From a7d62293fb98fba6b6d7d474b9e5e62f22a730a1 Mon Sep 17 00:00:00 2001 From: Christian Walter Date: Wed, 14 Feb 2024 14:04:01 +0100 Subject: [PATCH] feat: migrate to Github Actions Migrate our current CI to github actions. Additionally remove the .rpm and .deb builds on version tags. Add template generation for bg-prov. Signed-off-by: Christian Walter --- .circleci/config.yml | 206 ------------------------------------ .github/workflows/build.yml | 83 +++++++++++++++ 2 files changed, 83 insertions(+), 206 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/workflows/build.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 5faf87e7..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,206 +0,0 @@ -# Golang CircleCI 2.0 configuration file -# -# Check https://circleci.com/docs/2.0/language-go/ for more details -version: 2 -jobs: - build: - docker: - # specify the version - - image: golang:1.21 - - working_directory: /go/src/github.com/9elements/converged-security-suite - steps: - - checkout - - run: go install golang.org/x/lint/golint@latest - # specify any bash command here prefixed with `run: ` - - run: if [ "$(go fmt -l .)" != "" ]; then exit 1; fi - - run: $(go env GOPATH)/bin/golint -set_exit_status ./cmd/txt-suite - - run: $(go env GOPATH)/bin/golint -set_exit_status ./cmd/txt-prov - - run: $(go env GOPATH)/bin/golint -set_exit_status ./cmd/bg-prov - - run: $(go env GOPATH)/bin/golint -set_exit_status ./cmd/bg-suite - - run: go mod download - - run: go mod verify - - run: CGO_ENABLED=0 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o txt-suite cmd/txt-suite/*.go - - run: CGO_ENABLED=0 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o txt-prov cmd/txt-prov/*.go - - run: CGO_ENABLED=0 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o bg-prov cmd/bg-prov/*.go - - run: CGO_ENABLED=0 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o bg-suite cmd/bg-suite/*.go - - run: go test ./pkg/bootflow/... - - run: go test ./pkg/check/ - - run: go test ./pkg/diff/ - - run: go test ./pkg/errors/ - - run: go test ./pkg/hwapi/ - - run: go test ./pkg/mathtools/ - - run: go test ./pkg/ostools/ - - run: go test ./pkg/pcd/ - - run: go test ./pkg/provisioning/txt - - run: go test ./pkg/provisioning/bootguard - - run: go test ./pkg/registers - - run: go test ./pkg/test/ - - run: go test ./pkg/tools/ - - run: go test ./pkg/tpmdetection/ - - run: go test ./pkg/tpmeventlog/ - - run: go test ./pkg/uefi/ - - run: mkdir out - - run: git config user.email "circleci@circleci.com" - - run: git config user.name "CI" - - run: ./txt-suite markdown > ./cmd/txt-suite/TESTPLAN.md - - run: ./bg-suite markdown > ./cmd/bg-suite/TESTPLAN.md - - run: git add ./cmd/txt-suite/TESTPLAN.md ./cmd/bg-suite/TESTPLAN.md - - run: (git commit -m "Update testplan file" && git push --set-upstream origin ${CIRCLE_BRANCH}) || true - - run: cp txt-suite txt-prov bg-prov bg-suite out/ - - - persist_to_workspace: - root: out - paths: - - txt-suite - - txt-prov - - bg-prov - - bg-suite - - create_deb_rpm: - docker: - # specify the version - - image: golang:1.21 - - working_directory: /go/src/github.com/9elements/converged-security-suite - steps: - - checkout - - attach_workspace: - at: /tmp/out - - run: go get github.com/goreleaser/nfpm/cmd/nfpm@v1.3.2 - - run: go build github.com/goreleaser/nfpm/cmd/nfpm - - run: cp /tmp/out/txt-suite . - - run: cp /tmp/out/txt-prov . - - run: cp /tmp/out/bg-prov . - - run: cp /tmp/out/bg-suite . - - run: if [ -z "$CIRCLE_TAG" ]; then echo "export CIRCLE_TAG=$(git describe --tags|cut -d'-' -f1);" >> $BASH_ENV; fi - - run: if [ -z "$CIRCLE_BUILD_NUM" ]; then echo "export CIRCLE_BUILD_NUM=$(git describe --tags|cut -d'-' -f2);" >> $BASH_ENV; fi - - run: MY_APP_VERSION=${CIRCLE_TAG} MY_APP_BUILDNUMBER=${CIRCLE_BUILD_NUM} go run github.com/goreleaser/nfpm/cmd/nfpm pkg --config ./build/package/nfpm_rpm.yaml --target golang-css-suite-${CIRCLE_TAG}-${CIRCLE_BUILD_NUM}.x86_64.rpm - - run: MY_APP_VERSION=${CIRCLE_TAG} MY_APP_BUILDNUMBER=${CIRCLE_BUILD_NUM} go run github.com/goreleaser/nfpm/cmd/nfpm pkg --config ./build/package/nfpm_deb.yaml --target go_css-suite-${CIRCLE_TAG}-${CIRCLE_BUILD_NUM}_amd64.deb - - run: mkdir -p out && cp *.rpm ./out/ && cp *.deb ./out/ - - run: cp txt-suite ./out/ - - run: cp txt-prov ./out/ - - run: cp bg-prov ./out/ - - run: cp bg-suite ./out/ - - run: cp golang-css-suite-${CIRCLE_TAG}-${CIRCLE_BUILD_NUM}.x86_64.rpm artifact.rpm - - run: cp go_css-suite-${CIRCLE_TAG}-${CIRCLE_BUILD_NUM}_amd64.deb artifact.deb - - persist_to_workspace: - root: out - paths: - - golang-css-suite*.rpm - - go_css-suite*.deb - - txt-suite - - txt-prov - - bg-prov - - bg-suite - - store_artifacts: - path: artifact.rpm - destination: golang-css-suite.rpm - - store_artifacts: - path: artifact.deb - destination: golang-css-suite.deb - - build_arm: - docker: - # specify the version - - image: golang:1.21 - - working_directory: /go/src/github.com/9elements/converged-security-suite - steps: - - checkout - - run: go mod download - - run: go mod verify - - run: CGO_ENABLED=0 GOARCH=arm go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o txt-suite cmd/txt-suite/*.go - - run: CGO_ENABLED=0 GOARCH=arm go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o txt-prov cmd/txt-prov/*.go - - run: CGO_ENABLED=0 GOARCH=arm go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o bg-prov cmd/bg-prov/*.go - - run: CGO_ENABLED=0 GOARCH=arm go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o bg-suite cmd/bg-suite/*.go - - build_arm64: - docker: - # specify the version - - image: golang:1.21 - - working_directory: /go/src/github.com/9elements/converged-security-suite - steps: - - checkout - - run: go mod download - - run: go mod verify - - run: CGO_ENABLED=0 GOARCH=arm64 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o txt-suite cmd/txt-suite/*.go - - run: CGO_ENABLED=0 GOARCH=arm64 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o txt-prov cmd/txt-prov/*.go - - run: CGO_ENABLED=0 GOARCH=arm64 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o bg-prov cmd/bg-prov/*.go - - run: CGO_ENABLED=0 GOARCH=arm64 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o bg-suite cmd/bg-suite/*.go - - build_ppc64le: - docker: - # specify the version - - image: golang:1.21 - - working_directory: /go/src/github.com/9elements/converged-security-suite - steps: - - checkout - - run: go mod download - - run: go mod verify - - run: CGO_ENABLED=0 GOARCH=ppc64le go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o txt-suite cmd/txt-suite/*.go - - run: CGO_ENABLED=0 GOARCH=ppc64le go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o txt-prov cmd/txt-prov/*.go - - run: CGO_ENABLED=0 GOARCH=ppc64le go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o bg-prov cmd/bg-prov/*.go - - run: CGO_ENABLED=0 GOARCH=ppc64le go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o bg-suite cmd/bg-suite/*.go - - publish-github-release: - docker: - - image: cibuilds/github:0.10 - steps: - - checkout - - - attach_workspace: - at: /tmp/out - - run: - name: "Publish Release on GitHub" - command: | - ghr -t ${GITHUB_TOKEN} -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -c ${CIRCLE_SHA1} -draft -delete ${CIRCLE_TAG} /tmp/out/ - -workflows: - version: 2 - main: - jobs: - - build: - filters: - branches: - only: /.*/ - tags: - only: /.*/ - - build_arm: - filters: - branches: - only: /.*/ - tags: - only: /.*/ - - build_arm64: - filters: - branches: - only: /.*/ - tags: - only: /.*/ - - build_ppc64le: - filters: - branches: - only: /.*/ - tags: - only: /.*/ - - create_deb_rpm: - requires: - - build - filters: - branches: - only: /.*/ - tags: - only: /.*/ - - publish-github-release: - requires: - - build - - create_deb_rpm - filters: - tags: - # vX.Y.Z - only: /^v.*/ - branches: - ignore: /.*/ diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..9075d520 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,83 @@ +name: build +on: + push: + tags: + - v* + branches: + - master + - main + pull_request: +jobs: + build: + strategy: + matrix: + go-arch: [amd64, arm64] + runs-on: ubuntu-latest + env: + CGO_ENABLED: 0 + GOARCH: ${{ matrix.go-arch }} + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Build txt-suite + run: go build -ldflags '-X main.gitcommit=${GITHUB_SHA} -X main.gittag=${github.ref_name} -w -extldflags "-static"' -o txt-suite cmd/txt-suite/*.go + - name: Build txt-prov + run: go build -ldflags '-X main.gitcommit=${GITHUB_SHA} -X main.gittag=${github.ref_name} -w -extldflags "-static"' -o txt-prov cmd/txt-prov/*.go + - name: Build bg-suite + run: go build -ldflags '-X main.gitcommit=${GITHUB_SHA} -X main.gittag=${github.ref_name} -w -extldflags "-static"' -o bg-suite cmd/bg-suite/*.go + - name: Build bg-prov + run: go build -ldflags '-X main.gitcommit=${GITHUB_SHA} -X main.gittag=${github.ref_name} -w -extldflags "-static"' -o bg-prov cmd/bg-prov/*.go + - name: Build pcr0tool + run: go build -ldflags '-X main.gitcommit=${GITHUB_SHA} -X main.gittag=${github.ref_name} -w -extldflags "-static"' -o pcr0tool cmd/pcr0tool/*.go + - name: Build amd-suite + run: go build -ldflags '-X main.gitcommit=${GITHUB_SHA} -X main.gittag=${github.ref_name} -w -extldflags "-static"' -o amd-suite cmd/amd-suite/*.go + - name: Save artifacts + uses: actions/upload-artifact@v4 + with: + name: artifacts-${{ matrix.go-arch }} + path: | + ./txt-suite + ./txt-prov + ./bg-suite + ./bg-prov + ./pcr0tool + ./amd-suite + + + test: + needs: build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: go test + run: go test -v ./pkg/... + + generateTemplates: + needs: build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Install dependencies + run: sudo apt-get install jq + - name: Download Artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts-amd64 + path: ./artifacts + - name: Make artifacts executable + run: chmod +x ./artifacts/* + - name: Generate Template-v-1 (bg-prov) + run: | + ./artifacts/bg-prov template-v-1 --svn=1 --acmsvn=1 --nems=2 \ + --pbet=12 --ibbflags=1 --mchbar=123456 --vdtbar=120000 --dmabase0=130000 \ + --dmasize0=2048 --entrypoint=140000 --ibbhash=SHA256 config.json + cat ./config.json | jq + + - name: Generate Template-v-2 (bg-prov) + run: | + ./artifacts/bg-prov template-v-1 --svn=1 --acmsvn=1 --nems=2 \ + --pbet=12 --ibbflags=1 --mchbar=123456 --vdtbar=120000 --dmabase0=130000 \ + --dmasize0=2048 --entrypoint=140000 --ibbhash=SHA256 config.json + cat ./config.json | jq