go-tpm-tools/.github/workflows/ci.yml at 6c2d6d7bc2ea554a44bd241d35238df1ee6a9f2c · google/go-tpm-tools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
#
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
#

name: CI
on:
  push:
    tags:
      - v*
    branches:
      - master
      - main
  pull_request:

jobs:
  build:
    strategy:
      matrix:
        go-version: [1.24.x]
        # TODO: Get this working on windows-latest
        os: [ubuntu-latest]
        architecture: [x32, x64]
        include:
          - os: macos-latest
            architecture: arm64
            go-version: 1.24.x
          - os: macos-14-large
            architecture: x64
            go-version: 1.24.x
    name: Generate/Build/Test (${{ matrix.os }}, ${{ matrix.architecture }}, Go ${{ matrix.go-version }})
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: recursive
      - uses: actions/setup-go@v6
        with:
          go-version: ${{ matrix.go-version }}
          architecture: ${{ matrix.architecture }}
      - name: Install Protoc
        uses: arduino/setup-protoc@v1
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          version: "3.20.1"
      - name: Install protoc-gen-go
        run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28.0
      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable
      - name: Install Build Dependencies (Linux)
        run: sudo apt-get update && sudo apt-get install -y cmake clang pkg-config libssl-dev
        if: runner.os == 'Linux' && matrix.architecture == 'x64'
      - name: Install bindgen-cli
        run: cargo install bindgen-cli
        if: runner.os == 'Linux' && matrix.architecture == 'x64'
      - name: Build KeyManager Rust library
        run: |
          cd keymanager
          cargo build --release
        if: runner.os == 'Linux' && matrix.architecture == 'x64'
      - name: Check Protobuf Generation
        run: |
          go generate ./... ./cmd/... ./launcher/... ./verifier/...
          git diff -G'^[^/]' --exit-code
      - name: Install Linux 64-bit packages
        run: sudo apt-get -y install libssl-dev
        if: runner.os == 'Linux' && matrix.architecture == 'x64'
      - name: Install Linux 32-bit packages
        run: sudo dpkg --add-architecture i386; sudo apt-get update; sudo apt-get -y install libssl-dev:i386 libgcc-s1:i386 gcc-multilib
        if: runner.os == 'Linux' && matrix.architecture == 'x32'
      - name: Install Mac packages
        run: |
          brew install openssl
        if: runner.os == 'macOS'
      - name: Install Windows packages
        run: choco install openssl
        if: runner.os == 'Windows'
      - name: Build all modules except launcher and keymanager
        run: go build -v ./... ./cmd/... ./verifier/...
      - name: Build keymanager module
        run: go build -v ./keymanager/...
        if: runner.os == 'Linux' && matrix.architecture == 'x64'
      - name: Build launcher module
        run: go build -v -ldflags="-extldflags=-Wl,-z,lazy" ./launcher/...
        if: runner.os == 'Linux'
      - name: Run specific tests under root permission
        run: |
          GO_EXECUTABLE_PATH=$(which go)
          sudo $GO_EXECUTABLE_PATH test -v -ldflags="-extldflags=-Wl,-z,lazy" -run "TestFetchImageSignaturesDockerPublic" ./launcher
        if: runner.os == 'Linux'
      - name: Run all tests in launcher to capture potential data race
        run: go test -v -ldflags="-extldflags=-Wl,-z,lazy" -race ./launcher/...
        if: (runner.os == 'Linux') && matrix.architecture == 'x64'
      - name: Test all modules except launcher and keymanager
        run: go test -v ./... ./cmd/... ./verifier/... -skip='TestCacheConcurrentSetGet|TestHwAttestationPass|TestHardwareAttestationPass'
      - name: Test keymanager module
        run: go test -v ./keymanager/...
        if: runner.os == 'Linux' && matrix.architecture == 'x64'

  lint:
    strategy:
      matrix:
        go-version: [1.24.x]
        os: [ubuntu-latest]
        dir: ["./", "./cmd", "./launcher", "./keymanager"]
    name: Lint ${{ matrix.dir }} (${{ matrix.os }}, Go ${{ matrix.go-version }})
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: recursive
      - uses: actions/setup-go@v2
        with:
          go-version: ${{ matrix.go-version }}
      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable
      - name: Install Build Dependencies (Linux)
        run: sudo apt-get update && sudo apt-get install -y cmake clang pkg-config libssl-dev
      - name: Install bindgen-cli
        run: cargo install bindgen-cli
      - name: Build KeyManager Rust library
        run: |
          cd keymanager
          cargo build --release
      - name: Run golangci-lint
        uses: golangci/golangci-lint-action@v3.2.0
        with:
          version: latest
          working-directory: ${{ matrix.dir }}
          args: >
            -D errcheck
            -E stylecheck
            -E goimports
            -E misspell
            -E revive
            -E gofmt
            -E goimports
            --exclude-use-default=false
            --max-same-issues=0
            --max-issues-per-linter=0
            --timeout 2m

  lintc:
    strategy:
      matrix:
        go-version: [1.24.x]
        os: [ubuntu-latest]
    name: Lint CGO (${{ matrix.os }}, Go ${{ matrix.go-version }})
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: recursive
      - uses: actions/setup-go@v2
        with:
          go-version: ${{ matrix.go-version }}
      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable
      - name: Install Build Dependencies (Linux)
        run: sudo apt-get update && sudo apt-get install -y cmake clang pkg-config libssl-dev
      - name: Install bindgen-cli
        run: cargo install bindgen-cli
      - name: Build KeyManager Rust library
        run: |
          cd keymanager
          cargo build --release
      - name: Check for CGO Warnings (gcc)
        run: CGO_CFLAGS=-Werror CC=gcc go build ./...
      - name: Check for CGO Warnings (clang)
        run: CGO_CFLAGS=-Werror CC=clang go build ./...