-
Notifications
You must be signed in to change notification settings - Fork 58
98 lines (90 loc) · 5.1 KB
/
hirs_unit_tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# This workflow will build HIRS, run unit tests, and create HIRS artifacts
# Updated: 8/15/23
name: HIRS Build and Unit Test
on:
# Runs this workflow whenever there is a push to main from a branch annotated with "v3"
push:
branches:
- '*v3*'
- 'main'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
# Run the unit tests and package HIRS ACA, provisoner, and tools
ACA_Provisioner_Unit_Tests:
runs-on: ubuntu-latest # Configures the job to run on the latest version of an Ubuntu Linux runner
steps:
- uses: actions/checkout@v3 # run v3 of actions/checkout action, which checks out your repository onto the runner
# Build will archive build reports and will create a failedFile if build is not successful
- name: Directory setup
run: |
mkdir -p artifacts/githubActionsResults
mkdir -p artifacts/upload_reports/HIRS_AttestationCA
mkdir -p artifacts/upload_reports/HIRS_AttestationCAPortal
mkdir -p artifacts/upload_reports/HIRS_Provisioner
mkdir -p artifacts/upload_reports/HIRS_ProvisionerTPM2
mkdir -p artifacts/upload_reports/HIRS_Structs
mkdir -p artifacts/upload_reports/HIRS_Utils
mkdir -p artifacts/upload_reports/tcg_rim_tool
mkdir -p artifacts/upload_reports/tcg_eventlog_tool
# Run the provisioner and ACA unit tests via gradle build in a Rocky Docker container
- name: Build HIRS and run unit tests
run: |
# log into and run docker (note: must set up secrets in github for ghcr username and access_token)
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ --password-stdin
# docker run options:
# create a mount between curr directory on the runner and the HIRS folder created by the cloning of HIRS repo
# -v $(pwd):/HIRS
# image used for the container, given by <repository>:<tag_name>
# rocky8: ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest [repo: https://github.com/orgs/nsacyber/packages]
# bash commands to clean/build/test each subproject
# /bin/bash -c '<commands>'
docker run --rm \
-v $(pwd):/HIRS \
ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest /bin/bash -c \
'pushd /HIRS
gradle_status=0
# git added a feature that gives error if user is not owner of the top-level directory; need to override this
git config --global --add safe.directory /HIRS
# clean, build and run unit tests on all sub-projects; copy build reports to an artifacts directory
./gradlew :HIRS_AttestationCA:clean :HIRS_AttestationCA:build :HIRS_AttestationCA:test
if (( $? != "0" )) ; then gradle_status=1; fi
#cp -r /HIRS/HIRS_AttestationCA/build/reports/ /HIRS/artifacts/upload_reports/HIRS_AttestationCA/.
./gradlew :HIRS_AttestationCAPortal:clean :HIRS_AttestationCAPortal:build :HIRS_AttestationCAPortal:test
if (( $? != "0" )) ; then gradle_status=1; fi
#cp -r /HIRS/HIRS_AttestationCAPortal/build/reports/ /HIRS/artifacts/upload_reports/HIRS_AttestationCAPortal/.
#./gradlew :HIRS_Provisioner:clean :HIRS_Provisioner:build :HIRS_Provisioner:test
#if (( $? != "0" )) ; then gradle_status=1; fi
#cp -r /HIRS/HIRS_Provisioner/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Provisioner/.
#./gradlew :HIRS_ProvisionerTPM2:clean :HIRS_ProvisionerTPM2:build :HIRS_ProvisionerTPM2:test
#if (( $? != "0" )) ; then gradle_status=1; fi
#cp -r /HIRS/HIRS_ProvisionerTPM2/docs/ /HIRS/artifacts/upload_reports/HIRS_ProvisionerTPM2/.
#./gradlew :HIRS_Structs:clean :HIRS_Structs:build :HIRS_Structs:test
#if (( $? != "0" )) ; then gradle_status=1; fi
#cp -r /HIRS/HIRS_Structs/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Structs/.
./gradlew :HIRS_Utils:clean :HIRS_Utils:build :HIRS_Utils:test
if (( $? != "0" )) ; then gradle_status=1; fi
cp -r /HIRS/HIRS_Utils/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Utils/.
#./gradlew :TPM_Utils:clean :TPM_Utils:build :TPM_Utils:test
#if (( $? != "0" )) ; then gradle_status=1; fi
# Create "fail file" to fail the Build ACA tests if gradle exited with anything other than 0
if (( $gradle_status == "0" )) ; then
echo "In docker: Build Passed"
else
echo "In docker: Build Failed"
touch /HIRS/artifacts/githubActionsResults/buildFailed.txt
fi; popd;'
# Upload build report files
- name: Archive report files
uses: actions/upload-artifact@v3
with:
name: HIRS_Build_Reports
path: artifacts/upload_reports/*
if-no-files-found: ignore
# If buildFailed file exists, use that to fail the ACA unit tests
- name: Check if build/test passed or failed
if: ${{ hashFiles('artifacts/githubActionsResults/buildFailed.txt') != '' }}
uses: actions/github-script@v6
with:
script: |
core.setFailed('Build or Unit Test Failed')