Skip to content

update GitHub actions #11

update GitHub actions

update GitHub actions #11

Workflow file for this run

# This is based on
# <https://github.com/ongardie/cubicle/blob/b307fe9/.github/workflows/main.yaml>
# with Diego's permission. The initial workflow YAML skeleton before that was
# based on
# <https://github.com/actions-rs/example/blob/master/.github/workflows/quickstart.yml>
# and
# <https://github.com/ramosbugs/oauth2-rs/blob/main/.github/workflows/main.yml>.
#
# GitHub Actions workflow syntax documentation is here:
# <https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions>.
name: CI
on:
pull_request: {}
push:
branches:
- main
workflow_dispatch: {}
env:
INSTALL_RUST_VERSION: "1.75"
jobs:
rust_ppc:
name: Build PPC
runs-on: ubuntu-22.04
timeout-minutes: 20
steps:
- name: Check out sources
uses: actions/checkout@v4
with:
submodules: recursive
- name: Free up some space on image
# see https://github.com/actions/runner-images/issues/2840
run: |
sudo rm -rf /usr/share/dotnet
shell: bash
- name: Install Rust with source
uses: actions-rs/toolchain@v1
with:
components: rust-src
default: true
profile: minimal
toolchain: ${{ env.INSTALL_RUST_VERSION }}
- name: Install PowerPC cross-compile dependencies
run: sudo apt update && sudo apt install qemu-user qemu-user-binfmt gcc-12-powerpc-linux-gnu
- name: Cross Compile PowerPC
run: ./build-ppc.sh
- name: Run unit tests on PowerPC
run: ./test-ppc.sh
cross_version_sdk:
# runs the latest realm code built with its particular sdk version
# with a client built from a specific sdk release.
name: SDK Cross version test
runs-on: ubuntu-22.04
timeout-minutes: 20
strategy:
matrix:
sdk_version: ["0.3.0", "main"]
steps:
- name: Check out hsm sources
uses: actions/checkout@v4
with:
submodules: recursive
- name: Check out sdk client sources
uses: actions/checkout@v4
with:
repository: "juicebox-systems/juicebox-sdk"
ref: ${{ matrix.sdk_version }}
path: "sdk_client"
submodules: recursive
- name: setup environment
uses: ./.github/actions/setup
with:
rust_version: ${{ env.INSTALL_RUST_VERSION }}
- name: build realm
uses: actions-rs/cargo@v1
with:
command: build
- name: Build client
uses: actions-rs/cargo@v1
with:
command: build
args: --manifest-path sdk_client/rust/cli/demo/Cargo.toml
- name: Run demo
run: |
RUST_BACKTRACE=1 target/debug/demo_runner --demo sdk_client/target/debug/demo
shell: bash
cross_version_hsm:
# Runs the latest realm code against an older version of the software HSM
# This helps ensure we move the agent code forward without breaking compatability
# with the deployed and un-updatable hsm code.
name: HSM Cross version test
# Use same runner as Lint & Test. See comment there.
runs-on: ubuntu-latest
timeout-minutes: 20
strategy:
matrix:
# Cancel Prepared Transfer fix (PR #462).
hsm_version: ["19a29d9f7dfd20f210f377d1ff9d22685d238ea1"]
steps:
- name: Check out sources
uses: actions/checkout@v4
with:
submodules: recursive
- name: Check out versioned hsm
uses: actions/checkout@v4
with:
ref: ${{ matrix.hsm_version }}
path: "versioned_hsm"
submodules: recursive
- name: Setup environment
uses: ./.github/actions/setup
with:
rust_version: ${{ env.INSTALL_RUST_VERSION }}
- name: Build versioned software HSM
uses: actions-rs/cargo@v1
with:
command: build
args: --manifest-path versioned_hsm/Cargo.toml -p software_hsm
- name: Build realm
uses: actions-rs/cargo@v1
with:
command: build
- name: Run realm tests with versioned software HSM
uses: actions-rs/cargo@v1
with:
command: test
env:
RUST_BACKTRACE: '1'
SOFTWARE_HSM_DIR: ${{ github.workspace }}/versioned_hsm/target/debug
lint_and_test:
name: Lint & Test
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Check out sources
uses: actions/checkout@v4
with:
submodules: recursive
- name: setup environment
uses: ./.github/actions/setup
with:
rust_version: ${{ env.INSTALL_RUST_VERSION }}
- name: Run cargo build
uses: actions-rs/cargo@v1
with:
command: build
- name: Print build info
run: target/debug/load_balancer --version
- name: Run cargo test
uses: actions-rs/cargo@v1
with:
args: --workspace --exclude 'entrust*' --package entrust_ops
command: test
env:
RUST_BACKTRACE: '1'
- name: Run cargo fmt
uses: actions-rs/cargo@v1
with:
args: --all -- --check
command: fmt
- name: Run clippy
uses: actions-rs/cargo@v1
with:
args: --workspace --tests --exclude 'entrust*' --package entrust_ops -- -D warnings
command: clippy
- name: Install graphviz
run: sudo apt install graphviz
- name: Delete Merkle tree paper outputs
run: |
rm -r docs/merkle_tree/
git restore --source HEAD \
docs/merkle_tree/intro/system.dot \
docs/merkle_tree/intro/stacked_box.png \
docs/merkle_tree/storage/base128.dot \
docs/merkle_tree/merkle.typ \
docs/merkle_tree/references.bib \
docs/merkle_tree/template.typ \
docs/merkle_tree/to_tree.py
- name: Compile Merkle tree paper
uses: actions-rs/cargo@v1
with:
command: run
args: --package merkle_tree_docgen
- name: Check Merkle tree paper outputs
run: git diff --exit-code -- docs/merkle_tree
- name: Run Merkle tree paper Python
run: python3 docs/merkle_tree/to_tree.py
- name: Check SDK dependency versions agree
run: ./scripts/check-sdk-deps.py
# Disabled, as the ncipher-shield-firmware is not proprietary and no longer hosted by us
# in a way that Github Actions can access.
# entrust:
# name: Build Entrust
# runs-on: ubuntu-latest
# timeout-minutes: 20
# steps:
# - name: Check out sources
# uses: actions/checkout@v4
# with:
# submodules: recursive
# - name: Install Rust
# uses: actions-rs/toolchain@v1
# with:
# components: clippy, rustfmt, rust-src
# default: true
# profile: minimal
# toolchain: ${{ env.INSTALL_RUST_VERSION }}
# - name: Use Rust Cache
# uses: Swatinem/rust-cache@v2
# - name: Authenticate to Google Cloud
# uses: google-github-actions/auth@v1
# with:
# credentials_json: '${{ secrets.GCP_SERVICE_ACCOUNT }}'
# - name: Download Codesafe from Google Cloud Storage
# run: |
# gcloud storage cp 'gs://ncipher-nshield-firmware/2023-08 v13.4 codesafe firmware secworld/Codesafe_Lin64-13.4.3.iso.zip' .
# echo '7d6eaff0548d90143d35834f1ea1cf092321e9003e10e14895a01a6f412adadb Codesafe_Lin64-13.4.3.iso.zip' | sha256sum -c -
# - name: Install Codesafe
# run: |
# unzip Codesafe_Lin64-13.4.3.iso.zip
# 7z e Codesafe_Lin64-13.4.3.iso linux/amd64/csd.tar.gz
# sudo tar -C / -xf csd.tar.gz
# rm Codesafe_Lin64-13.4.3.iso.zip Codesafe_Lin64-13.4.3.iso csd.tar.gz
# - name: Run clippy (entrust* crates)
# uses: actions-rs/cargo@v1
# with:
# args: --tests --package 'entrust*' -- -D warnings
# command: clippy
# - name: Run cargo build (entrust* crates)
# uses: actions-rs/cargo@v1
# with:
# args: --package 'entrust*'
# command: build
# - name: Run cargo test (entrust* crates)
# uses: actions-rs/cargo@v1
# with:
# args: --package 'entrust*'
# command: test
# env:
# RUST_BACKTRACE: '1'
# - name: Run release build
# uses: actions-rs/cargo@v1
# with:
# args: --all --release
# command: build
# - name: Run cargo build (PPC entrust_hsm.elf)
# run: ./entrust_hsm/compile_linux.sh --features insecure
# - name: Publish build to GCP bucket
# if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
# run: |
# PROJECT='juicebox-infra'
# # bucket is sha1("ci-builds\n")
# GSPATH="9c39e3ca5fca69f058b9e673aef193b10d9e8c48/${{github.sha}}/"
# gcloud storage cp \
# "target/release/cluster" \
# "target/release/cluster_bench" \
# "target/release/cluster_manager" \
# "target/release/load_balancer" \
# "target/release/service_checker" \
# "target/release/software_agent" \
# "target/release/software_hsm" \
# "target/release/chaos" \
# "target/release/entrust_agent" \
# "target/release/entrust_init" \
# "target/release/entrust_ops" \
# "target/powerpc-unknown-linux-gnu/release/entrust_hsm.elf" \
# "gs://$GSPATH/"