Use Azure feed to resolve crate dependencies (#635) #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'test' | |
| on: | |
| - 'pull_request' | |
| - 'push' | |
| permissions: | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| basic: | |
| runs-on: 'ubuntu-22.04' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| container_os: | |
| - 'debian:11-slim' | |
| - 'debian:12-slim' | |
| - 'redhat/ubi8:latest' | |
| - 'redhat/ubi9:latest' | |
| - 'ubuntu:20.04' | |
| - 'ubuntu:22.04' | |
| - 'ubuntu:24.04' | |
| arch: | |
| - 'amd64' | |
| steps: | |
| - uses: 'actions/checkout@v3' | |
| with: | |
| submodules: 'recursive' | |
| - name: 'Run' | |
| run: | | |
| docker run --rm \ | |
| -v "$GITHUB_WORKSPACE:/src" \ | |
| -e "ARCH=$ARCH" \ | |
| "${{ matrix.container_os }}" \ | |
| '/src/ci/test-basic.sh' | |
| env: | |
| ARCH: "${{ matrix.arch }}" | |
| - name: 'Generate artifact properties' | |
| id: 'generate-artifact-properties' | |
| run: | | |
| container_os="${{ matrix.container_os }}" | |
| container_os="$(sed -e 's@[:/]@-@g' <<< "$container_os")" | |
| echo "artifact-name=test-artifacts_${container_os}_${{ matrix.arch }}" >> $GITHUB_OUTPUT | |
| case "${{ matrix.arch }}" in | |
| 'amd64') target_dir='x86_64-unknown-linux-gnu' ;; | |
| 'arm32v7') target_dir='armv7-unknown-linux-gnueabihf' ;; | |
| 'aarch64') target_dir='aarch64-unknown-linux-gnu' ;; | |
| esac | |
| echo "target_dir=$target_dir" >> $GITHUB_OUTPUT | |
| - name: 'Upload' | |
| uses: 'actions/upload-artifact@v3' | |
| with: | |
| name: "${{ steps.generate-artifact-properties.outputs.artifact-name }}" | |
| path: | | |
| target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/fakeroot/ | |
| target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/aziotd | |
| target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/aziot-key-openssl-engine-shared-test | |
| target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/libaziot_key_openssl_engine_shared.so | |
| target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/libaziot_keys.so | |
| target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/mock-iot-server | |
| if-no-files-found: 'error' | |
| aziot-key-openssl-engine-shared: | |
| runs-on: 'ubuntu-22.04' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| container_os: | |
| - 'debian:11-slim' | |
| - 'debian:12-slim' | |
| - 'redhat/ubi8:latest' | |
| - 'redhat/ubi9:latest' | |
| - 'ubuntu:20.04' | |
| - 'ubuntu:22.04' | |
| - 'ubuntu:24.04' | |
| pkcs11_backend: | |
| - '' # filesystem keys | |
| - 'softhsm' | |
| key_type: | |
| - 'ec-p256' | |
| - 'rsa-2048' | |
| - 'rsa-4096' | |
| arch: | |
| - 'amd64' | |
| needs: 'basic' | |
| steps: | |
| - uses: 'actions/checkout@v3' | |
| with: | |
| submodules: 'recursive' | |
| - name: 'Generate artifact properties' | |
| id: 'generate-artifact-properties' | |
| run: | | |
| container_os="${{ matrix.container_os }}" | |
| container_os="$(sed -e 's@[:/]@-@g' <<< "$container_os")" | |
| echo "artifact-name=test-artifacts_${container_os}_${{ matrix.arch }}" >> $GITHUB_OUTPUT | |
| case "${{ matrix.arch }}" in | |
| 'amd64') target_dir='x86_64-unknown-linux-gnu' ;; | |
| 'arm32v7') target_dir='armv7-unknown-linux-gnueabihf' ;; | |
| 'aarch64') target_dir='aarch64-unknown-linux-gnu' ;; | |
| esac | |
| echo "target_dir=$target_dir" >> $GITHUB_OUTPUT | |
| - name: 'Download' | |
| id: 'download-artifact' | |
| uses: 'actions/download-artifact@v3' | |
| with: | |
| name: "${{ steps.generate-artifact-properties.outputs.artifact-name }}" | |
| path: 'target/debug' | |
| - name: 'Run' | |
| run: | | |
| docker run --rm \ | |
| -v "$GITHUB_WORKSPACE:/src" \ | |
| -e "ARCH=$ARCH" \ | |
| -e "KEY_TYPE=$KEY_TYPE" \ | |
| -e "PKCS11_BACKEND=$PKCS11_BACKEND" \ | |
| "${{ matrix.container_os }}" \ | |
| '/src/ci/test-aziot-key-openssl-engine-shared.sh' | |
| env: | |
| ARCH: "${{ matrix.arch }}" | |
| KEY_TYPE: "${{ matrix.key_type }}" | |
| PKCS11_BACKEND: "${{ matrix.pkcs11_backend }}" | |
| mock-iot-tests: | |
| runs-on: 'ubuntu-22.04' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| container_os: | |
| - 'redhat/ubi8:latest' | |
| - 'redhat/ubi9:latest' | |
| arch: | |
| - 'amd64' | |
| test: | |
| - 'mock-iot-provision' | |
| needs: 'basic' | |
| steps: | |
| - uses: 'actions/checkout@v3' | |
| - name: 'Generate artifact properties' | |
| id: 'generate-artifact-properties' | |
| run: | | |
| container_os="${{ matrix.container_os }}" | |
| container_os="$(sed -e 's@[:/]@-@g' <<< "$container_os")" | |
| echo "artifact-name=test-artifacts_${container_os}_${{ matrix.arch }}" >> $GITHUB_OUTPUT | |
| case "${{ matrix.arch }}" in | |
| 'amd64') target_dir='x86_64-unknown-linux-gnu' ;; | |
| 'arm32v7') target_dir='armv7-unknown-linux-gnueabihf' ;; | |
| 'aarch64') target_dir='aarch64-unknown-linux-gnu' ;; | |
| esac | |
| echo "target_dir=$target_dir" >> $GITHUB_OUTPUT | |
| - name: 'Download' | |
| id: 'download-artifact' | |
| uses: 'actions/download-artifact@v3' | |
| with: | |
| name: "${{ steps.generate-artifact-properties.outputs.artifact-name }}" | |
| path: 'target/debug' | |
| - name: 'Generate certificates' | |
| run: | | |
| touch ~/.rnd | |
| mkdir mock_iot_server_certs | |
| cd mock_iot_server_certs | |
| ../ci/mock-iot-tests/mock-iot-cert-gen.sh | |
| - name: 'Run test' | |
| run: | | |
| docker run --rm \ | |
| -v "$GITHUB_WORKSPACE:/src" \ | |
| -e "CONTAINER_OS=$CONTAINER_OS" \ | |
| -e "ROOT_CERT=$ROOT_CERT" \ | |
| -e "SERVER_CERT_CHAIN=$SERVER_CERT_CHAIN" \ | |
| -e "SERVER_KEY=$SERVER_KEY" \ | |
| "${{ matrix.container_os }}" \ | |
| '/src/ci/mock-iot-tests/${{ matrix.test }}.sh' | |
| env: | |
| CONTAINER_OS: "${{ matrix.container_os }}" | |
| ROOT_CERT: '/src/mock_iot_server_certs/root_cert.pem' | |
| SERVER_CERT_CHAIN: '/src/mock_iot_server_certs/server_cert_chain.pem' | |
| SERVER_KEY: '/src/mock_iot_server_certs/server_cert_key.pem' | |
| openapi: | |
| runs-on: 'ubuntu-22.04' | |
| steps: | |
| - uses: 'actions/checkout@v3' | |
| - name: 'Test OpenAPI specs' | |
| run: | | |
| make target/openapi-schema-validated | |
| codecoverage: | |
| runs-on: 'ubuntu-22.04' | |
| steps: | |
| - uses: 'actions/checkout@v3' | |
| with: | |
| submodules: 'recursive' | |
| - name: Run Code Coverage | |
| run: | | |
| # cargo-tarpaulin needs a privileged container because it needs to disable ASLR for its instrumentation, | |
| # for which it uses seccomp. | |
| mkdir $GITHUB_WORKSPACE/coverage | |
| docker run --rm \ | |
| -v "$GITHUB_WORKSPACE:/src" \ | |
| -e "ARCH=$ARCH" \ | |
| --privileged \ | |
| --name "code-cov" \ | |
| "ubuntu:22.04" \ | |
| '/src/ci/code-coverage.sh' | |
| sudo chown -R runner:docker $GITHUB_WORKSPACE/coverage | |
| env: | |
| ARCH: 'amd64' |