From 5b7b6311872aa767067b1e60578f2e46203663d8 Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Fri, 3 Nov 2023 11:09:51 +0800 Subject: [PATCH] ci: fix ci tests Signed-off-by: Xynnn007 --- .../.github => .github}/dependabot.yml | 12 +++---- .../workflows/as-basic.yml | 26 ++++++++++---- .github/workflows/as-dockerbuild.yml | 35 +++++++++++++++++++ .../workflows/kbs-docker-build.yml | 8 ++--- .../workflows/kbs-e2e.yaml | 8 ++--- .../workflows/kbs-release.yaml | 6 ++-- .../workflows/kbs-rust.yml | 21 +++++++++-- .../.github => .github}/workflows/release.yml | 6 ++-- .../.github/workflows/dockerbuild.yml | 22 ------------ kbs/.github/dependabot.yml | 16 --------- 10 files changed, 92 insertions(+), 68 deletions(-) rename {attestation-service/.github => .github}/dependabot.yml (82%) rename attestation-service/.github/workflows/basic.yml => .github/workflows/as-basic.yml (68%) create mode 100644 .github/workflows/as-dockerbuild.yml rename kbs/.github/workflows/docker-build.yml => .github/workflows/kbs-docker-build.yml (68%) rename kbs/.github/workflows/e2e.yaml => .github/workflows/kbs-e2e.yaml (90%) rename kbs/.github/workflows/release.yaml => .github/workflows/kbs-release.yaml (89%) rename kbs/.github/workflows/rust.yml => .github/workflows/kbs-rust.yml (79%) rename {attestation-service/.github => .github}/workflows/release.yml (88%) delete mode 100644 attestation-service/.github/workflows/dockerbuild.yml delete mode 100644 kbs/.github/dependabot.yml diff --git a/attestation-service/.github/dependabot.yml b/.github/dependabot.yml similarity index 82% rename from attestation-service/.github/dependabot.yml rename to .github/dependabot.yml index 5b954912b4..13aab4b3fb 100644 --- a/attestation-service/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,15 +9,13 @@ updates: - dependency-type: direct - dependency-type: indirect - - package-ecosystem: "gomod" - directory: "/attestation-service/src/cgo" # Location of shim's go.mod - schedule: - interval: "daily" - open-pull-requests-limit: 1 - - package-ecosystem: "github-actions" directory: "/" schedule: interval: "weekly" - + - package-ecosystem: "gomod" + directory: "/attestation-service/attestation-service/src/cgo" # Location of go.mod + schedule: + interval: "daily" + open-pull-requests-limit: 1 diff --git a/attestation-service/.github/workflows/basic.yml b/.github/workflows/as-basic.yml similarity index 68% rename from attestation-service/.github/workflows/basic.yml rename to .github/workflows/as-basic.yml index f1d22a0c14..34359fd979 100644 --- a/attestation-service/.github/workflows/basic.yml +++ b/.github/workflows/as-basic.yml @@ -1,5 +1,18 @@ name: attestation-service basic build and unit tests -on: [push, pull_request, create] +on: + push: + branches: + - "main" + paths: + - 'attestation-service/**' + - '.github/workflows/as_basic.yml' + - 'Cargo.toml' + pull_request: + paths: + - 'attestation-service/**' + - '.github/workflows/as_basic.yml' + - 'Cargo.toml' + create: jobs: basic_ci: @@ -24,8 +37,8 @@ jobs: - name: OPA policy.rego fmt and check run: | - opa fmt -d ./attestation-service/src/policy_engine/opa/default_policy.rego | awk '{ print } END { if (NR!=0) { print "run `opa fmt -w ` to fix this"; exit 1 } }' - opa check ./attestation-service/src/policy_engine/opa/default_policy.rego + opa fmt -d ./attestation-service/attestation-service/src/policy_engine/opa/default_policy.rego | awk '{ print } END { if (NR!=0) { print "run `opa fmt -w ` to fix this"; exit 1 } }' + opa check ./attestation-service/attestation-service/src/policy_engine/opa/default_policy.rego - name: Install protoc run: | @@ -52,23 +65,24 @@ jobs: components: rustfmt, clippy - name: Build + working-directory: attestation-service run: | make - name: Run cargo test uses: actions-rs/cargo@v1 with: - command: test + command: test -p attestation-service -p as-types -p grpc-as -p rvps -p rvps-client - name: Run cargo fmt check uses: actions-rs/cargo@v1 with: command: fmt - args: --all -- --check + args: -p attestation-service -p as-types -p grpc-as -p rvps -p rvps-client --check - name: Run rust lint check uses: actions-rs/cargo@v1 with: command: clippy # We are getting error in generated code due to derive_partial_eq_without_eq check, so ignore it for now - args: -- -D warnings -A clippy::derive_partial_eq_without_eq + args: -p attestation-service -p as-types -p grpc-as -p rvps -p rvps-client -- -D warnings -A clippy::derive_partial_eq_without_eq diff --git a/.github/workflows/as-dockerbuild.yml b/.github/workflows/as-dockerbuild.yml new file mode 100644 index 0000000000..bf10a4bb15 --- /dev/null +++ b/.github/workflows/as-dockerbuild.yml @@ -0,0 +1,35 @@ +name: AS & RVPS Container image build test +on: + push: + branches: + - "main" + paths: + - 'attestation-service/**' + - '.github/workflows/as-dockerbuild.yml' + - 'Cargo.toml' + pull_request: + paths: + - 'attestation-service/**' + - '.github/workflows/as-dockerbuild.yml' + - 'Cargo.toml' + create: + +jobs: + basic_ci: + if: github.event_name == 'pull_request' || github.event_name == 'push' + name: Check + runs-on: ubuntu-latest + strategy: + fail-fast: false + + steps: + - name: Code checkout + uses: actions/checkout@v4 + + - name: Build gRPC AS Container Image + run: | + DOCKER_BUILDKIT=1 docker build -t attestation-service:latest . -f attestation-service/Dockerfile.as + + - name: Build RVPS Container Image + run: | + Docker_BUILDKIT=1 docker build -t rvps:latest . -f attestation-service/Dockerfile.rvps \ No newline at end of file diff --git a/kbs/.github/workflows/docker-build.yml b/.github/workflows/kbs-docker-build.yml similarity index 68% rename from kbs/.github/workflows/docker-build.yml rename to .github/workflows/kbs-docker-build.yml index e58fd62939..23b948cb5f 100644 --- a/kbs/.github/workflows/docker-build.yml +++ b/.github/workflows/kbs-docker-build.yml @@ -12,8 +12,8 @@ jobs: - name: Code checkout uses: actions/checkout@v4 - - name: Build Container Image + - name: Build KBS Container Image run: | - DOCKER_BUILDKIT=1 docker build -t kbs:coco-as . -f docker/Dockerfile; \ - DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-openssl --build-arg KBS_FEATURES=coco-as-builtin,openssl,resource,opa . -f docker/Dockerfile; \ - DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f docker/Dockerfile.coco-as-grpc + DOCKER_BUILDKIT=1 docker build -t kbs:coco-as . -f kbs/docker/Dockerfile; \ + DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-openssl --build-arg KBS_FEATURES=coco-as-builtin,openssl,resource,opa . -f kbs/docker/Dockerfile; \ + DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/Dockerfile.coco-as-grpc diff --git a/kbs/.github/workflows/e2e.yaml b/.github/workflows/kbs-e2e.yaml similarity index 90% rename from kbs/.github/workflows/e2e.yaml rename to .github/workflows/kbs-e2e.yaml index 96792e1f20..6a1635a278 100644 --- a/kbs/.github/workflows/e2e.yaml +++ b/.github/workflows/kbs-e2e.yaml @@ -1,4 +1,4 @@ -name: e2e +name: KBS e2e on: pull_request: @@ -42,11 +42,11 @@ jobs: key: rust-${{ hashFiles('./Cargo.lock') }} - name: Install dependencies - working-directory: test + working-directory: kbs/test run: sudo make install-dependencies - name: Build bins - working-directory: test + working-directory: kbs/test run: make bins - name: Set cc_kbc sample attester env @@ -54,5 +54,5 @@ jobs: run: echo "AA_SAMPLE_ATTESTER_TEST=1" >> "$GITHUB_ENV" - name: Run e2e test - working-directory: test + working-directory: kbs/test run: sudo -E make e2e-test diff --git a/kbs/.github/workflows/release.yaml b/.github/workflows/kbs-release.yaml similarity index 89% rename from kbs/.github/workflows/release.yaml rename to .github/workflows/kbs-release.yaml index 710c52508c..d0f883d9c0 100644 --- a/kbs/.github/workflows/release.yaml +++ b/.github/workflows/kbs-release.yaml @@ -1,4 +1,4 @@ -name: Cut Release +name: Cut KBS Release on: release: @@ -23,7 +23,7 @@ jobs: uses: docker/build-push-action@v4 with: context: . - file: ./docker/Dockerfile + file: ./kbs/docker/Dockerfile platforms: linux/amd64 push: true tags: ghcr.io/confidential-containers/key-broker-service:built-in-as-${{ github.ref_name }} @@ -32,7 +32,7 @@ jobs: uses: docker/build-push-action@v4 with: context: . - file: ./docker/Dockerfile.coco-as-grpc + file: ./kbs/docker/Dockerfile.coco-as-grpc platforms: linux/amd64 push: true tags: ghcr.io/confidential-containers/key-broker-service:${{ github.ref_name }}, ghcr.io/confidential-containers/key-broker-service:latest diff --git a/kbs/.github/workflows/rust.yml b/.github/workflows/kbs-rust.yml similarity index 79% rename from kbs/.github/workflows/rust.yml rename to .github/workflows/kbs-rust.yml index 2d468b8749..18174ebf98 100644 --- a/kbs/.github/workflows/rust.yml +++ b/.github/workflows/kbs-rust.yml @@ -1,10 +1,18 @@ -name: rust tests +name: kbs rust tests on: push: - branches: [ "main" ] + branches: + - "main" + paths: + - 'kbs/**' + - '.github/workflows/kbs-rust.yml' + - 'Cargo.toml' pull_request: - branches: [ "main" ] + paths: + - 'kbs/**' + - '.github/workflows/kbs-rust.yml' + - 'Cargo.toml' env: CARGO_TERM_COLOR: always @@ -53,22 +61,29 @@ jobs: sudo apt-get install -y libtdx-attest-dev libsgx-dcap-quote-verify-dev - name: KBS Build [Default] + working-directory: kbs run: make - name: KBS Build [Built-in CoCo AS, OpenSSL] + working-directory: kbs run: make HTTPS_CRYPTO=openssl - name: KBS Build [gRPC CoCo AS, RustTLS] + working-directory: kbs run: make COCO_AS_INTEGRATE_TYPE=grpc - name: build KBS with amber AS mode + working-directory: kbs run: make AS_TYPE=amber-as - name: Lint + working-directory: kbs run: make lint - name: Format + working-directory: kbs run: make format - name: Test + working-directory: kbs run: make check diff --git a/attestation-service/.github/workflows/release.yml b/.github/workflows/release.yml similarity index 88% rename from attestation-service/.github/workflows/release.yml rename to .github/workflows/release.yml index 5ff0cdc8db..a2d26a6f0c 100644 --- a/attestation-service/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -name: Cut Release +name: Cut Attestation Service Release on: release: @@ -23,7 +23,7 @@ jobs: uses: docker/build-push-action@v4 with: context: . - file: ./Dockerfile.as + file: ./attestation-service/Dockerfile.as platforms: linux/amd64 push: true tags: ghcr.io/confidential-containers/attestation-service:latest, ghcr.io/confidential-containers/attestation-service:${{ github.ref_name }} @@ -32,7 +32,7 @@ jobs: uses: docker/build-push-action@v4 with: context: . - file: ./Dockerfile.rvps + file: ./attestation-service/Dockerfile.rvps platforms: linux/amd64 push: true tags: ghcr.io/confidential-containers/reference-value-provider-service:latest, ghcr.io/confidential-containers/reference-value-provider-service:${{ github.ref_name }} \ No newline at end of file diff --git a/attestation-service/.github/workflows/dockerbuild.yml b/attestation-service/.github/workflows/dockerbuild.yml deleted file mode 100644 index e63b48eb9e..0000000000 --- a/attestation-service/.github/workflows/dockerbuild.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Container image build test -on: [push, pull_request, create] - -jobs: - basic_ci: - if: github.event_name == 'pull_request' || github.event_name == 'push' - name: Check - runs-on: ubuntu-latest - strategy: - fail-fast: false - - steps: - - name: Code checkout - uses: actions/checkout@v4 - - - name: Build gRPC AS Container Image - run: | - DOCKER_BUILDKIT=1 docker build -t attestation-service:latest . -f Dockerfile.as - - - name: Build RVPS Container Image - run: | - Docker_BUILDKIT=1 docker build -t rvps:latest . -f Dockerfile.rvps \ No newline at end of file diff --git a/kbs/.github/dependabot.yml b/kbs/.github/dependabot.yml deleted file mode 100644 index 7a07845dad..0000000000 --- a/kbs/.github/dependabot.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "cargo" - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 1 - allow: - - dependency-type: direct - - dependency-type: indirect - - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" -