Update the OPTEE shim to use CrngProvider
#1904
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SemverChecks | |
| # Run on pull requests, merge groups, or if triggered manually | |
| on: [pull_request, merge_group, workflow_dispatch] | |
| # If a new commit is pushed to the branch before ongoing runs finish, cancel the ongoing runs | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| issues: write | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| semver_checks: | |
| name: Check SemVer Correctness | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Fail if PR base is not main | |
| if: github.event.pull_request.base.ref != 'main' && github.event_name == 'pull_request' | |
| run: | | |
| echo "This PR does not target the 'main' branch. Exiting." | |
| exit 1 | |
| - name: Check out repo | |
| uses: actions/checkout@v4 | |
| - name: Ensure that the main branch is fetched | |
| run: git fetch origin main:main | |
| - name: Set up Rust | |
| run: | | |
| rustup toolchain install $(awk -F'"' '/channel/{print $2}' rust-toolchain.toml) --profile minimal --no-self-update | |
| - name: Set up cargo-semver-checks | |
| run: | | |
| curl -L --proto '=https' --tlsv1.2 -sSf https://github.com/obi1kenobi/cargo-semver-checks/releases/latest/download/cargo-semver-checks-x86_64-unknown-linux-gnu.tar.gz | tar xzvf - | |
| mv cargo-semver-checks ~/.cargo/bin | |
| - name: Check semver match against the main branch | |
| id: semver_check | |
| run: | | |
| # TODO(jayb): we are temporarily preventing a failure in semver-checks | |
| # from showing up as a `X`, but instead triggering a comment on the | |
| # PR. Once things go public, we will likely switch this out to make it | |
| # actually complain as usual, possibly still keeping in the comment bot? | |
| if cargo semver-checks --baseline-rev main --color=never >/tmp/semver-checks-stdout; then | |
| cat /tmp/semver-checks-stdout | |
| echo "Semver check succeeded." | |
| echo "reaction=hooray" >> "$GITHUB_OUTPUT" | |
| else | |
| cat /tmp/semver-checks-stdout | |
| echo "Semver check failed." | |
| echo "reaction=eyes" >> "$GITHUB_OUTPUT" | |
| fi | |
| # - name: React to the PR based on semver-checks | |
| # if: ${{ github.event.pull_request }} | |
| # run: | | |
| # curl -L \ | |
| # -X POST \ | |
| # -H "Accept: application/vnd.github+json" \ | |
| # -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| # -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| # https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/issues/${{ github.event.number }}/reactions \ | |
| # -d '{"content":"${{ steps.semver_check.outputs.reaction }}"}' | |
| - name: Delete old semver checks comments, if any | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| # Get the old comments | |
| COMMENT_IDS=$(curl -L \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/issues/${{ github.event.number }}/comments | \ | |
| jq '.[] | select(.body | contains(":robot: SemverChecks :robot:")) | .id') | |
| # Delete them all | |
| for ID in $COMMENT_IDS; do | |
| curl -L \ | |
| -X DELETE \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/issues/comments/$ID | |
| done | |
| - name: Add a new issue comment if needed | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| curl -L \ | |
| -X POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/issues/${{ github.event.number }}/comments \ | |
| -d "$(if [ -s /tmp/semver-checks-stdout ]; then echo -e ':robot: SemverChecks :robot: :warning: Potential breaking API changes detected :warning:\n\n<details><summary>Click for details</summary>\n\n```'"$(cat /tmp/semver-checks-stdout)"'\n```\n</details>'; else echo -e ':robot: SemverChecks :robot: No breaking API changes detected\n\nNote: this does not mean API is unchanged, or even that there are no breaking changes; simply, none of the detections triggered.'; fi | jq -sR '{body: .}')" |