Deserialize plain DI certs as raw DER #1953
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| name: Continuous integration | |
| jobs: | |
| docs: | |
| name: Test docs building | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/jekyll-build-pages@main | |
| with: | |
| source: ./docs | |
| verbose: true | |
| containers: | |
| name: Build containers | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Build containers | |
| uses: ./.github/actions/build_containers | |
| check-spelling: | |
| name: Check spelling | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Check spelling | |
| uses: codespell-project/actions-codespell@master | |
| with: | |
| builtin: clear,rare,usage,code,en-GB_to_en-US | |
| check_filenames: true | |
| check_hidden: true | |
| ignore_words_file: .github/spellcheck-ignore | |
| skip: "./docs/Gemfile.lock,./docs/_config.yml,./.github,./.git" | |
| fmt: | |
| name: Rustfmt | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| - run: cargo fmt --all -- --check | |
| gofmt: | |
| name: Gofmt | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - run: if [ "$(gofmt -d -s -l . | tee /dev/stderr | wc -l)" -gt 0 ]; then exit 1; fi | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-latest | |
| container: fedora:latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-clippy-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Install deps | |
| run: | | |
| dnf install -y make gcc openssl openssl-devel findutils golang git tpm2-tss-devel clevis cryptsetup-devel clang-devel | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| components: clippy | |
| - run: cargo clippy -- -D warnings -D clippy::panic -D clippy::todo | |
| build_and_test: | |
| runs-on: ubuntu-latest | |
| container: fedora:latest | |
| steps: | |
| - name: Install deps | |
| run: | | |
| dnf install -y make gcc openssl openssl-devel findutils golang git tpm2-tss-devel swtpm swtpm-tools git clevis clevis-luks cryptsetup cryptsetup-devel clang-devel cracklib-dicts | |
| - uses: actions/checkout@v3 | |
| with: | |
| persist-credentials: false | |
| - name: Fix git trust | |
| run: git config --global --add safe.directory /__w/fido-device-onboard-rs/fido-device-onboard-rs | |
| - name: Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: stable | |
| - name: Build | |
| run: cargo build --workspace | |
| - name: Run tests | |
| env: | |
| FDO_PRIVILEGED: true | |
| PER_DEVICE_SERVICEINFO: false | |
| run: cargo test --workspace | |
| - name: Check aio | |
| run: | | |
| mkdir aio-dir/ | |
| ./target/debug/fdo-admin-tool aio --directory aio-dir/ & | |
| AIO_PID=$! | |
| sleep 5 | |
| if [ -d /proc/$AIO_PID ]; then rm -rf aio-dir; else exit 1; fi | |
| # This is primarily to ensure that changes to fdo_data.h are committed, | |
| # which is critical for determining whether any stability changes were made | |
| # during the PR review. | |
| - name: Ensure building did not change any code | |
| run: | | |
| git diff --exit-code | |
| commitlint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 'latest' | |
| - name: Install commitlint dependencies | |
| run: npm install commitlint | |
| - uses: wagoid/commitlint-github-action@v5 | |
| env: | |
| NODE_PATH: ${{ github.workspace }}/node_modules | |
| with: | |
| configFile: .github/commitlint.config.js | |
| failOnWarnings: true | |
| manpages: | |
| name: Test man page generation | |
| runs-on: ubuntu-latest | |
| container: fedora:latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: install deps | |
| run: | | |
| dnf install -y make python3-docutils | |
| - name: generate man pages | |
| run: make man | |
| devcontainer_test: | |
| name: Test Devcontainer Creation | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install devcontainer CLI | |
| run: npm install -g @vscode/dev-container-cli | |
| - name: Build devcontainer | |
| run: devcontainer build --image-name devcontainer-fdo-rs . | |
| - name: Test building in devcontainer | |
| run: docker run --rm -v `pwd`:/code:z --workdir /code --user root devcontainer-fdo-rs cargo build --workspace --verbose |