name: AWS-LC

on:
  schedule:
    - cron: "0 0 * * 4"
  workflow_dispatch:

permissions:
  contents: read

jobs:
  Test:
    name: ${{ matrix.name }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
          - name: AWS-LC
            command: "from matrix import determine_latest_aws_lc; print(determine_latest_aws_lc(''))"
          - name: AWS-LC (FIPS)
            command: "from matrix import determine_latest_aws_lc_fips; print(determine_latest_aws_lc_fips(''))"
    if: ${{ github.repository_owner == 'haproxy' || github.event_name == 'workflow_dispatch' }}
    steps:
      - uses: actions/checkout@v6
      - name: Determine latest AWS-LC release
        id: get_aws_lc_release
        run: |
          result=$(cd .github && python3  -c "${{ matrix.command }}")
          echo $result
          echo "result=$result" >> $GITHUB_OUTPUT
      - name: Cache AWS-LC
        id: cache_aws_lc
        uses: actions/cache@v5
        with:
          path: '~/opt/'
          key: ssl-${{ steps.get_aws_lc_release.outputs.result }}-Ubuntu-latest-gcc
      - name: Install apt dependencies
        run: |
          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
          sudo apt-get --no-install-recommends -y install socat gdb jose
      - name: Install AWS-LC
        if: ${{ steps.cache_ssl.outputs.cache-hit != 'true' }}
        run: env ${{ steps.get_aws_lc_release.outputs.result }} scripts/build-ssl.sh
      - name: Compile HAProxy
        run: |
          make -j$(nproc) ERR=1 CC=gcc TARGET=linux-glibc \
            USE_OPENSSL_AWSLC=1 USE_QUIC=1 \
            SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include \
            DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT" \
            ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/"
          sudo make install
      - name: Show HAProxy version
        id: show-version
        run: |
          ldd $(which haproxy)
          haproxy -vv
          echo "version=$(haproxy -vq)" >> $GITHUB_OUTPUT
      - uses: ./.github/actions/setup-vtest
      - name: Run VTest for HAProxy
        id: vtest
        run: |
          make reg-tests VTEST_PROGRAM=${{ github.workspace }}/vtest/vtest REGTESTS_TYPES=default,bug,devel
      - name: Run Unit tests
        id: unittests
        run: |
          make unit-tests
      - name: Show VTest results
        if: ${{ failure() && steps.vtest.outcome == 'failure' }}
        run: |
          for folder in ${TMPDIR:-/tmp}/haregtests-*/vtc.*; do
            printf "::group::"
            cat $folder/INFO
            cat $folder/LOG
            echo "::endgroup::"
          done
          exit 1
      - name: Show coredumps
        if: ${{ failure() && steps.vtest.outcome == 'failure' }}
        run: |
          failed=false
          shopt -s nullglob
          for file in /tmp/core.*; do
            failed=true
            printf "::group::"
            gdb -ex 'thread apply all bt full' ./haproxy $file
            echo "::endgroup::"
          done
          if [ "$failed" = true ]; then
            exit 1;
          fi
      - name: Show Unit-Tests results
        if: ${{ failure() && steps.unittests.outcome == 'failure' }}
        run: |
          for result in ${TMPDIR:-/tmp}/ha-unittests-*/results/res.*; do
            printf "::group::"
            cat $result
            echo "::endgroup::"
          done
          exit 1