Add mbedtls4 CI coverage

Signed-off-by: Peter M <petermm@gmail.com>

Author: petermm

.github/workflows/build-and-test-on-freebsd.yaml

@@ -35,7 +35,7 @@ concurrency:
 jobs:
   build-and-test-on-freebsd:
     runs-on: ubuntu-24.04
-    name: Build and test AtomVM on FreeBSD
+    name: Build and test AtomVM on FreeBSD ${{ matrix.os_release }} (${{ matrix.mbedtls }})
     env:
       ATOMVM_EXAMPLE: "atomvm-example"
 
@@ -44,6 +44,10 @@ jobs:
 
       matrix:
         os_release: ["13.5", "14.3", "15.0"]
+        mbedtls: ["mbedtls@3"]
+        include:
+          - os_release: "14.3"
+            mbedtls: "mbedtls@4"
 
     steps:
 
@@ -63,7 +67,31 @@ jobs:
     - name: "Install deps"
       shell: freebsd {0}
       run: |
-        pkg install -y curl cmake gperf erlang elixir rebar3 mbedtls3 ninja
+        pkg install -y curl cmake gperf erlang elixir rebar3 ninja
+
+    - name: "Install MbedTLS 3"
+      if: matrix.mbedtls == 'mbedtls@3'
+      shell: freebsd {0}
+      run: |
+        pkg install -y mbedtls3
+
+    - name: "Install deps for MbedTLS 4"
+      if: matrix.mbedtls == 'mbedtls@4'
+      shell: freebsd {0}
+      run: |
+        PYTHON_PKG_VERSION=$(python3 -c 'import sys; print(f"{sys.version_info.major}{sys.version_info.minor}")')
+        pkg install -y git py${PYTHON_PKG_VERSION}-jinja2
+
+    - name: "Install specific MbedTLS version"
+      if: matrix.mbedtls == 'mbedtls@4'
+      shell: freebsd {0}
+      run: |
+        cd $GITHUB_WORKSPACE;
+        git clone --depth 1 --branch mbedtls-4.0.0 --recurse-submodules https://github.com/Mbed-TLS/mbedtls
+        cd mbedtls
+        cmake -S . -B build -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=On -DCMAKE_INSTALL_PREFIX=/usr/local
+        cmake --build build -j$(sysctl -n hw.ncpu)
+        cmake --install build
 
     - name: "Add hostname to /etc/hosts for distribution tests"
       shell: freebsd {0}
@@ -102,6 +130,15 @@ jobs:
         mkdir build
 
     - name: "Build: run cmake"
+      if: matrix.mbedtls == 'mbedtls@3'
+      shell: freebsd {0}
+      run: |
+        cd $GITHUB_WORKSPACE;
+        cd build
+        cmake .. -DAVM_WARNINGS_ARE_ERRORS=ON
+
+    - name: "Build: run cmake (MbedTLS 4)"
+      if: matrix.mbedtls == 'mbedtls@4'
       shell: freebsd {0}
       run: |
         cd $GITHUB_WORKSPACE;

.github/workflows/build-and-test.yaml

@@ -159,6 +159,12 @@ jobs:
           otp: "master"
           elixir_version: "main"
 
+        # Additional mbedtls@4 coverage with the default Linux toolchain
+        - cc: "cc"
+          cxx: "c++"
+          otp: "28"
+          mbedtls: "mbedtls@4"
+
         # Additional latest & -Os compiler builds
         - cc: "gcc-14"
           cxx: "g++-14"
@@ -494,13 +500,26 @@ jobs:
       run: sudo apt update -y
 
     - name: "Install deps"
-      if: matrix.container != ''
-      run: sudo apt install -y ${{ matrix.compiler_pkgs}} cmake gperf zlib1g-dev doxygen valgrind libmbedtls-dev
+      if: matrix.container != '' && matrix.mbedtls != 'mbedtls@4'
+      run: |
+        sudo apt install -y ${{ matrix.compiler_pkgs}} cmake gperf zlib1g-dev doxygen valgrind libmbedtls-dev
+
+    - name: "Install deps (MbedTLS 4)"
+      if: matrix.container != '' && matrix.mbedtls == 'mbedtls@4'
+      run: |
+        sudo apt install -y ${{ matrix.compiler_pkgs}} cmake gperf zlib1g-dev doxygen valgrind
 
     - name: "Install deps"
-      if: matrix.container == ''
+      if: matrix.container == '' && matrix.mbedtls != 'mbedtls@4'
+      run: |
+        sudo apt install -y ${{ matrix.compiler_pkgs}} cmake gperf zlib1g-dev doxygen libc6-dbg libmbedtls-dev
+        # Get a more recent valgrind
+        sudo snap install valgrind --classic
+
+    - name: "Install deps (MbedTLS 4)"
+      if: matrix.container == '' && matrix.mbedtls == 'mbedtls@4'
       run: |
-        sudo apt install -y ${{ matrix.compiler_pkgs}} cmake gperf zlib1g-dev doxygen libmbedtls-dev libc6-dbg
+        sudo apt install -y ${{ matrix.compiler_pkgs}} cmake gperf zlib1g-dev doxygen libc6-dbg
         # Get a more recent valgrind
         sudo snap install valgrind --classic
 
@@ -536,6 +555,19 @@ jobs:
           https://repo.hex.pm
           https://cdn.jsdelivr.net/hex
 
+    - name: "Install specific MbedTLS version"
+      if: matrix.mbedtls == 'mbedtls@4'
+      run: |
+        git clone --depth 1 --branch mbedtls-4.0.0 --recurse-submodules https://github.com/Mbed-TLS/mbedtls
+        cd mbedtls
+        mkdir build
+        cd build
+        cmake -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=On -DCMAKE_INSTALL_PREFIX=/usr/local ..
+        make -j$(nproc)
+        sudo make install
+        sudo ldconfig
+        echo "MBEDTLS_ROOT_DIR=/usr/local" >> $GITHUB_ENV
+
     # Builder info
     - name: "System info"
       run: |
@@ -566,13 +598,23 @@ jobs:
         key: ${{ matrix.otp || env.DEFAULT_OTP_VERSION }}-${{ hashFiles('**/build-and-test.yaml', 'tests/**/*.erl', 'tests/**/*.hrl', 'tests/**/*.ex') }}-${{ matrix.jit_target_arch || 'nojit' }}-${{ contains(matrix.cmake_opts_other, 'AVM_DISABLE_JIT_DWARF=OFF') && 'dwarf' || 'nodwarf' }}
 
     - name: "Build: run cmake"
+      if: matrix.mbedtls != 'mbedtls@4'
       working-directory: build
       run: |
         cmake ${{ matrix.cmake_opts_fp }} ${{ matrix.cmake_opts_smp }} ${{ matrix.cmake_opts_other || env.DEFAULT_CMAKE_OPTS_OTHER }} ..
         # git clone will use more recent timestamps than cached beam files
         # touch them so we can benefit from the cache and avoid costly beam file rebuild.
         find . -name '*.beam' -exec touch {} \;
 
+    - name: "Build: run cmake (MbedTLS 4)"
+      if: matrix.mbedtls == 'mbedtls@4'
+      working-directory: build
+      run: |
+        cmake -DMBEDTLS_ROOT_DIR=/usr/local ${{ matrix.cmake_opts_fp }} ${{ matrix.cmake_opts_smp }} ${{ matrix.cmake_opts_other || env.DEFAULT_CMAKE_OPTS_OTHER }} ..
+        # git clone will use more recent timestamps than cached beam files
+        # touch them so we can benefit from the cache and avoid costly beam file rebuild.
+        find . -name '*.beam' -exec touch {} \;
+
     - name: "Build: run make"
       working-directory: build
       run: make -j3