git autotools gperf"
+ case "$TEST" in
+ win64)
+ DEPS="$DEPS mingw-w64-x86_64-toolchain"
+ ;;
+ win32)
+ DEPS="$DEPS mingw-w64-i686-toolchain"
+ ;;
+ esac
fi
CFLAGS="$CFLAGS -mno-ms-bitfields"
- DEPS="gcc-mingw-w64-base"
case "$TEST" in
win64)
CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
- DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
- CC="x86_64-w64-mingw32-gcc"
;;
win32)
CONFIG="--host=i686-w64-mingw32 $CONFIG"
- DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
- CC="i686-w64-mingw32-gcc"
;;
esac
;;
@@ -498,6 +514,9 @@ deps)
pkg install -y automake autoconf libtool pkgconf && \
pkg install -y bison flex gperf $DEPS
;;
+ windows)
+ pacman --noconfirm -S --needed $DEPS
+ ;;
esac
exit $?
;;