Include the patched version of aws-nitro-enclaves-cose in the repo and packit enhancements #2620
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
name: Continuous integration | |
jobs: | |
docs: | |
name: Test docs building | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/jekyll-build-pages@main | |
with: | |
source: ./docs | |
verbose: true | |
containers: | |
name: Build containers | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Build containers | |
uses: ./.github/actions/build_containers | |
check-spelling: | |
name: Check spelling | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check spelling | |
uses: codespell-project/actions-codespell@master | |
with: | |
builtin: clear,rare,usage,code,en-GB_to_en-US | |
check_filenames: true | |
check_hidden: true | |
ignore_words_file: .github/spellcheck-ignore | |
skip: "./docs/Gemfile.lock,./docs/_config.yml,./.github,./.git,./external" | |
fmt: | |
name: Rustfmt | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
toolchain: stable | |
- run: cargo fmt --all -- --check | |
gofmt: | |
name: Gofmt | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- run: if [ "$(gofmt -d -s -l . | tee /dev/stderr | wc -l)" -gt 0 ]; then exit 1; fi | |
clippy: | |
name: Clippy | |
runs-on: ubuntu-latest | |
container: fedora:latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-cargo-clippy-${{ hashFiles('**/Cargo.lock') }} | |
- name: Install deps | |
run: | | |
dnf install -y make gcc openssl openssl-devel findutils golang git tpm2-tss-devel clevis cryptsetup-devel clang-devel | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
toolchain: stable | |
components: clippy | |
- run: cargo clippy -- -D warnings -D clippy::panic -D clippy::todo | |
build_and_test: | |
runs-on: ubuntu-latest | |
container: fedora:latest | |
steps: | |
- name: Install deps | |
run: | | |
dnf install -y make gcc openssl openssl-devel findutils golang git tpm2-tss-devel swtpm swtpm-tools git clevis clevis-luks cryptsetup cryptsetup-devel clang-devel cracklib-dicts sqlite sqlite-devel libpq libpq-devel | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Fix git trust | |
run: git config --global --add safe.directory /__w/fido-device-onboard-rs/fido-device-onboard-rs | |
- name: Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
toolchain: stable | |
- name: Build | |
run: cargo build --workspace | |
- name: Run tests | |
env: | |
FDO_PRIVILEGED: true | |
PER_DEVICE_SERVICEINFO: false | |
SQLITE_MANUFACTURER_DATABASE_URL: ../ci-manufacturer-db.sqlite | |
SQLITE_OWNER_DATABASE_URL: ../ci-owner-db.sqlite | |
SQLITE_RENDEZVOUS_DATABASE_URL: ../ci-rendezvous-db.sqlite | |
run: | | |
# prep for database tests | |
cargo install --force diesel_cli --no-default-features --features sqlite | |
diesel migration run --migration-dir ./migrations/migrations_manufacturing_server_sqlite --database-url ./ci-manufacturer-db.sqlite | |
diesel migration run --migration-dir ./migrations/migrations_owner_onboarding_server_sqlite --database-url ./ci-owner-db.sqlite | |
diesel migration run --migration-dir ./migrations/migrations_rendezvous_server_sqlite --database-url ./ci-rendezvous-db.sqlite | |
# run tests | |
cargo test --workspace | |
# delete sqlite databases | |
rm -f ./ci-manufacturer-db.sqlite ./ci-owner-db.sqlite ./ci-rendezvous-db.sqlite | |
- name: Check aio | |
run: | | |
mkdir aio-dir/ | |
./target/debug/fdo-admin-tool aio --directory aio-dir/ & | |
AIO_PID=$! | |
sleep 5 | |
if [ -d /proc/$AIO_PID ]; then rm -rf aio-dir; else exit 1; fi | |
# This is primarily to ensure that changes to fdo_data.h are committed, | |
# which is critical for determining whether any stability changes were made | |
# during the PR review. | |
- name: Ensure building did not change any code | |
run: | | |
git diff --exit-code | |
postgres_test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Run test | |
run: test/fdo-postgres.sh | |
commitlint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 'latest' | |
- name: Install commitlint dependencies | |
run: npm install commitlint | |
- uses: wagoid/commitlint-github-action@v5 | |
env: | |
NODE_PATH: ${{ github.workspace }}/node_modules | |
with: | |
configFile: .github/commitlint.config.mjs | |
failOnWarnings: true | |
manpages: | |
name: Test man page generation | |
runs-on: ubuntu-latest | |
container: fedora:latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: install deps | |
run: | | |
dnf install -y make python3-docutils | |
- name: generate man pages | |
run: make man | |
devcontainer_test: | |
name: Test Devcontainer Creation | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install devcontainer CLI | |
run: npm install -g @vscode/dev-container-cli | |
- name: Build devcontainer | |
run: devcontainer build --image-name devcontainer-fdo-rs . | |
- name: Test building in devcontainer | |
run: docker run --rm -v `pwd`:/code:z --workdir /code --user root devcontainer-fdo-rs cargo build --workspace --verbose | |
- name: Test testing in devcontainer | |
run: | | |
docker run -d -v `pwd`:/code:z --workdir /code --user root -e SQLITE_MANUFACTURER_DATABASE_URL='../ci-manufacturer-db.sqlite' -e SQLITE_OWNER_DATABASE_URL='../ci-owner-db.sqlite' -e SQLITE_RENDEZVOUS_DATABASE_URL='../ci-rendezvous-db.sqlite' --name tests devcontainer-fdo-rs sleep infinity | |
docker exec --user root tests cargo build --lib --bins --workspace --verbose | |
docker exec --user root tests diesel migration run --migration-dir ./migrations/migrations_manufacturing_server_sqlite --database-url ./ci-manufacturer-db.sqlite | |
docker exec --user root tests diesel migration run --migration-dir ./migrations/migrations_owner_onboarding_server_sqlite --database-url ./ci-owner-db.sqlite | |
docker exec --user root tests diesel migration run --migration-dir ./migrations/migrations_rendezvous_server_sqlite --database-url ./ci-rendezvous-db.sqlite | |
docker exec --user root tests cargo test -- --ignored | |
docker stop tests | |
docker rm tests |