Skip to content

Disable shared key access on test storage account #2850

Disable shared key access on test storage account

Disable shared key access on test storage account #2850

Workflow file for this run

name: 'test'
on:
- 'pull_request'
- 'push'
permissions:
issues: write
pull-requests: write
jobs:
basic:
runs-on: 'ubuntu-22.04'
strategy:
fail-fast: false
matrix:
container_os:
- 'debian:11-slim'
- 'debian:12-slim'
- 'redhat/ubi8:latest'
- 'redhat/ubi9:latest'
- 'ubuntu:20.04'
- 'ubuntu:22.04'
arch:
- 'amd64'
steps:
- uses: 'actions/checkout@v3'
with:
submodules: 'recursive'
- name: 'Run'
run: |
docker run --rm \
-v "$GITHUB_WORKSPACE:/src" \
-e "ARCH=$ARCH" \
"${{ matrix.container_os }}" \
'/src/ci/test-basic.sh'
env:
ARCH: "${{ matrix.arch }}"
- name: 'Generate artifact properties'
id: 'generate-artifact-properties'
run: |
container_os="${{ matrix.container_os }}"
container_os="$(sed -e 's@[:/]@-@g' <<< "$container_os")"
echo "artifact-name=test-artifacts_${container_os}_${{ matrix.arch }}" >> $GITHUB_OUTPUT
case "${{ matrix.arch }}" in
'amd64') target_dir='x86_64-unknown-linux-gnu' ;;
'arm32v7') target_dir='armv7-unknown-linux-gnueabihf' ;;
'aarch64') target_dir='aarch64-unknown-linux-gnu' ;;
esac
echo "target_dir=$target_dir" >> $GITHUB_OUTPUT
- name: 'Upload'
uses: 'actions/upload-artifact@v3'
with:
name: "${{ steps.generate-artifact-properties.outputs.artifact-name }}"
path: |
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/fakeroot/
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/aziotd
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/aziot-key-openssl-engine-shared-test
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/libaziot_key_openssl_engine_shared.so
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/libaziot_keys.so
target/${{ steps.generate-artifact-properties.outputs.target_dir }}/debug/mock-iot-server
if-no-files-found: 'error'
aziot-key-openssl-engine-shared:
runs-on: 'ubuntu-22.04'
strategy:
fail-fast: false
matrix:
container_os:
- 'debian:11-slim'
- 'debian:12-slim'
- 'redhat/ubi8:latest'
- 'redhat/ubi9:latest'
- 'ubuntu:20.04'
- 'ubuntu:22.04'
pkcs11_backend:
- '' # filesystem keys
- 'softhsm'
key_type:
- 'ec-p256'
- 'rsa-2048'
- 'rsa-4096'
arch:
- 'amd64'
needs: 'basic'
steps:
- uses: 'actions/checkout@v3'
with:
submodules: 'recursive'
- name: 'Generate artifact properties'
id: 'generate-artifact-properties'
run: |
container_os="${{ matrix.container_os }}"
container_os="$(sed -e 's@[:/]@-@g' <<< "$container_os")"
echo "artifact-name=test-artifacts_${container_os}_${{ matrix.arch }}" >> $GITHUB_OUTPUT
case "${{ matrix.arch }}" in
'amd64') target_dir='x86_64-unknown-linux-gnu' ;;
'arm32v7') target_dir='armv7-unknown-linux-gnueabihf' ;;
'aarch64') target_dir='aarch64-unknown-linux-gnu' ;;
esac
echo "target_dir=$target_dir" >> $GITHUB_OUTPUT
- name: 'Download'
id: 'download-artifact'
uses: 'actions/download-artifact@v3'
with:
name: "${{ steps.generate-artifact-properties.outputs.artifact-name }}"
path: 'target/debug'
- name: 'Run'
run: |
docker run --rm \
-v "$GITHUB_WORKSPACE:/src" \
-e "ARCH=$ARCH" \
-e "KEY_TYPE=$KEY_TYPE" \
-e "PKCS11_BACKEND=$PKCS11_BACKEND" \
"${{ matrix.container_os }}" \
'/src/ci/test-aziot-key-openssl-engine-shared.sh'
env:
ARCH: "${{ matrix.arch }}"
KEY_TYPE: "${{ matrix.key_type }}"
PKCS11_BACKEND: "${{ matrix.pkcs11_backend }}"
mock-iot-tests:
runs-on: 'ubuntu-22.04'
strategy:
fail-fast: false
matrix:
container_os:
- 'redhat/ubi8:latest'
- 'redhat/ubi9:latest'
arch:
- 'amd64'
test:
- 'mock-iot-provision'
needs: 'basic'
steps:
- uses: 'actions/checkout@v3'
- name: 'Generate artifact properties'
id: 'generate-artifact-properties'
run: |
container_os="${{ matrix.container_os }}"
container_os="$(sed -e 's@[:/]@-@g' <<< "$container_os")"
echo "artifact-name=test-artifacts_${container_os}_${{ matrix.arch }}" >> $GITHUB_OUTPUT
case "${{ matrix.arch }}" in
'amd64') target_dir='x86_64-unknown-linux-gnu' ;;
'arm32v7') target_dir='armv7-unknown-linux-gnueabihf' ;;
'aarch64') target_dir='aarch64-unknown-linux-gnu' ;;
esac
echo "target_dir=$target_dir" >> $GITHUB_OUTPUT
- name: 'Download'
id: 'download-artifact'
uses: 'actions/download-artifact@v3'
with:
name: "${{ steps.generate-artifact-properties.outputs.artifact-name }}"
path: 'target/debug'
- name: 'Generate certificates'
run: |
touch ~/.rnd
mkdir mock_iot_server_certs
cd mock_iot_server_certs
../ci/mock-iot-tests/mock-iot-cert-gen.sh
- name: 'Run test'
run: |
docker run --rm \
-v "$GITHUB_WORKSPACE:/src" \
-e "CONTAINER_OS=$CONTAINER_OS" \
-e "ROOT_CERT=$ROOT_CERT" \
-e "SERVER_CERT_CHAIN=$SERVER_CERT_CHAIN" \
-e "SERVER_KEY=$SERVER_KEY" \
"${{ matrix.container_os }}" \
'/src/ci/mock-iot-tests/${{ matrix.test }}.sh'
env:
CONTAINER_OS: "${{ matrix.container_os }}"
ROOT_CERT: '/src/mock_iot_server_certs/root_cert.pem'
SERVER_CERT_CHAIN: '/src/mock_iot_server_certs/server_cert_chain.pem'
SERVER_KEY: '/src/mock_iot_server_certs/server_cert_key.pem'
openapi:
runs-on: 'ubuntu-22.04'
steps:
- uses: 'actions/checkout@v3'
- name: 'Test OpenAPI specs'
run: |
make target/openapi-schema-validated
codecoverage:
runs-on: 'ubuntu-22.04'
steps:
- uses: 'actions/checkout@v3'
with:
submodules: 'recursive'
- name: Run Code Coverage
run: |
# cargo-tarpaulin needs a privileged container because it needs to disable ASLR for its instrumentation,
# for which it uses seccomp.
mkdir $GITHUB_WORKSPACE/coverage
docker run --rm \
-v "$GITHUB_WORKSPACE:/src" \
-e "ARCH=$ARCH" \
--privileged \
--name "code-cov" \
"ubuntu:22.04" \
'/src/ci/code-coverage.sh'
sudo chown -R runner:docker $GITHUB_WORKSPACE/coverage
env:
ARCH: 'amd64'