Skip to content

workflow tests for zephyr 4.3 and 4.1#10314

Open
night1rider wants to merge 1 commit intowolfSSL:masterfrom
night1rider:zephyr-4.x-workflows
Open

workflow tests for zephyr 4.3 and 4.1#10314
night1rider wants to merge 1 commit intowolfSSL:masterfrom
night1rider:zephyr-4.x-workflows

Conversation

@night1rider
Copy link
Copy Markdown
Contributor

@night1rider night1rider commented Apr 26, 2026
edited
Loading

Summary

Adds GitHub Actions coverage for wolfSSL on Zephyr v4.1.0 and v4.3.0 across the native_sim and frdm_rw612/rw612 boards. The existing .github/workflows/zephyr.yml only exercises Zephyr 2.7 / 3.4 / 3.5; this new workflow extends CI to the 4.x line so regressions on current Zephyr releases are caught.

Files added

  • .github/workflows/zephyr-4.x.yml — workflow definition.
  • .github/scripts/zephyr-4.x/zephyr-test.sh — Docker-driven build/run driver. Uses the official ghcr.io/zephyrproject-rtos/zephyr-build images so the right Zephyr SDK is selected per release.
  • .github/scripts/zephyr-4.x/external_libc.conf — Kconfig overlay forcing CONFIG_EXTERNAL_LIBC=y (mirrors a customer build configuration).

Coverage — 18 parallel matrix jobs

Zephyr Board Samples external_libc.conf overlay
v4.1.0 native_sim tls_sock, test, benchmark with and without
v4.3.0 native_sim tls_sock, test, benchmark with and without
v4.1.0 frdm_rw612/rw612 tls_sock, test, benchmark n/a (build-only)
v4.3.0 frdm_rw612/rw612 tls_sock, test, benchmark n/a (build-only)

2 versions × 2 boards × 3 samples × 2 conf variants minus the 6 frdm_rw612 + extlibc cells (the external_libc.conf overlay is a native_sim-only configuration).

How it runs

  • Triggers on push to master/main/release/** and on every PR — same pattern as the existing .github/workflows/zephyr.yml.
  • Gated on github.repository_owner == 'wolfssl', so it only runs on the upstream repo and PRs targeting it.
  • For PRs the workflow tests the PR head repo + branch (github.event.pull_request.head.repo.clone_url / head.ref); for push events it tests the current repo and ref.
  • Each matrix entry runs zephyr-test.sh inside the official ghcr.io/zephyrproject-rtos/zephyr-build image. The script auto-selects the SDK image per Zephyr version:
    • Zephyr 4.0–4.1 → v0.27.4 (SDK 0.17.0)
    • Zephyr 4.2+ → v0.28.7 (SDK 0.17.x)
  • For emulator targets (native_sim) the script runs the resulting binary and waits for a success string (Benchmark complete, Test complete, or Client Return: 0) with a 5-minute timeout.
  • For frdm_rw612/rw612 it stops at "Build succeeded" — no emulator run.
  • Per-job timeout: 60 minutes.
  • On failure, .github/scripts/zephyr-4.x/logs/ is uploaded as an artifact (5-day retention).

Verifying a run is testing the PR's actual code

Each job log makes it easy to confirm the workflow built and ran the PR's wolfSSL source rather than master. Look for these four signals (lines reproduced from the smoke-test run on night1rider/wolfssl @ zephyr-4.x-workflows):

  1. Resolved repo and branch echoed at the top of the log:

    ==> wolfSSL repo:   https://github.com/night1rider/wolfssl.git
==> wolfSSL branch: zephyr-4.x-workflows

    These come from github.event.pull_request.head.repo.clone_url and head.ref.

  2. Injected west.yml points at the PR fork:

        - name: wolfssl
      url-base: https://github.com/night1rider
...
    - name: wolfssl
      path: modules/crypto/wolfssl
      remote: wolfssl
      revision: zephyr-4.x-workflows

  3. west update actually fetched from that fork at the PR head commit:

    === updating wolfssl (modules/crypto/wolfssl):
--- wolfssl: fetching, need revision zephyr-4.x-workflows
From https://github.com/night1rider/wolfssl
 * branch            zephyr-4.x-workflows -> FETCH_HEAD
HEAD is now at 3507aef workflow tests for zephyr 4.3 and 4.1

    The short SHA (3507aef here) should match the PR's latest commit on GitHub.

  4. The sample binary the workflow ran was built from the fetched source (visible in the build phase as object files under modules/crypto/wolfssl/... and a successful run, e.g. Benchmark complete).

Caveat: the script fetches the PR branch tip with --depth=1 rather than GitHub's computed merge commit, so the build is "PR branch as-is" rather than "PR branch merged into base". This matches existing Jenkins-style PR validation behavior; if strict "merged into master" semantics are ever needed, that would be a separate follow-up.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 26, 2026

MemBrowse Memory Report

No memory changes detected for:

wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Apr 26, 2026
View reviewed changes
Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10314

No scan targets match the changed files in this PR. Review skipped.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@night1rider @wolfSSL-Fenrir-bot @wolfSSL-Bot