name: WolfTPM Build Tests

on:
  push:
    branches: [ 'master', 'main', 'release/**' ]
  pull_request:
    branches: [ '*' ]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
# pull wolfTPM
    - uses: actions/checkout@master

# setup wolfssl
    - uses: actions/checkout@master
      with:
        repository: wolfssl/wolfssl
        path: wolfssl
    - name: wolfssl autogen
      working-directory: ./wolfssl
      run: ./autogen.sh
    - name: wolfssl configure
      working-directory: ./wolfssl
      run: ./configure --enable-wolftpm --enable-pkcallbacks
    - name: wolfssl make install
      working-directory: ./wolfssl
      run: |
        make
        sudo make install

# setup ibmswtpm2
    - uses: actions/checkout@master
      with:
        repository: kgoldman/ibmswtpm2
        path: ibmswtpm2
    - name: ibmswtpm2 make
      working-directory: ./ibmswtpm2/src
      run: |
          make
          ./tpm_server &

# setup and test defaults (with simulator)
    - name: autogen
      run: ./autogen.sh
    - name: configure
      run: ./configure --enable-swtpm
    - name: make
      run: make
    - name: make check
      run: |
        make check
        WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh
    - name: make install
      run: sudo make install
    - name: make dist
      run: make dist

# build and test CSharp wrapper
    - name: Install mono
      run: |
        sudo apt-get install -y mono-mcs mono-tools-devel nunit nunit-console
    - name: Build CSharp wrapper
      working-directory: ./wrapper/CSharp
      run: |
        mcs wolfTPM.cs wolfTPM-tests.cs -r:/usr/lib/cli/nunit.framework-2.6.3/nunit.framework.dll -t:library
    - name: Run self test
      working-directory: ./wrapper/CSharp
      run: |
        LD_LIBRARY_PATH=../../src/.libs/:../../wolfssl/src/.libs/ nunit-console wolfTPM.dll -run=tpm_csharp_test.WolfTPMTest.TrySelfTest
    - name: Run unit tests
      working-directory: ./wrapper/CSharp
      run: |
        LD_LIBRARY_PATH=../../src/.libs/:../../wolfssl/src/.libs/ nunit-console wolfTPM.dll

# test no wolfcrypt
    - name: configure no wolfCrypt
      run: ./configure --enable-swtpm --disable-wolfcrypt
    - name: make no wolfCrypt
      run: make
    - name: make check no wolfCrypt
      run: |
        make check
        WOLFSSL_PATH=./wolfssl WOLFCRYPT_ENABLE=0 ./examples/run_examples.sh

# test no wrapper
    - name: configure no wrapper
      run: ./configure --enable-swtpm --disable-wrapper
    - name: make no wrapper
      run: make
    - name: make check no wrapper
      run: ./examples/native/native_test

# test small stack
    - name: configure smallstack
      run: ./configure --enable-swtpm --enable-smallstack
    - name: make smallstack
      run: make
    - name: make check smallstack
      run: |
        make check
        WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh

# test tislock
    - name: configure tislock
      run: ./configure --enable-tislock
    - name: make tislock
      run: make

# build debug
    - name: configure debug
      run: ./configure --enable-debug
    - name: make debug
      run: make

# build verbose
    - name: configure debug verbose
      run: ./configure --enable-debug=verbose
    - name: make debug verbose
      run: make

# build io
    - name: configure debug io
      run: ./configure --enable-debug=io CFLAGS="-DWOLFTPM_DEBUG_TIMEOUT"
    - name: make debug io
      run: make

# build advio
    - name: configure advio
      run: ./configure --enable-advio
    - name: make debug io
      run: make

# build pedantic
    - name: configure pedantic
      run: ./configure CFLAGS="-Wpedantic"
    - name: make pedantic
      run: make

# build not provisioning
    - name: configure not provisioning
      run: ./configure --disable-provisioning
    - name: make not provisioning
      run: make

# test without ECC
    - name: wolfssl no ECC
      working-directory: ./wolfssl
      run: |
        ./configure --enable-wolftpm --disable-ecc
        make
        sudo make install
    - name: wolftpm no ECC
      run: |
        ./configure --enable-swtpm
        make
        make check
        WOLFSSL_PATH=./wolfssl WOLFCRYPT_ECC=0 ./examples/run_examples.sh

# test without RSA
    - name: wolfssl no RSA
      working-directory: ./wolfssl
      run: |
        ./configure --enable-wolftpm --disable-rsa
        make
        sudo make install
    - name: wolftpm no RSA
      run: |
        ./configure --enable-swtpm
        make
        make check
        WOLFSSL_PATH=./wolfssl WOLFCRYPT_RSA=0 ./examples/run_examples.sh

# test with default configure (no AES CFB, no PKCS7, no crpyto cb, no cert gen)
    - name: wolfssl default configure
      working-directory: ./wolfssl
      run: |
        ./configure CFLAGS="-DWOLFSSL_PUBLIC_MP"
        make
        sudo make install
    - name: wolftpm default configure
      run: |
        ./configure --enable-swtpm
        make
        make check
        WOLFSSL_PATH=./wolfssl WOLFCRYPT_DEFAULT=1 ./examples/run_examples.sh

# test with no filesystem / threading
    - name: wolfssl no filesystem
      working-directory: ./wolfssl
      run: |
        ./configure --enable-wolftpm --disable-filesystem --enable-singlethreaded
        make
        sudo make install
    - name: wolftpm no filesystem
      run: |
        ./configure --enable-swtpm
        make
        make check
        WOLFSSL_PATH=./wolfssl NO_FILESYSTEM=1 ./examples/run_examples.sh

# capture logs on failure
    - name: Upload failure logs
      if: failure()
      uses: actions/upload-artifact@v4
      with:
        name: wolftpm-test-logs
        path: |
          run.out
          test-suite.log
        retention-days: 5