From a7c2cf92741378a8246f807658e807c500ebd14c Mon Sep 17 00:00:00 2001
From: Tim Duesterhus <tim@bastelstu.be>
Date: Sun, 12 Apr 2026 21:27:09 +0200
Subject: [PATCH] CI: Merge `aws-lc-template.yml` into `aws-lc.yml`

There is no need to have an entirely separate workflow, when we can just use a
build matrix for the variation.
---
 .github/workflows/aws-lc-template.yml | 94 -------------------------
 .github/workflows/aws-lc.yml          | 98 ++++++++++++++++++++++++---
 2 files changed, 88 insertions(+), 104 deletions(-)
 delete mode 100644 .github/workflows/aws-lc-template.yml

diff --git a/.github/workflows/aws-lc-template.yml b/.github/workflows/aws-lc-template.yml
deleted file mode 100644
index 43fe95603..000000000
--- a/.github/workflows/aws-lc-template.yml
+++ /dev/null
@@ -1,94 +0,0 @@
-name: AWS-LC template
-
-on:
-  workflow_call:
-    inputs:
-      command:
-        required: true
-        type: string
-
-permissions:
-  contents: read
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'haproxy' || github.event_name == 'workflow_dispatch' }}
-    steps:
-      - uses: actions/checkout@v6
-      - name: Determine latest AWS-LC release
-        id: get_aws_lc_release
-        run: |
-          result=$(cd .github && python3  -c "${{ inputs.command }}")
-          echo $result
-          echo "result=$result" >> $GITHUB_OUTPUT
-      - name: Cache AWS-LC
-        id: cache_aws_lc
-        uses: actions/cache@v5
-        with:
-          path: '~/opt/'
-          key: ssl-${{ steps.get_aws_lc_release.outputs.result }}-Ubuntu-latest-gcc
-      - name: Install apt dependencies
-        run: |
-          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
-          sudo apt-get --no-install-recommends -y install socat gdb jose
-      - name: Install AWS-LC
-        if: ${{ steps.cache_ssl.outputs.cache-hit != 'true' }}
-        run: env ${{ steps.get_aws_lc_release.outputs.result }} scripts/build-ssl.sh
-      - name: Compile HAProxy
-        run: |
-          make -j$(nproc) ERR=1 CC=gcc TARGET=linux-glibc \
-            USE_OPENSSL_AWSLC=1 USE_QUIC=1 \
-            SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include \
-            DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT" \
-            ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/"
-          sudo make install
-      - name: Show HAProxy version
-        id: show-version
-        run: |
-          ldd $(which haproxy)
-          haproxy -vv
-          echo "version=$(haproxy -vq)" >> $GITHUB_OUTPUT
-      - uses: ./.github/actions/setup-vtest
-      - name: Run VTest for HAProxy
-        id: vtest
-        run: |
-          make reg-tests VTEST_PROGRAM=${{ github.workspace }}/vtest/vtest REGTESTS_TYPES=default,bug,devel
-      - name: Run Unit tests
-        id: unittests
-        run: |
-          make unit-tests
-      - name: Show VTest results
-        if: ${{ failure() && steps.vtest.outcome == 'failure' }}
-        run: |
-          for folder in ${TMPDIR:-/tmp}/haregtests-*/vtc.*; do
-            printf "::group::"
-            cat $folder/INFO
-            cat $folder/LOG
-            echo "::endgroup::"
-          done
-          exit 1
-      - name: Show coredumps
-        if: ${{ failure() && steps.vtest.outcome == 'failure' }}
-        run: |
-          failed=false
-          shopt -s nullglob
-          for file in /tmp/core.*; do
-            failed=true
-            printf "::group::"
-            gdb -ex 'thread apply all bt full' ./haproxy $file
-            echo "::endgroup::"
-          done
-          if [ "$failed" = true ]; then
-            exit 1;
-          fi
-      - name: Show Unit-Tests results
-        if: ${{ failure() && steps.unittests.outcome == 'failure' }}
-        run: |
-          for result in ${TMPDIR:-/tmp}/ha-unittests-*/results/res.*; do
-            printf "::group::"
-            cat $result
-            echo "::endgroup::"
-          done
-          exit 1
-
diff --git a/.github/workflows/aws-lc.yml b/.github/workflows/aws-lc.yml
index a73c920c8..e239fa94f 100644
--- a/.github/workflows/aws-lc.yml
+++ b/.github/workflows/aws-lc.yml
@@ -9,13 +9,91 @@ permissions:
   contents: read
 
 jobs:
-  aws-lc:
-    name: AWS-LC
-    uses: ./.github/workflows/aws-lc-template.yml
-    with:
-      command: "from matrix import determine_latest_aws_lc; print(determine_latest_aws_lc(''))"
-  aws-lc-fips:
-    name: AWS-LC (FIPS)
-    uses: ./.github/workflows/aws-lc-template.yml
-    with:
-      command: "from matrix import determine_latest_aws_lc_fips; print(determine_latest_aws_lc_fips(''))"
+  Test:
+    name: ${{ matrix.name }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - name: AWS-LC
+            command: "from matrix import determine_latest_aws_lc; print(determine_latest_aws_lc(''))"
+          - name: AWS-LC (FIPS)
+            command: "from matrix import determine_latest_aws_lc_fips; print(determine_latest_aws_lc_fips(''))"
+    if: ${{ github.repository_owner == 'haproxy' || github.event_name == 'workflow_dispatch' }}
+    steps:
+      - uses: actions/checkout@v6
+      - name: Determine latest AWS-LC release
+        id: get_aws_lc_release
+        run: |
+          result=$(cd .github && python3  -c "${{ matrix.command }}")
+          echo $result
+          echo "result=$result" >> $GITHUB_OUTPUT
+      - name: Cache AWS-LC
+        id: cache_aws_lc
+        uses: actions/cache@v5
+        with:
+          path: '~/opt/'
+          key: ssl-${{ steps.get_aws_lc_release.outputs.result }}-Ubuntu-latest-gcc
+      - name: Install apt dependencies
+        run: |
+          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
+          sudo apt-get --no-install-recommends -y install socat gdb jose
+      - name: Install AWS-LC
+        if: ${{ steps.cache_ssl.outputs.cache-hit != 'true' }}
+        run: env ${{ steps.get_aws_lc_release.outputs.result }} scripts/build-ssl.sh
+      - name: Compile HAProxy
+        run: |
+          make -j$(nproc) ERR=1 CC=gcc TARGET=linux-glibc \
+            USE_OPENSSL_AWSLC=1 USE_QUIC=1 \
+            SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include \
+            DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT" \
+            ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/"
+          sudo make install
+      - name: Show HAProxy version
+        id: show-version
+        run: |
+          ldd $(which haproxy)
+          haproxy -vv
+          echo "version=$(haproxy -vq)" >> $GITHUB_OUTPUT
+      - uses: ./.github/actions/setup-vtest
+      - name: Run VTest for HAProxy
+        id: vtest
+        run: |
+          make reg-tests VTEST_PROGRAM=${{ github.workspace }}/vtest/vtest REGTESTS_TYPES=default,bug,devel
+      - name: Run Unit tests
+        id: unittests
+        run: |
+          make unit-tests
+      - name: Show VTest results
+        if: ${{ failure() && steps.vtest.outcome == 'failure' }}
+        run: |
+          for folder in ${TMPDIR:-/tmp}/haregtests-*/vtc.*; do
+            printf "::group::"
+            cat $folder/INFO
+            cat $folder/LOG
+            echo "::endgroup::"
+          done
+          exit 1
+      - name: Show coredumps
+        if: ${{ failure() && steps.vtest.outcome == 'failure' }}
+        run: |
+          failed=false
+          shopt -s nullglob
+          for file in /tmp/core.*; do
+            failed=true
+            printf "::group::"
+            gdb -ex 'thread apply all bt full' ./haproxy $file
+            echo "::endgroup::"
+          done
+          if [ "$failed" = true ]; then
+            exit 1;
+          fi
+      - name: Show Unit-Tests results
+        if: ${{ failure() && steps.unittests.outcome == 'failure' }}
+        run: |
+          for result in ${TMPDIR:-/tmp}/ha-unittests-*/results/res.*; do
+            printf "::group::"
+            cat $result
+            echo "::endgroup::"
+          done
+          exit 1