Merge branch 'main' into dependabot/github_actions/actions/checkout-4

fdo-rs · Nov 26, 2024 · 95150a2 · 95150a2
2 parents 3e565ee + b526926
commit 95150a2
Show file tree

Hide file tree

Showing 108 changed files with 6,252 additions and 1,147 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,9 +1,13 @@
 FROM fedora:latest
 
+ENV PATH "$PATH:/home/vscode/.cargo/bin"
+
 RUN bash -c "$(curl -fsSL "https://raw.githubusercontent.com/microsoft/vscode-dev-containers/main/script-library/common-redhat.sh")" -- "true" "vscode" "1000" "1000" "true"
 
 RUN dnf install -y \
-    sudo git cargo rust rust-src git-core openssl-devel clippy rustfmt golang tpm2-tss-devel clevis clevis-luks cryptsetup cryptsetup-devel clang-devel \
+    sudo git cargo rust rust-src git-core openssl openssl-devel clippy rustfmt golang tpm2-tss-devel clevis clevis-luks cryptsetup cryptsetup-devel clang-devel sqlite sqlite-devel libpq libpq-devel \
     && dnf clean all
 
 USER vscode
+
+RUN cargo install --force diesel_cli --no-default-features --features sqlite
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -3,7 +3,13 @@
 	"build": {
 		"dockerfile": "Dockerfile"
 	},
+	"containerUser": "vscode",
+	"updateRemoteUserUID": true,
+	"containerEnv": {
+		"HOME": "/home/vscode"
+	},
 	"runArgs": [
+		"--userns=keep-id:uid=1000,gid=1000",
 		"--cap-add=SYS_PTRACE",
 		"--security-opt",
 		"seccomp=unconfined"
@@ -18,8 +24,20 @@
 		"mutantdino.resourcemonitor",
 		"matklad.rust-analyzer",
 		"tamasfe.even-better-toml",
-		"serayuzgur.crates"
+		"serayuzgur.crates",
+		"rust-lang.rust-analyzer"
 	],
+	"remoteEnv": {
+		"PATH": "${containerEnv:PATH}:/home/vscode/.cargo/bin",
+		"SQLITE_MANUFACTURER_DATABASE_URL": "../ci-manufacturer-db.sqlite",
+		"SQLITE_OWNER_DATABASE_URL": "../ci-owner-db.sqlite",
+		"SQLITE_RENDEZVOUS_DATABASE_URL": "../ci-rendezvous-db.sqlite"
+	},
+	"containerEnv": {
+		"SQLITE_MANUFACTURER_DATABASE_URL": "../ci-manufacturer-db.sqlite",
+		"SQLITE_OWNER_DATABASE_URL": "../ci-owner-db.sqlite",
+		"SQLITE_RENDEZVOUS_DATABASE_URL": "../ci-rendezvous-db.sqlite"
+	},
 	"hostRequirements": {
 		"memory": "4gb"
 	},
@@ -28,5 +46,6 @@
 		"cargo",
 		"build"
 	],
+	"postCreateCommand": "cargo install --force diesel_cli --no-default-features --features sqlite && diesel migration run --migration-dir ./migrations/migrations_manufacturing_server_sqlite --database-url ./ci-manufacturer-db.sqlite && diesel migration run --migration-dir ./migrations/migrations_owner_onboarding_server_sqlite --database-url ./ci-owner-db.sqlite && diesel migration run --migration-dir ./migrations/migrations_rendezvous_server_sqlite --database-url ./ci-rendezvous-db.sqlite",
 	"waitFor": "onCreateCommand"
 }
diff --git a/.github/commitlint.config.js b/.github/commitlint.config.js
@@ -1,15 +1,15 @@
 /* eslint-disable import/no-extraneous-dependencies */
-const { maxLineLength } = require('@commitlint/ensure')
+const validateBodyMaxLengthIgnoringDeps = async (parsedCommit) => {
+  const { maxLineLength } = await import('@commitlint/ensure');
 
-const bodyMaxLineLength = 100
-
-const validateBodyMaxLengthIgnoringDeps = (parsedCommit) => {
   const { type, scope, body } = parsedCommit
   const isDepsCommit =
       type === 'chore'
       && body != null
       && body.includes('Updates the requirements on');
 
+  const bodyMaxLineLength = 100;
+
   return [
     isDepsCommit || !body || maxLineLength(body, bodyMaxLineLength),
     `body's lines must not be longer than ${bodyMaxLineLength}`,

diff --git a/.github/spellcheck-ignore b/.github/spellcheck-ignore
@@ -5,3 +5,4 @@ ser
 childs
 ot
 marshalling
+te
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -26,6 +26,6 @@ jobs:
           ignore-globs: '**/examples/**'
 
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: devskim-results.sarif
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -63,7 +63,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/.cargo/bin/
@@ -87,14 +87,14 @@ jobs:
     steps:
       - name: Install deps
         run: |
-          dnf install -y make gcc openssl openssl-devel findutils golang git tpm2-tss-devel swtpm swtpm-tools git clevis clevis-luks cryptsetup cryptsetup-devel clang-devel cracklib-dicts
-      - uses: actions/checkout@v4
+          dnf install -y make gcc openssl openssl-devel findutils golang git tpm2-tss-devel swtpm swtpm-tools git clevis clevis-luks cryptsetup cryptsetup-devel clang-devel cracklib-dicts sqlite sqlite-devel libpq libpq-devel
+      - uses: actions/checkout@v3
         with:
           persist-credentials: false
       - name: Fix git trust
         run: git config --global --add safe.directory /__w/fido-device-onboard-rs/fido-device-onboard-rs
       - name: Cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/.cargo/bin/
@@ -112,7 +112,19 @@ jobs:
         env:
           FDO_PRIVILEGED: true
           PER_DEVICE_SERVICEINFO: false
-        run: cargo test --workspace
+          SQLITE_MANUFACTURER_DATABASE_URL: ../ci-manufacturer-db.sqlite
+          SQLITE_OWNER_DATABASE_URL: ../ci-owner-db.sqlite
+          SQLITE_RENDEZVOUS_DATABASE_URL: ../ci-rendezvous-db.sqlite
+        run: |
+          # prep for database tests
+          cargo install --force diesel_cli --no-default-features --features sqlite
+          diesel migration run --migration-dir ./migrations/migrations_manufacturing_server_sqlite --database-url ./ci-manufacturer-db.sqlite
+          diesel migration run --migration-dir ./migrations/migrations_owner_onboarding_server_sqlite --database-url ./ci-owner-db.sqlite
+          diesel migration run --migration-dir ./migrations/migrations_rendezvous_server_sqlite --database-url ./ci-rendezvous-db.sqlite
+          # run tests
+          cargo test --workspace
+          # delete sqlite databases
+          rm -f ./ci-manufacturer-db.sqlite ./ci-owner-db.sqlite ./ci-rendezvous-db.sqlite
       - name: Check aio
         run: |
           mkdir aio-dir/
@@ -127,6 +139,15 @@ jobs:
         run: |
           git diff --exit-code
 
+  postgres_test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Run test
+        run: test/fdo-postgres.sh
+
   commitlint:
     runs-on: ubuntu-latest
     steps:
@@ -168,3 +189,13 @@ jobs:
         run: devcontainer build --image-name devcontainer-fdo-rs .
       - name: Test building in devcontainer
         run: docker run --rm -v `pwd`:/code:z --workdir /code --user root devcontainer-fdo-rs cargo build --workspace --verbose
+      - name: Test testing in devcontainer
+        run: |
+          docker run -d -v `pwd`:/code:z --workdir /code --user root -e SQLITE_MANUFACTURER_DATABASE_URL='../ci-manufacturer-db.sqlite' -e SQLITE_OWNER_DATABASE_URL='../ci-owner-db.sqlite' -e SQLITE_RENDEZVOUS_DATABASE_URL='../ci-rendezvous-db.sqlite' --name tests devcontainer-fdo-rs sleep infinity
+          docker exec --user root tests cargo build --lib --bins --workspace --verbose
+          docker exec --user root tests diesel migration run --migration-dir ./migrations/migrations_manufacturing_server_sqlite --database-url ./ci-manufacturer-db.sqlite
+          docker exec --user root tests diesel migration run --migration-dir ./migrations/migrations_owner_onboarding_server_sqlite --database-url ./ci-owner-db.sqlite
+          docker exec --user root tests diesel migration run --migration-dir ./migrations/migrations_rendezvous_server_sqlite --database-url ./ci-rendezvous-db.sqlite
+          docker exec --user root tests cargo test -- --ignored
+          docker stop tests
+          docker rm tests
diff --git a/.packit.yaml b/.packit.yaml
@@ -1,3 +1,4 @@
+---
 # https://packit.dev/docs/configuration/
 
 specfile_path: fido-device-onboard.spec
@@ -13,36 +14,66 @@ upstream_tag_template: v{version}
 copy_upstream_release_description: true
 
 srpm_build_deps:
-- cargo
+    - cargo
+    - openssl-devel
 
 actions:
-  create-archive:
-  - "cargo vendor vendor"
-  - bash -c "git archive --prefix=fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}/ --format=tar HEAD > fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
-  - bash -c "tar -xvf fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
-  - bash -c "cp -Ra vendor fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}"
-  - bash -c "tar -czf fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar.gz fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}"
-  - bash -c "rm -rf fido-device-onboard-rs-${PACKIT_PROJECT_VERSION} fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar vendor"
-  - bash -c "ls -1 ./fido-device-onboard-rs-*.tar.gz"
-  fix-spec-file:
-  - sed -i fido-device-onboard.spec -e "s/with_packit 0/with_packit 1/"
-  - bash -c "sed -i -r \"s/Release:(\s*)\S+/Release:\1${PACKIT_RPMSPEC_RELEASE}%{?dist}/\" fido-device-onboard.spec"
+    create-archive:
+        - bash -c "cp ./patches/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch ."
+        - bash -c "git archive --prefix=fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}/ --format=tar HEAD > fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
+        - bash -c "./make-vendored-tarfile.sh ${PACKIT_PROJECT_VERSION}"
+        - bash -c "tar -xvf fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
+        - bash -c "ls -1 ./fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
 
 jobs:
-- job: copr_build
-  trigger: pull_request
-  targets:
-  - centos-stream-9-aarch64
-  - centos-stream-9-x86_64
-  - fedora-development-aarch64
-  - fedora-development
-- job: copr_build
-  trigger: commit
-  branch: main
-  owner: "@fedora-iot" # copr repo namespace
-  project: fedora-iot  # copr repo name so you can consume the builds
-  targets:
-  - centos-stream-9-aarch64
-  - centos-stream-9-x86_64
-  - fedora-development-aarch64
-  - fedora-development
+    - &fdo_copr_build
+      job: copr_build
+      trigger: pull_request
+      targets:
+          centos-stream-9: {}
+          fedora-latest-stable: {}
+          fedora-latest: {}
+          fedora-rawhide: {}
+#          fedora-eln:
+#              additional_repos:
+#                  - https://kojipkgs.fedoraproject.org/repos/eln-build/latest/$basearch/
+
+    - job: tests
+      trigger: pull_request
+      identifier: onboarding
+      fmf_path: test/fmf
+      tmt_plan: plans/onboarding
+      targets:
+          centos-stream-9: {}
+          fedora-latest-stable: {}
+          fedora-latest: {}
+          fedora-rawhide: {}
+#          fedora-eln: {}
+
+    - job: sync_from_downstream
+      trigger: commit
+
+    - job: propose_downstream
+      trigger: release
+      dist_git_branches:
+        - fedora-development
+        - fedora-latest-stable
+
+    - job: koji_build
+      trigger: commit
+      dist_git_branches:
+        - fedora-development
+        - fedora-latest-stable
+
+    - job: bodhi_update
+      trigger: commit
+      dist_git_branches:
+        - fedora-development
+        - fedora-latest-stable
+
+    - <<: *fdo_copr_build
+      trigger: commit
+      branch: main
+      owner: "@fedora-iot"  # copr repo namespace
+      project: fedora-iot   # copr repo name so you can consume the builds
+...
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,3 +5,4 @@ ser @@
     childs
     ot
     marshalling
+    te