portersrc is doing the porter GHA testing #84
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Porter GHA Testing | |
| run-name: ${{ github.actor }} is doing the porter GHA testing | |
| on: [push] | |
| jobs: | |
| Explore-GitHub-Actions: | |
| env: | |
| RUSTC_VERSION: 1.72.0 | |
| #runs-on: ubuntu-22.04 | |
| runs-on: ubuntu-24.04 | |
| #runs-on: self-hosted | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Check out guest-components | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: confidential-containers/guest-components | |
| ref: refs/heads/main | |
| path: ./guest-components | |
| - name: Install Protoc | |
| uses: arduino/setup-protoc@v3 | |
| - name: Import [email protected] key | |
| working-directory: container-images | |
| run: gpg --batch --import keys/sign/github-runner.keys | |
| - name: Install expect | |
| run: sudo apt-get install -y expect | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@main | |
| with: | |
| cosign-release: "v2.4.1" | |
| - name: Log in to ghcr | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # 0. all | |
| - name: Make all | |
| env: | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| run: | | |
| cd guest-components/attestation-agent/coco_keyprovider | |
| cargo build --release | |
| RUST_LOG=coco_keyprovider cargo run --release -- --socket 127.0.0.1:50000 & | |
| cd ../../../container-images | |
| echo "Waiting for coco-keyprovider on localhost:50000" | |
| timeout_count=1 | |
| while ! nc -z localhost 50000; do | |
| timeout_count=$((timeout_count+1)) | |
| sleep 1 | |
| if [ $timeout_count == 5 ]; then | |
| echo "ERROR: Timed out. Exiting." | |
| exit 1 | |
| fi | |
| done | |
| echo "coco-keyprovider is ready" | |
| make all | |
| ## 1. unsig (works) | |
| #- name: Make unsig | |
| # working-directory: container-images | |
| # run: make unsig | |
| ## 2. cosign-sig (works) | |
| #- name: Make cosign-sig | |
| # working-directory: container-images | |
| # env: | |
| # COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| # run: make cosign-sig | |
| ## 3. simple-sig (works) | |
| #- name: Make simple-sig | |
| # working-directory: container-images | |
| # run: make simple-sig | |
| ## 4. enc-unsig (works) | |
| #- name: Launch coco-keyprovider and make enc-unsig | |
| # run: | | |
| # cd guest-components/attestation-agent/coco_keyprovider | |
| # cargo build --release | |
| # RUST_LOG=coco_keyprovider cargo run --release -- --socket 127.0.0.1:50000 & | |
| # cd ../../../container-images | |
| # echo "Waiting for coco-keyprovider on localhost:50000" | |
| # timeout_count=1 | |
| # while ! nc -z localhost 50000; do | |
| # timeout_count=$((timeout_count+1)) | |
| # sleep 1 | |
| # if [ $timeout_count == 5 ]; then | |
| # echo "ERROR: Timed out. Exiting." | |
| # exit 1 | |
| # fi | |
| # done | |
| # echo "coco-keyprovider is ready" | |
| # make enc-unsig | |
| ## 5. enc-cosign-sig (works) | |
| #- name: Launch coco-keyprovider and make enc-cosign-sig | |
| # run: | | |
| # cd guest-components/attestation-agent/coco_keyprovider | |
| # cargo build --release | |
| # RUST_LOG=coco_keyprovider cargo run --release -- --socket 127.0.0.1:50000 & | |
| # cd ../../../container-images | |
| # echo "Waiting for coco-keyprovider on localhost:50000" | |
| # timeout_count=1 | |
| # while ! nc -z localhost 50000; do | |
| # timeout_count=$((timeout_count+1)) | |
| # sleep 1 | |
| # if [ $timeout_count == 5 ]; then | |
| # echo "ERROR: Timed out. Exiting." | |
| # exit 1 | |
| # fi | |
| # done | |
| # echo "coco-keyprovider is ready" | |
| # make enc-cosign-sig | |
| ## 6. test-container-unencrypted (works) | |
| #- name: Make test-container-unencrypted | |
| # working-directory: container-images | |
| # run: make test-container-unencrypted | |
| ## 7. test-container-encrypted (works) | |
| #- name: Make test-container-encrypted | |
| # run: | | |
| # cd guest-components/attestation-agent/coco_keyprovider | |
| # cargo build --release | |
| # RUST_LOG=coco_keyprovider cargo run --release -- --socket 127.0.0.1:50000 & | |
| # cd ../../../container-images | |
| # echo "Waiting for coco-keyprovider on localhost:50000" | |
| # timeout_count=1 | |
| # while ! nc -z localhost 50000; do | |
| # timeout_count=$((timeout_count+1)) | |
| # sleep 1 | |
| # if [ $timeout_count == 5 ]; then | |
| # echo "ERROR: Timed out. Exiting." | |
| # exit 1 | |
| # fi | |
| # done | |
| # echo "coco-keyprovider is ready" | |
| # make test-container-encrypted | |
| ## 8. busybox (works) | |
| #- name: Make busybox | |
| # working-directory: container-images | |
| # run: make busybox | |
| # | |
| # | |
| # | |
| # | |
| # | |
| # | |
| # | |
| # | |
| # | |
| # | |
| # | |
| #- name: runc version check | |
| # run: | | |
| # runc --version | |
| #- name: Basic echo and docker version | |
| # run: | | |
| # echo "Start 1" | |
| # docker --version | |
| # echo "End" | |
| #- name: Check if gcc is here | |
| # run: | | |
| # gcc -dumpmachine | |
| #- name: What is my whatever | |
| # run: | | |
| # which clang | |
| #- name: build main.c | |
| # working-directory: try-static-link | |
| # run: | | |
| # gcc main.c | |
| # ldd a.out | |
| #- name: build main.c with static link | |
| # working-directory: try-static-link | |
| # run: | | |
| # gcc -static main.c | |
| # ldd a.out | |
| #- name: Check for oras | |
| # run: | | |
| # oras --help | |
| #- name: Check for rustc | |
| # run: | | |
| # rustc --version | |
| #- name: Check gpg | |
| # run: | | |
| # gpg --version | |
| #- name: Rust toolchain installation | |
| # uses: actions-rs/toolchain@v1 | |
| # with: | |
| # profile: minimal | |
| # toolchain: ${{ env.RUSTC_VERSION }} | |
| # override: true | |
| # components: rustfmt, clippy | |
| # target: x86_64-unknown-linux-gnu | |
| #- name: Check for nc | |
| # run: nc -h |