dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 14:22:31 +02:00
Code Releases Activity
ima-evm-utils-mirror/.github/workflows/ci.yml
Petr Vorel d50e8c4397 github: Put openSSL build into own section 
That helps readability when reviewing logs.

Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2023-02-15 16:48:52 -05:00

232 lines
6.4 KiB
YAML
Raw Permalink Blame History

# Copyright (c) 2021 Petr Vorel <pvorel@suse.cz>
name: "distros"
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
outputs:
LINUX_SHA: ${{ steps.last-commit.outputs.LINUX_SHA }}
name: build
timeout-minutes: 100
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v3
- name: Determine last kernel commit
id: last-commit
shell: bash
run: |
mkdir linux-integrity
pushd linux-integrity
git init
LINUX_URL=${{ vars.LINUX_URL }}
if [ -z "$LINUX_URL" ]; then
LINUX_URL=https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
fi
LINUX_BRANCH=${{ vars.LINUX_BRANCH }}
if [ -z "$LINUX_BRANCH" ]; then
LINUX_BRANCH=next-integrity
fi
git remote add origin $LINUX_URL
LINUX_SHA=$(git ls-remote origin $GITHUB_REF_NAME | awk '{print $1}')
[ -z "$LINUX_SHA" ] && LINUX_SHA=$(git ls-remote origin $LINUX_BRANCH | awk '{print $1}')
echo "LINUX_SHA=$LINUX_SHA" >> $GITHUB_OUTPUT
popd
- name: Cache UML kernel
id: cache-linux
uses: actions/cache@v3
with:
path: linux
key: linux-${{ steps.last-commit.outputs.LINUX_SHA }}-${{ hashFiles('**/kernel-configs/*') }}
- name: Cache signing key
id: cache-key
uses: actions/cache@v3
with:
path: signing_key.pem
key: signing_key.pem-${{ steps.last-commit.outputs.LINUX_SHA }}-${{ hashFiles('**/kernel-configs/*') }}
- name: Compile UML kernel
if: steps.cache-linux.outputs.cache-hit != 'true' || steps.cache-key.outputs.cache-hit != 'true'
shell: bash
run: |
if [ "$DEVTOOLSET" = "yes" ]; then
source /opt/rh/devtoolset-10/enable
fi
if [ "$ARCH" = "i386" ]; then
CROSS_COMPILE_OPT="CROSS_COMPILE=i686-linux-gnu-"
fi
pushd linux-integrity
git pull --depth 1 origin ${{ steps.last-commit.outputs.LINUX_SHA }}
make ARCH=um defconfig
./scripts/kconfig/merge_config.sh -m .config $(ls ../kernel-configs/*)
# Update manually, to specify ARCH=um
make ARCH=um olddefconfig
# Make everything built-in
make ARCH=um localyesconfig
make ARCH=um $CROSS_COMPILE_OPT -j$(nproc)
chmod +x linux
cp linux ..
cp certs/signing_key.pem ..
popd
job:
needs: build
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
# 32bit build
- container: "debian:stable"
env:
CC: gcc
ARCH: i386
TSS: tpm2-tss
VARIANT: i386
COMPILE_SSL: openssl-3.0.5
# cross compilation builds
- container: "debian:stable"
env:
ARCH: ppc64el
CC: powerpc64le-linux-gnu-gcc
TSS: ibmtss
VARIANT: cross-compile
- container: "debian:stable"
env:
ARCH: arm64
CC: aarch64-linux-gnu-gcc
TSS: tpm2-tss
VARIANT: cross-compile
- container: "debian:stable"
env:
ARCH: s390x
CC: s390x-linux-gnu-gcc
TSS: ibmtss
VARIANT: cross-compile
# musl (native)
- container: "alpine:latest"
env:
CC: gcc
TSS: tpm2-tss
# glibc (gcc/clang)
- container: "opensuse/tumbleweed"
env:
CC: clang
TSS: ibmtss
- container: "opensuse/leap"
env:
CC: gcc
TSS: tpm2-tss
- container: "ubuntu:jammy"
env:
CC: gcc
TSS: ibmtss
COMPILE_SSL: openssl-3.0.5
- container: "ubuntu:xenial"
env:
CC: clang
TSS: tpm2-tss
- container: "fedora:latest"
env:
CC: clang
TSS: ibmtss
- container: "fedora:latest"
env:
CC: clang
TSS: ibmtss
TST_ENV: um
TST_KERNEL: ../linux
- container: "centos:7"
env:
CC: gcc
TSS: tpm2-tss
- container: "debian:testing"
env:
CC: clang
TSS: tpm2-tss
- container: "debian:stable"
env:
CC: clang
TSS: ibmtss
- container: "alt:sisyphus"
env:
CC: gcc
TSS: libtpm2-tss-devel
container:
image: ${{ matrix.container }}
env: ${{ matrix.env }}
options: --privileged --device /dev/loop-control -v /dev/shm:/dev/shm
steps:
- name: Show OS
run: cat /etc/os-release
- name: Git checkout
uses: actions/checkout@v1
- name: Install additional packages
run: |
INSTALL=${{ matrix.container }}
INSTALL="${INSTALL%%:*}"
INSTALL="${INSTALL%%/*}"
if [ "$VARIANT" ]; then ARCH="$ARCH" ./ci/$INSTALL.$VARIANT.sh; fi
ARCH="$ARCH" CC="$CC" TSS="$TSS" ./ci/$INSTALL.sh
- name: Build openSSL
run: |
if [ "$COMPILE_SSL" ]; then
COMPILE_SSL="$COMPILE_SSL" VARIANT="$VARIANT" ./tests/install-openssl3.sh; \
fi
- name: Build swtpm
run: |
if [ ! "$VARIANT" ]; then
which tpm_server || which swtpm || \
if which tssstartup; then
./tests/install-swtpm.sh;
fi
fi
- name: Retrieve UML kernel
if: ${{ matrix.env.TST_ENV }}
uses: actions/cache@v3
continue-on-error: false
with:
path: linux
key: linux-${{ needs.build.outputs.LINUX_SHA }}-${{ hashFiles('**/kernel-configs/*') }}
- name: Retrieve signing key
if: ${{ matrix.env.TST_ENV }}
continue-on-error: false
uses: actions/cache@v3
with:
path: signing_key.pem
key: signing_key.pem-${{ needs.build.outputs.LINUX_SHA }}-${{ hashFiles('**/kernel-configs/*') }}
- name: Compiler version
run: $CC --version
- name: Compile
run: CC="$CC" VARIANT="$VARIANT" COMPILE_SSL="$COMPILE_SSL" TST_ENV="$TST_ENV" TST_KERNEL="$TST_KERNEL" ./build.sh
View Git Blame Copy Permalink