config: update production policy #244
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| paths-ignore: | |
| - "**.md" | |
| pull_request: | |
| paths-ignore: | |
| - "**.md" | |
| workflow_dispatch: | |
| name: Integration Test on TDX Server | |
| env: | |
| AS: nasm | |
| RUST_TOOLCHAIN: nightly-2023-12-31 | |
| TOOLCHAIN_PROFILE: minimal | |
| permissions: | |
| contents: read | |
| jobs: | |
| virtio_vsock: | |
| name: Run TDX Integration Test (virtio-vsock) | |
| runs-on: [self-hosted, tdx] | |
| # timeout-minutes: 30 | |
| steps: | |
| # Install first since it's needed to build NASM | |
| # - name: Install LLVM and Clang | |
| # uses: KyleMayes/install-llvm-action@v1 | |
| # with: | |
| # version: "10.0" | |
| # directory: ${{ runner.temp }}/llvm | |
| # - name: Install NASM | |
| # uses: ilammy/setup-nasm@v1 | |
| # - name: Install tools for sgx lib | |
| # run: sudo dnf group install 'Development Tools' | sudo dnf --enablerepo=powertools install ocaml ocaml-ocamlbuild wget rpm-build pkgcon | |
| - name: Clean test repository | |
| run: | | |
| sudo rm -rf sh_script/test/ | |
| - name: Checkout sources | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| submodules: recursive | |
| - name: Preparation Work | |
| run: bash sh_script/preparation.sh | |
| - name: Build Migration TD binary | |
| run: cargo image --policy config/policy_pre_production_fmspc.json --root-ca config/Intel_SGX_Provisioning_Certification_RootCA_preproduction.cer | |
| - name: Run Tests - Test Migration TD 20 Cycles | |
| run: | | |
| pushd sh_script/test | |
| sudo pytest -k "cycle" | |
| popd | |
| - name: Run Tests - Test pre-binding | |
| run: | | |
| pushd sh_script/test | |
| sudo pytest -k "pre_binding" --servtd_hash $(cargo hash --image $GITHUB_WORKSPACE/target/release/migtd.bin) | |
| popd | |
| - name: Build all test binaries | |
| run: bash sh_script/build_final.sh -t test -c -a on | |
| - name: Run Tests | |
| run: | | |
| pushd sh_script/test | |
| sudo pytest -k "function" | |
| popd | |
| virtio_serial: | |
| name: Run TDX Integration Test (virtio-serial) | |
| runs-on: [self-hosted, tdx] | |
| steps: | |
| - name: Clean test repository | |
| run: | | |
| sudo rm -rf sh_script/test/ | |
| - name: Checkout sources | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| submodules: recursive | |
| - name: Preparation Work | |
| run: bash sh_script/preparation.sh | |
| - name: Build Migration TD binary | |
| run: cargo image --no-default-features --features stack-guard,virtio-serial --policy config/policy_pre_production_fmspc.json --root-ca config/Intel_SGX_Provisioning_Certification_RootCA_preproduction.cer | |
| - name: Run Tests - Test Migration TD 20 Cycles | |
| run: | | |
| pushd sh_script/test | |
| sudo pytest -k "cycle" --device_type serial | |
| popd | |
| - name: Run Tests - Test pre-binding | |
| run: | | |
| pushd sh_script/test | |
| sudo pytest -k "pre_binding" --device_type serial --servtd_hash $(cargo hash --image $GITHUB_WORKSPACE/target/release/migtd.bin) | |
| popd | |
| - name: Build all test binaries | |
| run: bash sh_script/build_final.sh -t test -c -a on -d serial | |
| - name: Run Tests | |
| run: | | |
| pushd sh_script/test | |
| sudo pytest -k "function" --device_type serial | |
| popd | |