Merge pull request #118 from uptane/docs/secondary-root-rotation #464
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Aktualizr CI | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
env: | |
CCACHE_DIR: ${{ github.workspace }}/.ccache | |
jobs: | |
coverage: | |
name: Build and Test on Debian Bullseye | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_TAG: docker.pkg.github.com/uptane/aktualizr/aktualizr-ci:bullseye-master | |
DOCKERFILE: docker/Dockerfile.debian.bullseye | |
DARGS: >- | |
-eCCACHE_DIR | |
-eTEST_CMAKE_BUILD_TYPE=Valgrind | |
-eTEST_WITH_P11=1 | |
-eTEST_WITH_FAULT_INJECTION=1 | |
-eTEST_TESTSUITE_EXCLUDE=credentials | |
-eTEST_SOTA_PACKED_CREDENTIALS=dummy-credentials | |
steps: | |
- uses: actions/checkout@main | |
- run: | | |
git fetch --prune --unshallow | |
git submodule update --init --recursive --force | |
- name: Docker login | |
if: github.token | |
run: echo ${{ github.token }} | docker login docker.pkg.github.com -u uptane --password-stdin | |
- name: Docker build | |
run: | | |
docker pull "$DOCKER_TAG" || true | |
docker build --cache-from "$DOCKER_TAG" --pull -t "$DOCKER_TAG" -f "$DOCKERFILE" . | |
- uses: actions/cache@v4 | |
with: | |
path: ${{ github.workspace }}/cache | |
key: debian-bullseye-${{ github.run_id }} | |
restore-keys: | | |
debian-bullseye-${{ github.run_id }} | |
debian-bullseye- | |
- name: Unpack ccache | |
run: docker run --mount=type=volume,source=ccache,destination=/home/testuser/.cache -i "$DOCKER_TAG" tar -xf- < ${{github.workspace}}/cache/cache.tar || echo "No cache found" | |
- name: Test | |
run: | | |
docker run --mount=type=volume,source=ccache,destination=/home/testuser/.cache -t "$DOCKER_TAG" source/scripts/build-and-test.sh | |
- name: Stash ccache | |
run: | | |
mkdir -p ${{github.workspace}}/cache | |
docker run --mount=type=volume,source=ccache,destination=/home/testuser/.cache -i "$DOCKER_TAG" tar -cf- .cache > ${{github.workspace}}/cache/cache.tar | |
nop11: | |
name: Tests with PKCS#11 support on Ubuntu Bionic | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_TAG: docker.pkg.github.com/uptane/aktualizr/aktualizr-ci:bionic-master | |
DOCKERFILE: docker/Dockerfile.ubuntu.bionic | |
DARGS: >- | |
-eCCACHE_DIR | |
-eTEST_CMAKE_BUILD_TYPE=Debug | |
-eTEST_WITH_P11=1 | |
-eTEST_WITH_TESTSUITE=0 | |
steps: | |
- uses: actions/checkout@main | |
- run: | | |
git fetch --prune --unshallow | |
git submodule update --init --recursive --force | |
- name: Docker login | |
if: github.token | |
run: echo ${{ github.token }} | docker login docker.pkg.github.com -u uptane --password-stdin | |
- name: Docker build | |
run: | | |
docker pull "$DOCKER_TAG" || true | |
docker build --cache-from "$DOCKER_TAG" --pull -t "$DOCKER_TAG" -f "$DOCKERFILE" . | |
- uses: actions/[email protected] | |
with: | |
path: ${{ github.workspace }}/.ccache | |
key: ubuntu-bionic-${{ github.run_id }} | |
restore-keys: | | |
ubuntu-bionic-${{ github.run_id }} | |
ubuntu-bionic- | |
- name: Test | |
run: docker run -v "$PWD:$PWD" -w "$PWD" $DARGS -t "$DOCKER_TAG" ./scripts/test.sh | |
static-checks: | |
name: Static checks on Ubuntu Focal | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_TAG: docker.pkg.github.com/uptane/aktualizr/aktualizr-ci:ubuntu-focal-master | |
DOCKERFILE: docker/Dockerfile.ubuntu.focal | |
DARGS: >- | |
-eCCACHE_DIR | |
-eTEST_CC=clang | |
-eTEST_CMAKE_BUILD_TYPE=Valgrind | |
-eTEST_TESTSUITE_ONLY=crypto | |
-eTEST_WITH_STATICTESTS=1 | |
-eTEST_WITH_DOCS=1 | |
steps: | |
- uses: actions/checkout@main | |
- run: | | |
git fetch --prune --unshallow | |
git submodule update --init --recursive --force | |
- name: Docker login | |
if: github.token | |
run: echo ${{ github.token }} | docker login docker.pkg.github.com -u uptane --password-stdin | |
- name: Docker build | |
run: | | |
docker pull "$DOCKER_TAG" || true | |
docker build --cache-from "$DOCKER_TAG" --pull -t "$DOCKER_TAG" -f "$DOCKERFILE" . | |
- uses: actions/[email protected] | |
with: | |
path: ${{ github.workspace }}/.ccache | |
key: ubuntu-focal-${{ github.run_id }} | |
restore-keys: | | |
ubuntu-focal-${{ github.run_id }} | |
ubuntu-focal- | |
- name: Test | |
run: docker run -v "$PWD:$PWD" -w "$PWD" $DARGS -t "$DOCKER_TAG" ./scripts/test.sh | |
shellcheck: | |
name: Shellcheck | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@main | |
- name: Run ShellCheck | |
uses: ludeeus/action-shellcheck@master | |
with: | |
ignore_paths: third_party |