diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index c9ee33d9c1a899..4b10e0854b7270 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -17,9 +17,16 @@ concurrency: cancel-in-progress: true jobs: - test: + test-linux: uses: ./.github/workflows/test-fips.yml with: platform: linux runner: '["ubuntu-22.04"]' secrets: inherit + + test-windows: + uses: ./.github/workflows/test-fips.yml + with: + platform: windows + runner: '["windows-2022"]' + secrets: inherit diff --git a/.github/workflows/test-fips.yml b/.github/workflows/test-fips.yml index 72b56a2d0d5d52..7548a842608585 100644 --- a/.github/workflows/test-fips.yml +++ b/.github/workflows/test-fips.yml @@ -38,6 +38,7 @@ jobs: cache: 'pip' - name: Install System Dependencies + if: runner.os == 'Linux' run: | sudo apt update && \ sudo apt install -y --no-install-recommends \ @@ -51,13 +52,60 @@ jobs: sudo rm -rf /var/lib/apt/lists/* - name: Install OpenSSL + if: runner.os == 'Linux' run: | wget https://www.openssl.org/source/openssl-3.0.0.tar.gz \ && tar -xvzf openssl-3.0.0.tar.gz \ && cd openssl-3.0.0 \ && ./Configure enable-fips \ && make \ - && make install + && sudo make install + + # Install Chocolatey and required tools + - name: Install Chocolatey + if: runner.os == 'Windows' + shell: powershell + run: | + Set-ExecutionPolicy Bypass -Scope Process -Force; + [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; + iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')); + + # Install Visual Studio Build Tools + - name: Install Build Tools + if: runner.os == 'Windows' + run: | + choco install visualstudio2022buildtools -y --ignore-checksums + + # Configure environment for Visual Studio + - name: Setup Visual Studio Environment + if: runner.os == 'Windows' + shell: powershell + run: | + $vswherePath = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe"; + $vsInstallPath = & $vswherePath -latest -products * -requires Microsoft.Component.MSBuild -property installationPath; + $vsDevCmd = "$vsInstallPath\Common7\Tools\VsDevCmd.bat"; + echo "VS_DEV_CMD=$vsDevCmd" >> $env:GITHUB_ENV; + + # Install OpenSSL and FIPS + - name: Download and Install OpenSSL with FIPS + if: runner.os == 'Windows' + shell: powershell + run: | + $OPENSSL_VERSION = "3.0.11"; + Invoke-WebRequest -Uri "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" -OutFile "openssl-${OPENSSL_VERSION}.tar.gz"; + tar -xzf "openssl-${OPENSSL_VERSION}.tar.gz"; + cd "openssl-${OPENSSL_VERSION}"; + perl Configure VC-WIN64A enable-fips; + nmake; + nmake install; - name: Install Cryptography run: pip install cryptography + + # Verify OpenSSL Installation + - name: Verify OpenSSL and FIPS Provider + run: | + # Check installed OpenSSL version + openssl version -a + # Confirm FIPS provider is installed + openssl list -providers