Add support for Debian 12 (#610) #646
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'test' | |
on: | |
- 'pull_request' | |
- 'push' | |
permissions: | |
issues: write | |
pull-requests: write | |
jobs: | |
basic: | |
runs-on: 'ubuntu-22.04' | |
strategy: | |
fail-fast: false | |
matrix: | |
container_os: | |
- 'debian:11-slim' | |
- 'debian:12-slim' | |
- 'redhat/ubi8:latest' | |
- 'redhat/ubi9:latest' | |
- 'ubuntu:20.04' | |
- 'ubuntu:22.04' | |
arch: | |
- 'amd64' | |
steps: | |
- uses: 'actions/checkout@v3' | |
with: | |
submodules: 'recursive' | |
- name: 'Run' | |
run: | | |
docker run --rm \ | |
-v "$GITHUB_WORKSPACE:/src" \ | |
-e "ARCH=$ARCH" \ | |
"${{ matrix.container_os }}" \ | |
'/src/ci/test-basic.sh' | |
env: | |
ARCH: "${{ matrix.arch }}" | |
- name: 'Generate artifact properties' | |
id: 'generate-artifact-properties' | |
run: | | |
container_os="${{ matrix.container_os }}" | |
container_os="$(sed -e 's@[:/]@-@g' <<< "$container_os")" | |
echo "artifact-name=test-artifacts_${container_os}_${{ matrix.arch }}" >> $GITHUB_OUTPUT | |
case "${{ matrix.arch }}" in | |
'amd64') target_dir='x86_64-unknown-linux-gnu' ;; | |
'arm32v7') target_dir='armv7-unknown-linux-gnueabihf' ;; | |
'aarch64') target_dir='aarch64-unknown-linux-gnu' ;; | |
esac | |
echo "target_dir=$target_dir" >> $GITHUB_OUTPUT | |
- name: 'Upload' | |
uses: 'actions/upload-artifact@v3' | |
with: | |
name: "${{ steps.generate-artifact-properties.outputs.artifact-name }}" | |
path: | | |
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/fakeroot/ | |
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/aziotd | |
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/aziot-key-openssl-engine-shared-test | |
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/libaziot_key_openssl_engine_shared.so | |
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/libaziot_keys.so | |
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/mock-iot-server | |
if-no-files-found: 'error' | |
aziot-key-openssl-engine-shared: | |
runs-on: 'ubuntu-22.04' | |
strategy: | |
fail-fast: false | |
matrix: | |
container_os: | |
- 'debian:11-slim' | |
- 'debian:12-slim' | |
- 'redhat/ubi8:latest' | |
- 'redhat/ubi9:latest' | |
- 'ubuntu:20.04' | |
- 'ubuntu:22.04' | |
pkcs11_backend: | |
- '' # filesystem keys | |
- 'softhsm' | |
key_type: | |
- 'ec-p256' | |
- 'rsa-2048' | |
- 'rsa-4096' | |
arch: | |
- 'amd64' | |
needs: 'basic' | |
steps: | |
- uses: 'actions/checkout@v3' | |
with: | |
submodules: 'recursive' | |
- name: 'Generate artifact properties' | |
id: 'generate-artifact-properties' | |
run: | | |
container_os="${{ matrix.container_os }}" | |
container_os="$(sed -e 's@[:/]@-@g' <<< "$container_os")" | |
echo "artifact-name=test-artifacts_${container_os}_${{ matrix.arch }}" >> $GITHUB_OUTPUT | |
case "${{ matrix.arch }}" in | |
'amd64') target_dir='x86_64-unknown-linux-gnu' ;; | |
'arm32v7') target_dir='armv7-unknown-linux-gnueabihf' ;; | |
'aarch64') target_dir='aarch64-unknown-linux-gnu' ;; | |
esac | |
echo "target_dir=$target_dir" >> $GITHUB_OUTPUT | |
- name: 'Download' | |
id: 'download-artifact' | |
uses: 'actions/download-artifact@v3' | |
with: | |
name: "${{ steps.generate-artifact-properties.outputs.artifact-name }}" | |
path: 'target/debug' | |
- name: 'Run' | |
run: | | |
docker run --rm \ | |
-v "$GITHUB_WORKSPACE:/src" \ | |
-e "ARCH=$ARCH" \ | |
-e "KEY_TYPE=$KEY_TYPE" \ | |
-e "PKCS11_BACKEND=$PKCS11_BACKEND" \ | |
"${{ matrix.container_os }}" \ | |
'/src/ci/test-aziot-key-openssl-engine-shared.sh' | |
env: | |
ARCH: "${{ matrix.arch }}" | |
KEY_TYPE: "${{ matrix.key_type }}" | |
PKCS11_BACKEND: "${{ matrix.pkcs11_backend }}" | |
mock-iot-tests: | |
runs-on: 'ubuntu-22.04' | |
strategy: | |
fail-fast: false | |
matrix: | |
container_os: | |
- 'redhat/ubi8:latest' | |
- 'redhat/ubi9:latest' | |
arch: | |
- 'amd64' | |
test: | |
- 'mock-iot-provision' | |
needs: 'basic' | |
steps: | |
- uses: 'actions/checkout@v3' | |
- name: 'Generate artifact properties' | |
id: 'generate-artifact-properties' | |
run: | | |
container_os="${{ matrix.container_os }}" | |
container_os="$(sed -e 's@[:/]@-@g' <<< "$container_os")" | |
echo "artifact-name=test-artifacts_${container_os}_${{ matrix.arch }}" >> $GITHUB_OUTPUT | |
case "${{ matrix.arch }}" in | |
'amd64') target_dir='x86_64-unknown-linux-gnu' ;; | |
'arm32v7') target_dir='armv7-unknown-linux-gnueabihf' ;; | |
'aarch64') target_dir='aarch64-unknown-linux-gnu' ;; | |
esac | |
echo "target_dir=$target_dir" >> $GITHUB_OUTPUT | |
- name: 'Download' | |
id: 'download-artifact' | |
uses: 'actions/download-artifact@v3' | |
with: | |
name: "${{ steps.generate-artifact-properties.outputs.artifact-name }}" | |
path: 'target/debug' | |
- name: 'Generate certificates' | |
run: | | |
touch ~/.rnd | |
mkdir mock_iot_server_certs | |
cd mock_iot_server_certs | |
../ci/mock-iot-tests/mock-iot-cert-gen.sh | |
- name: 'Run test' | |
run: | | |
docker run --rm \ | |
-v "$GITHUB_WORKSPACE:/src" \ | |
-e "CONTAINER_OS=$CONTAINER_OS" \ | |
-e "ROOT_CERT=$ROOT_CERT" \ | |
-e "SERVER_CERT_CHAIN=$SERVER_CERT_CHAIN" \ | |
-e "SERVER_KEY=$SERVER_KEY" \ | |
"${{ matrix.container_os }}" \ | |
'/src/ci/mock-iot-tests/${{ matrix.test }}.sh' | |
env: | |
CONTAINER_OS: "${{ matrix.container_os }}" | |
ROOT_CERT: '/src/mock_iot_server_certs/root_cert.pem' | |
SERVER_CERT_CHAIN: '/src/mock_iot_server_certs/server_cert_chain.pem' | |
SERVER_KEY: '/src/mock_iot_server_certs/server_cert_key.pem' | |
openapi: | |
runs-on: 'ubuntu-22.04' | |
steps: | |
- uses: 'actions/checkout@v3' | |
- name: 'Test OpenAPI specs' | |
run: | | |
make target/openapi-schema-validated | |
codecoverage: | |
runs-on: 'ubuntu-22.04' | |
steps: | |
- uses: 'actions/checkout@v3' | |
with: | |
submodules: 'recursive' | |
- name: Run Code Coverage | |
run: | | |
# cargo-tarpaulin needs a privileged container because it needs to disable ASLR for its instrumentation, | |
# for which it uses seccomp. | |
mkdir $GITHUB_WORKSPACE/coverage | |
docker run --rm \ | |
-v "$GITHUB_WORKSPACE:/src" \ | |
-e "ARCH=$ARCH" \ | |
--privileged \ | |
--name "code-cov" \ | |
"ubuntu:22.04" \ | |
'/src/ci/code-coverage.sh' | |
sudo chown -R runner:docker $GITHUB_WORKSPACE/coverage | |
env: | |
ARCH: 'amd64' |