name: ATECC608 simulator test # START OF COMMON SECTION on: push: branches: [ 'master', 'main', 'release/**' ] pull_request: branches: [ '*' ] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true # END OF COMMON SECTION # Build the ATECC608 software simulator (https://github.com/wolfSSL/simulators, # ATECC608Sim/ subdirectory), build wolfSSL against cryptoauthlib + the # simulator's TCP HAL, and run the wolfCrypt ATECC608 test binary against the # simulator. # # The simulator's own Dockerfile.wolfcrypt clones a pinned wolfSSL release. # We patch it to COPY the PR checkout instead so CI reflects the PR's source. # We also strip the inline test.c patch RUN block and the older atmel.c config # copy hotfix: both now live upstream in this tree, so re-applying them would # fail with "patch target not found". The atmel_set_slot_allocator visibility # patch remains because the simulator harness still depends on that exported # symbol. env: SIMULATORS_REF: 773fe70 jobs: atecc608_sim: name: wolfCrypt against ATECC608 simulator if: github.repository_owner == 'wolfssl' runs-on: ubuntu-24.04 timeout-minutes: 30 steps: - name: Checkout wolfSSL (PR source) uses: actions/checkout@v4 with: path: wolfssl-src - name: Clone ATECC608 simulator run: | git clone https://github.com/wolfSSL/simulators simulators cd simulators && git checkout "$SIMULATORS_REF" - name: Stage PR wolfSSL into simulator build context run: mv wolfssl-src simulators/ATECC608Sim/wolfssl - name: Patch Dockerfile to use PR wolfSSL and drop redundant source patches working-directory: simulators/ATECC608Sim run: | # Replace the (multi-line) `RUN git clone ... wolfssl.git /app/wolfssl` # with a COPY of the PR checkout so CI tests the PR's source. sed -i '/^RUN git clone --branch v5\.9\.1-stable/,/wolfssl\.git \/app\/wolfssl$/c\ COPY wolfssl /app/wolfssl' Dockerfile.wolfcrypt # Fail fast if the pattern drifted upstream -- better a clear error # than a CI run that silently tests a stale release. grep -q '^ *COPY wolfssl /app/wolfssl$' Dockerfile.wolfcrypt ! grep -q 'git clone .*wolfssl\.git' Dockerfile.wolfcrypt sed -i "/^# wolfSSL's wolfCrypt_ATECC_SetConfig only copies I2C-specific fields from$/,/^ grep -q 'XMEMCPY(&cfg_ateccx08a_i2c_pi, cfg' \\/app\\/wolfssl\\/wolfcrypt\\/src\\/port\\/atmel\\/atmel\\.c$/d" Dockerfile.wolfcrypt ! grep -q "cfg_ateccx08a_i2c_pi" Dockerfile.wolfcrypt # Strip the inline test.c patch RUN block -- those guard fixes now # live upstream in this tree. sed -i "/^RUN python3 - <<'PY'$/,/^PY$/d" Dockerfile.wolfcrypt ! grep -q "RUN python3 - <<'PY'" Dockerfile.wolfcrypt # The simulator Dockerfile predates the new configure contract where # --with-cryptoauthlib must be paired with --enable-microchip=. sed -i 's/--with-cryptoauthlib=\/usr \\/--enable-microchip=608 \\\n --with-cryptoauthlib=\/usr \\/' Dockerfile.wolfcrypt grep -q -- '--enable-microchip=608' Dockerfile.wolfcrypt - uses: docker/setup-buildx-action@v3 - name: Build wolfCrypt-ATECC608 test image uses: docker/build-push-action@v5 with: context: simulators/ATECC608Sim file: simulators/ATECC608Sim/Dockerfile.wolfcrypt push: false load: true tags: wolfssl-atecc608-sim:ci cache-from: type=gha cache-to: type=gha,mode=max - name: Run wolfCrypt tests against simulator run: docker run --rm wolfssl-atecc608-sim:ci