-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
updated github actions unit test yml, added Rocky 8.8 Dockerfile
- Loading branch information
1 parent
afee801
commit f1a5bb7
Showing
2 changed files
with
143 additions
and
129 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| FROM rockylinux:8.8 | ||
|
|
||
| # Purpose: This image is designed for HIRS ci testing on Rocky Linux | ||
| # Date Modified: 8/10/23 | ||
| # Notes: | ||
| # * This image installs java, installs project dependencies, and runs gradlew to download gradlew | ||
| # dependencies. This saves time during a docker run. This also means the image should be | ||
| # re-built and re-posted to github each time the following occurs: | ||
| # 1) add/update a dependency | ||
| # 2) update gradle | ||
| # If not re-built, the docker run will still work, but will take longer as it downloads updates | ||
| # * Steps to login to registry, build image, tag image with ghcr.io registry, and push to registry: | ||
| # $ cat pat.txt | docker login ghcr.io -u iadgovuser## --password-stdin | ||
| # Note: pat requires permissions "upload packages from GitHub Package Registry" and possibly "repo" | ||
| # $ docker build . -f Dockerfile.rocky88ci -t hirs-rocky8-ci:latest | ||
| # Note: may need to use --no-cache when building, if 'git clone HIRS' or 'gradlew' is cached | ||
| # (bc need any updated dependencies) | ||
| # $ docker image tag hirs-rocky8-ci:latest ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest | ||
| # $ docker push ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest | ||
|
|
||
| # Update package installer | ||
| RUN dnf -y update | ||
|
|
||
| # Install Java 17 | ||
| RUN dnf -y install java-17-openjdk-devel | ||
|
|
||
| # Set Environment Variables | ||
| #ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk | ||
| #ENV PATH="$JAVA_HOME/bin:$PATH" | ||
|
|
||
| # Ports needed for system-level tests | ||
| EXPOSE 8080 | ||
| EXPOSE 8443 | ||
|
|
||
| # Install HIRS dependencies | ||
| RUN dnf -y install mariadb-server initscripts firewalld policycoreutils net-tools git && dnf clean all | ||
| # maybe: libtool cmake make gcc-c++ sudo vim wget openssl openssl-devel protobuf tpm2-tools libcurl-devel libssh-devel | ||
| # prob not: rpmdevtools tpm2-tss-devel tpm2-abrmd protobuf-compiler protobuf-devel python36 log4cplus-devel re2-devel tpm2-tss-devel tpm2-abrmd-devel | ||
|
|
||
| # Install PACCOR for Device Info Gathering | ||
| # RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.4r6/paccor-1.1.4-6.noarch.rpm && yum -y install paccor-*.rpm && popd | ||
|
|
||
| # Install TPM Emulator for Provisioning | ||
| # RUN mkdir ibmtpm && pushd ibmtpm && wget --no-check-certificate https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm1332.tar.gz && tar -zxvf ibmtpm1332.tar.gz && cd src && make -j5 && popd | ||
|
|
||
| # Install Microsoft dotnet and rpm package tool | ||
| # RUN wget https://dot.net/v1/dotnet-install.sh | ||
| # RUN sh dotnet-install.sh --os linux --channel LTS | ||
| # ENV PATH="/root/.dotnet:${PATH}" | ||
| # RUN wget https://packages.microsoft.com/rhel/8/prod/packages-microsoft-prod.rpm | ||
| # RUN dnf -y install packages-microsoft-prod.rpm | ||
| # RUN dnf makecache | ||
| # RUN dnf -y install dotnet-sdk-6.0 | ||
| # RUN dotnet tool install --global dotnet-rpm | ||
| # ?? need this?: RUN PATH="~/.dotnet/tools:${PATH}" | ||
|
|
||
| # Checkout HIRS main branch and run gradlew to install gradlew dependencies, then delete HIRS | ||
| # Use '--depth=1' so as to not download the history of all commits | ||
| RUN git clone -b main --depth=1 https://github.com/nsacyber/HIRS.git /hirsTemp | ||
| WORKDIR "/hirsTemp" | ||
| RUN /bin/bash -c './gradlew clean build' | ||
| WORKDIR "/" | ||
| RUN rm -rf /hirsTemp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,147 +1,98 @@ | ||
| # This workflow will build HIRS, run unit tests, and create HIRS artifacts | ||
| # Updated: 8/15/23 | ||
|
|
||
| name: HIRS Build and Unit Test | ||
|
|
||
| on: | ||
| # Runs this workflow whenever there is a push to main from a branch annotated with "v3" | ||
| push: | ||
| branches: | ||
| - '*v2*' | ||
| - 'master' | ||
| # allows you to run this workflow manually from the Actions tab | ||
| - '*v3*' | ||
| - 'main' | ||
| # Allows you to run this workflow manually from the Actions tab | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| # run the unit tests and package HIRS ACA, provisoner, and tools | ||
| ACA_Provisioner_unit_tests: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
|
|
||
| # Run the unit tests and package HIRS ACA, provisoner, and tools | ||
| ACA_Provisioner_Unit_Tests: | ||
| runs-on: ubuntu-latest # Configures the job to run on the latest version of an Ubuntu Linux runner | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Set up JDK 11 | ||
| uses: actions/setup-java@v2 | ||
| with: | ||
| java-version: '8' | ||
| distribution: 'adopt' | ||
| server-id: github # Value of the distributionManagement/repository/id field of the pom.xml | ||
| settings-path: ${{ github.workspace }} # location for the settings.xml file | ||
| # Build will either archive war files if the build is successful, otherwise a set of build report will be archived | ||
| - name: directory setup | ||
| - uses: actions/checkout@v3 # run v3 of actions/checkout action, which checks out your repository onto the runner | ||
| # Build will archive build reports and will create a failedFile if build is not successful | ||
| - name: Directory setup | ||
| run: | | ||
| mkdir -p artifacts/wars | ||
| mkdir -p artifacts/reports/HIRS_AttestationCA | ||
| mkdir -p artifacts/reports/HIRS_AttestationCAPortal | ||
| mkdir -p artifacts/reports/HIRS_Provisioner | ||
| mkdir -p artifacts/reports/HIRS_ProvisionerTPM2 | ||
| mkdir -p artifacts/reports/HIRS_Structs | ||
| mkdir -p artifacts/reports/HIRS_Utils | ||
| mkdir -p artifacts/reports/tcg_rim_tool | ||
| mkdir -p artifacts/reports/tcg_eventlog_tool | ||
| # Run the provisioner and ACA unit tests via gradle build in an Centos 7 Docker container | ||
| - name: Build HIRS and run Unit tests | ||
| mkdir -p artifacts/githubActionsResults | ||
| mkdir -p artifacts/reports/HIRS_AttestationCA | ||
| mkdir -p artifacts/reports/HIRS_AttestationCAPortal | ||
| mkdir -p artifacts/reports/HIRS_Provisioner | ||
| mkdir -p artifacts/reports/HIRS_ProvisionerTPM2 | ||
| mkdir -p artifacts/reports/HIRS_Structs | ||
| mkdir -p artifacts/reports/HIRS_Utils | ||
| mkdir -p artifacts/reports/tcg_rim_tool | ||
| mkdir -p artifacts/reports/tcg_eventlog_tool | ||
| # Run the provisioner and ACA unit tests via gradle build in a Rocky Docker container | ||
| - name: Build HIRS and run unit tests | ||
| run: | | ||
| echo ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin | ||
| docker run --rm \ | ||
| -v $(pwd):/HIRS hirs/hirs-ci:centos7 /bin/bash \ | ||
| -c 'pushd /HIRS; \ | ||
| gradle_status=0; \ | ||
| ./gradlew :HIRS_AttestationCA:clean :HIRS_AttestationCA:build :HIRS_AttestationCA:test; \ | ||
| if (( $? != "0" )) ; then gradle_status=1; fi; \ | ||
| cp -r /HIRS/HIRS_AttestationCA/build/reports/ /HIRS/artifacts/reports/HIRS_AttestationCA/.; \ | ||
| ./gradlew :HIRS_AttestationCAPortal:clean :HIRS_AttestationCAPortal:build :HIRS_AttestationCAPortal:test; \ | ||
| if (( $? != "0" )) ; then gradle_status=1; fi; \ | ||
| cp -r /HIRS/HIRS_AttestationCAPortal/build/reports/ /HIRS/artifacts/reports/HIRS_AttestationCAPortal/.; \ | ||
| ./gradlew :HIRS_Provisioner:clean :HIRS_Provisioner:build :HIRS_Provisioner:test; \ | ||
| if (( $? != "0" )) ; then gradle_status=1; fi; \ | ||
| cp -r /HIRS/HIRS_Provisioner/build/reports/ /HIRS/artifacts/reports/HIRS_Provisioner/.; \ | ||
| ./gradlew :HIRS_ProvisionerTPM2:clean :HIRS_ProvisionerTPM2:build :HIRS_ProvisionerTPM2:test; \ | ||
| if (( $? != "0" )) ; then gradle_status=1; fi; \ | ||
| cp -r /HIRS/HIRS_ProvisionerTPM2/docs/ /HIRS/artifacts/reports/HIRS_ProvisionerTPM2/.; \ | ||
| ./gradlew :HIRS_Structs:clean :HIRS_Structs:build :HIRS_Structs:test; \ | ||
| if (( $? != "0" )) ; then gradle_status=1; fi; \ | ||
| cp -r /HIRS/HIRS_Structs/build/reports/ /HIRS/artifacts/reports/HIRS_Structs/.; \ | ||
| ./gradlew :HIRS_Utils:clean :HIRS_Utils:build :HIRS_Utils:test; \ | ||
| if (( $? != "0" )) ; then gradle_status=1; fi; \ | ||
| cp -r /HIRS/HIRS_Utils/build/reports/ /HIRS/artifacts/reports/HIRS_Utils/.; \ | ||
| ./gradlew :TPM_Utils:clean :TPM_Utils:build :TPM_Utils:test; \ | ||
| if (( $? != "0" )) ; then gradle_status=1; fi; \ | ||
| # Use the war file archive to fail the Build ACA tests by not placing them in the artifacts folder | ||
| if (( $gradle_status == "0" )) ; then \ | ||
| cp /HIRS/HIRS_AttestationCA/build/libs/HIRS_AttestationCA.war /HIRS/artifacts/wars/.; \ | ||
| cp /HIRS/HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war /HIRS/artifacts/wars/.; \ | ||
| echo "Build Worked"; \ | ||
| else \ | ||
| echo "Build Failed"; \ | ||
| fi; popd;' \ | ||
| - name: Archive Report files | ||
| uses: actions/upload-artifact@v2 | ||
| # log into and run docker (note: must set up secrets in github for ghcr username and access_token) | ||
| echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ --password-stdin | ||
| # docker run options: | ||
| # create a mount between curr directory on the runner and the HIRS folder created by the cloning of HIRS repo | ||
| # -v $(pwd):/HIRS | ||
| # image used for the container, given by <repository>:<tag_name> | ||
| # rocky8: ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest [repo: https://github.com/orgs/nsacyber/packages] | ||
| # bash commands to clean/build/test each subproject | ||
| # /bin/bash -c '<commands>' | ||
| docker run --rm \ | ||
| -v $(pwd):/HIRS \ | ||
| ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest /bin/bash -c \ | ||
| 'pushd /HIRS | ||
| gradle_status=0 | ||
| # git added a feature that gives error if user is not owner of the top-level directory; need to override this | ||
| git config --global --add safe.directory /HIRS | ||
| # clean, build and run unit tests on all sub-projects; copy build reports to an artifacts directory | ||
| ./gradlew :HIRS_AttestationCA:clean :HIRS_AttestationCA:build :HIRS_AttestationCA:test | ||
| if (( $? != "0" )) ; then gradle_status=1; fi | ||
| #cp -r /HIRS/HIRS_AttestationCA/build/reports/ /HIRS/artifacts/reports/HIRS_AttestationCA/. | ||
| ./gradlew :HIRS_AttestationCAPortal:clean :HIRS_AttestationCAPortal:build :HIRS_AttestationCAPortal:test | ||
| if (( $? != "0" )) ; then gradle_status=1; fi | ||
| #cp -r /HIRS/HIRS_AttestationCAPortal/build/reports/ /HIRS/artifacts/reports/HIRS_AttestationCAPortal/. | ||
| #./gradlew :HIRS_Provisioner:clean :HIRS_Provisioner:build :HIRS_Provisioner:test | ||
| #if (( $? != "0" )) ; then gradle_status=1; fi | ||
| #cp -r /HIRS/HIRS_Provisioner/build/reports/ /HIRS/artifacts/reports/HIRS_Provisioner/. | ||
| #./gradlew :HIRS_ProvisionerTPM2:clean :HIRS_ProvisionerTPM2:build :HIRS_ProvisionerTPM2:test | ||
| #if (( $? != "0" )) ; then gradle_status=1; fi | ||
| #cp -r /HIRS/HIRS_ProvisionerTPM2/docs/ /HIRS/artifacts/reports/HIRS_ProvisionerTPM2/. | ||
| #./gradlew :HIRS_Structs:clean :HIRS_Structs:build :HIRS_Structs:test | ||
| #if (( $? != "0" )) ; then gradle_status=1; fi | ||
| #cp -r /HIRS/HIRS_Structs/build/reports/ /HIRS/artifacts/reports/HIRS_Structs/. | ||
| ./gradlew :HIRS_Utils:clean :HIRS_Utils:build :HIRS_Utils:test | ||
| if (( $? != "0" )) ; then gradle_status=1; fi | ||
| cp -r /HIRS/HIRS_Utils/build/reports/ /HIRS/artifacts/reports/HIRS_Utils/. | ||
| #./gradlew :TPM_Utils:clean :TPM_Utils:build :TPM_Utils:test | ||
| #if (( $? != "0" )) ; then gradle_status=1; fi | ||
| # Create "fail file" to fail the Build ACA tests if gradle exited with anything other than 0 | ||
| if (( $gradle_status == "0" )) ; then | ||
| echo "In docker: Build Passed" | ||
| else | ||
| echo "In docker: Build Failed" | ||
| touch /HIRS/artifacts/githubActionsResults/buildFailed.txt | ||
| fi; popd;' | ||
| # Upload build report files | ||
| - name: Archive report files | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: HIRS_Build_Reports | ||
| path: artifacts/reports/* | ||
| if-no-files-found: ignore | ||
| # if-no-files-found used to fail the ACA unti tests | ||
| - name: Archive WAR files | ||
| uses: actions/upload-artifact@v2 | ||
| # If buildFailed file exists, use that to fail the ACA unit tests | ||
| - name: Fail if build or unit test failed | ||
| if: ${{ hashFiles('artifacts/githubActionsResults/buildFailed.txt') != '' }} | ||
| uses: actions/github-script@v6 | ||
| with: | ||
| name: WAR_Files | ||
| path: artifacts/wars/* | ||
| if-no-files-found: error | ||
| # Process eventlog and rim tool seperately to save time building | ||
| tcg_eventlog_tool_tests: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Set up JDK 8 | ||
| uses: actions/setup-java@v2 | ||
| with: | ||
| java-version: '8' | ||
| distribution: 'adopt' | ||
| server-id: github # Value of the distributionManagement/repository/id field of the pom.xml | ||
| settings-path: ${{ github.workspace }} # location for the settings.xml file | ||
| - name: build and test event log tool | ||
| run: | | ||
| mkdir -p artifacts/reports/tcg_eventlog_tool; | ||
| ./gradlew :tools/tcg_eventlog_tool:build :tools/tcg_eventlog_tool:test; | ||
| if (( $? != "0" )) ; then | ||
| cp -r tools/tcg_eventlog_tool/build/reports/ artifacts/reports/tcg_eventlog_tool/.; | ||
| fi | ||
| - name: Archive Report files | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: tcg_eventlog_tool_reports | ||
| path: artifacts/reports/* | ||
| if-no-files-found: ignore | ||
| tcg_rim_tool_tests: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Set up JDK 8 | ||
| uses: actions/setup-java@v2 | ||
| with: | ||
| java-version: '8' | ||
| distribution: 'adopt' | ||
| server-id: github # Value of the distributionManagement/repository/id field of the pom.xml | ||
| settings-path: ${{ github.workspace }} # location for the settings.xml file | ||
| - name: build and test event log tool | ||
| run: | | ||
| mkdir -p artifacts/reports/tcg_rim_tool; | ||
| ./gradlew :tools/tcg_rim_tool:build :tools/tcg_rim_tool:test; | ||
| if (( $? != "0" )) ; then | ||
| cp -r tools/tcg_rim_tool/build/reports/ artifacts/reports/tcg_rim_tool/.; | ||
| fi | ||
| - name: Archive Report files | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: tcg_rim_tool_reports | ||
| path: artifacts/reports/* | ||
| if-no-files-found: ignore | ||
| script: | | ||
| core.setFailed('Build or Unit Test Failed') |