From cb15bf572321b8db5f8ae530e1710aefa0252b52 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 21 Oct 2025 11:12:41 -0700 Subject: [PATCH 1/7] Set max-parallel 12 to address runner concurrency saturation, cleanup --- .github/workflows/test-library.yml | 35 ++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml index 2f05f1ff51..67f49841f3 100644 --- a/.github/workflows/test-library.yml +++ b/.github/workflows/test-library.yml @@ -8,20 +8,36 @@ on: jobs: test-lib: + # If jobs cancel, consider pinning to ubuntu-24.04 + # The ubuntu-latest alias can point to different images during migrations (and sometimes be extra busy), + # while ubuntu-24.04 always targets the 24.04 poo runs-on: ubuntu-latest + + # The timeout is run time after a runner starts, not time in queue timeout-minutes: 15 + concurrency: + # Avoid duplicate runs on the same ref + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + strategy: fail-fast: false + + # Limit concurrent jobs for scheduling problem on GitHub's hosted runner pool. + max-parallel: 12 + matrix: - math: [SPMATH=1 WOLFBOOT_SMALL_STACK=0, - SPMATH=1 WOLFBOOT_SMALL_STACK=1, - SPMATHALL=1 WOLFBOOT_SMALL_STACK=0, - SPMATHALL=1 WOLFBOOT_SMALL_STACK=1, - SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=0, - SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=1] + math: + - "SPMATH=1 WOLFBOOT_SMALL_STACK=0" + - "SPMATH=1 WOLFBOOT_SMALL_STACK=1" + - "SPMATHALL=1 WOLFBOOT_SMALL_STACK=0" + - "SPMATHALL=1 WOLFBOOT_SMALL_STACK=1" + - "SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=0" + - "SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=1" asym: [ed25519, ecc256, ecc384, ecc521, rsa2048, rsa3072, rsa4096, ed448] hash: [sha256, sha384, sha3] + steps: - uses: actions/checkout@v4 with: @@ -35,14 +51,15 @@ jobs: env: ASYM: ${{ matrix.asym }} HASH: ${{ matrix.hash }} + MATH: ${{ matrix.math }} run: | cp config/examples/library.config .config make keytools - ./tools/keytools/keygen --${{ matrix.asym }} -g wolfboot_signing_private_key.der + ./tools/keytools/keygen --${ASYM} -g wolfboot_signing_private_key.der echo "Test" > test.bin - ./tools/keytools/sign --${{ matrix.asym }} --${{ matrix.hash }} test.bin wolfboot_signing_private_key.der 1 + ./tools/keytools/sign --${ASYM} --${HASH} test.bin wolfboot_signing_private_key.der 1 # Convert asym and hash to upper case - make test-lib SIGN=${ASYM^^} HASH=${HASH^^} + make test-lib SIGN=${ASYM^^} HASH=${HASH^^} ${MATH} - name: Run test-lib run: | From 324907bf4be7a1c3d94554558ea455dc9d2719b9 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 21 Oct 2025 11:43:54 -0700 Subject: [PATCH 2/7] Do not cancel in-progress group --- .github/workflows/test-library.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml index 67f49841f3..6244c57c36 100644 --- a/.github/workflows/test-library.yml +++ b/.github/workflows/test-library.yml @@ -19,7 +19,7 @@ jobs: concurrency: # Avoid duplicate runs on the same ref group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true + cancel-in-progress: false strategy: fail-fast: false From 40575cb7c5543c4909529634aac998a274d5ef4e Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 21 Oct 2025 11:52:57 -0700 Subject: [PATCH 3/7] Expand concurrency definition --- .github/workflows/test-library.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml index 6244c57c36..2f00c24326 100644 --- a/.github/workflows/test-library.yml +++ b/.github/workflows/test-library.yml @@ -18,7 +18,7 @@ jobs: concurrency: # Avoid duplicate runs on the same ref - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.head.sha || github.sha }} cancel-in-progress: false strategy: From a978c953c26144f8cfd82aa7b1e7f20371b3bc8b Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 21 Oct 2025 12:03:34 -0700 Subject: [PATCH 4/7] Remove concurrency --- .github/workflows/test-library.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml index 2f00c24326..28955914e8 100644 --- a/.github/workflows/test-library.yml +++ b/.github/workflows/test-library.yml @@ -16,11 +16,6 @@ jobs: # The timeout is run time after a runner starts, not time in queue timeout-minutes: 15 - concurrency: - # Avoid duplicate runs on the same ref - group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.head.sha || github.sha }} - cancel-in-progress: false - strategy: fail-fast: false From 55713b09c34c4d52167191d95526c2cab76b47dd Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 21 Oct 2025 12:40:34 -0700 Subject: [PATCH 5/7] Retry with WOLFBOOT_HUGE_STACK=1 as needed --- .github/workflows/test-library.yml | 34 +++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml index 28955914e8..09b16ba02e 100644 --- a/.github/workflows/test-library.yml +++ b/.github/workflows/test-library.yml @@ -10,7 +10,7 @@ jobs: test-lib: # If jobs cancel, consider pinning to ubuntu-24.04 # The ubuntu-latest alias can point to different images during migrations (and sometimes be extra busy), - # while ubuntu-24.04 always targets the 24.04 poo + # while ubuntu-24.04 always targets the 24.04 pool runs-on: ubuntu-latest # The timeout is run time after a runner starts, not time in queue @@ -44,17 +44,45 @@ jobs: - name: Build test-lib env: + shell: bash ASYM: ${{ matrix.asym }} HASH: ${{ matrix.hash }} MATH: ${{ matrix.math }} run: | + # Sample build + build_once() { + # Convert asym and hash to upper case, optionally add additional param + make -j test-lib SIGN=${ASYM^^} HASH=${HASH^^} ${MATH} "$@" + } + + set -euo pipefail + + # Get the reference config cp config/examples/library.config .config + + # Keytools make keytools ./tools/keytools/keygen --${ASYM} -g wolfboot_signing_private_key.der + + # Sign echo "Test" > test.bin ./tools/keytools/sign --${ASYM} --${HASH} test.bin wolfboot_signing_private_key.der 1 - # Convert asym and hash to upper case - make test-lib SIGN=${ASYM^^} HASH=${HASH^^} ${MATH} + + # First attempt + if build_once >build.out 2>build.err; then + echo "Success on first attempt" + exit 0 + fi + + # If it failed due to the TFM huge stack guard, retry with the flag + if grep -q 'TFM will allocate 70\+ KB in the stack' build.err; then + echo "Retrying with WOLFBOOT_HUGE_STACK=1 due to TFM stack requirement" + build_once WOLFBOOT_HUGE_STACK=1 + else + echo "Build failed for another reason:" + cat build.err + exit 1 + fi - name: Run test-lib run: | From a32278a2758aeac96a1d4874ca1dca426d9dea87 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 21 Oct 2025 12:59:14 -0700 Subject: [PATCH 6/7] Different stack detection message --- .github/workflows/test-library.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml index 09b16ba02e..069a68a279 100644 --- a/.github/workflows/test-library.yml +++ b/.github/workflows/test-library.yml @@ -75,7 +75,7 @@ jobs: fi # If it failed due to the TFM huge stack guard, retry with the flag - if grep -q 'TFM will allocate 70\+ KB in the stack' build.err; then + if grep -q 'If this is OK, please compile with WOLFBOOT_HUGE_STACK=1' build.err; then echo "Retrying with WOLFBOOT_HUGE_STACK=1 due to TFM stack requirement" build_once WOLFBOOT_HUGE_STACK=1 else From 4ad3103f1cebac75959d9d02abfd280831cacb59 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Tue, 21 Oct 2025 13:36:28 -0700 Subject: [PATCH 7/7] Exclude some known failures SPMATH WOLFBOOT_SMALL_STACK --- .github/workflows/test-library.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml index 069a68a279..2b9323f232 100644 --- a/.github/workflows/test-library.yml +++ b/.github/workflows/test-library.yml @@ -33,6 +33,11 @@ jobs: asym: [ed25519, ecc256, ecc384, ecc521, rsa2048, rsa3072, rsa4096, ed448] hash: [sha256, sha384, sha3] + # See https://github.com/wolfSSL/wolfBoot/issues/614 regarding exclusions: + exclude: + - math: "SPMATH=1 WOLFBOOT_SMALL_STACK=1" + - math: "SPMATHALL=1 WOLFBOOT_SMALL_STACK=1" + steps: - uses: actions/checkout@v4 with: @@ -70,13 +75,18 @@ jobs: # First attempt if build_once >build.out 2>build.err; then - echo "Success on first attempt" + echo "Success on first attempt, WOLFBOOT_HUGE_STACK not applied." exit 0 fi # If it failed due to the TFM huge stack guard, retry with the flag - if grep -q 'If this is OK, please compile with WOLFBOOT_HUGE_STACK=1' build.err; then - echo "Retrying with WOLFBOOT_HUGE_STACK=1 due to TFM stack requirement" + if grep -Fq 'If this is OK, please compile with WOLFBOOT_HUGE_STACK=1' build.err; then + echo "Retrying with WOLFBOOT_HUGE_STACK=1 due to stack requirement error." + + # Always print the entire message + grep -Fn 'If this is OK, please compile with WOLFBOOT_HUGE_STACK=1' build.err || true + + # Try again with huge stack allowed build_once WOLFBOOT_HUGE_STACK=1 else echo "Build failed for another reason:"