Skip to content

[launcher] Allow multiple Root of Trusts in Agent #2080

[launcher] Allow multiple Root of Trusts in Agent

[launcher] Allow multiple Root of Trusts in Agent #2080

Workflow file for this run

#
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
#
name: CI
on:
push:
tags:
- v*
branches:
- master
- main
pull_request:
jobs:
build:
strategy:
matrix:
go-version: [1.21.x]
# TODO: Get this working on windows-latest
os: [ubuntu-latest]
architecture: [x32, x64]
include:
- os: macos-latest
architecture: arm64
go-version: 1.21.x
- os: macos-14-large
architecture: x64
go-version: 1.21.x
name: Generate/Build/Test (${{ matrix.os }}, ${{ matrix.architecture }}, Go ${{ matrix.go-version }})
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go-version }}
architecture: ${{ matrix.architecture }}
- name: Install Protoc
uses: arduino/setup-protoc@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: "3.20.1"
- name: Install protoc-gen-go
run: go install google.golang.org/protobuf/cmd/[email protected]
- name: Check Protobuf Generation
run: |
go generate ./... ./cmd/... ./launcher/... ./verifier/...
git diff -G'^[^/]' --exit-code
- name: Install Linux 64-bit packages
run: sudo apt-get -y install libssl-dev
if: runner.os == 'Linux' && matrix.architecture == 'x64'
- name: Install Linux 32-bit packages
run: sudo dpkg --add-architecture i386; sudo apt-get update; sudo apt-get -y install libssl-dev:i386 libgcc-s1:i386 gcc-multilib
if: runner.os == 'Linux' && matrix.architecture == 'x32'
- name: Install Mac packages
run: |
brew install openssl
if: runner.os == 'macOS'
- name: Install Windows packages
run: choco install openssl
if: runner.os == 'Windows'
- name: Build all modules except launcher
run: go build -v ./... ./cmd/... ./verifier/...
- name: Build launcher module
run: go build -v ./launcher/...
if: runner.os == 'Linux'
- name: Run specific tests under root permission
run: |
GO_EXECUTABLE_PATH=$(which go)
sudo $GO_EXECUTABLE_PATH test -v -run "TestFetchImageSignaturesDockerPublic" ./launcher
if: runner.os == 'Linux'
- name: Run all tests in launcher to capture potential data race
run: go test -v -race ./launcher/...
if: (runner.os == 'Linux') && matrix.architecture == 'x64'
- name: Test all modules except launcher
run: go test -v ./... ./cmd/... ./verifier/... -skip='TestCacheConcurrentSetGet|TestHwAttestationPass|TestHardwareAttestationPass'
lint:
strategy:
matrix:
go-version: [1.21.x]
os: [ubuntu-latest]
dir: ["./", "./cmd", "./launcher"]
name: Lint ${{ matrix.dir }} (${{ matrix.os }}, Go ${{ matrix.go-version }})
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go-version }}
- name: Run golangci-lint
uses: golangci/[email protected]
with:
version: latest
working-directory: ${{ matrix.dir }}
args: >
-D errcheck
-E stylecheck
-E goimports
-E misspell
-E revive
-E gofmt
-E goimports
--exclude-use-default=false
--max-same-issues=0
--max-issues-per-linter=0
--timeout 2m
lintc:
strategy:
matrix:
go-version: [1.21.x]
os: [ubuntu-latest]
name: Lint CGO (${{ matrix.os }}, Go ${{ matrix.go-version }})
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go-version }}
- name: Install Linux packages
run: sudo apt-get -y install libssl-dev
- name: Check for CGO Warnings (gcc)
run: CGO_CFLAGS=-Werror CC=gcc go build ./...
- name: Check for CGO Warnings (clang)
run: CGO_CFLAGS=-Werror CC=clang go build ./...