crypto: remove unsupported ecdsa signature algorithms #128
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration (Emulation Mode) | |
| # Trigger on push and pull request events | |
| on: | |
| push: | |
| paths-ignore: | |
| - "**.md" | |
| - "doc/**" | |
| pull_request: | |
| paths-ignore: | |
| - "**.md" | |
| - "doc/**" | |
| workflow_dispatch: | |
| env: | |
| AS: nasm | |
| RUST_TOOLCHAIN: 1.83.0 | |
| TOOLCHAIN_PROFILE: minimal | |
| permissions: | |
| contents: read | |
| jobs: | |
| build-and-test: | |
| name: Build and Test MigTD in Emulation Mode | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 60 | |
| steps: | |
| # Install first since it's needed to build NASM | |
| - name: Install LLVM and Clang | |
| uses: KyleMayes/install-llvm-action@98e68e10c96dffcb7bfed8b2144541a66b49aa02 # v2.0.8 | |
| with: | |
| version: "10.0" | |
| directory: ${{ runner.temp }}/llvm | |
| - name: Install libtinfo5 | |
| run: sudo apt-get update -y && sudo apt-get install libtinfo5 -y | |
| - name: Install NASM | |
| uses: ilammy/setup-nasm@72793074d3c8cdda771dba85f6deafe00623038b # v1.5.2 | |
| - name: Install build dependencies | |
| run: sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python-is-python3 libssl-dev git cmake perl libtss2-dev pkg-config | |
| - name: Checkout sources | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Install Rust toolchain | |
| uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
| with: | |
| profile: ${{ env.TOOLCHAIN_PROFILE }} | |
| toolchain: ${{ env.RUST_TOOLCHAIN }} | |
| override: true | |
| components: rust-src | |
| - name: Add x86_64-unknown-none target | |
| run: rustup target add x86_64-unknown-none | |
| - name: Run preparation script | |
| run: bash sh_script/preparation.sh | |
| - name: Build MigTD with test features for emulation | |
| run: | | |
| echo "Building MigTD with AzCVMEmu and test features for emulation testing..." | |
| cargo build --release --features "AzCVMEmu,test_disable_ra_and_accept_all" --no-default-features | |
| - name: Verify emulation script and binary | |
| run: | | |
| if [[ ! -f "./migtdemu.sh" ]]; then | |
| echo "Error: migtdemu.sh not found" | |
| exit 1 | |
| fi | |
| chmod +x ./migtdemu.sh | |
| if [[ ! -f "./target/release/migtd" ]]; then | |
| echo "Error: migtd binary not found after build" | |
| exit 1 | |
| fi | |
| echo "Emulation script and binary are ready" | |
| - name: Run MigTD emulation tests | |
| id: emulation_test | |
| run: | | |
| echo "Running MigTD emulation tests with both source and destination..." | |
| echo "This will start destination, then source, and test the migration flow" | |
| echo "Command: ./migtdemu.sh --skip-ra --both --no-sudo --log-level info" | |
| # Run the test with timeout and capture exit code | |
| set +e | |
| timeout 300 ./migtdemu.sh --skip-ra --both --no-sudo --log-level info | |
| EXIT_CODE=$? | |
| set -e | |
| echo "Test completed with exit code: $EXIT_CODE" | |
| if [[ $EXIT_CODE -eq 0 ]]; then | |
| echo "β Emulation test completed successfully" | |
| echo "test_status=success" >> $GITHUB_OUTPUT | |
| elif [[ $EXIT_CODE -eq 124 ]]; then | |
| echo "β Emulation test timed out after 300 seconds" | |
| echo "test_status=timeout" >> $GITHUB_OUTPUT | |
| exit 1 | |
| else | |
| echo "β Emulation test failed with exit code $EXIT_CODE" | |
| echo "test_status=failed" >> $GITHUB_OUTPUT | |
| exit $EXIT_CODE | |
| fi | |
| - name: Check test outputs and logs | |
| if: always() | |
| run: | | |
| echo "=== Test Execution Summary ===" | |
| echo "Test status: ${{ steps.emulation_test.outputs.test_status || 'unknown' }}" | |
| if [[ -f "dest.out.log" ]]; then | |
| DEST_LOG_SIZE=$(wc -l < dest.out.log) | |
| echo "Destination log found: $DEST_LOG_SIZE lines" | |
| echo "" | |
| echo "=== Last 50 lines of destination log ===" | |
| tail -n 50 dest.out.log | |
| echo "" | |
| echo "=== First 20 lines of destination log ===" | |
| head -n 20 dest.out.log | |
| else | |
| echo "No destination log file found" | |
| fi | |
| # Check for any process dumps or error files | |
| if ls core* 1> /dev/null 2>&1; then | |
| echo "" | |
| echo "=== Core dumps found ===" | |
| ls -la core* | |
| fi | |
| # Show summary of what was tested | |
| echo "" | |
| echo "=== Test Summary ===" | |
| echo "- Built MigTD with AzCVMEmu and test_disable_ra_and_accept_all features" | |
| echo "- Ran emulation test with both source and destination instances" | |
| echo "- Skip RA mode enabled (mock attestation, no TPM/Azure CVM required)" | |
| - name: Upload test artifacts on failure | |
| if: failure() | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: migtd-test-logs-${{ github.run_id }} | |
| path: | | |
| dest.out.log | |
| *.log | |
| core* | |
| target/release/migtd | |
| retention-days: 7 | |
| if-no-files-found: ignore | |
| - name: Report final status | |
| if: always() | |
| run: | | |
| case "${{ steps.emulation_test.outputs.test_status }}" in | |
| "success") | |
| echo "π MigTD PR tests passed successfully!" | |
| echo "β Build completed" | |
| echo "β Emulation tests passed" | |
| echo "The PR is ready for code review." | |
| ;; | |
| "timeout") | |
| echo "β° MigTD tests timed out" | |
| echo "β Build completed" | |
| echo "β Tests timed out after 5 minutes" | |
| echo "Check logs for hanging processes or infinite loops." | |
| ;; | |
| "failed"|*) | |
| echo "β MigTD tests failed" | |
| echo "β Build completed" | |
| echo "β Emulation tests failed" | |
| echo "Check the test logs above and uploaded artifacts for debugging details." | |
| ;; | |
| esac | |
| policy-v2-mock-report-test: | |
| name: Policy v2 with Mock Report End-to-End Test | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 60 | |
| steps: | |
| # Install first since it's needed to build NASM | |
| - name: Install LLVM and Clang | |
| uses: KyleMayes/install-llvm-action@98e68e10c96dffcb7bfed8b2144541a66b49aa02 # v2.0.8 | |
| with: | |
| version: "10.0" | |
| directory: ${{ runner.temp }}/llvm | |
| - name: Install libtinfo5 | |
| run: sudo apt-get update -y && sudo apt-get install libtinfo5 -y | |
| - name: Install NASM | |
| uses: ilammy/setup-nasm@72793074d3c8cdda771dba85f6deafe00623038b # v1.5.2 | |
| - name: Install build dependencies | |
| run: sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python-is-python3 libssl-dev git cmake perl libtss2-dev pkg-config jq -y | |
| - name: Checkout sources | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Install Rust toolchain | |
| uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
| with: | |
| profile: ${{ env.TOOLCHAIN_PROFILE }} | |
| toolchain: ${{ env.RUST_TOOLCHAIN }} | |
| override: true | |
| components: rust-src | |
| - name: Add x86_64-unknown-none target | |
| run: rustup target add x86_64-unknown-none | |
| - name: Run preparation script | |
| run: bash sh_script/preparation.sh | |
| - name: Run policy v2 generation and test script | |
| id: policy_v2_test | |
| run: | | |
| echo "=== Running Policy v2 Mock Report Test Script ===" | |
| echo "This script will:" | |
| echo " 1. Build all required tools (azcvm-extract-report, json-signer, etc.)" | |
| echo " 2. Generate mock report data" | |
| echo " 3. Update policy templates with mock measurements" | |
| echo " 4. Generate certificates and sign policy components" | |
| echo " 5. Create and sign final policy v2" | |
| echo " 6. Build MigTD with mock report feature" | |
| echo " 7. Run end-to-end test with both source and destination" | |
| echo "" | |
| chmod +x ./sh_script/build_AzCVMEmu_policy_and_test.sh | |
| # Run the script with timeout | |
| set +e | |
| timeout 600 ./sh_script/build_AzCVMEmu_policy_and_test.sh --mock-report | |
| EXIT_CODE=$? | |
| set -e | |
| echo "" | |
| echo "Script completed with exit code: $EXIT_CODE" | |
| if [[ $EXIT_CODE -eq 0 ]]; then | |
| echo "β Policy v2 with mock report test completed successfully" | |
| echo "test_status=success" >> $GITHUB_OUTPUT | |
| elif [[ $EXIT_CODE -eq 124 ]]; then | |
| echo "β Test timed out after 10 minutes" | |
| echo "test_status=timeout" >> $GITHUB_OUTPUT | |
| exit 1 | |
| else | |
| echo "β Test failed with exit code $EXIT_CODE" | |
| echo "test_status=failed" >> $GITHUB_OUTPUT | |
| exit $EXIT_CODE | |
| fi | |
| - name: Check test outputs | |
| if: always() | |
| run: | | |
| echo "=== Test Execution Summary ===" | |
| echo "Test status: ${{ steps.policy_v2_test.outputs.test_status || 'unknown' }}" | |
| if [[ -f "dest.out.log" ]]; then | |
| DEST_LOG_SIZE=$(wc -l < dest.out.log) | |
| echo "Destination log found: $DEST_LOG_SIZE lines" | |
| echo "" | |
| echo "=== Last 50 lines of destination log ===" | |
| tail -n 50 dest.out.log | |
| echo "" | |
| echo "=== First 20 lines of destination log ===" | |
| head -n 20 dest.out.log | |
| else | |
| echo "No destination log file found" | |
| fi | |
| # Check if policy files were generated | |
| if [[ -f "config/AzCVMEmu/policy_v2_signed.json" ]]; then | |
| POLICY_SIZE=$(wc -c < config/AzCVMEmu/policy_v2_signed.json) | |
| echo "" | |
| echo "Policy file generated: ${POLICY_SIZE} bytes" | |
| fi | |
| if [[ -f "config/AzCVMEmu/policy_issuer_chain.pem" ]]; then | |
| echo "Certificate chain file generated" | |
| fi | |
| - name: Upload test artifacts on failure | |
| if: failure() | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: policy-v2-test-logs-${{ github.run_id }} | |
| path: | | |
| dest.out.log | |
| *.log | |
| config/AzCVMEmu/policy_v2_signed.json | |
| config/AzCVMEmu/policy_issuer_chain.pem | |
| target/release/migtd | |
| retention-days: 7 | |
| if-no-files-found: ignore | |
| - name: Report final status | |
| if: always() | |
| run: | | |
| case "${{ steps.policy_v2_test.outputs.test_status }}" in | |
| "success") | |
| echo "π Policy v2 mock report test passed successfully!" | |
| echo "β All 13 steps of policy generation completed" | |
| echo "β Mock report data generated" | |
| echo "β Policy v2 signed and validated" | |
| echo "β End-to-end migration test passed" | |
| echo "The PR is ready for code review." | |
| ;; | |
| "timeout") | |
| echo "β° Policy v2 test timed out" | |
| echo "β Tests timed out after 10 minutes" | |
| echo "Check logs for hanging processes or infinite loops." | |
| ;; | |
| "failed"|*) | |
| echo "β Policy v2 test failed" | |
| echo "Check the test logs above and uploaded artifacts for debugging details." | |
| echo "The script performs all 13 steps:" | |
| echo " 1-4: Build tools and generate mock measurements" | |
| echo " 5-7: Generate certificates and sign components" | |
| echo " 8-10: Generate collateral and merge policy" | |
| echo " 11-13: Copy files and run integration test" | |
| ;; | |
| esac |