wolfBoot/.github/workflows/test-wolfhsm-simulator.yml

name: wolfHSM simulator test

on:
  push:
    branches: [ 'master', 'main', 'release/**' ]
  pull_request:
    branches: [ '*' ]
  workflow_dispatch:

jobs:
  wolfhsm_simulator_test:
    # Matrix strategy runs all steps below for each config specified.
    # This allows testing multiple configurations without duplicating the workflow.
    strategy:
      matrix:
        config:
          - name: "Standard wolfHSM"
            file: "config/examples/sim-wolfHSM.config"
          - name: "wolfHSM ML-DSA"
            file: "config/examples/sim-wolfHSM-mldsa.config"
      fail-fast: false

    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: true

      - name: Workaround for sources.list
        run: sudo sed -i 's|http://azure.archive.ubuntu.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/sources.list

      - name: Update repository
        run: sudo apt-get update

      - name: make clean
        run: |
          make distclean          

      - name: Select config (${{ matrix.config.name }})
        run: |
          cp ${{ matrix.config.file }} .config          

      - name: Build tools
        run: |
          make -C tools/keytools && make -C tools/bin-assemble          

      - name: Build wolfboot.elf
        run: |
          make clean && make test-sim-internal-flash-with-update          

      # checkout and build wolfHSM examples repo
      - name: Checkout wolfHSM-examples
        uses: actions/checkout@v4
        with:
          repository: wolfssl/wolfHSM-examples
          path: wolfHSM-examples

      - name: Build example POSIX TCP server
        run: cd wolfHSM-examples/posix/tcp/wh_server_tcp && make WOLFSSL_DIR=../../../../lib/wolfssl WOLFHSM_DIR=../../../../lib/wolfHSM

      # Start the server in the background
      - name: Run POSIX TCP server
        run: |
          cd wolfHSM-examples/posix/tcp/wh_server_tcp
          ./Build/wh_server_tcp.elf --client 12 --id 255 --key ../../../../wolfboot_signing_private_key_pub.der  &
          TCP_SERVER_PID=$!
          echo "TCP_SERVER_PID=$TCP_SERVER_PID" >> $GITHUB_ENV          

      # Run the sunny day update test against the server
      - name: Run sunny day update test
        run: |
          tools/scripts/sim-sunnyday-update.sh          

      # Kill the server if it is still running
      - name: Kill POSIX TCP server
        if: always()
        run: |
          kill $TCP_SERVER_PID || true