wolfProvider/.github/workflows/tpm2-tools.yml at de0c63a34a382d0c5910ed2dce51997254645494 · wolfSSL/wolfProvider · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: tpm2-tools Tests

# START OF COMMON SECTION
on:
  push:
    branches: [ 'master', 'main', 'release/**' ]
  pull_request:
    branches: [ '*' ]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
# END OF COMMON SECTION

jobs:
  build_wolfprovider:
    uses: ./.github/workflows/build-wolfprovider.yml
    with:
      wolfssl_ref: ${{ matrix.wolfssl_ref }}
      openssl_ref: ${{ matrix.openssl_ref }}
      replace_default: ${{ matrix.replace_default }}
    strategy:
      matrix:
        wolfssl_ref: [ 'v5.8.2-stable' ]
        openssl_ref: [ 'openssl-3.5.2' ]
        replace_default: [ true ]

  test_tpm2_tools:
    runs-on: ubuntu-22.04
    container:
      image: debian:bookworm
      env:
        DEBIAN_FRONTEND: noninteractive
    needs: build_wolfprovider
    # This should be a safe limit for the tests to run.
    timeout-minutes: 20
    strategy:
      fail-fast: false
      matrix:
        tpm2_tools_ref: [ '5.7' ]
        wolfssl_ref: [ 'v5.8.2-stable' ]
        openssl_ref: [ 'openssl-3.5.2' ]
        force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
        replace_default: [ true ]
    env:
      WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
      OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
      WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
    steps:
      - name: Install tpm2-tools test dependencies
        run: |
          apt-get update
          apt-get install -y git build-essential expect vim dbus vim-common \
          autoconf-archive python3 python3-yaml python3-pip libefivar-dev \
          libcmocka-dev automake libtool pkg-config build-essential pandoc \
          libtss2-dev tpm2-abrmd swtpm tpm2-tools iproute2 libcurl4-openssl-dev

      - name: Checkout wolfProvider
        uses: actions/checkout@v4
        with:
          fetch-depth: 1

      - name: Checking OpenSSL/wolfProvider packages in cache
        uses: actions/cache/restore@v4
        id: wolfprov-cache
        with:
          path: |
            ${{ env.WOLFSSL_PACKAGES_PATH }}
            ${{ env.OPENSSL_PACKAGES_PATH }}
            ${{ env.WOLFPROV_PACKAGES_PATH }}
          key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
          fail-on-cache-miss: true

      - name: Install wolfSSL/OpenSSL/wolfprov packages
        run: |
          printf "Installing OpenSSL/wolfProvider packages:\n"
          ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
          ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
          ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}

          apt install --reinstall -y \
            ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb

          apt install --reinstall -y \
            ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
            ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
            ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb

          apt install --reinstall -y \
            ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb

      - name: Download tpm2-tools
        uses: actions/checkout@v4
        with:
          repository: tpm2-software/tpm2-tools
          ref: ${{ matrix.tpm2_tools_ref }}
          path: tpm2-tools
          fetch-depth: 1

      - name: Build tpm2-tools
        working-directory: tpm2-tools
        run: |
          ./bootstrap
          ./configure \
            --prefix="$GITHUB_WORKSPACE/tpm2-tools-install" \
            --enable-unit
          make -j$(nproc)

      - name: Run tpm2-tools tests
        working-directory: tpm2-tools
        shell: bash
        run: |
          set +o pipefail # ignore errors from make check
          export ${{ matrix.force_fail }}

          # Run only unit tests and integration tests that dont need TPM2 hardware/simulator
          make check TESTS="test/unit/test_string_bytes test/unit/test_files \
          test/unit/test_tpm2_header test/unit/test_tpm2_attr_util test/unit/test_tpm2_alg_util \
          test/unit/test_pcr test/unit/test_tpm2_auth_util test/unit/test_tpm2_errata \
          test/unit/test_tpm2_session test/unit/test_tpm2_policy test/unit/test_tpm2_util \
          test/unit/test_options test/unit/test_cc_util test/unit/test_tpm2_eventlog \
          test/unit/test_tpm2_eventlog_yaml test/unit/test_object \
          test/integration/tests/X509certutil test/integration/tests/toggle_options \
          test/integration/tests/rc_decode test/integration/tests/X509certutil" 2>&1 | tee tpm2-tools-test.log

          # Capture result - Fails test/unit/test_tpm2_policy and test/unit/test_tpm2_eventlog with WPFF
          TEST_RESULT=$(grep -q "# PASS:  20" tpm2-tools-test.log && echo "0" || echo "1")
          $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} tpm2-tools