diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 94feda73fd..01a2625181 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -1,8 +1,8 @@ -name: actionlint +name: Actionlint on: [pull_request] jobs: actionlint: - name: lint workflow files + name: Workflow Files runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/as-dockerbuild.yml b/.github/workflows/as-dockerbuild.yml index 5c4d1592bc..fe9b5cff4f 100644 --- a/.github/workflows/as-dockerbuild.yml +++ b/.github/workflows/as-dockerbuild.yml @@ -1,4 +1,4 @@ -name: AS & RVPS Container image build test +name: AS & RVPS Container Image Build on: push: branches: diff --git a/.github/workflows/as-e2e.yml b/.github/workflows/as-e2e.yml index 5352665551..64ecf2d1cf 100644 --- a/.github/workflows/as-e2e.yml +++ b/.github/workflows/as-e2e.yml @@ -34,10 +34,11 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: ${{ env.RUSTC_VERSION }} + - name: Install Rust toolchain (${{ env.RUSTC_VERSION }}) + run: | + rustup update --no-self-update ${{ env.RUSTC_VERSION }} + rustup component add --toolchain ${{ env.RUSTC_VERSION }} rustc + rustup default ${{ env.RUSTC_VERSION }} - uses: actions/setup-go@v5 with: diff --git a/.github/workflows/as-basic.yml b/.github/workflows/as-rust.yml similarity index 98% rename from .github/workflows/as-basic.yml rename to .github/workflows/as-rust.yml index 4591717524..2921620207 100644 --- a/.github/workflows/as-basic.yml +++ b/.github/workflows/as-rust.yml @@ -1,4 +1,4 @@ -name: attestation-service basic build and unit tests +name: CoCo-AS Rust Suites on: push: branches: diff --git a/.github/workflows/kbs-docker-build.yml b/.github/workflows/kbs-docker-build.yml index 8899d4d9a4..7d9a29d532 100644 --- a/.github/workflows/kbs-docker-build.yml +++ b/.github/workflows/kbs-docker-build.yml @@ -1,3 +1,4 @@ +name: KBS Container Image Build on: push: branches: [ "main" ] @@ -7,7 +8,7 @@ on: jobs: ci: runs-on: ubuntu-latest - + name: Check steps: - name: Code checkout uses: actions/checkout@v4 diff --git a/.github/workflows/kbs-docker-e2e.yaml b/.github/workflows/kbs-docker-e2e.yaml index a3599f5b15..f245ea3219 100644 --- a/.github/workflows/kbs-docker-e2e.yaml +++ b/.github/workflows/kbs-docker-e2e.yaml @@ -1,4 +1,4 @@ -name: KBS End-to-End test with Docker Compose and Sample Attester +name: KBS e2e (Docker Compose and Sample TEE) on: pull_request: diff --git a/.github/workflows/kbs-e2e-az-snp-vtpm.yaml b/.github/workflows/kbs-e2e-az-snp-vtpm.yaml deleted file mode 100644 index 058b2462af..0000000000 --- a/.github/workflows/kbs-e2e-az-snp-vtpm.yaml +++ /dev/null @@ -1,65 +0,0 @@ -name: KBS e2e with az-snp-vtpm TEE - -on: - push: - branches: - - main - # Note on repository checkout: pull_request_target sets `GITHUB_SHA` to the - # "last commit on the PR base branch", meaning that by default `actions/checkout` - # is going to checkout the repository main branch. In order to pick up the pull - # request code, this workflow uses the `github.event.pull_request.head.sha` - # property to get the last commit on the HEAD branch. One limitation of this approach - # is that, unlike the `pull_request` event, the checked pull request isn't necessarily - # rebased to main (so it is up to the workflow to ensure the pull request is rebased - # **before* the workflow is triggering) - pull_request_target: - types: - - opened - - synchronize - - reopened - # This workflow will be run if the pull request is labeled 'test_e2e' - - labeled - branches: - - 'main' - -jobs: - authorize: - runs-on: ubuntu-latest - if: github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'test_e2e') - steps: - - run: "true" - - checkout-and-rebase: - runs-on: ubuntu-latest - needs: authorize - steps: - - name: Checkout Code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - # fetch main on push, otherwise the head of the PR - ref: ${{ github.event_name == 'push' && 'main' || github.event.pull_request.head.sha }} - - - name: Rebase the source - if: github.event_name != 'push' - run: | - git config --global user.name "GH Actions Workflow" - git config --global user.email "" - ./kbs/hack/ci-helper.sh rebase-atop-of-the-latest-target-branch - - - name: Archive source - run: git archive -o kbs.tar.gz HEAD - - - uses: actions/upload-artifact@v4 - with: - path: ./kbs.tar.gz - - e2e-test: - needs: - - authorize - - checkout-and-rebase - uses: ./.github/workflows/kbs-e2e.yaml - with: - runs-on: '["self-hosted","azure-cvm"]' - tee: azsnpvtpm - tarball: kbs.tar.gz diff --git a/.github/workflows/kbs-e2e-az-tdx-vtpm.yaml b/.github/workflows/kbs-e2e-azure-vtpm.yaml similarity index 88% rename from .github/workflows/kbs-e2e-az-tdx-vtpm.yaml rename to .github/workflows/kbs-e2e-azure-vtpm.yaml index 2299021301..90634931cb 100644 --- a/.github/workflows/kbs-e2e-az-tdx-vtpm.yaml +++ b/.github/workflows/kbs-e2e-azure-vtpm.yaml @@ -1,4 +1,4 @@ -name: KBS e2e with az-tdx-vtpm TEE +name: KBS e2e (Azure vTPM TEE) on: push: @@ -54,7 +54,7 @@ jobs: with: path: ./kbs.tar.gz - e2e-test: + tdx-e2e-test: needs: - authorize - checkout-and-rebase @@ -63,3 +63,13 @@ jobs: runs-on: '["self-hosted","azure-cvm-tdx"]' tee: aztdxvtpm tarball: kbs.tar.gz + + snp-e2e-test: + needs: + - authorize + - checkout-and-rebase + uses: ./.github/workflows/kbs-e2e.yaml + with: + runs-on: '["self-hosted","azure-cvm"]' + tee: azsnpvtpm + tarball: kbs.tar.gz diff --git a/.github/workflows/kbs-e2e-sample.yaml b/.github/workflows/kbs-e2e-sample.yaml index a321fe2cbf..2c125b7dbf 100644 --- a/.github/workflows/kbs-e2e-sample.yaml +++ b/.github/workflows/kbs-e2e-sample.yaml @@ -1,4 +1,4 @@ -name: KBS e2e with sample TEE +name: KBS e2e (Sample TEE) on: pull_request: diff --git a/.github/workflows/kbs-e2e.yaml b/.github/workflows/kbs-e2e.yaml index 456394e377..3dc732ce83 100644 --- a/.github/workflows/kbs-e2e.yaml +++ b/.github/workflows/kbs-e2e.yaml @@ -31,10 +31,11 @@ jobs: - name: Extract tarball run: tar xzf ./artifact/${{ inputs.tarball }} - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: ${{ env.RUSTC_VERSION }} + - name: Install Rust toolchain (${{ env.RUSTC_VERSION }}) + run: | + rustup update --no-self-update ${{ env.RUSTC_VERSION }} + rustup component add --toolchain ${{ env.RUSTC_VERSION }} rustc + rustup default ${{ env.RUSTC_VERSION }} - name: Set up rust build cache uses: actions/cache@v4 diff --git a/.github/workflows/kbs-rust.yml b/.github/workflows/kbs-rust.yml index 7f696c1d47..493087753e 100644 --- a/.github/workflows/kbs-rust.yml +++ b/.github/workflows/kbs-rust.yml @@ -1,4 +1,4 @@ -name: kbs rust tests +name: KBS Rust Suites on: push: @@ -19,6 +19,7 @@ env: jobs: ci: + name: Check strategy: fail-fast: false env: @@ -29,14 +30,12 @@ jobs: - name: Code checkout uses: actions/checkout@v4 - - name: Rust toolchain installation - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: ${{ env.RUSTC_VERSION }} - override: true - components: rustfmt, clippy - target: x86_64-unknown-linux-gnu + - name: Install Rust toolchain (${{ env.RUSTC_VERSION }}) + run: | + rustup update --no-self-update ${{ env.RUSTC_VERSION }} + rustup component add --toolchain ${{ env.RUSTC_VERSION }} rustfmt rustc clippy + rustup target add x86_64-unknown-linux-gnu + rustup default ${{ env.RUSTC_VERSION }} - name: Building dependencies installation run: | diff --git a/.github/workflows/link.yml b/.github/workflows/link.yml index 6e049d4da6..b6ec28480a 100644 --- a/.github/workflows/link.yml +++ b/.github/workflows/link.yml @@ -1,4 +1,4 @@ -name: check links +name: Check Links on: push: diff --git a/.github/workflows/as-build-and-push.yaml b/.github/workflows/release-as.yaml similarity index 100% rename from .github/workflows/as-build-and-push.yaml rename to .github/workflows/release-as.yaml diff --git a/.github/workflows/kbs-client-build-and-push.yaml b/.github/workflows/release-kbs-client.yaml similarity index 86% rename from .github/workflows/kbs-client-build-and-push.yaml rename to .github/workflows/release-kbs-client.yaml index 944b1716fa..7d265177c7 100644 --- a/.github/workflows/kbs-client-build-and-push.yaml +++ b/.github/workflows/release-kbs-client.yaml @@ -1,4 +1,4 @@ -name: Build and push kbs-client +name: Build and Push kbs-client on: push: @@ -31,22 +31,25 @@ jobs: - name: Check out code uses: actions/checkout@v4 - - name: Install rust toolchain - uses: actions-rs/toolchain@v1 - with: - toolchain: ${{ env.RUSTC_VERSION }} - override: true - profile: minimal + + - name: Install Rust toolchain (${{ env.RUSTC_VERSION }}) + run: | + rustup update --no-self-update ${{ env.RUSTC_VERSION }} + rustup component add --toolchain ${{ env.RUSTC_VERSION }} rustc + rustup default ${{ env.RUSTC_VERSION }} + - name: Log in to ghcr.io uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Build a statically linked kbs-client for ${{ matrix.arch }} linux working-directory: kbs run: | make cli-static-linux + - name: Push to ghcr.io working-directory: target/${{ matrix.arch }}-unknown-linux-gnu/release run: | diff --git a/.github/workflows/kbs-build-and-push.yaml b/.github/workflows/release-kbs.yaml similarity index 99% rename from .github/workflows/kbs-build-and-push.yaml rename to .github/workflows/release-kbs.yaml index 980dbe5ad6..36f6e64398 100644 --- a/.github/workflows/kbs-build-and-push.yaml +++ b/.github/workflows/release-kbs.yaml @@ -1,4 +1,4 @@ -name: Build and Push kbs Image +name: Build and Push KBS Image on: push: