HIRS/.github/workflows/system_test.yml
5B96790E3664F40075A67E6ADF737EDB15B4408DBC91A81228B31537B0CE3E26 170b94c132 supplychainvalidationsummary will look up rims by ID (#805)
* Lookup here needed summary id from device object

* Portal linkage issue

* CertificatesUsed not working properly with RIM

* Maybe need to link to base rim

* Rim test 1 needed hw file

* Working on CI

* Connecting new tpm2_common

* Edited the way scripts called in docker exec

* TPM for reset each test

* Defining efi paths in CI env file

* Forgot to close while loops

* Connecting default test files

* Variable was wrong [no ci]

* Added ACA tests using uploaded artifacts

* Trying to chmod rim_setup.sh

* rim_setup chmod issues

* Added aca tests 9 and 10 to workflow

* Added cases 9 and 10 for aca policy tests

* Exit test scripts with error if one test fails

* Attempt to solve uploaded rim linkup

* Try only setting tagId if not null

* updateSupportRimInfo was not setting associated rim on base

* Attempt alternate lookup of rim by device name

* Trouble with event log archived

* Used wrong variable

* Fix spotbugs

* Try again

* Change SupplyChainValidation.message size to MAX_MESSAGE_LENGTH
2024-07-26 10:59:23 -04:00

163 lines
6.3 KiB
YAML

# This workflow will build HIRS, run system tests, and create artifacts consisting of ACA and Provisioner logs.
# Updated: 06/05/2024
#
name: HIRS System Tests
on:
push:
branches:
- '*v3*'
- 'main'
workflow_dispatch:
env:
TEST_STATUS: 0
jobs:
DockerTests:
runs-on: ubuntu-latest
outputs:
test-result: ${{ steps.set_outputs.outputs.test-result }}
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: ACA TPM2 System Tests Setup
continue-on-error: true
shell: bash
run: |
# If on a forked repo, ensure that it has a new secret for the PAT
# and replace secrets.GITHUB_TOKEN with the secret in the fork
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
.ci/system-tests/setup_system_tests.sh ${GITHUB_REF#refs/heads/}
- name: ACA POLICY TEST 1 - Test ACA default policy
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 1
- name: ACA POLICY TEST 2 - Test EK cert Only Validation Policy without a EK Issuer Cert in the trust store
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 2
- name: ACA POLICY TEST 3 - Test EK Only Validation Policy
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 3
- name: ACA POLICY TEST 4 - Test PC Validation Policy with no PC
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 4
- name: ACA POLICY TEST 5 - Test FW and PC Validation Policy with no PC
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 5
- name: ACA POLICY TEST 6 - Test PC Validation Policy with valid PC with no Attribute Check
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 6
- name: ACA POLICY TEST 7 - Test PC Validation Policy with valid PC with Attribute Check
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 7
- name: ACA POLICY TEST 8 - Test PC with RIM Validation Policy with valid PC and RIM
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 8
- name: ACA POLICY TEST 9 - Test valid PC and RIM with PC only uploaded
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 9
- name: ACA POLICY TEST 10 - Test valid PC and RIM with RIM only uploaded
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 10
# - name: All ACA Policy Tests 1-8
# continue-on-error: true
# shell: bash
# run: |
# .ci/system-tests/tests/aca_policy_tests.sh
- name: ACA PLATFORM CERTIFICATE TEST 1 - Test a delta Platform Certificate that adds a new memory component
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 1
- name: ACA PLATFORM CERTIFICATE TEST 2 - Test a Platform Certificate that is missing a memory component
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 2
- name: ACA PLATFORM CERTIFICATE TEST 3 - Test a Delta Platform Certificate that has a wrong a memory component
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 3
# - name: All Platform Cert Tests 1-3
# continue-on-error: true
# shell: bash
# run: |
# .ci/system-tests/tests/platform_cert_tests.sh
- name: ACA RIM TEST 1 - Test a RIM from an OEM and a Supplemental RIM from a VAR
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 1
- name: ACA RIM TEST 2 - Test a RIM from an OEM with a bad reference measurement and a Supplemental RIM from a VAR
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 2
- name: ACA RIM TEST 3 - Test a RIM from an OEM and a Supplemental RIM from a VAR with a bad reference measurement
continue-on-error: true
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 3
# - name: All RIM System Tests 1-3
# continue-on-error: true
# shell: bash
# run: |
# .ci/system-tests/tests/rim_system_tests.sh
- name: Copy System Test Log files
continue-on-error: true
shell: bash
run: |
echo "*** Extracting ACA and Provisioner.Net logs ..."
docker exec hirs-aca1 bash -c "mkdir -p /HIRS/logs/aca/ && cp -arp /var/log/hirs/* /HIRS/logs/aca/"
docker exec hirs-provisioner1-tpm2 bash -c "mkdir -p /HIRS/logs/provisioner/ && cp -ap hirs*.log /HIRS/logs/provisioner/ && chmod -R 777 /HIRS/logs"
- name: Docker Compose Down
continue-on-error: true
shell: bash
run: |
echo "*** Exiting and removing Docker containers and network ..."
docker compose -f .ci/docker/docker-compose-system-test.yml down -v
if [[ ${TEST_STATUS} == "0" ]]; then
echo "******** SUCCESS: System Tests for TPM 2.0 passed ********"
echo "TEST_STATUS=0" >> $GITHUB_ENV
exit 0;
else
echo "******** FAILURE: System Tests for TPM 2.0 failed ********"
echo "TEST_STATUS=1" >> $GITHUB_ENV
exit 1
fi
- name: Archive System Test Log files
uses: actions/upload-artifact@v4
with:
name: System_Test_Log_Files
path: logs/
if-no-files-found: ignore
- name: Check System Test results
if: success() || failure()
run: |
if [ ${TEST_STATUS} == "0" ]; then
exit 0;
else
exit 1;
fi