diff --git a/.github/workflows/create_aca_images.yml b/.github/workflows/create_aca_images.yml index 12677cb2f..9cda9434a 100644 --- a/.github/workflows/create_aca_images.yml +++ b/.github/workflows/create_aca_images.yml @@ -17,7 +17,7 @@ env: PUBLIC_IMAGE_NAME: ghcr.io/nsacyber/hirs/aca PUBLIC_IMAGE_TAG_LATEST: ghcr.io/nsacyber/hirs/aca:latest TAG_LATEST: ${{ github.event_name == 'release' || inputs.also_tag_latest }} # The public docker image will be tagged 'latest' for releases, or if this option is manually selected. -jobs: +jobs: setup: runs-on: ubuntu-latest outputs: @@ -27,44 +27,44 @@ jobs: WINDOWS_COMPAT_IMAGE_TAG: ${{ steps.setenv.outputs.WINDOWS_COMPAT_IMAGE_TAG }} PUBLIC_IMAGE_TAG: ${{ steps.setenv.outputs.PUBLIC_IMAGE_TAG }} steps: - - name: Set env - id: setenv - shell: bash - run: | - # Parse docker image tag from GitHub tag if available - if [ "${{ github.ref_type }}" = "tag" ]; then - # tags start with refs/tags/. Also remove v if it exists. - export IMAGE_TAG_VAR=${GITHUB_REF:10} - export IMAGE_TAG_VAR=${IMAGE_TAG_VAR//v/} - else - # Not a tag, use the commit hash. Do not tag as latest. - export IMAGE_TAG_VAR=${GITHUB_SHA:0:7} - fi - # To lowercase - export IMAGE_TAG_VAR=${IMAGE_TAG_VAR,,} - - # Save to output - echo "IMAGE_TAG=$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" - echo "ROCKY_IMAGE_TAG=$IMAGE_NAME_ROCKY:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" - echo "WINDOWS_IMAGE_TAG=$IMAGE_NAME_WINDOWS:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" - echo "WINDOWS_COMPAT_IMAGE_TAG=$IMAGE_NAME_WINDOWS_COMPAT:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" - echo "PUBLIC_IMAGE_TAG=$PUBLIC_IMAGE_NAME:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" - - name: Print env - run: | - echo GITHUB_REF_NAME=${{ github.ref_name }} - echo DOCKERFILE_ROCKY=$DOCKERFILE_ROCKY - echo DOCKERFILE_WINDOWS=$DOCKERFILE_WINDOWS - echo IMAGE_NAME_ROCKY=$IMAGE_NAME_ROCKY - echo IMAGE_NAME_WINDOWS=$IMAGE_NAME_WINDOWS - echo IMAGE_NAME_WINDOWS_COMPAT=$IMAGE_NAME_WINDOWS_COMPAT - echo PUBLIC_IMAGE_NAME=$PUBLIC_IMAGE_NAME - echo PUBLIC_IMAGE_TAG_LATEST=$PUBLIC_IMAGE_TAG_LATEST - echo TAG_LATEST=$TAG_LATEST - echo IMAGE_TAG=${{ steps.setenv.outputs.IMAGE_TAG }} - echo ROCKY_IMAGE_TAG=${{ steps.setenv.outputs.ROCKY_IMAGE_TAG }} - echo WINDOWS_IMAGE_TAG=${{ steps.setenv.outputs.WINDOWS_IMAGE_TAG }} - echo WINDOWS_COMPAT_IMAGE_TAG=${{ steps.setenv.outputs.WINDOWS_COMPAT_IMAGE_TAG }} - echo PUBLIC_IMAGE_TAG=${{ steps.setenv.outputs.PUBLIC_IMAGE_TAG }} + - name: Set env + id: setenv + shell: bash + run: | + # Parse docker image tag from GitHub tag if available + if [ "${{ github.ref_type }}" = "tag" ]; then + # tags start with refs/tags/. Also remove v if it exists. + export IMAGE_TAG_VAR=${GITHUB_REF:10} + export IMAGE_TAG_VAR=${IMAGE_TAG_VAR//v/} + else + # Not a tag, use the commit hash. Do not tag as latest. + export IMAGE_TAG_VAR=${GITHUB_SHA:0:7} + fi + # To lowercase + export IMAGE_TAG_VAR=${IMAGE_TAG_VAR,,} + + # Save to output + echo "IMAGE_TAG=$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" + echo "ROCKY_IMAGE_TAG=$IMAGE_NAME_ROCKY:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" + echo "WINDOWS_IMAGE_TAG=$IMAGE_NAME_WINDOWS:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" + echo "WINDOWS_COMPAT_IMAGE_TAG=$IMAGE_NAME_WINDOWS_COMPAT:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" + echo "PUBLIC_IMAGE_TAG=$PUBLIC_IMAGE_NAME:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT" + - name: Print env + run: | + echo GITHUB_REF_NAME=${{ github.ref_name }} + echo DOCKERFILE_ROCKY=$DOCKERFILE_ROCKY + echo DOCKERFILE_WINDOWS=$DOCKERFILE_WINDOWS + echo IMAGE_NAME_ROCKY=$IMAGE_NAME_ROCKY + echo IMAGE_NAME_WINDOWS=$IMAGE_NAME_WINDOWS + echo IMAGE_NAME_WINDOWS_COMPAT=$IMAGE_NAME_WINDOWS_COMPAT + echo PUBLIC_IMAGE_NAME=$PUBLIC_IMAGE_NAME + echo PUBLIC_IMAGE_TAG_LATEST=$PUBLIC_IMAGE_TAG_LATEST + echo TAG_LATEST=$TAG_LATEST + echo IMAGE_TAG=${{ steps.setenv.outputs.IMAGE_TAG }} + echo ROCKY_IMAGE_TAG=${{ steps.setenv.outputs.ROCKY_IMAGE_TAG }} + echo WINDOWS_IMAGE_TAG=${{ steps.setenv.outputs.WINDOWS_IMAGE_TAG }} + echo WINDOWS_COMPAT_IMAGE_TAG=${{ steps.setenv.outputs.WINDOWS_COMPAT_IMAGE_TAG }} + echo PUBLIC_IMAGE_TAG=${{ steps.setenv.outputs.PUBLIC_IMAGE_TAG }} rocky-image: needs: setup @@ -72,78 +72,78 @@ jobs: env: TAG: ${{ needs.setup.outputs.ROCKY_IMAGE_TAG }} steps: - - name: Checkout main - uses: actions/checkout@v4 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push a release Docker image for ${{ github.repository }} - uses: docker/build-push-action@v5 - with: - context: "{{defaultContext}}:.ci/docker" - file: Dockerfile.${{env.DOCKERFILE_ROCKY}} - build-args: REF=${{ github.ref_name }} - tags: ${{env.TAG}} - push: true - + - name: Checkout main + uses: actions/checkout@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push a release Docker image for ${{ github.repository }} + uses: docker/build-push-action@v5 + with: + context: "{{defaultContext}}:.ci/docker" + file: Dockerfile.${{env.DOCKERFILE_ROCKY}} + build-args: REF=${{ github.ref_name }} + tags: ${{env.TAG}} + push: true + windows-11-image: needs: setup runs-on: windows-latest env: TAG: ${{ needs.setup.outputs.WINDOWS_IMAGE_TAG }} steps: - - name: Checkout main - uses: actions/checkout@v4 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build the docker image for ${{ github.repository }} - run: | - cd ./.ci/docker - docker build --build-arg REF=${{ github.ref_name }} -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} . - - - name: Push the docker image - run: | - docker push ${{env.TAG}} - + - name: Checkout main + uses: actions/checkout@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the docker image for ${{ github.repository }} + run: | + cd ./.ci/docker + docker build --build-arg REF=${{ github.ref_name }} -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} . + + - name: Push the docker image + run: | + docker push ${{env.TAG}} + windows-compat-image: # This job uses a different runner and build arg than the other windows job. needs: setup runs-on: windows-2019 env: TAG: ${{ needs.setup.outputs.WINDOWS_COMPAT_IMAGE_TAG }} steps: - - name: Checkout main - uses: actions/checkout@v4 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build the docker image for ${{ github.repository }} - run: | - cd ./.ci/docker - docker build --build-arg REF=${{ github.ref_name }} -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} --build-arg BASE_IMAGE_TAG=lts-windowsservercore-1809 . - - - name: Push the docker image - run: | - docker push ${{env.TAG}} - - + - name: Checkout main + uses: actions/checkout@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build the docker image for ${{ github.repository }} + run: | + cd ./.ci/docker + docker build --build-arg REF=${{ github.ref_name }} -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} --build-arg BASE_IMAGE_TAG=lts-windowsservercore-1809 . + + - name: Push the docker image + run: | + docker push ${{env.TAG}} + + manifest: - needs: [setup, rocky-image, windows-11-image, windows-compat-image] + needs: [ setup, rocky-image, windows-11-image, windows-compat-image ] runs-on: ubuntu-latest env: IMAGE1: ${{ needs.setup.outputs.ROCKY_IMAGE_TAG }} @@ -151,34 +151,34 @@ jobs: IMAGE3: ${{ needs.setup.outputs.WINDOWS_COMPAT_IMAGE_TAG }} PUB: ${{ needs.setup.outputs.PUBLIC_IMAGE_TAG }} steps: - - name: Print env - run: | - echo IMAGE1=${{env.IMAGE1}} - echo IMAGE2=${{env.IMAGE2}} - echo IMAGE3=${{env.IMAGE3}} - echo PUB=${{env.PUB}} - - - name: Checkout main - uses: actions/checkout@v4 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Create a new manifest - run: | - docker manifest create ${{env.PUB}} --amend ${{env.IMAGE1}} --amend ${{env.IMAGE2}} --amend ${{env.IMAGE3}} - - - name: Push the new manifest - run: | - docker manifest push ${{env.PUB}} - - - name: Create and push manifest latest if selected - if: env.TAG_LATEST != 'false' - run: | - docker manifest create $PUBLIC_IMAGE_TAG_LATEST --amend $IMAGE1 --amend $IMAGE2 --amend $IMAGE3 - docker manifest push $PUBLIC_IMAGE_TAG_LATEST + - name: Print env + run: | + echo IMAGE1=${{env.IMAGE1}} + echo IMAGE2=${{env.IMAGE2}} + echo IMAGE3=${{env.IMAGE3}} + echo PUB=${{env.PUB}} + + - name: Checkout main + uses: actions/checkout@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create a new manifest + run: | + docker manifest create ${{env.PUB}} --amend ${{env.IMAGE1}} --amend ${{env.IMAGE2}} --amend ${{env.IMAGE3}} + + - name: Push the new manifest + run: | + docker manifest push ${{env.PUB}} + + - name: Create and push manifest latest if selected + if: env.TAG_LATEST != 'false' + run: | + docker manifest create $PUBLIC_IMAGE_TAG_LATEST --amend $IMAGE1 --amend $IMAGE2 --amend $IMAGE3 + docker manifest push $PUBLIC_IMAGE_TAG_LATEST diff --git a/.github/workflows/dotnet_provisioner_unit_tests.yml b/.github/workflows/dotnet_provisioner_unit_tests.yml index 436bca1e1..59c6b6324 100644 --- a/.github/workflows/dotnet_provisioner_unit_tests.yml +++ b/.github/workflows/dotnet_provisioner_unit_tests.yml @@ -2,7 +2,7 @@ name: Dotnet Provisioner Unit Tests on: push env: - DOTNET_VERSION: '6.0' + DOTNET_VERSION: '8.0' jobs: dotnet_provisioner_unit_tests: name: Restore and Run Unit Tests @@ -97,7 +97,7 @@ jobs: Evaluator: name: Evaluate Tests - needs: [dotnet_provisioner_unit_tests] + needs: [ dotnet_provisioner_unit_tests ] runs-on: ubuntu-latest continue-on-error: false steps: @@ -110,7 +110,7 @@ jobs: run: | mkdir artifacts - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: path: artifacts diff --git a/.github/workflows/hirs_package_linux.yml b/.github/workflows/hirs_package_linux.yml index b8f04b069..fe76880d4 100644 --- a/.github/workflows/hirs_package_linux.yml +++ b/.github/workflows/hirs_package_linux.yml @@ -8,34 +8,34 @@ on: jobs: # run the package script for HIRS ACA, Provisioners, tcg_rim_tool, and tcg_eventlog_tool - Package_linux: + Package_linux: runs-on: ubuntu-latest permissions: contents: read packages: write steps: - - uses: actions/checkout@v4 - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' - server-id: github # Value of the distributionManagement/repository/id field of the pom.xml - settings-path: ${{ github.workspace }} # location for the settings.xml file - - name: directory setup - run: | - mkdir -p artifacts/jars - mkdir -p artifacts/win - mkdir -p artifacts/win/hirstools - - name: install dependencies - run: | - sudo apt-get update - sudo apt-get install git curl nano cron mariadb-server - - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 - - name: Execute Gradle build - run: | + - uses: actions/checkout@v4 + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + server-id: github # Value of the distributionManagement/repository/id field of the pom.xml + settings-path: ${{ github.workspace }} # location for the settings.xml file + - name: directory setup + run: | + mkdir -p artifacts/jars + mkdir -p artifacts/win + mkdir -p artifacts/win/hirstools + - name: install dependencies + run: | + sudo apt-get update + sudo apt-get install git curl nano cron mariadb-server + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v4 + - name: Execute Gradle build + run: | ./gradlew build; ./gradlew bootWar; ./gradlew buildDeb; @@ -48,35 +48,35 @@ jobs: cp tools/tcg_rim_tool/build/distributions/*.zip artifacts/win cp tools/tcg_eventlog_tool/build/distributions/*.zip artifacts/win cp package/win/tcg-rim-tool/* artifacts/win/hirstools - - name: Archive RPM files - uses: actions/upload-artifact@v4 - with: - name: RPM_Files - path: HIRS_AttestationCAPortal/build/distributions/*.rpm - if-no-files-found: error - - name: Archive DEB files - uses: actions/upload-artifact@v4 - with: - name: DEB_Files - path: HIRS_AttestationCAPortal/build/distributions/*.deb - if-no-files-found: error - - name: War files - uses: actions/upload-artifact@v4 - with: - name: WAR_Files - path: HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war - if-no-files-found: error - - name: JAR_Files - uses: actions/upload-artifact@v4 - with: - name: JAR_Files - path: artifacts/jars/ - if-no-files-found: error - - name: ZIP_Files - uses: actions/upload-artifact@v4 - with: - name: ZIP_Files - path: artifacts/win/ - if-no-files-found: error + - name: Archive RPM files + uses: actions/upload-artifact@v4 + with: + name: RPM_Files + path: HIRS_AttestationCAPortal/build/distributions/*.rpm + if-no-files-found: error + - name: Archive DEB files + uses: actions/upload-artifact@v4 + with: + name: DEB_Files + path: HIRS_AttestationCAPortal/build/distributions/*.deb + if-no-files-found: error + - name: War files + uses: actions/upload-artifact@v4 + with: + name: WAR_Files + path: HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war + if-no-files-found: error + - name: JAR_Files + uses: actions/upload-artifact@v4 + with: + name: JAR_Files + path: artifacts/jars/ + if-no-files-found: error + - name: ZIP_Files + uses: actions/upload-artifact@v4 + with: + name: ZIP_Files + path: artifacts/win/ + if-no-files-found: error diff --git a/.github/workflows/hirs_unit_tests.yml b/.github/workflows/hirs_unit_tests.yml index fc12f3b41..6f5a2699c 100644 --- a/.github/workflows/hirs_unit_tests.yml +++ b/.github/workflows/hirs_unit_tests.yml @@ -4,7 +4,7 @@ name: HIRS Build and Unit Test on: - # Runs this workflow whenever there is a push to main from a branch annotated with "v3" + # Runs this workflow whenever there is a push to main from a branch annotated with "v4" push: branches: - '*v3*' @@ -17,82 +17,82 @@ jobs: ACA_Provisioner_Unit_Tests: runs-on: ubuntu-latest # Configures the job to run on the latest version of an Ubuntu Linux runner steps: - - uses: actions/checkout@v3 # run v3 of actions/checkout action, which checks out your repository onto the runner - # Build will archive build reports and will create a failedFile if build is not successful - - name: Directory setup - run: | - mkdir -p artifacts/githubActionsResults - mkdir -p artifacts/upload_reports/HIRS_AttestationCA - mkdir -p artifacts/upload_reports/HIRS_AttestationCAPortal - mkdir -p artifacts/upload_reports/HIRS_Provisioner - mkdir -p artifacts/upload_reports/HIRS_ProvisionerTPM2 - mkdir -p artifacts/upload_reports/HIRS_Structs - mkdir -p artifacts/upload_reports/HIRS_Utils - mkdir -p artifacts/upload_reports/tcg_rim_tool - mkdir -p artifacts/upload_reports/tcg_eventlog_tool - # Run the provisioner and ACA unit tests via gradle build in a Rocky Docker container - - name: Build HIRS and run unit tests - run: | - - # log into and run docker (note: must set up secrets in github for ghcr username and access_token) - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ --password-stdin - - # docker run options: - # create a mount between curr directory on the runner and the HIRS folder created by the cloning of HIRS repo - # -v $(pwd):/HIRS - # image used for the container, given by : - # rocky8: ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest [repo: https://github.com/orgs/nsacyber/packages] - # bash commands to clean/build/test each subproject - # /bin/bash -c '' - docker run --rm \ - -v $(pwd):/HIRS \ - ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest /bin/bash -c \ - 'pushd /HIRS - gradle_status=0 - - # git added a feature that gives error if user is not owner of the top-level directory; need to override this - git config --global --add safe.directory /HIRS - - # clean, build and run unit tests on all sub-projects; copy build reports to an artifacts directory - ./gradlew :HIRS_AttestationCA:clean :HIRS_AttestationCA:build :HIRS_AttestationCA:test - if (( $? != "0" )) ; then gradle_status=1; fi - cp -r /HIRS/HIRS_AttestationCA/build/reports/ /HIRS/artifacts/upload_reports/HIRS_AttestationCA/. - ./gradlew :HIRS_AttestationCAPortal:clean :HIRS_AttestationCAPortal:build :HIRS_AttestationCAPortal:test - if (( $? != "0" )) ; then gradle_status=1; fi - cp -r /HIRS/HIRS_AttestationCAPortal/build/reports/ /HIRS/artifacts/upload_reports/HIRS_AttestationCAPortal/. - #./gradlew :HIRS_Provisioner:clean :HIRS_Provisioner:build :HIRS_Provisioner:test - #if (( $? != "0" )) ; then gradle_status=1; fi - #cp -r /HIRS/HIRS_Provisioner/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Provisioner/. - #./gradlew :HIRS_ProvisionerTPM2:clean :HIRS_ProvisionerTPM2:build :HIRS_ProvisionerTPM2:test - #if (( $? != "0" )) ; then gradle_status=1; fi - #cp -r /HIRS/HIRS_ProvisionerTPM2/docs/ /HIRS/artifacts/upload_reports/HIRS_ProvisionerTPM2/. - ./gradlew :HIRS_Structs:clean :HIRS_Structs:build :HIRS_Structs:test - if (( $? != "0" )) ; then gradle_status=1; fi - cp -r /HIRS/HIRS_Structs/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Structs/. - ./gradlew :HIRS_Utils:clean :HIRS_Utils:build :HIRS_Utils:test - if (( $? != "0" )) ; then gradle_status=1; fi - cp -r /HIRS/HIRS_Utils/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Utils/. - #./gradlew :TPM_Utils:clean :TPM_Utils:build :TPM_Utils:test - #if (( $? != "0" )) ; then gradle_status=1; fi - - # Create "fail file" to fail the Build ACA tests if gradle exited with anything other than 0 - if (( $gradle_status == "0" )) ; then - echo "In docker: Build Passed" - else - echo "In docker: Build Failed" - touch /HIRS/artifacts/githubActionsResults/buildFailed.txt - fi; popd;' - # Upload build report files - - name: Archive report files - uses: actions/upload-artifact@v3 - with: - name: HIRS_Build_Reports - path: artifacts/upload_reports/* - if-no-files-found: ignore - # If buildFailed file exists, use that to fail the ACA unit tests - - name: Check if build/test passed or failed - if: ${{ hashFiles('artifacts/githubActionsResults/buildFailed.txt') != '' }} - uses: actions/github-script@v6 - with: - script: | - core.setFailed('Build or Unit Test Failed') \ No newline at end of file + - uses: actions/checkout@v4 # run v4 of actions/checkout action, which checks out your repository onto the runner + # Build will archive build reports and will create a failedFile if build is not successful + - name: Directory setup + run: | + mkdir -p artifacts/githubActionsResults + mkdir -p artifacts/upload_reports/HIRS_AttestationCA + mkdir -p artifacts/upload_reports/HIRS_AttestationCAPortal + mkdir -p artifacts/upload_reports/HIRS_Provisioner + mkdir -p artifacts/upload_reports/HIRS_ProvisionerTPM2 + mkdir -p artifacts/upload_reports/HIRS_Structs + mkdir -p artifacts/upload_reports/HIRS_Utils + mkdir -p artifacts/upload_reports/tcg_rim_tool + mkdir -p artifacts/upload_reports/tcg_eventlog_tool + # Run the provisioner and ACA unit tests via gradle build in a Rocky Docker container + - name: Build HIRS and run unit tests + run: | + + # log into and run docker (note: must set up secrets in github for ghcr username and access_token) + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ --password-stdin + + # docker run options: + # create a mount between curr directory on the runner and the HIRS folder created by the cloning of HIRS repo + # -v $(pwd):/HIRS + # image used for the container, given by : + # rocky8: ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest [repo: https://github.com/orgs/nsacyber/packages] + # bash commands to clean/build/test each subproject + # /bin/bash -c '' + docker run --rm \ + -v $(pwd):/HIRS \ + ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest /bin/bash -c \ + 'pushd /HIRS + gradle_status=0 + + # git added a feature that gives error if user is not owner of the top-level directory; need to override this + git config --global --add safe.directory /HIRS + + # clean, build and run unit tests on all sub-projects; copy build reports to an artifacts directory + ./gradlew :HIRS_AttestationCA:clean :HIRS_AttestationCA:build :HIRS_AttestationCA:test + if (( $? != "0" )) ; then gradle_status=1; fi + cp -r /HIRS/HIRS_AttestationCA/build/reports/ /HIRS/artifacts/upload_reports/HIRS_AttestationCA/. + ./gradlew :HIRS_AttestationCAPortal:clean :HIRS_AttestationCAPortal:build :HIRS_AttestationCAPortal:test + if (( $? != "0" )) ; then gradle_status=1; fi + cp -r /HIRS/HIRS_AttestationCAPortal/build/reports/ /HIRS/artifacts/upload_reports/HIRS_AttestationCAPortal/. + #./gradlew :HIRS_Provisioner:clean :HIRS_Provisioner:build :HIRS_Provisioner:test + #if (( $? != "0" )) ; then gradle_status=1; fi + #cp -r /HIRS/HIRS_Provisioner/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Provisioner/. + #./gradlew :HIRS_ProvisionerTPM2:clean :HIRS_ProvisionerTPM2:build :HIRS_ProvisionerTPM2:test + #if (( $? != "0" )) ; then gradle_status=1; fi + #cp -r /HIRS/HIRS_ProvisionerTPM2/docs/ /HIRS/artifacts/upload_reports/HIRS_ProvisionerTPM2/. + ./gradlew :HIRS_Structs:clean :HIRS_Structs:build :HIRS_Structs:test + if (( $? != "0" )) ; then gradle_status=1; fi + cp -r /HIRS/HIRS_Structs/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Structs/. + ./gradlew :HIRS_Utils:clean :HIRS_Utils:build :HIRS_Utils:test + if (( $? != "0" )) ; then gradle_status=1; fi + cp -r /HIRS/HIRS_Utils/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Utils/. + #./gradlew :TPM_Utils:clean :TPM_Utils:build :TPM_Utils:test + #if (( $? != "0" )) ; then gradle_status=1; fi + + # Create "fail file" to fail the Build ACA tests if gradle exited with anything other than 0 + if (( $gradle_status == "0" )) ; then + echo "In docker: Build Passed" + else + echo "In docker: Build Failed" + touch /HIRS/artifacts/githubActionsResults/buildFailed.txt + fi; popd;' + # Upload build report files + - name: Archive report files + uses: actions/upload-artifact@v4 + with: + name: HIRS_Build_Reports + path: artifacts/upload_reports/* + if-no-files-found: ignore + # If buildFailed file exists, use that to fail the ACA unit tests + - name: Check if build/test passed or failed + if: ${{ hashFiles('artifacts/githubActionsResults/buildFailed.txt') != '' }} + uses: actions/github-script@v6 + with: + script: | + core.setFailed('Build or Unit Test Failed') \ No newline at end of file diff --git a/.github/workflows/rim_tests.yml b/.github/workflows/rim_tests.yml index 11799391b..b0fc9b7bb 100644 --- a/.github/workflows/rim_tests.yml +++ b/.github/workflows/rim_tests.yml @@ -28,7 +28,7 @@ jobs: sudo apt-get update sudo apt-get install git curl nano cron mariadb-server - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@v4 - name: Execute Gradle build run: | ./gradlew build; @@ -37,7 +37,7 @@ jobs: run: | sudo dpkg -i tools/tcg_rim_tool/build/distributions/tcg-rim-tool*.deb - name: RIM tests - run: | + run: | ./.ci/tcg-rim-tool/scripts/run_all_tests.sh --verbose