migrate to github action #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| paths-ignore: | |
| - '*.md' | |
| - 'LICENSE' | |
| branches: | |
| - staging | |
| - trying | |
| - master | |
| pull_request: | |
| paths-ignore: | |
| - '*.md' | |
| - 'LICENSE' | |
| branches: | |
| - master | |
| merge_group: | |
| env: | |
| RUST_BACKTRACE: 1 | |
| CARGO_TERM_COLOR: always | |
| CARGO_INCREMENTAL: 0 | |
| CARGO_NET_RETRY: 10 | |
| jobs: | |
| test: | |
| name: Build+Test | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install additional dependencies | |
| run: | | |
| add_repository_with_key() { | |
| gpg_key="$1.gpg" | |
| cat "$1" | gpg --dearmor > "$gpg_key" | |
| sudo install -o root -g root -m 644 "$gpg_key" /usr/share/keyrings/ | |
| sudo echo "deb [arch=amd64 signed-by=/usr/share/keyrings/$gpg_key] $2" >> /etc/apt/sources.list.d/additional-dependencies-focal.list | |
| sudo rm "$gpg_key" | |
| } | |
| add_repository_with_key intel-sgx-deb.key "https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" | |
| add_repository_with_key llvm-snapshot.gpg.key "http://apt.llvm.org/focal/ llvm-toolchain-focal-11 main" | |
| sudo apt-get update -y | |
| sudo apt-get install -y faketime protobuf-compiler libsgx-dcap-ql-dev clang-11 musl-tools | |
| - name: Setup Rust toolchain | |
| run: | | |
| rustup target add x86_64-fortanix-unknown-sgx x86_64-unknown-linux-musl | |
| rustup toolchain add nightly | |
| rustup target add x86_64-fortanix-unknown-sgx --toolchain nightly | |
| rustup update | |
| - name: Cargo test --all --exclude sgxs-loaders | |
| run: cargo test --verbose --locked --all --exclude sgxs-loaders && [ "$(echo $(nm -D target/debug/sgx-detect|grep __vdso_sgx_enter_enclave))" = "w __vdso_sgx_enter_enclave" ] | |
| - name: Cargo test -p dcap-ql --features link | |
| run: cargo test --verbose --locked -p dcap-ql --features link | |
| - name: Cargo test -p dcap-ql --features verify | |
| run: cargo test --verbose --locked -p dcap-ql --features verify | |
| - name: Cargo test -p ias --features mbedtls | |
| run: cargo test --verbose --locked -p ias --features mbedtls | |
| - name: Cargo test -p ias --features client,mbedtls | |
| run: cargo test --verbose --locked -p ias --features client,mbedtls | |
| # uses backtrace, which still requires nightly on SGX | |
| - name: Nightly build -p aesm-client --target=x86_64-fortanix-unknown-sgx | |
| run: cargo +nightly build --verbose --locked -p aesm-client --target=x86_64-fortanix-unknown-sgx | |
| # uses sgxstd feature | |
| - name: Nightly build -p aesm-client --target=x86_64-fortanix-unknown-sgx --features sgx-isa/sgxstd | |
| run: cargo +nightly build --verbose --locked -p aesm-client --target=x86_64-fortanix-unknown-sgx --features sgx-isa/sgxstd | |
| - name: Nightly test -p sgx-isa --features sgxstd --target x86_64-fortanix-unknown-sgx --no-run | |
| run: cargo +nightly test --verbose --locked -p sgx-isa --features sgxstd --target x86_64-fortanix-unknown-sgx --no-run | |
| # Unfortunately running `faketime '2021-09-10 11:00:00 GMT' cargo test -p nitro-attestation-verify` causes a segmentation | |
| # fault while compiling. We only execute `faketime` during the tests | |
| #- run: cargo test --locked -p nitro-attestation-verify --no-run && faketime '2021-09-08 11:00:00 GMT' cargo test --locked -p nitro-attestation-verify --lib | |
| - name: Cargo test nitro-attestation-verify with faketime | |
| run: cargo test --locked -p nitro-attestation-verify --no-run && faketime '2021-09-10 11:00:00 GMT' cargo test --locked -p nitro-attestation-verify --lib | |
| - name: Build fortanix-sgx-tools for x86_64-unknown-linux-musl | |
| # NOTE: Skipping linking with the glibc version of OpenSSL to produce a musl based binary. It is unlikely that this would produce a working binary anyway. | |
| run: | | |
| mkdir -p /tmp/muslinclude | |
| ln -sf /usr/include/x86_64-linux-gnu/openssl /tmp/muslinclude/openssl | |
| PKG_CONFIG_ALLOW_CROSS=1 CFLAGS=-I/tmp/muslinclude CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=true cargo build --locked -p fortanix-sgx-tools --target x86_64-unknown-linux-musl | |
| - name: Build em-app, get-certificate, harmonize for x86_64-unknown-linux-musl | |
| run: cargo build --verbose --locked -p em-app -p get-certificate -p harmonize --target=x86_64-unknown-linux-musl | |
| - name: Build em-app, get-certificate, harmonize for x86_64-fortanix-unknown-sgx | |
| run: cargo build --verbose --locked -p em-app -p get-certificate -p harmonize --target=x86_64-fortanix-unknown-sgx | |
| - name: Generate API docs | |
| run: ./doc/generate-api-docs.sh | |