Re: [PATCH 1/1] CI: switch aws-lc builds to "latest" semantic

Thu, 23 Nov 2023 13:19:35 -0800 

Hi Ilya,

On Thu, Nov 23, 2023 at 06:57:52PM +0100, Ilya Shipitsin wrote:
> for development branches let's use "latest" and fixed for stable
> 
> LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us
> switch back to the latest LibreSSL available


I think you made a mistake, doesn't seem related to libreSSL at all.

> ---
>  .github/matrix.py | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/.github/matrix.py b/.github/matrix.py
> index b5a971c5a..2d1831a4d 100755
> --- a/.github/matrix.py
> +++ b/.github/matrix.py
> @@ -195,7 +195,6 @@ def main(ref_name):
>              "OPENSSL_VERSION=1.1.1s",
>              "QUICTLS=yes",
>              "WOLFSSL_VERSION=5.6.4",
> -            "AWS_LC_VERSION=1.16.0",
>              # "BORINGSSL=yes",
>          ]
>  
> @@ -203,6 +202,11 @@ def main(ref_name):
>              ssl_versions = ssl_versions + [
>                  "OPENSSL_VERSION=latest",
>                  "LIBRESSL_VERSION=latest",
> +                "AWS_LC_VERSION=latest",
> +            ]
> +        else: # stable branch
> +            ssl_versions = ssl_versions + [
> +                "AWS_LC_VERSION=1.17.3",
>              ]
>  
>          for ssl in ssl_versions:
> @@ -213,6 +217,8 @@ def main(ref_name):
>                  flags.append("USE_OPENSSL_WOLFSSL=1")
>              if "AWS_LC" in ssl:
>                  flags.append("USE_OPENSSL_AWSLC=1")
> +                if "latest" in ssl:
> +                    ssl = determine_latest_aws_lc(ssl)
>              if ssl != "stock":
>                  flags.append("SSL_LIB=${HOME}/opt/lib")
>                  flags.append("SSL_INC=${HOME}/opt/include")


Well, the idea was to build the "latest" aws-lc outside the push CI, so
we are already doing this here:

http://github.com/haproxy/haproxy/blob/master/.github/workflows/aws-lc.yml

I'm not really confortable with having everything in "latest" in the
master in fact, we already have the "openssl-3.2.0-*"
builds for a while without even testing 3.1 anymore, and I didn't
noticed.

That's a problem, maybe we should put the "latest" builds in a daily
build so it can evolve on its own without impacting the dev.

Having a library which change its version between 2 pushes can be quite
confusing, even more if the library broke something, usually you want to
test your code when you push in master, not the libraries!

For example we could have had build breakage when switching
automatically to 3.2-alpha them 3.2-beta etc.

But since we didn't had any problem for now, maybe we could just try it,
it can be reverted easily anyway...

-- 
William Lallemand

Reply via email to