mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-24 07:06:46 +00:00
170b94c132
* Lookup here needed summary id from device object * Portal linkage issue * CertificatesUsed not working properly with RIM * Maybe need to link to base rim * Rim test 1 needed hw file * Working on CI * Connecting new tpm2_common * Edited the way scripts called in docker exec * TPM for reset each test * Defining efi paths in CI env file * Forgot to close while loops * Connecting default test files * Variable was wrong [no ci] * Added ACA tests using uploaded artifacts * Trying to chmod rim_setup.sh * rim_setup chmod issues * Added aca tests 9 and 10 to workflow * Added cases 9 and 10 for aca policy tests * Exit test scripts with error if one test fails * Attempt to solve uploaded rim linkup * Try only setting tagId if not null * updateSupportRimInfo was not setting associated rim on base * Attempt alternate lookup of rim by device name * Trouble with event log archived * Used wrong variable * Fix spotbugs * Try again * Change SupplyChainValidation.message size to MAX_MESSAGE_LENGTH
163 lines
6.3 KiB
YAML
163 lines
6.3 KiB
YAML
# This workflow will build HIRS, run system tests, and create artifacts consisting of ACA and Provisioner logs.
|
|
# Updated: 06/05/2024
|
|
#
|
|
name: HIRS System Tests
|
|
on:
|
|
push:
|
|
branches:
|
|
- '*v3*'
|
|
- 'main'
|
|
workflow_dispatch:
|
|
env:
|
|
TEST_STATUS: 0
|
|
jobs:
|
|
DockerTests:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
test-result: ${{ steps.set_outputs.outputs.test-result }}
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
- name: ACA TPM2 System Tests Setup
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
# If on a forked repo, ensure that it has a new secret for the PAT
|
|
# and replace secrets.GITHUB_TOKEN with the secret in the fork
|
|
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
|
|
.ci/system-tests/setup_system_tests.sh ${GITHUB_REF#refs/heads/}
|
|
- name: ACA POLICY TEST 1 - Test ACA default policy
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/aca_policy_tests.sh 1
|
|
- name: ACA POLICY TEST 2 - Test EK cert Only Validation Policy without a EK Issuer Cert in the trust store
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/aca_policy_tests.sh 2
|
|
- name: ACA POLICY TEST 3 - Test EK Only Validation Policy
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/aca_policy_tests.sh 3
|
|
- name: ACA POLICY TEST 4 - Test PC Validation Policy with no PC
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/aca_policy_tests.sh 4
|
|
- name: ACA POLICY TEST 5 - Test FW and PC Validation Policy with no PC
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/aca_policy_tests.sh 5
|
|
- name: ACA POLICY TEST 6 - Test PC Validation Policy with valid PC with no Attribute Check
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/aca_policy_tests.sh 6
|
|
- name: ACA POLICY TEST 7 - Test PC Validation Policy with valid PC with Attribute Check
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/aca_policy_tests.sh 7
|
|
- name: ACA POLICY TEST 8 - Test PC with RIM Validation Policy with valid PC and RIM
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/aca_policy_tests.sh 8
|
|
- name: ACA POLICY TEST 9 - Test valid PC and RIM with PC only uploaded
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/aca_policy_tests.sh 9
|
|
- name: ACA POLICY TEST 10 - Test valid PC and RIM with RIM only uploaded
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/aca_policy_tests.sh 10
|
|
# - name: All ACA Policy Tests 1-8
|
|
# continue-on-error: true
|
|
# shell: bash
|
|
# run: |
|
|
# .ci/system-tests/tests/aca_policy_tests.sh
|
|
- name: ACA PLATFORM CERTIFICATE TEST 1 - Test a delta Platform Certificate that adds a new memory component
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/platform_cert_tests.sh 1
|
|
- name: ACA PLATFORM CERTIFICATE TEST 2 - Test a Platform Certificate that is missing a memory component
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/platform_cert_tests.sh 2
|
|
- name: ACA PLATFORM CERTIFICATE TEST 3 - Test a Delta Platform Certificate that has a wrong a memory component
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/platform_cert_tests.sh 3
|
|
# - name: All Platform Cert Tests 1-3
|
|
# continue-on-error: true
|
|
# shell: bash
|
|
# run: |
|
|
# .ci/system-tests/tests/platform_cert_tests.sh
|
|
- name: ACA RIM TEST 1 - Test a RIM from an OEM and a Supplemental RIM from a VAR
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/rim_system_tests.sh 1
|
|
- name: ACA RIM TEST 2 - Test a RIM from an OEM with a bad reference measurement and a Supplemental RIM from a VAR
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/rim_system_tests.sh 2
|
|
- name: ACA RIM TEST 3 - Test a RIM from an OEM and a Supplemental RIM from a VAR with a bad reference measurement
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
.ci/system-tests/tests/rim_system_tests.sh 3
|
|
# - name: All RIM System Tests 1-3
|
|
# continue-on-error: true
|
|
# shell: bash
|
|
# run: |
|
|
# .ci/system-tests/tests/rim_system_tests.sh
|
|
- name: Copy System Test Log files
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
echo "*** Extracting ACA and Provisioner.Net logs ..."
|
|
docker exec hirs-aca1 bash -c "mkdir -p /HIRS/logs/aca/ && cp -arp /var/log/hirs/* /HIRS/logs/aca/"
|
|
docker exec hirs-provisioner1-tpm2 bash -c "mkdir -p /HIRS/logs/provisioner/ && cp -ap hirs*.log /HIRS/logs/provisioner/ && chmod -R 777 /HIRS/logs"
|
|
- name: Docker Compose Down
|
|
continue-on-error: true
|
|
shell: bash
|
|
run: |
|
|
echo "*** Exiting and removing Docker containers and network ..."
|
|
docker compose -f .ci/docker/docker-compose-system-test.yml down -v
|
|
if [[ ${TEST_STATUS} == "0" ]]; then
|
|
echo "******** SUCCESS: System Tests for TPM 2.0 passed ********"
|
|
echo "TEST_STATUS=0" >> $GITHUB_ENV
|
|
exit 0;
|
|
else
|
|
echo "******** FAILURE: System Tests for TPM 2.0 failed ********"
|
|
echo "TEST_STATUS=1" >> $GITHUB_ENV
|
|
exit 1
|
|
fi
|
|
- name: Archive System Test Log files
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: System_Test_Log_Files
|
|
path: logs/
|
|
if-no-files-found: ignore
|
|
- name: Check System Test results
|
|
if: success() || failure()
|
|
run: |
|
|
if [ ${TEST_STATUS} == "0" ]; then
|
|
exit 0;
|
|
else
|
|
exit 1;
|
|
fi
|