From 31319ff7f03a33a214d1b28ba2340cf6611cc297 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 16 Sep 2025 11:50:34 +0200
Subject: [PATCH] CI: scripts: add support for git in openssl builds

Add support for git releases downloaded from github in openssl builds:

- GIT_TYPE variable allow you to chose between "branch" or "commit"
- OPENSSL_VERSION variable supports a "git-" prefix
- "git-${commit_id}" is stored in .openssl_version instead of the branch
  name for version comparison.
---
 scripts/build-ssl.sh | 39 +++++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/scripts/build-ssl.sh b/scripts/build-ssl.sh
index 4b46b4301..f7499fac3 100755
--- a/scripts/build-ssl.sh
+++ b/scripts/build-ssl.sh
@@ -4,25 +4,36 @@ set -eux
 BUILDSSL_DESTDIR=${BUILDSSL_DESTDIR:-${HOME}/opt}
 BUILDSSL_TMPDIR=${BUILDSSL_TMPDIR:-/tmp/download-cache}
 QUICTLS_URL=${QUICTLS_URL:-https://github.com/quictls/openssl}
-
 WOLFSSL_DEBUG=${WOLFSSL_DEBUG:-0}
+GIT_TYPE=${GIT_TYPE:-commit}
+
+
 
 download_openssl () {
-    if [ ! -f "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz" ]; then
 
-#
-# OpenSSL has different links for latest and previous releases
-# since we want to download several versions, let us try to treat
-# current version as latest, if it fails, follow with previous
-#
+	# chose between a release or a git version from github
+	if [ "${OPENSSL_VERSION%%-*}" != "git" ]; then
 
-	wget -P ${BUILDSSL_TMPDIR}/ \
-	    "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" || \
-        wget -P ${BUILDSSL_TMPDIR}/ \
-            "https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz" || \
-	wget -P ${BUILDSSL_TMPDIR}/ \
-	    "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz"
-    fi
+		if [ ! -f "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz" ]; then
+			# OpenSSL has different links for latest and previous releases
+			# since we want to download several versions, let us try to treat
+			# current version as latest, if it fails, follow with previous
+			wget -P ${BUILDSSL_TMPDIR}/ \
+			    "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" || \
+			wget -P ${BUILDSSL_TMPDIR}/ \
+			    "https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz" || \
+			wget -P ${BUILDSSL_TMPDIR}/ \
+			    "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz"
+		fi
+	else
+		if [ "${GIT_TYPE}" = "branch" ]; then
+			# update the openssl version using the commit ID of the branch HEAD
+			branch_name="${OPENSSL_VERSION##git-}"
+			OPENSSL_VERSION=git-$(wget -q -O- "https://api.github.com/repos/openssl/openssl/branches/$branch_name" |  grep '"sha":' | head -n 1 | sed -E 's/ *"sha": "(.*)",/\1/')
+		fi
+		wget -q -O "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz" \
+		    "https://github.com/openssl/openssl/archive/${OPENSSL_VERSION##git-}.tar.gz"
+	fi
 }
 
 # recent openssl versions support parallel builds and skipping the docs,