Continuous Integration #3346

Workflow file for this run

	name: Continuous Integration

	on:
	schedule:
	- cron: "0 0 * * 0"
	pull_request:
	workflow_dispatch:
	merge_group:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: ${{ !contains(github.ref, 'main')}}

	permissions:
	contents: read
	actions: read
	checks: write

	jobs:
	checks:
	name: "Format and License Checks"
	runs-on: [self-hosted, 1ES.Pool=gha-vmss-d16av5-ci]
	container:
	image: mcr.microsoft.com/azurelinux/base/core:3.0
	options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE

	steps:
	- name: "Checkout dependencies"
	shell: bash
	run: \|
	gpg --import /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY
	tdnf -y update
	tdnf -y install ca-certificates git

	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Run CI checks
	run: \|
	set -ex
	git config --global --add safe.directory /__w/CCF/CCF
	tdnf -y install tar npm build-essential
	./scripts/setup-dev.sh
	./scripts/ci-checks.sh
	shell: bash

	build_with_tidy:
	name: "Build with clang-tidy"
	runs-on: [self-hosted, 1ES.Pool=gha-vmss-d16av5-ci]
	container:
	image: mcr.microsoft.com/azurelinux/base/core:3.0
	options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE

	steps:
	- name: "Checkout dependencies"
	shell: bash
	run: \|
	set -ex
	gpg --import /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY
	tdnf -y update
	tdnf -y install ca-certificates git

	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: "Install dependencies"
	shell: bash
	run: \|
	set -ex
	./scripts/setup-ci.sh

	- name: "Build Debug"
	run: \|
	set -ex
	git config --global --add safe.directory /__w/CCF/CCF
	mkdir build
	cd build
	cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DCLANG_TIDY=ON ..
	ninja
	shell: bash

	build_and_test_virtual:
	name: "Virtual CI"
	needs: checks
	runs-on: [self-hosted, 1ES.Pool=gha-vmss-d16av5-ci]
	container:
	image: mcr.microsoft.com/azurelinux/base/core:3.0
	options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE

	steps:
	- name: "Checkout dependencies"
	shell: bash
	run: \|
	gpg --import /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY
	tdnf -y update
	tdnf -y install ca-certificates git

	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: "cpuinfo"
	run: \|
	cat /proc/cpuinfo
	shell: bash

	- name: "Install dependencies"
	shell: bash
	run: \|
	set -ex
	./scripts/setup-ci.sh

	- name: "Confirm running on Virtual"
	run: \|
	set -ex
	python3 tests/infra/platform_detection.py virtual
	shell: bash

	- name: "Build Debug"
	run: \|
	set -ex
	git config --global --add safe.directory /__w/CCF/CCF
	mkdir build
	cd build
	cmake -GNinja -DCMAKE_BUILD_TYPE=Debug ..
	ninja
	shell: bash

	- name: "Test virtual"
	run: \|
	set -ex
	cd build
	rm -rf /github/home/.cache
	mkdir -p /github/home/.cache
	# Unit tests
	./tests.sh --output-on-failure -L unit -j$(nproc --all)
	# End to end tests
	./tests.sh --timeout 360 --output-on-failure -LE "benchmark\|suite\|unit"
	# Partitions tests
	# Note that those are only run on the virtual CI, as they require enough
	# privileges to configure iptables. ACI-based pools run unprivileged
	# containers, and so cannot run these tests unfortunately.
	./tests.sh --timeout 360 --output-on-failure -L partitions -C partitions
	shell: bash

	- name: "Upload logs for virtual"
	uses: actions/upload-artifact@v4
	with:
	name: logs-azurelinux-virtual
	path: \|
	build/workspace//.config.json
	build/workspace/*/out
	build/workspace/*/err
	build/workspace//.ledger/*
	if-no-files-found: ignore
	if: success() \|\| failure()

	build_and_test_caci:
	name: "Confidential Container CI"
	runs-on: [self-hosted, 1ES.Pool=gha-c-aci-ci]
	needs: checks

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: "Dump environment"
	run: \|
	set -ex
	# Dump environment variables, extract Fabric_NodeIPOrFQDN
	# and save it to a file for reconfiguration test using THIM.
	cat /proc/*/environ \| tr '\000' '\n' \| sort -u \| grep Fabric_NodeIPOrFQDN > /Fabric_NodeIPOrFQDN
	echo "::group::Disk usage"
	df -kh
	echo "::endgroup::"
	echo "::group::Mounts"
	mount
	echo "::endgroup::"
	echo "::group::CPU Info"
	cat /proc/cpuinfo
	echo "::endgroup::"
	shell: bash

	- name: "Confirm running on SEV-SNP"
	run: \|
	set -ex
	python3 tests/infra/platform_detection.py snp
	shell: bash

	- name: "Build Debug"
	run: \|
	set -ex
	git config --global --add safe.directory /__w/CCF/CCF
	mkdir build
	cd build
	cmake -GNinja -DCMAKE_BUILD_TYPE=Debug ..
	ninja
	shell: bash

	- name: "Tests"
	run: \|
	set -ex
	cd build
	rm -rf /github/home/.cache
	mkdir -p /github/home/.cache
	# Unit tests
	./tests.sh --output-on-failure -L unit -j$(nproc --all)
	# End to end tests
	./tests.sh --timeout 360 --output-on-failure -LE "benchmark\|suite\|unit"
	shell: bash

	- name: "Capture dmesg"
	run: \|
	set -ex
	echo "::group::Disk usage"
	df -kh
	echo "::endgroup::"
	dmesg > dmesg.log
	shell: bash
	if: success() \|\| failure()

	- name: "Upload logs"
	uses: actions/upload-artifact@v4
	with:
	name: logs-caci-snp
	path: \|
	dmesg.log
	build/workspace//.config.json
	build/workspace/*/out
	build/workspace/*/err
	build/workspace//.ledger/*
	if-no-files-found: ignore
	if: success() \|\| failure()

	build_and_test_caci_genoa:
	name: "Confidential Container CI on Genoa"
	runs-on: [self-hosted, 1ES.Pool=gha-c-caci-ci-south-central-us]
	needs: checks

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: "Ensure running on Genoa hardware"
	run: \|
	cat /proc/cpuinfo \| grep "model.*: 17"
	shell: bash

	- name: "Dump environment"
	run: \|
	set -ex
	# Dump environment variables, extract Fabric_NodeIPOrFQDN
	# and save it to a file for reconfiguration test using THIM.
	cat /proc/*/environ \| tr '\000' '\n' \| sort -u \| grep Fabric_NodeIPOrFQDN > /Fabric_NodeIPOrFQDN
	echo "::group::Disk usage"
	df -kh
	echo "::endgroup::"
	echo "::group::Mounts"
	mount
	echo "::endgroup::"
	echo "::group::CPU Info"
	cat /proc/cpuinfo
	echo "::endgroup::"
	shell: bash

	- name: "Confirm running on SEV-SNP"
	run: \|
	set -ex
	python3 tests/infra/platform_detection.py snp
	shell: bash

	- name: "Build Debug"
	run: \|
	set -ex
	git config --global --add safe.directory /__w/CCF/CCF
	mkdir build
	cd build
	cmake -GNinja -DCMAKE_BUILD_TYPE=Debug ..
	ninja
	shell: bash

	- name: "Tests"
	run: \|
	set -ex
	cd build
	rm -rf /github/home/.cache
	mkdir -p /github/home/.cache
	# Limited set of tests because Genoa pools have limited resources
	# focusing on architecture-specific functionality.
	# Unit test for sealing
	./tests.sh --output-on-failure -R snp_ioctl_test
	# End to end tests for code update (attestation verification)
	./tests.sh --timeout 360 --output-on-failure -R code_update
	shell: bash

	- name: "Capture dmesg"
	run: \|
	set -ex
	echo "::group::Disk usage"
	df -kh
	echo "::endgroup::"
	dmesg > dmesg.log
	shell: bash
	if: success() \|\| failure()

	- name: "Upload logs"
	uses: actions/upload-artifact@v4
	with:
	name: logs-caci-snp-genoa
	path: \|
	dmesg.log
	build/workspace//.config.json
	build/workspace/*/out
	build/workspace/*/err
	build/workspace//.ledger/*
	if-no-files-found: ignore
	if: success() \|\| failure()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Continuous Integration #3346

Workflow file

Continuous Integration #3346

Uh oh!

Jobs

Run details

Workflow file for this run