.circleci/config.yml

version: 2.1

parameters:
  run_downstream_tests:
    type: boolean
    default: false

# CircleCI doesn't handle large file sets properly for local builds
# https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051
localCheckout: &localCheckout
  run: |-
    PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd)
    mkdir -p ${PROJECT_PATH}
    cd /tmp/_circleci_local_build_repo
    git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH}
    cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH}

jobs:
  ubuntu_bionic:
    description: A template for running OQS-OpenSSL tests on x64 Ubuntu Bionic Docker VMs
    parameters:
      LIBOQS_SHARED:
        description: "Build liboqs as a shared library."
        type: boolean
        default: false
      OPENSSL_SHARED:
        description: "Build OpenSSL as a shared library."
        type: boolean
        default: false
    docker:
      - image: openquantumsafe/ci-ubuntu-bionic-x86_64:latest
# Re-enable iff docker enforces rate limitations without auth:
#        auth:
#          username: $DOCKER_LOGIN
#          password: $DOCKER_PASSWORD
    steps:
      - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
      - run:
          name: Clone liboqs
          command: ./oqs-scripts/clone_liboqs.sh
      - run:
          name: Build liboqs
          command: <<# parameters.LIBOQS_SHARED >> env LIBOQS_LIBTYPE=shared <</ parameters.LIBOQS_SHARED >> ./oqs-scripts/build_liboqs.sh
      - run:
          name: Build OpenSSL
          command: <<# parameters.OPENSSL_SHARED >> env OPENSSL_LIBTYPE=shared <</ parameters.OPENSSL_SHARED >> ./oqs-scripts/build_openssl.sh
      - run:
          name: Run OpenSSL tests
          command: env LD_LIBRARY_PATH="$(pwd):$(pwd)/oqs/lib" make test
      - run:
          name: Run OQS connection, CMS and speed tests
          command: env LD_LIBRARY_PATH="$(pwd):$(pwd)/oqs/lib" python3 -m pytest --numprocesses=auto oqs-test/test_tls_full.py oqs-test/test_cms.py oqs-test/test_speed.py

  macOS:
    description: A template for running OQS-OpenSSL tests on macOS
    macos:
      xcode: "11.3.0"
    parameters:
      LIBOQS_SHARED:
        description: "Build liboqs as a shared library."
        type: boolean
        default: false
      OPENSSL_SHARED:
        description: "Build OpenSSL as a shared library."
        type: boolean
        default: false
    steps:
      - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
      - run:
          name: Install dependencies
          command: brew unlink python@2 && env HOMEBREW_NO_AUTO_UPDATE=1 brew install cmake ninja && pip3 install pytest pytest-xdist psutil
      - run:
          name: Clone liboqs
          command: ./oqs-scripts/clone_liboqs.sh
      - run:
          name: Build liboqs
          command: <<# parameters.LIBOQS_SHARED >> env LIBOQS_LIBTYPE=shared <</ parameters.LIBOQS_SHARED >> ./oqs-scripts/build_liboqs.sh
      - run:
          name: Build OpenSSL
          command: <<# parameters.OPENSSL_SHARED >> env OPENSSL_LIBTYPE=shared <</ parameters.OPENSSL_SHARED >> ./oqs-scripts/build_openssl.sh
      # TODO: Figure out why the tests fail on macOS when OpenSSL
      # is built as a shared library.
      #- run:
          #name: Run OpenSSL tests
          #command: env DYLD_LIBRARY_PATH="$(pwd):$(pwd)/oqs/lib" make test
      - run:
          name: Run OQS connection, CMS and speed tests
          command: env DYLD_LIBRARY_PATH="$(pwd):$(pwd)/oqs/lib" python3 -m pytest --numprocesses=auto oqs-test/test_tls_full.py oqs-test/test_cms.py oqs-test/test_speed.py

  ubuntu_boringssl_interop:
    description: A job that tests interoperability between OQS-OpenSSL and OQS-BoringSSL on a x64 Ubuntu Bionic Docker VM
    docker:
      - image: openquantumsafe/ci-ubuntu-bionic-x86_64:latest
# Re-enable iff docker enforces rate limitations without auth:
#        auth:
#          username: $DOCKER_LOGIN
#          password: $DOCKER_PASSWORD
    steps:
      - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
      - run:
          name: Clone liboqs and BoringSSL
          command: ./oqs-scripts/clone_liboqs.sh && ./oqs-scripts/clone_boringssl.sh
      - run:
          name: Build liboqs
          command: env LIBOQS_USE_OPENSSL=OFF ./oqs-scripts/build_liboqs.sh
      - run:
          name: Build BoringSSL
          command:  ./oqs-scripts/build_boringssl.sh
      - run:
          name: Build OpenSSL
          command: ./Configure linux-x86_64 no-shared no-tests && make -j15
      - run:
          name: Test BoringSSL client against OpenSSL server
          command: python3 -m pytest --numprocesses=auto oqs-interop-test/test_full.py --client-type=bssl
      - run:
          name: Test OpenSSL client against BoringSSL server
          command: python3 -m pytest --numprocesses=auto oqs-interop-test/test_full.py --client-type=ossl

  trigger-downstream-ci:
    docker:
      - image: cimg/base:2020.01
# Re-enable iff docker enforces rate limitations without auth:
#        auth:
#          username: $DOCKER_LOGIN
#          password: $DOCKER_PASSWORD
    steps:
      - run:
          name: Trigger oqs-demos CI
          command: |
            curl -u ${BUILD_TRIGGER_TOKEN}: \
                 -X POST \
                 --header "Content-Type: application/json" \
                 -d '{ "branch": "main", "parameters": { "new_openssl_commit": true } }' \
                 https://circleci.com/api/v2/project/gh/open-quantum-safe/oqs-demos/pipeline
      # don't trigger for now as it's too expensive
      #- run:
      #    name: Trigger profiling CI
      #    command: |
      #      curl -u ${BUILD_TRIGGER_TOKEN}: \
      #           -X POST \
      #           --header "Content-Type: application/json" \
      #           -d '{ "branch": "main", "parameters": { "new_openssl_commit": true } }' \
      #           https://circleci.com/api/v2/project/gh/open-quantum-safe/profiling/pipeline

workflows:
  version: 2.1
  build:
    jobs:
      - macOS:
          name: macOS-static_oqs-static_ossl
      - macOS:
          name: macOS-shared_oqs-shared_ossl
          LIBOQS_SHARED: true
          OPENSSL_SHARED: true
      - ubuntu_bionic:
          name: ubuntu-static_oqs-static_ossl
          context: openquantumsafe
      - ubuntu_bionic:
          name: ubuntu-shared_oqs-shared_ossl
          context: openquantumsafe
          LIBOQS_SHARED: true
          OPENSSL_SHARED: true
      - ubuntu_boringssl_interop:
          name: boringssl-interop
          context: openquantumsafe
  on-main-branch:
    when:
      or:
        - equal: [ OQS-OpenSSL_1_1_1-stable , << pipeline.git.branch >> ]
        - equal: [ true , << pipeline.parameters.run_downstream_tests >> ]
    jobs:
      - trigger-downstream-ci:
          context: openquantumsafe