Adding clientAuth to issued certificates #1219
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build HIRS, run unit tests, and create HIRS artifacts | |
# Updated: 8/15/23 | |
name: HIRS Build and Unit Test | |
on: | |
# Runs this workflow whenever there is a push to main from a branch annotated with "v3" | |
push: | |
branches: | |
- '*v3*' | |
- 'main' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
jobs: | |
# Run the unit tests and package HIRS ACA, provisoner, and tools | |
ACA_Provisioner_Unit_Tests: | |
runs-on: ubuntu-latest # Configures the job to run on the latest version of an Ubuntu Linux runner | |
steps: | |
- uses: actions/checkout@v3 # run v3 of actions/checkout action, which checks out your repository onto the runner | |
# Build will archive build reports and will create a failedFile if build is not successful | |
- name: Directory setup | |
run: | | |
mkdir -p artifacts/githubActionsResults | |
mkdir -p artifacts/upload_reports/HIRS_AttestationCA | |
mkdir -p artifacts/upload_reports/HIRS_AttestationCAPortal | |
mkdir -p artifacts/upload_reports/HIRS_Provisioner | |
mkdir -p artifacts/upload_reports/HIRS_ProvisionerTPM2 | |
mkdir -p artifacts/upload_reports/HIRS_Structs | |
mkdir -p artifacts/upload_reports/HIRS_Utils | |
mkdir -p artifacts/upload_reports/tcg_rim_tool | |
mkdir -p artifacts/upload_reports/tcg_eventlog_tool | |
# Run the provisioner and ACA unit tests via gradle build in a Rocky Docker container | |
- name: Build HIRS and run unit tests | |
run: | | |
# log into and run docker (note: must set up secrets in github for ghcr username and access_token) | |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ --password-stdin | |
# docker run options: | |
# create a mount between curr directory on the runner and the HIRS folder created by the cloning of HIRS repo | |
# -v $(pwd):/HIRS | |
# image used for the container, given by <repository>:<tag_name> | |
# rocky8: ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest [repo: https://github.com/orgs/nsacyber/packages] | |
# bash commands to clean/build/test each subproject | |
# /bin/bash -c '<commands>' | |
docker run --rm \ | |
-v $(pwd):/HIRS \ | |
ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest /bin/bash -c \ | |
'pushd /HIRS | |
gradle_status=0 | |
# git added a feature that gives error if user is not owner of the top-level directory; need to override this | |
git config --global --add safe.directory /HIRS | |
# clean, build and run unit tests on all sub-projects; copy build reports to an artifacts directory | |
./gradlew :HIRS_AttestationCA:clean :HIRS_AttestationCA:build :HIRS_AttestationCA:test | |
if (( $? != "0" )) ; then gradle_status=1; fi | |
cp -r /HIRS/HIRS_AttestationCA/build/reports/ /HIRS/artifacts/upload_reports/HIRS_AttestationCA/. | |
./gradlew :HIRS_AttestationCAPortal:clean :HIRS_AttestationCAPortal:build :HIRS_AttestationCAPortal:test | |
if (( $? != "0" )) ; then gradle_status=1; fi | |
cp -r /HIRS/HIRS_AttestationCAPortal/build/reports/ /HIRS/artifacts/upload_reports/HIRS_AttestationCAPortal/. | |
#./gradlew :HIRS_Provisioner:clean :HIRS_Provisioner:build :HIRS_Provisioner:test | |
#if (( $? != "0" )) ; then gradle_status=1; fi | |
#cp -r /HIRS/HIRS_Provisioner/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Provisioner/. | |
#./gradlew :HIRS_ProvisionerTPM2:clean :HIRS_ProvisionerTPM2:build :HIRS_ProvisionerTPM2:test | |
#if (( $? != "0" )) ; then gradle_status=1; fi | |
#cp -r /HIRS/HIRS_ProvisionerTPM2/docs/ /HIRS/artifacts/upload_reports/HIRS_ProvisionerTPM2/. | |
./gradlew :HIRS_Structs:clean :HIRS_Structs:build :HIRS_Structs:test | |
if (( $? != "0" )) ; then gradle_status=1; fi | |
cp -r /HIRS/HIRS_Structs/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Structs/. | |
./gradlew :HIRS_Utils:clean :HIRS_Utils:build :HIRS_Utils:test | |
if (( $? != "0" )) ; then gradle_status=1; fi | |
cp -r /HIRS/HIRS_Utils/build/reports/ /HIRS/artifacts/upload_reports/HIRS_Utils/. | |
#./gradlew :TPM_Utils:clean :TPM_Utils:build :TPM_Utils:test | |
#if (( $? != "0" )) ; then gradle_status=1; fi | |
# Create "fail file" to fail the Build ACA tests if gradle exited with anything other than 0 | |
if (( $gradle_status == "0" )) ; then | |
echo "In docker: Build Passed" | |
else | |
echo "In docker: Build Failed" | |
touch /HIRS/artifacts/githubActionsResults/buildFailed.txt | |
fi; popd;' | |
# Upload build report files | |
- name: Archive report files | |
uses: actions/upload-artifact@v3 | |
with: | |
name: HIRS_Build_Reports | |
path: artifacts/upload_reports/* | |
if-no-files-found: ignore | |
# If buildFailed file exists, use that to fail the ACA unit tests | |
- name: Check if build/test passed or failed | |
if: ${{ hashFiles('artifacts/githubActionsResults/buildFailed.txt') != '' }} | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
core.setFailed('Build or Unit Test Failed') |