Skip to content
QUIC

Update Chromium Patches for BoringSSL 2025-01 (#356) #33

Sign in to view logs

Update Chromium Patches for BoringSSL 2025-01 (#356)

Update Chromium Patches for BoringSSL 2025-01 (#356) #33

Workflow file for this run

.github/workflows/quic.yml at 3f69a7f
name: QUIC
on:
push:
branches: ['main']
paths: ['.github/workflows/quic.yml', 'curl/**', 'nginx/**']
pull_request:
paths: ['.github/workflows/quic.yml', 'curl/**', 'nginx/**']
schedule:
- cron: '2 7 18,28 * *'
workflow_dispatch:
env:
TARGET_NAME: openquantumsafe
push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}
jobs:
test-push:
name: Test and push QUIC images
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
if: env.push == 'true'
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build NGINX QUIC Docker image
uses: docker/build-push-action@v6
with:
context: .
file: nginx/Dockerfile-QUIC
load: true
tags: nginx-quic
- name: Build cURL QUIC Docker image
uses: docker/build-push-action@v6
with:
context: .
file: curl/Dockerfile-QUIC
load: true
tags: curl-quic
- name: Create a shared volume
run: docker volume create shared-1
shell: bash
- name: Generate a quantum-safe certificate chain
run: |
docker run -v shared-1:/certs $TARGET_NAME/openssl3 /bin/sh -c "\
openssl req -x509 -new -newkey rsa3072_falcon512 -keyout /certs/CA.key -out /certs/CA.crt -nodes -subj '/C=US/O=Open Quantum Safe/CN=OQS Demos' -days 1461 && \
openssl req -new -newkey sphincssha2128fsimple -keyout /certs/server.key -out /certs/server.csr -nodes -subj /CN=host.docker.internal && \
openssl x509 -req -in /certs/server.csr -out /certs/server.crt -CA /certs/CA.crt -CAkey /certs/CA.key -CAcreateserial -days 365"
shell: bash
- name: Start NGINX server with QUIC support
run: |
docker run -d -p 443:443/udp -v shared-1:/certs --name nginx-quic-daemon nginx-quic:latest
docker cp ${{ github.workspace }}/nginx/nginx-conf/nginx-quic.conf nginx-quic-daemon:/etc/nginx/nginx-quic.conf
docker exec nginx-quic-daemon bash -c "cd /etc/nginx && rm nginx.conf && mv nginx-quic.conf nginx.conf && nginx -s reload"
shell: bash
- name: Test cURL with QUIC support
run: |
docker run -v shared-1:/certs --add-host=host.docker.internal:host-gateway curl-quic:latest \
curl --cacert /certs/CA.crt --http3-only https://host.docker.internal --curves hqc192 -vvvv
shell: bash
- name: Scan cURL QUIC Docker Image
if: env.push == 'true'
uses: docker/[email protected]
with:
image: curl-quic
command: cves,recommendations
sarif-file: curl-quic-scan-results.sarif
- name: Scan NGINX QUIC Docker Image
if: env.push == 'true'
uses: docker/[email protected]
with:
image: nginx-quic
command: cves,recommendations
sarif-file: nginx-quic-scan-results.sarif
- name: Upload Scan Results for cURL QUIC
if: env.push == 'true'
uses: actions/[email protected]
with:
name: curl-quic-scan-results
path: curl-quic-scan-results.sarif
- name: Upload Scan Results for NGINX QUIC
if: env.push == 'true'
uses: actions/[email protected]
with:
name: nginx-quic-scan-results
path: nginx-quic-scan-results.sarif
- name: Push Docker images to Docker Hub
if: env.push == 'true'
run: |
docker push $TARGET_NAME/curl-quic:latest
docker push $TARGET_NAME/nginx-quic:latest
shell: bash