-
Notifications
You must be signed in to change notification settings - Fork 98
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #549 from fortanix/yx/use-github-action
migrate to github action
- Loading branch information
Showing
3 changed files
with
98 additions
and
68 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
name: CI | ||
|
||
on: | ||
pull_request: | ||
paths-ignore: | ||
- '*.md' | ||
- 'LICENSE' | ||
branches: | ||
- master | ||
# This CI will be triigerred on any merge_group events | ||
merge_group: | ||
|
||
env: | ||
RUST_BACKTRACE: 1 | ||
CARGO_TERM_COLOR: always | ||
CARGO_INCREMENTAL: 0 | ||
CARGO_NET_RETRY: 10 | ||
CFLAGS_x86_64_fortanix_unknown_sgx: "-isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening" | ||
CC_x86_64_fortanix_unknown_sgx: clang-11 | ||
|
||
jobs: | ||
test: | ||
name: Build+Test | ||
runs-on: ubuntu-20.04 | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Install additional dependencies | ||
run: | | ||
# install gpg | ||
sudo apt-get update -y && sudo apt install -y gpg | ||
# Add intel-sgx package repository, key is download from https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | ||
cat intel-sgx-deb.key | gpg --dearmor | sudo tee /usr/share/keyrings/intel-sgx-deb.gpg > /dev/null | ||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/intel-sgx-deb.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" | sudo tee /etc/apt/sources.list.d/intel-sgx-deb.list > /dev/null | ||
# Add llbm package repository, key is download from https://apt.llvm.org/llvm-snapshot.gpg.key | ||
cat llvm-snapshot.gpg.key | gpg --dearmor | sudo tee /usr/share/keyrings/llvm-snapshot.gpg > /dev/null | ||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/llvm-snapshot.gpg] http://apt.llvm.org/focal/ llvm-toolchain-focal-11 main" | sudo tee /etc/apt/sources.list.d/llvm-snapshot.list > /dev/null | ||
# Install dependencies for build & test | ||
sudo apt-get update -y | ||
sudo apt-get install -y faketime protobuf-compiler libsgx-dcap-ql-dev clang-11 musl-tools gcc-multilib | ||
- name: Setup Rust toolchain | ||
run: | | ||
rustup target add x86_64-fortanix-unknown-sgx x86_64-unknown-linux-musl | ||
rustup toolchain add nightly | ||
rustup target add x86_64-fortanix-unknown-sgx --toolchain nightly | ||
rustup update | ||
- name: Cargo test --all --exclude sgxs-loaders | ||
run: cargo test --verbose --locked --all --exclude sgxs-loaders && [ "$(echo $(nm -D target/debug/sgx-detect|grep __vdso_sgx_enter_enclave))" = "w __vdso_sgx_enter_enclave" ] | ||
|
||
- name: Cargo test -p dcap-ql --features link | ||
run: cargo test --verbose --locked -p dcap-ql --features link | ||
|
||
- name: Cargo test -p dcap-ql --features verify | ||
run: cargo test --verbose --locked -p dcap-ql --features verify | ||
|
||
- name: Cargo test -p ias --features mbedtls | ||
run: cargo test --verbose --locked -p ias --features mbedtls | ||
|
||
- name: Cargo test -p ias --features client,mbedtls | ||
run: cargo test --verbose --locked -p ias --features client,mbedtls | ||
|
||
# uses backtrace, which still requires nightly on SGX | ||
- name: Nightly build -p aesm-client --target=x86_64-fortanix-unknown-sgx | ||
run: cargo +nightly build --verbose --locked -p aesm-client --target=x86_64-fortanix-unknown-sgx | ||
|
||
# uses sgxstd feature | ||
- name: Nightly build -p aesm-client --target=x86_64-fortanix-unknown-sgx --features sgx-isa/sgxstd | ||
run: cargo +nightly build --verbose --locked -p aesm-client --target=x86_64-fortanix-unknown-sgx --features sgx-isa/sgxstd | ||
|
||
- name: Nightly test -p sgx-isa --features sgxstd --target x86_64-fortanix-unknown-sgx --no-run | ||
run: cargo +nightly test --verbose --locked -p sgx-isa --features sgxstd --target x86_64-fortanix-unknown-sgx --no-run | ||
|
||
# Unfortunately running `faketime '2021-09-10 11:00:00 GMT' cargo test -p nitro-attestation-verify` causes a segmentation | ||
# fault while compiling. We only execute `faketime` during the tests | ||
#- run: cargo test --locked -p nitro-attestation-verify --no-run && faketime '2021-09-08 11:00:00 GMT' cargo test --locked -p nitro-attestation-verify --lib | ||
|
||
- name: Cargo test nitro-attestation-verify with faketime | ||
run: cargo test --locked -p nitro-attestation-verify --no-run && faketime '2021-09-10 11:00:00 GMT' cargo test --locked -p nitro-attestation-verify --lib | ||
|
||
- name: Build fortanix-sgx-tools for x86_64-unknown-linux-musl | ||
# NOTE: Skipping linking with the glibc version of OpenSSL to produce a musl based binary. It is unlikely that this would produce a working binary anyway. | ||
run: | | ||
mkdir -p /tmp/muslinclude | ||
ln -sf /usr/include/x86_64-linux-gnu/openssl /tmp/muslinclude/openssl | ||
PKG_CONFIG_ALLOW_CROSS=1 CFLAGS=-I/tmp/muslinclude CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=true cargo build --locked -p fortanix-sgx-tools --target x86_64-unknown-linux-musl | ||
- name: Build em-app, get-certificate, harmonize for x86_64-unknown-linux-musl | ||
run: cargo build --verbose --locked -p em-app -p get-certificate -p harmonize --target=x86_64-unknown-linux-musl | ||
|
||
- name: Build em-app, get-certificate, harmonize for x86_64-fortanix-unknown-sgx | ||
run: cargo build --verbose --locked -p em-app -p get-certificate -p harmonize --target=x86_64-fortanix-unknown-sgx | ||
|
||
- name: Generate API docs | ||
run: ./doc/generate-api-docs.sh | ||
|
This file was deleted.
Oops, something went wrong.