-
Notifications
You must be signed in to change notification settings - Fork 0
355 lines (277 loc) · 12 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
name: C/C++ CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dependencies
run: |
sudo apt update -y
sudo apt install -y libgtest-dev libgflags-dev openssl libssl-dev protobuf-compiler protoc-gen-go golang-go cmake
- name: test-core-certifier-programs
run: |
echo "******************************************************************"
echo "* Check that core certifier programs still compile and clear tests"
echo "******************************************************************"
echo " "
pushd src
#! ---------------------------------------------------------------------
#! Check that core certifier programs still compile and clear tests
#! ---------------------------------------------------------------------
make -f certifier.mak clean
make -f certifier_tests.mak clean
make -f certifier.mak
make -f certifier.mak clean
make -f certifier_tests.mak clean
make -f certifier_tests.mak
./certifier_tests.exe
popd
- name: test-run_example-help-list-args
run: |
echo " "
echo "******************************************************************"
echo "* Exercise run_example with --help, --list arguments ..."
echo "******************************************************************"
echo " "
pushd ./sample_apps
#! Exercise help / usage / list options, for default simple_app
./run_example.sh -h
./run_example.sh --help
./run_example.sh --list
./run_example.sh --list simple_app
#! Re-run help / usage / list options, for simple_app_under_oe
./run_example.sh --help simple_app_under_oe
./run_example.sh --list simple_app_under_oe
./run_example.sh simple_app show_env
./run_example.sh simple_app_under_oe show_env
#! Re-run help / usage / list options, for simple_app_under_gramine
./run_example.sh --help simple_app_under_gramine
./run_example.sh --list simple_app_under_gramine
#! Re-run help / usage / list options, for simple_app_under_sev
./run_example.sh --help simple_app_under_sev
./run_example.sh --list simple_app_under_sev
#! Re-run help / usage / list options, for application_service
./run_example.sh --help application_service
./run_example.sh --list application_service
#! Re-run help / usage / list options, for simple_app_under_app_service
./run_example.sh --help simple_app_under_app_service
./run_example.sh --list simple_app_under_app_service
./run_example.sh --help simple_app_under_keystone
./run_example.sh --list simple_app_under_keystone
popd
- name: test-run_example-dry-run
run: |
#! ---------------------------------------------------------------------
#! Exercise various interfaces in --dry-run mode. This will ensure that
#! script's execution logic will likely work for different sample apps,
#! when tested on the appropriate platform and environment.
#! ---------------------------------------------------------------------
echo " "
echo "******************************************************************"
echo "* Exercise run_example with --dry-run argument ..."
echo "******************************************************************"
echo " "
pushd ./sample_apps
./run_example.sh --dry-run simple_app
./run_example.sh --dry-run simple_app setup
./run_example.sh --dry-run simple_app run_test
./run_example.sh --dry-run simple_app_under_oe
./run_example.sh --dry-run simple_app_under_oe setup
./run_example.sh --dry-run simple_app_under_oe run_test
./run_example.sh --dry-run simple_app_under_oe setup_with_auto_policy_generation_for_OE
./run_example.sh --dry-run simple_app_under_gramine
./run_example.sh --dry-run simple_app_under_gramine setup
./run_example.sh --dry-run simple_app_under_gramine run_test
./run_example.sh --dry-run simple_app_under_sev
./run_example.sh --dry-run simple_app_under_sev setup
./run_example.sh --dry-run simple_app_under_sev run_test
./run_example.sh --dry-run simple_app_under_sev setup_with_auto_policy_generation_for_SEV
./run_example.sh --dry-run application_service
./run_example.sh --dry-run application_service setup
#! Should do nothing but just emit usage messages
./run_example.sh --dry-run application_service run_test
./run_example.sh --dry-run simple_app_under_keystone
./run_example.sh --dry-run simple_app_under_cca
./run_example.sh --dry-run simple_app_under_cca setup
./run_example.sh --dry-run simple_app_under_cca run_test
popd
- name: test-run_example-simple_app
run: |
#! ---------------------------------------------------------------------
#! This will also check that utilities programs still compile
echo " "
echo "******************************************************************"
echo "* Test: Execute script to compile, build and run simple_app."
echo "******************************************************************"
echo " "
pushd ./sample_apps
./cleanup.sh
set -x
ps -ef | grep -E 'simpleserver|example_app.exe|run_example.sh|app_service.exe'
set +x
./run_example.sh simple_app
./cleanup.sh
popd
- name: test-build-and-setup-App-Service-and-simple_app_under_app_service
run: |
echo " "
echo "***************************************"
echo "* Build-and-setup Application Service "
echo "***************************************"
echo " "
pushd ./sample_apps
./run_example.sh application_service setup
echo " "
echo "*************************************************************"
echo "* Build-and-setup simple_app_under_app_service/ and run_test"
echo "*************************************************************"
echo " "
echo " "
echo "---- simple_app_under_app_service/ setup ----"
echo " "
./run_example.sh --no-make-clean simple_app_under_app_service setup
#! Start Certifier Service & Application Service together first.
./run_example.sh --no-cleanup application_service start
#! Allow some time for App Service to get Certified ...
sleep 10
#! Once Application Service has been certified, we no longer need
#! this Certifier Service. Kill it, so app itself can start its
#! own Certifier Service.
ps -ef | grep simpleserver
set -x
kill -9 $(pgrep simpleserver)
set +x
echo " "
echo "---- simple_app_under_app_service/ run_test ----"
echo " "
#! Now, run the test for simple_app_under_app_service
./run_example.sh simple_app_under_app_service run_test
sleep 2
#! Check for 'Hi" messages from Application Service
tail -30 ../application_service/provisioning/appln.service.out
sudo ./cleanup.sh
popd
echo " "
echo "**** Check for any stale left-over processes ****"
ps -ef | grep -v -E 'root|^sys'
echo " "
- name: test-build-and-install-sev-snp-simulator
run: |
echo " "
echo "*************************************************************************************"
echo "* Build and install SEV-SNP simulator, to run Cert tests with simulated SEV-enabled."
echo "*************************************************************************************"
echo " "
pushd ./sev-snp-simulator
make clean
make
make keys
#! You may need this in your dev-box, but on CI this will not be needed
#! as we have not run 'insmod', yet.
#! make rmmod
make insmod
popd
- name: test-sev-snp-simulator-sev-test
run: |
echo " "
echo "******************************************************************"
echo "* Run sev-snp-simulator sev-test ... "
echo "******************************************************************"
echo " "
pushd ./sev-snp-simulator/test
make sev-test
sudo ./sev-test
popd
- name: test-certifier-build-and-test-simulated-SEV-mode
run: |
echo " "
echo "******************************************************************"
echo "* Check that Certifier tests run clean with simulated SEV-enabled."
echo "******************************************************************"
echo " "
pushd src
make -f certifier_tests.mak clean
ENABLE_SEV=1 make -f certifier_tests.mak
sudo ./certifier_tests.exe --print_all=true
echo " "
echo "******************************************************************"
echo "* Check that Certifier builds with simulated SEV-enabled."
echo "******************************************************************"
echo " "
make -f certifier.mak clean
make -f certifier_tests.mak clean
ENABLE_SEV=1 make -f certifier.mak
popd
#! Run script that will setup s/w required to build Policy Generator for SEV-app
./CI/scripts/setup-JSON-schema-validator-for-SEV-apps.sh
- name: test-simple_app_under_sev-simulated-SEV-mode
run: |
echo " "
echo "******************************************************************"
echo "* Run simple_app_under_sev in simulated-SEV environment."
echo "******************************************************************"
echo " "
pushd ./sample_apps
./run_example.sh rm_non_git_files
./run_example.sh simple_app_under_sev setup
sudo ./run_example.sh simple_app_under_sev run_test
sudo ./cleanup.sh
popd
- name: test-simple_app_under_keystone-using-shim
run: |
echo " "
echo "********************************************"
echo "* Run simple_app_under_keystone using shim"
echo "********************************************"
echo " "
pushd ./sample_apps
./run_example.sh rm_non_git_files
./run_example.sh simple_app_under_keystone setup
./run_example.sh simple_app_under_keystone run_test
./cleanup.sh
popd
- name: test-ISLET-SDK-shim_test
run: |
echo "**********************************************************"
echo "* Download ISLET SDK, build the library and run shim_test"
echo "**********************************************************"
echo " "
pushd src/cca
../../third_party/islet/setup.sh
echo " "
set -x
cd islet_test/
make clean
make shim_test
echo " "
make attest_seal_test
set +x
echo " "
- name: test-run_example-simple_app_under_cca-using-shim
run: |
echo " "
echo "********************************************************************************"
echo "* Test: Execute script to compile, build and run simple_app_under_cca using shim"
echo "********************************************************************************"
echo " "
pushd ./sample_apps
./cleanup.sh
./run_example.sh simple_app_under_cca
./cleanup.sh
popd
- name: test-miscellaneous
run: |
echo " "
echo "******************************************************************"
echo "* Few other miscellaneous checks"
echo "******************************************************************"
echo " "
pushd ./certifier_service/oelib
make clean
make dummy
popd