ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-06-24 09:46:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
923-refactor-controller-classes-to-reduce-code-complexity
HIRS/.github/workflows/system_test.yml
ThatSilentCoder 0b7a72805a
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Details
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
Details
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
Details
HIRS System Tests / DockerTests (push) Has been cancelled
Details
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
Details
[#896] Add basic Platform Certificate Class Registry support to the ACA (#898) 
* issue_896: first cut at changing the logic on the validator

* issue_896: Added more javadocs, still going through the process and figuring out places where this will work. Can successfully debug provisioner+aca.

* issue_896: slowly introducing component identifier v2 into multiple spots throughout out the app. Seems like we need to ensure that when we try to parse the pc from the identity claim, it needs to recognize the new kind of identifier.

* issue_896: deleted abstract plat form config class, replaced it with plat config v1 (which already exists), moved attribuutes associated with v2 to the v2 class, when validating the aca will now verify if the platform config associated with the cert is v1 or v2. Made corrections to attributes names to better align with tcg docs.

* issue_896:Added a new property to component info, made some more spelling corrections, deleted unused classes that were being referenced by componentinfo. pretty much done with the aca side of things.

* issue_896:I believe I have finished the issue. Further testing needs to be done. Will put in a WIP PR for now.

* issue_896: Made some more changes after viewing PR

* issue_896: Changed v3 to v4 in the github actions yaml files.

* issue_896: Fixed issues in one of the test classes, can now test other aspects of the SupplyChainCredentialValidator class. Will add more tests as more issues get fixed.

* issue_896: Hopefully GITHUB actions will be more forgiving.

* issue_896: Placed test task in the root build.gradle. Made more fixes to the test classes.

* issue_896: Realized there might be more work needed for the validation part. Started adding more logic to validation.

* issue_896: Last change before the long weekend. Hoping these changes will make github actions happy.

* issue_896: Verifying that this part works. We will need to figure out a smart/efficient way of comparing the components from platform cert and device info report.

* testing

* v3_issue_896: Should work for this PR.

* v3_issue_821: fixed the NPE issue we were getting during provisioning for missing component info.

* v3_issue_896: my copy/paste skills need work. Fixed the issue that was causing the docker tests to fail.

* v3_issue_896: trying to see if reverting the return call null will make a difference.

* v3_issue_896: should fix issues with pc found on certain devices

* v3_issue_896: part ii of should fix issues with pc found on certain devices
2025-04-02 06:29:03 -04:00

144 lines
5.5 KiB
YAML
Raw Permalink Blame History

# This workflow will build HIRS, run system tests, and create artifacts consisting of ACA and Provisioner logs.
# Updated: 02/11/2025
name: HIRS System Tests
on:
push:
branches:
- '*v3*'
- 'main'
workflow_dispatch:
jobs:
DockerTests:
runs-on: ubuntu-latest
outputs:
test-result: ${{ steps.set_outputs.outputs.test-result }}
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: ACA TPM2 System Tests Setup
continue-on-error: true
shell: bash
run: |
# If on a forked repo, ensure that it has a new secret for the PAT
# and replace secrets.GITHUB_TOKEN with the secret in the fork
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
.ci/system-tests/setup_system_tests.sh ${GITHUB_REF#refs/heads/}
- name: ACA POLICY TEST 1 - Test ACA default policy
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 1
- name: ACA POLICY TEST 2 - Test EK cert Only Validation Policy without a EK Issuer Cert in the trust store
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 2
- name: ACA POLICY TEST 3 - Test EK Only Validation Policy
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 3
- name: ACA POLICY TEST 4 - Test PC Validation Policy with no PC
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 4
- name: ACA POLICY TEST 5 - Test FW and PC Validation Policy with no PC
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 5
- name: ACA POLICY TEST 6 - Test PC Validation Policy with valid PC with no Attribute Check
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 6
- name: ACA POLICY TEST 7 - Test PC Validation Policy with valid PC with Attribute Check
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 7
- name: ACA POLICY TEST 8 - Test PC with RIM Validation Policy with valid PC and RIM
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 8
- name: ACA POLICY TEST 9 - Test valid PC and RIM with PC only uploaded
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 9
- name: ACA POLICY TEST 10 - Test valid PC and RIM with RIM only uploaded
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 10
# - name: All ACA Policy Tests 1-8
# continue-on-error: true
# shell: bash
# run: |
# .ci/system-tests/tests/aca_policy_tests.sh
- name: ACA PLATFORM CERTIFICATE TEST 1 - Test a delta Platform Certificate that adds a new memory component
if: always()
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 1
- name: ACA PLATFORM CERTIFICATE TEST 2 - Test a Platform Certificate that is missing a memory component
if: always()
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 2
- name: ACA PLATFORM CERTIFICATE TEST 3 - Test a Delta Platform Certificate that has a wrong a memory component
if: always()
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 3
# - name: All Platform Cert Tests 1-3
# continue-on-error: true
# shell: bash
# run: |
# .ci/system-tests/tests/platform_cert_tests.sh
- name: ACA RIM TEST 1 - Test a RIM from an OEM and a Supplemental RIM from a VAR
if: always()
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 1
- name: ACA RIM TEST 2 - Test a RIM from an OEM with a bad reference measurement and a Supplemental RIM from a VAR
if: always()
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 2
- name: ACA RIM TEST 3 - Test a RIM from an OEM and a Supplemental RIM from a VAR with a bad reference measurement
if: always()
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 3
# - name: All RIM System Tests 1-3
# continue-on-error: true
# shell: bash
# run: |
# .ci/system-tests/tests/rim_system_tests.sh
- name: Copy System Test Log files
if: always()
shell: bash
run: |
echo "*** Extracting ACA and Provisioner.Net logs ..."
docker exec hirs-aca1 bash -c "mkdir -p /HIRS/logs/aca/ && cp -arp /var/log/hirs/* /HIRS/logs/aca/"
docker exec hirs-provisioner1-tpm2 bash -c "mkdir -p /HIRS/logs/provisioner/ && cp -ap hirs*.log /HIRS/logs/provisioner/ && chmod -R 777 /HIRS/logs"
- name: Docker Compose Down
if: always()
shell: bash
run: |
echo "*** Exiting and removing Docker containers and network ..."
docker compose -f .ci/docker/docker-compose-system-test.yml down -v
- name: Archive System Test Log files
if: always()
uses: actions/upload-artifact@v4
with:
name: System_Test_Log_Files
path: logs/
if-no-files-found: ignore
Reference in New Issue View Git Blame Copy Permalink