enable PKCE by default #230
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Go | |
on: | |
pull_request: | |
paths-ignore: | |
- '**/README.md' | |
jobs: | |
build-linux: | |
strategy: | |
matrix: | |
go-version: [ '1.21.x', '1.22.0-rc.1' ] | |
goos: [linux] | |
ecdsatestuser: [ssh3-ecdsa-testuser] | |
testuser: [ssh3-testuser] | |
testpasswd: [ssh3-testpasswd] | |
ecdsatestpasswd: [ssh3-testpasswd] | |
testuserhome: [/home/ssh3-testuser] | |
ecdsatestuserhome: [/home/ssh3-ecdsatestuser] | |
archparams: [{goarch: amd64, cc: gcc}] #,{goarch: arm64, cc: aarch64-linux-gnu-gcc}] | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '${{matrix.go-version}}' | |
- name: Install dependencies to generate ssh keys and certificates | |
run: sudo apt -y update && sudo apt -y install openssh-client openssl | |
- name: Generate server cert | |
run: pushd / && sudo sh ${{ github.workspace }}/generate_openssl_selfsigned_certificate.sh && popd | |
- name: Generate testuser's SSH key | |
run: sudo ssh-keygen -b 4096 -t rsa -f /testuser_id_rsa -q -N "" | |
- name: Generate testuser's ed25519 SSH key | |
run: sudo ssh-keygen -t ed25519 -f /testuser_id_ed25519 -q -N "" | |
- name: Generate testuser's ecdsa SSH key | |
run: sudo ssh-keygen -t ecdsa -f /testuser_id_ecdsa -q -N "" | |
- name: Generate attacker's SSH key | |
run: sudo ssh-keygen -b 4096 -t rsa -f /attacker_id_rsa -q -N "" | |
- name: Install | |
run: make install | |
- name: Add test user | |
run: sudo useradd -m -d ${{matrix.testuserhome}} -s /bin/bash ${{matrix.testuser}} && echo "${{matrix.testuser}}:${{matrix.testpasswd}}" | sudo chpasswd | |
- name: Add ecdsa test user (should be removed in the future when support for 0.1.5 is removed) | |
run: sudo useradd -m -d ${{matrix.ecdsatestuserhome}} -s /bin/bash ${{matrix.ecdsatestuser}} && echo "${{matrix.ecdsatestuser}}:${{matrix.ecdsatestpasswd}}" | sudo chpasswd | |
- name: Create .ssh3 directory | |
run: sudo su ${{matrix.testuser}} -c 'mkdir -p ${{matrix.testuserhome}}/.ssh ${{matrix.testuserhome}}/.ssh3' | |
- name: Create .ssh3 directory for ecdsatestuser | |
run: sudo su ${{matrix.ecdsatestuser}} -c 'mkdir -p ${{matrix.ecdsatestuserhome}}/.ssh ${{matrix.ecdsatestuserhome}}/.ssh3' | |
- name: Ensure there are no existing .profile or similar files for testuser | |
run: sudo rm -f ${{matrix.testuserhome}}/.profile ${{matrix.testuserhome}}/.bash_profile ${{matrix.testuserhome}}/.bash_login | |
- name: add the attacker's key as commented in testuser's authorzed identities | |
run: echo "#" $(cat attacker_id_rsa.pub) | sudo tee -a ${{matrix.testuserhome}}/.ssh3/authorized_identities | |
- name: Put test public keys in testuser's authorized_identities | |
run: cat /testuser_id_rsa.pub /testuser_id_ed25519.pub | sudo tee -a ${{matrix.testuserhome}}/.ssh3/authorized_identities | |
- name: Put ecdsa public key in ecdsatestuser's authorized_identities (currently needed for retrocompatibility integration tests, ecdsatestuser should be removed in the future) | |
run: cat /testuser_id_ecdsa.pub | sudo tee -a ${{matrix.ecdsatestuserhome}}/.ssh3/authorized_identities | |
- name: log authorized_identities | |
run: cat ${{matrix.testuserhome}}/.ssh3/authorized_identities | |
- name: Integration tests | |
run: sudo -E PATH=$PATH make -e integration-tests | |
env: | |
CERT_PEM: /cert.pem | |
CERT_PRIV_KEY: /priv.key | |
ATTACKER_PRIVKEY: /attacker_id_rsa | |
TESTUSER_PRIVKEY: /testuser_id_rsa | |
TESTUSER_ED25519_PRIVKEY: /testuser_id_ed25519 | |
TESTUSER_ECDSA_PRIVKEY: /testuser_id_ecdsa | |
TESTUSER_USERNAME: ${{matrix.testuser}} | |
ECDSATESTUSER_USERNAME: ${{matrix.ecdsatestuser}} | |
CC: ${{matrix.archparams.cc}} | |
CGO_ENABLED: "1" | |
GOOS: ${{matrix.goos}} | |
GOARCH: ${{matrix.archparams.goarch}} | |
SSH3_INTEGRATION_TESTS_WITH_SERVER_ENABLED: "1" | |
build-macos: | |
strategy: | |
matrix: | |
go-version: [ '1.21.x', '1.22.0-rc.1' ] | |
goos: [darwin] | |
goarch: [amd64,arm64] | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '${{matrix.go-version}}' | |
- name: Install dependencies | |
run: go get ./... | |
- name: Build Binaries | |
run: | |
make -e client && make -e server | |
env: | |
GOOS: ${{matrix.goos}} | |
GOARCH: ${{matrix.goarch}} | |
- name: Classical unit tests | |
if: ${{ matrix.goarch == 'amd64' }} # only actually run the test suite with the architecture of the host | |
run: make -e test | |
env: | |
GOOS: ${{matrix.goos}} | |
GOARCH: ${{matrix.goarch}} | |
build-other-unix: | |
strategy: | |
matrix: | |
go-version: [ '1.21.x', '1.22.0-rc.1' ] | |
goos: [openbsd,freebsd,linux] | |
goarch: [amd64,"386",arm64,arm] | |
exclude: | |
- goos: linux | |
goarch: amd64 | |
- goos: linux | |
goarch: arm64 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '${{matrix.go-version}}' | |
- name: Install dependencies | |
run: go get ./... | |
- name: Fmt code | |
run: | | |
go fmt ./... | |
git diff --exit-code | |
- name: Build Binaries | |
run: | |
make -e client && make -e server | |
env: | |
GOOS: ${{matrix.goos}} | |
GOARCH: ${{matrix.goarch}} | |
GO_TAGS: disable_password_auth |