Adding CryptoInterface Example build testing

[Sushmitha-MN]

No description provided.

[Copilot]

Pull request overview

Adds a new GitHub Actions workflow intended to regularly build-test the CryptoInterface example against NanoCrypto to catch configuration/build regressions early.

Changes:

• Introduces a scheduled + manually triggered CI workflow for building crypto_interface_example.
• Runs three CMake build variants (basic, TAP/TPM2, TAP + PKCS11/SoftHSM).
• Adds a final “fail-if-any-build-failed” gate to aggregate outcomes from the build steps.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The final failure gate is checking steps.mqtt_1/2/3.outcome, but the build steps in this workflow are id: build_1, build_2, and build_3. As written, failures in the build steps will not be detected and the job can pass even when a build fails. Update the outcome checks (or the step ids) to match.

Suggested change

	if [[ "${{ steps.mqtt_1.outcome }}" == "failure" ]]; then
	echo "❌ CryptoInterface Example Basic Build FAILED"
	FAILED=1
	fi
	if [[ "${{ steps.mqtt_2.outcome }}" == "failure" ]]; then
	echo "❌ CryptoInterface Example with TAP/TPM2 Build FAILED"
	FAILED=1
	fi
	if [[ "${{ steps.mqtt_3.outcome }}" == "failure" ]]; then
	if [[ "${{ steps.build_1.outcome }}" == "failure" ]]; then
	echo "❌ CryptoInterface Example Basic Build FAILED"
	FAILED=1
	fi
	if [[ "${{ steps.build_2.outcome }}" == "failure" ]]; then
	echo "❌ CryptoInterface Example with TAP/TPM2 Build FAILED"
	FAILED=1
	fi
	if [[ "${{ steps.build_3.outcome }}" == "failure" ]]; then

[Copilot]

SoftHSM is being built from a floating GitHub HEAD (git clone ...SoftHSMv2.git) during CI. This introduces supply-chain risk and reduces build reproducibility. Prefer installing softhsm2/libsofthsm2 from the OS package manager (as done in other workflows), or pin the clone to a specific tag/commit and verify integrity.

Suggested change

	sudo apt update && sudo apt install -y cmake build-essential autoconf automake libtool pkg-config libssl-dev
	cmake --version
	- name: Install SoftHSM library
	run: |
	git clone https://github.com/softhsm/SoftHSMv2.git
	cd SoftHSMv2
	sh autogen.sh
	./configure --disable-non-paged-memory
	make
	sudo make install
	sudo apt update && sudo apt install -y cmake build-essential autoconf automake libtool pkg-config libssl-dev softhsm2 libsofthsm2
	cmake --version
	- name: Verify SoftHSM installation
	run: |
	softhsm2-util --version

[Copilot]

This step copies libsofthsm2.so into the workspace using sudo. On a self-hosted runner, that can leave root-owned files in the checkout, which can break later cleanup/checkout operations (git clean, rm, etc.) across runs. Copy without sudo (or chown the copied files back to the runner user) to avoid permission drift.

Suggested change

	sudo cp -r /usr/local/lib/softhsm/libsofthsm2.so lib/
	cp -r /usr/local/lib/softhsm/libsofthsm2.so lib/

[Copilot]

This workflow runs on a self-hosted runner but installs system packages and runs sudo make install, which permanently mutates the runner and can cause environment drift across scheduled runs. Consider switching to a GitHub-hosted runner (e.g., ubuntu-22.04 like the other build workflows) or ensure the runner is ephemeral / the workflow is fully idempotent and cleans up after itself.

Suggested change

	runs-on: [self-hosted]
	runs-on: ubuntu-22.04