-
Notifications
You must be signed in to change notification settings - Fork 58
144 lines (144 loc) · 5.5 KB
/
system_test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
# This workflow will build HIRS, run system tests, and create artifacts consisting of ACA and Provisioner logs.
# Updated: 06/05/2024
#
name: HIRS System Tests
on:
push:
branches:
- '*v3*'
- 'main'
workflow_dispatch:
jobs:
DockerTests:
runs-on: ubuntu-latest
outputs:
test-result: ${{ steps.set_outputs.outputs.test-result }}
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: ACA TPM2 System Tests Setup
continue-on-error: true
shell: bash
run: |
# If on a forked repo, ensure that it has a new secret for the PAT
# and replace secrets.GITHUB_TOKEN with the secret in the fork
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
.ci/system-tests/setup_system_tests.sh ${GITHUB_REF#refs/heads/}
- name: ACA POLICY TEST 1 - Test ACA default policy
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 1
- name: ACA POLICY TEST 2 - Test EK cert Only Validation Policy without a EK Issuer Cert in the trust store
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 2
- name: ACA POLICY TEST 3 - Test EK Only Validation Policy
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 3
- name: ACA POLICY TEST 4 - Test PC Validation Policy with no PC
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 4
- name: ACA POLICY TEST 5 - Test FW and PC Validation Policy with no PC
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 5
- name: ACA POLICY TEST 6 - Test PC Validation Policy with valid PC with no Attribute Check
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 6
- name: ACA POLICY TEST 7 - Test PC Validation Policy with valid PC with Attribute Check
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 7
- name: ACA POLICY TEST 8 - Test PC with RIM Validation Policy with valid PC and RIM
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 8
- name: ACA POLICY TEST 9 - Test valid PC and RIM with PC only uploaded
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 9
- name: ACA POLICY TEST 10 - Test valid PC and RIM with RIM only uploaded
if: always()
shell: bash
run: |
.ci/system-tests/tests/aca_policy_tests.sh 10
# - name: All ACA Policy Tests 1-8
# continue-on-error: true
# shell: bash
# run: |
# .ci/system-tests/tests/aca_policy_tests.sh
- name: ACA PLATFORM CERTIFICATE TEST 1 - Test a delta Platform Certificate that adds a new memory component
if: always()
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 1
- name: ACA PLATFORM CERTIFICATE TEST 2 - Test a Platform Certificate that is missing a memory component
if: always()
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 2
- name: ACA PLATFORM CERTIFICATE TEST 3 - Test a Delta Platform Certificate that has a wrong a memory component
if: always()
shell: bash
run: |
.ci/system-tests/tests/platform_cert_tests.sh 3
# - name: All Platform Cert Tests 1-3
# continue-on-error: true
# shell: bash
# run: |
# .ci/system-tests/tests/platform_cert_tests.sh
- name: ACA RIM TEST 1 - Test a RIM from an OEM and a Supplemental RIM from a VAR
if: always()
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 1
- name: ACA RIM TEST 2 - Test a RIM from an OEM with a bad reference measurement and a Supplemental RIM from a VAR
if: always()
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 2
- name: ACA RIM TEST 3 - Test a RIM from an OEM and a Supplemental RIM from a VAR with a bad reference measurement
if: always()
shell: bash
run: |
.ci/system-tests/tests/rim_system_tests.sh 3
# - name: All RIM System Tests 1-3
# continue-on-error: true
# shell: bash
# run: |
# .ci/system-tests/tests/rim_system_tests.sh
- name: Copy System Test Log files
if: always()
shell: bash
run: |
echo "*** Extracting ACA and Provisioner.Net logs ..."
docker exec hirs-aca1 bash -c "mkdir -p /HIRS/logs/aca/ && cp -arp /var/log/hirs/* /HIRS/logs/aca/"
docker exec hirs-provisioner1-tpm2 bash -c "mkdir -p /HIRS/logs/provisioner/ && cp -ap hirs*.log /HIRS/logs/provisioner/ && chmod -R 777 /HIRS/logs"
- name: Docker Compose Down
if: always()
shell: bash
run: |
echo "*** Exiting and removing Docker containers and network ..."
docker compose -f .ci/docker/docker-compose-system-test.yml down -v
- name: Archive System Test Log files
if: always()
uses: actions/upload-artifact@v4
with:
name: System_Test_Log_Files
path: logs/
if-no-files-found: ignore