mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-06-24 09:46:41 +00:00
0b7a72805a
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
* issue_896: first cut at changing the logic on the validator * issue_896: Added more javadocs, still going through the process and figuring out places where this will work. Can successfully debug provisioner+aca. * issue_896: slowly introducing component identifier v2 into multiple spots throughout out the app. Seems like we need to ensure that when we try to parse the pc from the identity claim, it needs to recognize the new kind of identifier. * issue_896: deleted abstract plat form config class, replaced it with plat config v1 (which already exists), moved attribuutes associated with v2 to the v2 class, when validating the aca will now verify if the platform config associated with the cert is v1 or v2. Made corrections to attributes names to better align with tcg docs. * issue_896:Added a new property to component info, made some more spelling corrections, deleted unused classes that were being referenced by componentinfo. pretty much done with the aca side of things. * issue_896:I believe I have finished the issue. Further testing needs to be done. Will put in a WIP PR for now. * issue_896: Made some more changes after viewing PR * issue_896: Changed v3 to v4 in the github actions yaml files. * issue_896: Fixed issues in one of the test classes, can now test other aspects of the SupplyChainCredentialValidator class. Will add more tests as more issues get fixed. * issue_896: Hopefully GITHUB actions will be more forgiving. * issue_896: Placed test task in the root build.gradle. Made more fixes to the test classes. * issue_896: Realized there might be more work needed for the validation part. Started adding more logic to validation. * issue_896: Last change before the long weekend. Hoping these changes will make github actions happy. * issue_896: Verifying that this part works. We will need to figure out a smart/efficient way of comparing the components from platform cert and device info report. * testing * v3_issue_896: Should work for this PR. * v3_issue_821: fixed the NPE issue we were getting during provisioning for missing component info. * v3_issue_896: my copy/paste skills need work. Fixed the issue that was causing the docker tests to fail. * v3_issue_896: trying to see if reverting the return call null will make a difference. * v3_issue_896: should fix issues with pc found on certain devices * v3_issue_896: part ii of should fix issues with pc found on certain devices
97 lines
5.2 KiB
YAML
97 lines
5.2 KiB
YAML
# This workflow will build HIRS, run unit tests, and create HIRS artifacts
|
|
# Updated: 02/11/2025
|
|
name: HIRS Build and Unit Test
|
|
|
|
on:
|
|
# Runs this workflow whenever there is a push to main from a branch annotated with "v3"
|
|
push:
|
|
branches:
|
|
- '*v3*'
|
|
- 'main'
|
|
# Allows you to run this workflow manually from the Actions tab
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
# Run the unit tests and package HIRS ACA, provisoner, and tools
|
|
ACA_Provisioner_Unit_Tests:
|
|
runs-on: ubuntu-latest # Configures the job to run on the latest version of an Ubuntu Linux runner
|
|
steps:
|
|
- uses: actions/checkout@v4 # run v4 of actions/checkout action, which checks out your repository onto the runner
|
|
# Build will archive build reports and will create a failedFile if build is not successful
|
|
- name: Directory setup
|
|
run: |
|
|
mkdir -p artifacts/githubActionsResults
|
|
mkdir -p artifacts/upload_reports/HIRS_AttestationCA
|
|
mkdir -p artifacts/upload_reports/HIRS_AttestationCAPortal
|
|
mkdir -p artifacts/upload_reports/HIRS_Provisioner
|
|
mkdir -p artifacts/upload_reports/HIRS_ProvisionerTPM2
|
|
mkdir -p artifacts/upload_reports/HIRS_Structs
|
|
mkdir -p artifacts/upload_reports/HIRS_Utils
|
|
mkdir -p artifacts/upload_reports/tcg_rim_tool
|
|
mkdir -p artifacts/upload_reports/tcg_eventlog_tool
|
|
# Run the provisioner and ACA unit tests via gradle build in a Rocky Docker container
|
|
- name: Build HIRS and run unit tests
|
|
run: |
|
|
|
|
# log into and run docker (note: must set up secrets in github for ghcr username and access_token)
|
|
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ --password-stdin
|
|
|
|
# docker run options:
|
|
# create a mount between curr directory on the runner and the HIRS folder created by the cloning of HIRS repo
|
|
# -v $(pwd):/HIRS
|
|
# image used for the container, given by <repository>:<tag_name>
|
|
# rocky8: ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest [repo: https://github.com/orgs/nsacyber/packages]
|
|
# bash commands to clean/build/test each subproject
|
|
# /bin/bash -c '<commands>'
|
|
docker run --rm \
|
|
-v $(pwd):/HIRS \
|
|
ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest /bin/bash -c \
|
|
'pushd /HIRS
|
|
gradle_status=0
|
|
|
|
# git added a feature that gives error if user is not owner of the top-level directory; need to override this
|
|
git config --global --add safe.directory /HIRS
|
|
|
|
# clean, build and run unit tests on all sub-projects; copy build reports to an artifacts directory
|
|
./gradlew :HIRS_AttestationCA:clean :HIRS_AttestationCA:build :HIRS_AttestationCA:test
|
|
if (( $? != "0" )) ; then gradle_status=1; fi
|
|
cp -r /HIRS/HIRS_AttestationCA/build/reports/ /HIRS/artifacts/upload_reports/HIRS_AttestationCA/.
|
|
./gradlew :HIRS_AttestationCAPortal:clean :HIRS_AttestationCAPortal:build :HIRS_AttestationCAPortal:test
|
|
if (( $? != "0" )) ; then gradle_status=1; fi
|
|
cp -r /HIRS/HIRS_AttestationCAPortal/build/reports/ /HIRS/artifacts/upload_reports/HIRS_AttestationCAPortal/.
|
|
#./gradlew :HIRS_Provisioner:clean :HIRS_Provisioner:build :HIRS_Provisioner:test
|
|
#if (( $? != "0" )) ; then gradle_status=1; fi
|
|
#cp -r /HIRS/HIRS_Provisioner/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Provisioner/.
|
|
#./gradlew :HIRS_ProvisionerTPM2:clean :HIRS_ProvisionerTPM2:build :HIRS_ProvisionerTPM2:test
|
|
#if (( $? != "0" )) ; then gradle_status=1; fi
|
|
#cp -r /HIRS/HIRS_ProvisionerTPM2/docs/ /HIRS/artifacts/upload_reports/HIRS_ProvisionerTPM2/.
|
|
./gradlew :HIRS_Structs:clean :HIRS_Structs:build :HIRS_Structs:test
|
|
if (( $? != "0" )) ; then gradle_status=1; fi
|
|
cp -r /HIRS/HIRS_Structs/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Structs/.
|
|
./gradlew :HIRS_Utils:clean :HIRS_Utils:build :HIRS_Utils:test
|
|
if (( $? != "0" )) ; then gradle_status=1; fi
|
|
cp -r /HIRS/HIRS_Utils/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Utils/.
|
|
#./gradlew :TPM_Utils:clean :TPM_Utils:build :TPM_Utils:test
|
|
#if (( $? != "0" )) ; then gradle_status=1; fi
|
|
|
|
# Create "fail file" to fail the Build ACA tests if gradle exited with anything other than 0
|
|
if (( $gradle_status == "0" )) ; then
|
|
echo "In docker: Build Passed"
|
|
else
|
|
echo "In docker: Build Failed"
|
|
touch /HIRS/artifacts/githubActionsResults/buildFailed.txt
|
|
fi; popd;'
|
|
# Upload build report files
|
|
- name: Archive report files
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: HIRS_Build_Reports
|
|
path: artifacts/upload_reports/*
|
|
if-no-files-found: ignore
|
|
# If buildFailed file exists, use that to fail the ACA unit tests
|
|
- name: Check if build/test passed or failed
|
|
if: ${{ hashFiles('artifacts/githubActionsResults/buildFailed.txt') != '' }}
|
|
uses: actions/github-script@v6
|
|
with:
|
|
script: |
|
|
core.setFailed('Build or Unit Test Failed') |