1212 name : Check Apache 2.0 License Headers
1313 runs-on : ubuntu-latest
1414 timeout-minutes : 5
15-
1615 steps :
1716 - name : Checkout Code
1817 uses : actions/checkout@v4
@@ -34,17 +33,18 @@ jobs:
3433 - name : Pre-Run Environment Cleanup
3534 run : |
3635 echo "Cleaning orphan processes and stale workspaces..."
37- # Ensure working directory exists (previous run may have deleted it)
36+ # Ensure working directory exists
3837 mkdir -p /home/mw/actions-runner/_work/AegisSovereignAI/AegisSovereignAI
39- # Kill CI-spawned processes only (specific patterns to avoid system services)
40- # Redirect stderr to hide 'Operation not permitted' for root processes
38+
39+ # Kill CI-spawned processes
4140 pkill -9 -f "envoy -c" 2>/dev/null || true
4241 pkill -9 -f "spire-server run" 2>/dev/null || true
4342 pkill -9 -f "spire-agent run" 2>/dev/null || true
4443 pkill -9 -f "tpm_plugin_server" 2>/dev/null || true
4544 pkill -9 -f "ci_test_runner" 2>/dev/null || true
4645 pkill -9 -f "test_integration" 2>/dev/null || true
47- # Clean up temp files from previous runs
46+
47+ # Clean up temp files
4848 rm -rf /tmp/unified_identity_test_* || true
4949 rm -rf /tmp/spire-* || true
5050 echo "Pre-cleanup complete"
@@ -55,54 +55,145 @@ jobs:
5555 submodules : recursive
5656 clean : true
5757
58- - name : Debug - Inspect File System
58+ # Check Initial Package Status
59+ - name : Check Initial Packages (Pre-Install)
60+ run : |
61+ cd hybrid-cloud-poc
62+ chmod +x check_packages.sh
63+ echo "=== Running check_packages.sh (Before Install) ==="
64+ ./check_packages.sh || echo "Packages missing (Expected on fresh run)"
65+
66+ name : Install Prerequisites
67+ timeout-minutes : 15
68+ run : |
69+ cd hybrid-cloud-poc
70+ chmod +x install_prerequisites.sh
71+ echo "=== Running install_prerequisites.sh ==="
72+ # Using sudo as implied by README saying it prompts for password
73+ # Ensure your runner user has passwordless sudo for this script
74+ sudo ./install_prerequisites.sh || true
75+
76+ # Persist PATHs for Go and Rust across all future steps
77+ # In GitHub Actions, 'source' only works for the current step.
78+ # Writing to $GITHUB_PATH makes it permanent for the job.
79+ - name : Configure Persistent Environment Paths
5980 run : |
60- echo "Current directory: $(pwd)"
61- echo "Workspace: ${{ github.workspace }}"
62- echo "Runner _work directory contents:"
63- ls -la /home/mw/actions-runner/_work/ || true
81+ echo "=== Configuring Paths ==="
82+ # Add Go to GITHUB_PATH
83+ echo "/usr/local/go/bin" >> $GITHUB_PATH
84+ # Add Cargo (Rust) to GITHUB_PATH
85+ echo "$HOME/.cargo/bin" >> $GITHUB_PATH
86+ echo "Paths added. They will be available in next steps automatically."
6487
88+ # Explicit Python Dependencies from README Troubleshooting
6589 - name : Install Python Dependencies
6690 timeout-minutes : 5
6791 run : |
6892 cd hybrid-cloud-poc
6993 python3 -m pip install --upgrade pip
94+ # Installing specific libs mentioned in README Troubleshooting
95+ python3 -m pip install spiffe cryptography grpcio protobuf requests
96+ # Installing project requirements
7097 python3 -m pip install -r keylime/requirements.txt
98+ echo "Python dependencies installed."
99+
100+ # Re-run check packages to verify installation success
101+ - name : Verify Installation (check_packages.sh)
102+ run : |
103+ cd hybrid-cloud-poc
104+ echo "=== Running check_packages.sh (Verification) ==="
105+ ./check_packages.sh
106+
107+ name : Verify Prerequisites & TPM Access
108+ run : |
109+ echo "=== Step: Deep Verification ==="
110+
111+ echo "--- System Packages ---"
112+ dpkg -l | grep -E "(tpm2|swtpm|libtss2|libssl-dev|python3-dev|build-essential|libclang)" | head -10 || echo "Packages missing"
113+
114+ echo "--- Toolchain Versions ---"
115+ echo "Python: $(python3 --version 2>&1)"
116+ # We don't need to source cargo env here because we added it to GITHUB_PATH earlier
117+ echo "Rust: $(rustc --version 2>&1 || echo 'not installed')"
118+ echo "Go: $(go version 2>&1 || echo 'not installed')"
119+
120+ echo "--- TPM Access Check ---"
121+ # Critical check: Can we actually read the TPM device?
122+ if [ -r /dev/tpm0 ] || [ -r /dev/tpmrm0 ]; then
123+ echo "SUCCESS: Read access to TPM device verified."
124+ else
125+ echo "WARNING: Cannot read /dev/tpm*. User might need to re-login or use sudo."
126+ ls -la /dev/tpm* 2>/dev/null || echo "No TPM devices found"
127+ fi
128+
129+ groups | grep tss && echo "User is in tss group" || echo "Warning: User not in tss group"
130+
131+ name : Build SPIRE Components
132+ timeout-minutes : 10
133+ run : |
134+ echo "=== Building SPIRE ==="
135+ cd hybrid-cloud-poc
136+
137+ if [ -f "spire/bin/spire-server" ] && [ -f "spire/bin/spire-agent" ]; then
138+ echo "SPIRE binaries already exist."
139+ else
140+ cd spire
141+ make bin/spire-server bin/spire-agent
142+ fi
143+
144+ name : Build Rust-Keylime Agent
145+ timeout-minutes : 15
146+ run : |
147+ echo "=== Building Rust-Keylime ==="
148+ cd hybrid-cloud-poc
149+
150+ if [ -f "rust-keylime/target/release/keylime_agent" ]; then
151+ echo "rust-keylime agent already built."
152+ else
153+ if [ -d "rust-keylime" ]; then
154+ cd rust-keylime
155+ cargo build --release
156+ else
157+ echo "rust-keylime directory not found!"
158+ exit 1
159+ fi
160+ fi
71161
72162name : Run Integration Tests
73- timeout-minutes : 5
163+ timeout-minutes : 10
74164 shell : bash
75165 env :
76166 TMPDIR : /tmp
77167 run : |
78168 cd hybrid-cloud-poc
79169 chmod +x ci_test_runner.py test_integration.sh
80- echo "Running integration tests with ci_test_runner.py..."
170+
171+ echo "Starting Integration Runner..."
172+ # Note: If TPM access fails here due to group membership (which requires relogin),
173+ # you might need to run this specific command with 'sudo -E' or 'sg tss -c ...'
174+
81175 python3 ./ci_test_runner.py --no-color -- --control-plane-host 10.1.0.10 --agents-host 10.1.0.10 --onprem-host 10.1.0.10
176+
82177 echo "Integration tests completed"
83178
84179name : Post-Run Cleanup (Mandatory Purge)
85180 if : always()
86181 run : |
87- echo "Purging all workspaces to prevent state poisoning..."
88- # Run cleanup script first to properly stop services
182+ echo "Purging workspaces..."
89183 cd hybrid-cloud-poc
90184 python3 ./ci_test_runner.py --cleanup-only 2>/dev/null || true
91- # Kill CI-spawned processes only (specific patterns to avoid system services)
92- # Redirect stderr to hide 'Operation not permitted' for root processes
185+
93186 pkill -9 -f "spire-server run" 2>/dev/null || true
94187 pkill -9 -f "spire-agent run" 2>/dev/null || true
95188 pkill -9 -f "tpm_plugin_server" 2>/dev/null || true
96189 pkill -9 -f "envoy -c" 2>/dev/null || true
97190 pkill -9 -f "ci_test_runner" 2>/dev/null || true
98191 pkill -9 -f "test_integration" 2>/dev/null || true
99- # Remove temp files
192+
100193 rm -rf /tmp/unified_identity_test_* || true
101194 rm -rf /tmp/spire-* || true
102- # Delete CONTENTS of folder (not folder itself - checkout action needs it)
103- echo "Deleting contents of AegisSovereignAI folder ..."
195+
196+ echo "Deleting repository contents ..."
104197 rm -rf /home/mw/actions-runner/_work/AegisSovereignAI/AegisSovereignAI/* || true
105198 rm -rf /home/mw/actions-runner/_work/AegisSovereignAI/AegisSovereignAI/.* 2>/dev/null || true
106- echo "Workspace contents after cleanup:"
107- ls -la /home/mw/actions-runner/_work/AegisSovereignAI/AegisSovereignAI/ || echo "Folder empty"
108- echo "Post-cleanup complete - repo contents deleted"
199+ echo "Cleanup complete."
0 commit comments