Upstream Equivalence #94
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upstream Equivalence | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # Run every Monday, Wednesday and Friday at 22:00. | |
| # We want to learn somewhat quickly about changes in upstream. | |
| # But we do not expect changes on a regular basis. | |
| - cron: '0 22 * * 1,3,5' | |
| jobs: | |
| run: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| - name: Install necessary tools | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y python3 python3-pip | |
| sudo python3 -m pip install --user --require-hashes -r .github/workflows/upstream-equivalence-requirements.txt | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v23 | |
| with: | |
| install_url: https://releases.nixos.org/nix/nix-2.9.2/install | |
| nix_path: nixpkgs=channel:nixos-23.05 | |
| - name: Download Firmware release | |
| id: download-firmware | |
| uses: robinraju/release-downloader@efa4cd07bd0195e6cc65e9e30c251b49ce4d3e51 # tag=v1.8 | |
| with: | |
| repository: aws/uefi | |
| latest: true | |
| zipBall: true | |
| - name: Build UEFI firmware | |
| id: build-uefi | |
| shell: bash | |
| run: | | |
| # Unzip into a extra dir so that we can find "default.nix" and make sure we end up in the right directory. | |
| mkdir aws-uefi | |
| zipLocation=$(find . -name "uefi-*.zip") | |
| unzip -d aws-uefi "$zipLocation" | |
| buildfilePath="$(find aws-uefi -name 'default.nix')" | |
| pushd "$(dirname "$buildfilePath")" || exit 1 | |
| nix-build --pure | |
| ovmfPath=$(realpath result/ovmf_img.fd) | |
| echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT" | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| with: | |
| repository: virtee/sev-snp-measure.git | |
| ref: main | |
| path: sev-snp-measure | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| with: | |
| repository: virtee/sev-snp-measure-go.git | |
| ref: ${{ github.ref_name }} | |
| path: sev-snp-measure-go | |
| - name: Run sev-snp-measure | |
| shell: bash | |
| run: | | |
| pushd sev-snp-measure || exit 1 | |
| echo '[]' > intermediate.json | |
| for vcpus in 2 4 8 16 32 48 64; | |
| do | |
| measurement="$(./sev-snp-measure.py --guest-features 0x21 --mode snp --vmm-type=ec2 --vcpus="$vcpus" --ovmf=${{ steps.build-uefi.outputs.ovmfPath }})" | |
| jq --arg vcpus "$vcpus" --arg measurement "$measurement" '. += [{"vcpus": $vcpus, "measurement": $measurement}]' intermediate.json > measurements.json | |
| cp measurements.json intermediate.json | |
| done | |
| jq < measurements.json | |
| popd || exit 1 | |
| - name: Test equivalence sevsnpmeasure & sev-snp-measure | |
| shell: bash | |
| run: | | |
| pushd sev-snp-measure-go/e2e || exit 1 | |
| go test --tags=e2e --expected-values ../../sev-snp-measure/measurements.json --ovmf ${{ steps.build-uefi.outputs.ovmfPath }} | |
| popd || exit 1 |