strongswan/.github/workflows/tkm.yml

name: TKM

on: [push, pull_request]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

env:
  CCACHE_DIR: ${{ github.workspace }}/.ccache
  CCACHE_CONTAINER: /root/.ccache
  CCACHE_COMPILERCHECK: content
  CCACHE_COMPRESS: true
  CCACHE_MAXSIZE: 200M

jobs:
  pre-check:
    runs-on: ubuntu-latest
    outputs:
      should_skip: ${{ steps.skip-check.outputs.should_skip }}
    steps:
      - id: skip-check
        uses: fkirc/skip-duplicate-actions@master
        with:
          concurrent_skipping: 'same_content_newer'

  tkm:
    needs: pre-check
    if: ${{ needs.pre-check.outputs.should_skip != 'true' }}
    runs-on: ubuntu-latest
    env:
      TEST: tkm
    steps:
      - uses: actions/checkout@v4
      - uses: actions/cache@v4
        with:
          path: ${{ env.CCACHE_DIR }}
          key: ccache-tkm-${{ github.sha }}
          restore-keys: |
            ccache-tkm-
      - name: Build Docker Image
        run: docker build -t strongswan-tkm -f testing/tkm/Dockerfile testing
      - name: Run Tests in Container
        uses: addnab/docker-run-action@v3
        with:
          image: strongswan-tkm
          shell: bash
          options: |
            --cap-add net_admin
            -v ${{ github.workspace }}:/strongswan
            -v ${{ env.CCACHE_DIR }}:${{ env.CCACHE_CONTAINER }}
            -e CCACHE_DIR=${{ env.CCACHE_CONTAINER }}
            -e CCACHE_COMPILERCHECK
            -e CCACHE_COMPRESS
            -e CCACHE_MAXSIZE
          run: |
            ccache -z
            autoreconf -i /strongswan || exit 1
            CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror" \
            /strongswan/configure --disable-defaults --enable-silent-rules \
              --enable-ikev2 --enable-kernel-netlink --enable-pem --enable-pkcs1 \
              --enable-random --enable-sha1 --enable-socket-default --enable-swanctl \
              --enable-tkm --enable-x509 || exit 1
            # run tests without TKM first
            make -j check TESTS_RUNNERS=tkm || exit 1

            # generate TKM config
            /usr/local/share/tkm/generate-config.sh

            # start TKM in the background
            tkm_keymanager -c tkm.conf -k key.der -r ca.der:1 >/tmp/tkm.log &
            # run the tests against TKM and get TKM log
            make -j check TESTS_RUNNERS=tkm TESTS_TKM=1 || exit 1
            cat /tmp/tkm.log
            ccache -s