-
Notifications
You must be signed in to change notification settings - Fork 99
145 lines (124 loc) · 5.43 KB
/
image_rs_build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: image-rs build
on:
push:
branches:
- 'main'
paths:
- 'image-rs/**'
- '.github/workflows/image_rs_build.yml'
- 'Cargo.toml'
- 'Cargo.lock'
pull_request:
paths:
- 'image-rs/**'
- '.github/workflows/image_rs_build.yml'
- 'Cargo.toml'
- 'Cargo.lock'
create:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
ci:
if: github.event_name != 'push'
name: Check
defaults:
run:
working-directory: ./image-rs
strategy:
fail-fast: false
matrix:
rust:
- 1.83.0
- stable
instance:
- ubuntu-24.04
- s390x
runs-on: ${{ matrix.instance }}
steps:
- name: Code checkout
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Install Rust toolchain (${{ matrix.rust }})
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: ${{ matrix.rust }}
override: true
components: rustfmt, clippy
- name: Install nettle-sys building dependence
run: |
sudo apt install -y clang llvm pkg-config nettle-dev protobuf-compiler libprotobuf-dev
- uses: ./.github/actions/install-intel-dcap
with:
ubuntu-version: noble
if: matrix.instance == 'ubuntu-24.04'
- name: Install TPM dependencies
run: |
sudo apt-get update
sudo apt-get install -y libtss2-dev
if: matrix.instance == 'ubuntu-24.04'
- name: Install dm-verity dependencies
run: |
sudo apt-get update
sudo apt-get install -y libdevmapper-dev
if: matrix.instance == 'ubuntu-24.04'
- name: Install cross-compliation support dependencies
run: |
sudo apt install -y gcc-powerpc64le-linux-gnu
rustup target add powerpc64le-unknown-linux-gnu
if: matrix.instance == 'ubuntu-24.04'
- name: Run cargo fmt check
uses: actions-rs/cargo@v1
with:
command: fmt
args: -p image-rs -- --check
- name: Run rust lint check (all platforms)
run: |
cargo clippy -p image-rs --all-targets --features=default -- -D warnings
cargo clippy -p image-rs --all-targets --features=kata-cc-rustls-tls --no-default-features -- -D warnings
cargo clippy -p image-rs --all-targets --features=kata-cc-native-tls --no-default-features -- -D warnings
cargo clippy -p image-rs --all-targets --features=kata-cc-native-tls,signature-simple-xrss --no-default-features -- -D warnings
- name: Run rust lint check (x86_64 only)
run: |
cargo clippy -p image-rs --all-targets --features=enclave-cc-cckbc-native-tls --no-default-features -- -D warnings
cargo clippy -p image-rs --all-targets --features=kata-cc-native-tls,nydus --no-default-features -- -D warnings
if: matrix.instance == 'ubuntu-24.04'
- name: Run cargo build
uses: actions-rs/cargo@v1
with:
command: build
args: -p image-rs --features default
- name: Run cargo build, cross-compiling for powerpc64le
run: |
sudo -E PATH=$PATH -s RUSTFLAGS=" -C linker=powerpc64le-linux-gnu-gcc" cargo build --target powerpc64le-unknown-linux-gnu -p image-rs --features default
if: matrix.instance == 'ubuntu-24.04'
- name: Run cargo test - default
run: |
sudo -E PATH=$PATH -s cargo test -p image-rs --features default
- name: Run cargo test - kata-cc (rust-tls version) with keywrap-grpc + keywrap-jwe
run: |
sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=encryption-ring,keywrap-grpc,snapshot-overlayfs,signature-cosign-rustls,signature-simple,kbs,oci-client/rustls-tls,keywrap-jwe
- name: Run cargo test - kata-cc (native-tls version) with keywrap-grpc + keywrap-jwe
run: |
sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=encryption-openssl,keywrap-grpc,snapshot-overlayfs,signature-cosign-native,signature-simple,kbs,oci-client/native-tls,keywrap-jwe
- name: Run cargo test - kata-cc (rust-tls version) with keywrap-ttrpc (default) + keywrap-jwe
run: |
sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=kata-cc-rustls-tls,keywrap-jwe
- name: Run cargo test - kata-cc (native-tls version) with keywrap-ttrpc (default) + keywrap-jwe
run: |
sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=kata-cc-native-tls,keywrap-jwe
- name: Clean test cache
run: |
sudo -E PATH=$PATH -s cargo clean
- name: Run cargo test - kata-cc (native-tls version) with keywrap-ttrpc (default) + keywrap-jwe and with signatures from XRSS registry extension
env:
AUTH_PASSWORD: ${{ secrets.SH_ICR_API_KEY }}
run: |
sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=kata-cc-native-tls,keywrap-jwe,signature-simple-xrss
- name: Run cargo test - kata-cc (native-tls version) with keywrap-ttrpc (default) + keywrap-jwe + nydus
run: |
sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=kata-cc-native-tls,keywrap-jwe,nydus
if: matrix.instance == 'ubuntu-24.04'