forked from tomtau/tmkms-light
-
Notifications
You must be signed in to change notification settings - Fork 16
135 lines (129 loc) · 4.5 KB
/
tmkms.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: tmkms
on:
push:
branches: main
merge_group:
pull_request:
branches:
- main
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: -Dwarnings
jobs:
rustfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: cargo fmt --all -- --check
clippy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install deps
run: sudo apt-get update && sudo apt-get install protobuf-compiler
- uses: dtolnay/rust-toolchain@master
with:
components: clippy
toolchain: nightly-2023-02-20
- run: cargo clippy --all -- -D warnings
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly-2023-02-20
- name: Install cargo audit
run: cargo install cargo-audit
# TODO: unmaintained dependencies -- need to be fixed in upstream
# RUSTSEC-2019-0036,RUSTSEC-2020-0036: failure crate used in upstream sgxs-* crates
# RUSTSEC-2020-0071: time crate used in upstream sgxs-* crates
# RUSTSEC-2021-0127: serde_cbor used in upstream nsm-* crates
# RUSTSEC-2020-0016,RUSTSEC-2021-0124: net2 used in mio from older tokio (used in sgx crates)
# RUSTSEC-2022-0041: old cross-beam used in the sgx runner crate
# RUSTSEC-2023-0005: old tokio used in the sgx runner crate (enclave-runner)
# RUSTSEC-2023-0045: old cross-beam used in the sgx runner crate
- run: >
cargo audit --deny warnings
--ignore RUSTSEC-2020-0071
--ignore RUSTSEC-2021-0124
--ignore RUSTSEC-2020-0036
--ignore RUSTSEC-2020-0016
--ignore RUSTSEC-2021-0127
--ignore RUSTSEC-2019-0036
--ignore RUSTSEC-2022-0041
--ignore RUSTSEC-2023-0005
--ignore RUSTSEC-2023-0045
build:
runs-on: ubuntu-latest
strategy:
matrix:
crate:
- tmkms-nitro-helper
- tmkms-light-sgx-runner
- tmkms-softsign
steps:
- uses: actions/checkout@v3
- name: Install deps
run: sudo apt-get update && sudo apt-get install protobuf-compiler
- uses: dtolnay/rust-toolchain@master
with:
targets: x86_64-unknown-linux-gnu
toolchain: nightly-2023-02-20
- run: cargo build --target x86_64-unknown-linux-gnu -p ${{ matrix.crate }} --release
- name: 'Tar files'
run: cd target/x86_64-unknown-linux-gnu/release/ && tar -cvf tmkms-softsign.tar tmkms-softsign
if: startsWith(matrix.crate, 'tmkms-softsign')
- uses: actions/upload-artifact@v2
if: startsWith(matrix.crate, 'tmkms-softsign')
with:
name: tmkms-softsign
path: target/x86_64-unknown-linux-gnu/release/tmkms-softsign.tar
build-sgx:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@master
with:
targets: x86_64-fortanix-unknown-sgx
toolchain: nightly-2023-02-20
- run: cargo build --target x86_64-fortanix-unknown-sgx -p tmkms-light-sgx-app --release
build-nitro:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build tmkms-nitro-enclave with docker
uses: docker/build-push-action@v3
with:
context: .
push: false
platforms: linux/amd64,linux/arm64
file: Dockerfile.nitro
build-args: |
RUST_TOOLCHAIN=1.66.1
run-integration-tests:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v19
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
- uses: cachix/cachix-action@v12
with:
name: crypto-com
skipPush: true
- uses: actions/download-artifact@v2
with:
name: tmkms-softsign
path: integration-test
- run: cd integration-test && tar -xvf tmkms-softsign.tar && chmod +x tmkms-softsign && nix develop --extra-experimental-features nix-command --extra-experimental-features flakes -c ./run.sh