parallaxsecond · mohamedasaker-arm · Sep 6, 2022 · Jul 28, 2022 · Jul 29, 2022 · Jul 29, 2022
diff --git a/.github/actions/load_docker/action.yml b/.github/actions/load_docker/action.yml
@@ -0,0 +1,22 @@
+name: "Load docker image"
+description: "Load docker image"
+inputs:
+ image-name:
+ required: true
+ description: "Docker image name"
+ image-path:
+ required: true
+ description: "Path to save the docker image"
+# ...name, description and inputs as above
+runs:
+ using: "composite"
+ steps:
+ - uses: actions/checkout@v3
+ - name: Download artifact
+ uses: actions/download-artifact@v3
+ with:
+ name: ${{ inputs.image-name }}
+ path: ${{ inputs.image-path }}
+ - name: Load image
+ run: docker load --input ${{ inputs.image-path }}/${{ inputs.image-name }}.tar
+ shell: bash
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,145 +2,186 @@ name: Continuous Integration
 
 on: [push, pull_request, workflow_dispatch]
 
+env:
+ # TEST_ALL_DOCKER_IMAGE: 'parsec-service-test-all'
+ TEST_ALL_DOCKER_IMAGE: 'ghcr.io/parallaxsecond/parsec-service-test-all'
+
 jobs:
+ build-and-export-test-all-docker:
+ runs-on: ubuntu-latest
+ # If TEST_ALL_DOCKER_IMAGE is 'parsec-service-test-all' or any local image,
+ # the following condition must evaluate true to execute this job
+ # Else it must evaluate false to NOT execute this job
+ # Unfortunately, env.TEST_ALL_DOCKER_IMAGE cannot be used here as the `env` context is not recognized at this level.
+ if: ${{ false }} # env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all'
+ steps:
+ - uses: actions/checkout@v3
+ - name: Build the docker container
+ run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
+ - name: Export the docker container
+ run: docker save parsec-service-test-all > /tmp/parsec-service-test-all.tar
+ - name: Upload artifact
+ uses: actions/upload-artifact@v3
+ with:
+ name: parsec-service-test-all
+ path: /tmp/parsec-service-test-all.tar
+
  all-providers:
  name: Various tests targeting a Parsec image with all providers included
  runs-on: ubuntu-latest
+ if: ${{ always() }}
+ needs: [build-and-export-test-all-docker]
  steps:
  - uses: actions/checkout@v2
- # Use the following step when updating the `parsec-service-test-all` image
- # - name: Build the container
- # run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
+ - name: Load Docker
+ uses: ./.github/actions/load_docker
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
+ with:
+ image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
+ image-path: "/tmp"
  - name: Run the container to execute the test script
- run:
- docker run -v $(pwd):/tmp/parsec -w /tmp/parsec
- ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh all
- # When running the container built on the CI
- # run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh all
+ run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh all
 
  build-all-providers:
  name: Cargo check all-providers (current Rust stable & old compiler)
  runs-on: ubuntu-latest
+ if: ${{ always() }}
+ needs: [build-and-export-test-all-docker]
  steps:
  - uses: actions/checkout@v2
- # Use the following step when updating the `parsec-service-test-all` image
- # - name: Build the container
- # run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
+ - name: Load Docker
+ uses: ./.github/actions/load_docker
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
+ with:
+ image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
+ image-path: "/tmp"
  - name: Run the container to execute the test script
- run:
- docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh cargo-check
- # When running the container built on the CI
- # run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh cargo-check
+ run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh cargo-check
 
  mbed-crypto-provider:
  name: Integration tests using Mbed Crypto provider
  runs-on: ubuntu-latest
+ if: ${{ always() }}
+ needs: [build-and-export-test-all-docker]
  steps:
  - uses: actions/checkout@v2
- # Use the following step when updating the `parsec-service-test-all` image
- # - name: Build the container
- # run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
+ - name: Load Docker
+ uses: ./.github/actions/load_docker
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
+ with:
+ image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
+ image-path: "/tmp"
  - name: Run the container to execute the test script
- run:
- docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh mbed-crypto
- # When running the container built on the CI
- # run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh mbed-crypto
+ run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh mbed-crypto
 
  pkcs11-provider:
  name: Integration tests using PKCS 11 provider
  runs-on: ubuntu-latest
+ if: ${{ always() }}
+ needs: [build-and-export-test-all-docker]
  steps:
  - uses: actions/checkout@v2
- # Use the following step when updating the `parsec-service-test-all` image
- # - name: Build the container
- # run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
+ - name: Load Docker
+ uses: ./.github/actions/load_docker
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
+ with:
+ image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
+ image-path: "/tmp"
  - name: Run the container to execute the test script
- # Not running stress tests because they fail, presumably because of the same issue as #264
- run:
- docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh pkcs11 --no-stress-test
- # When running the container built on the CI
- # run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh pkcs11 --no-stress-test
+ run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh pkcs11 --no-stress-test
 
  tpm-provider:
  name: Integration tests using TPM provider
  runs-on: ubuntu-latest
+ if: ${{ always() }}
+ needs: [build-and-export-test-all-docker]
  steps:
  - uses: actions/checkout@v2
- # Use the following step when updating the `parsec-service-test-all` image
- # - name: Build the container
- # run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
+ - name: Load Docker
+ uses: ./.github/actions/load_docker
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
+ with:
+ image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
+ image-path: "/tmp"
  - name: Run the container to execute the test script
- run:
- docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh tpm
- # When running the container built on the CI
- # run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh tpm
+ run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh tpm
 
  trusted-service-provider:
  name: Integration tests using Crypto Trusted Service provider
  runs-on: ubuntu-latest
+ if: ${{ always() }}
+ needs: [build-and-export-test-all-docker]
  steps:
  - uses: actions/checkout@v2
- # Use the following step when updating the `parsec-service-test-all` image
- # - name: Build the container
- # run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
+ - name: Load Docker
+ uses: ./.github/actions/load_docker
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
+ with:
+ image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
+ image-path: "/tmp"
  - name: Run the container to execute the test script
- run:
- docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh trusted-service
- # When running the container built on the CI
- # run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh trusted-service
+ run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh trusted-service
 
  cryptoauthlib-provider:
  name: Integration tests using CryptoAuthentication Library provider
  runs-on: ubuntu-latest
+ if: ${{ always() }}
+ needs: [build-and-export-test-all-docker]
  steps:
  - uses: actions/checkout@v2
- # Use the following step when updating the `parsec-service-test-all` image
- # - name: Build the container
- # run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
+ - name: Load Docker
+ uses: ./.github/actions/load_docker
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
+ with:
+ image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
+ image-path: "/tmp"
  - name: Run the container to execute the test script
- # Not running stress tests because rust-cryptoauthlib test-interface does not support required calls
- run:
- docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh cryptoauthlib --no-stress-test
- # When running the container built on the CI
- # run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh cryptoauthlib --no-stress-test
+ run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh cryptoauthlib --no-stress-test
 
  fuzz-test-checker:
  name: Check that the fuzz testing framework is still working
  runs-on: ubuntu-latest
+ if: ${{ always() }}
+ needs: [build-and-export-test-all-docker]
  steps:
  - uses: actions/checkout@v2
- # Use the following step when updating the `parsec-service-test-all` image
- # - name: Build the container
- # run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- - name: Run the fuzz test script
+ - name: Load Docker
+ uses: ./.github/actions/load_docker
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
+ with:
+ image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
+ image-path: "/tmp"
  # Not running stress tests because rust-cryptoauthlib test-interface does not support required calls
+ - name: Run the fuzz test script From Container
+ # When running the container built on the CI
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
+ run: CONTAINER_TAG=parsec-service-test-all ./fuzz.sh test
+ - name: Run the fuzz test script
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE != 'parsec-service-test-all' }}
  run: ./fuzz.sh test
- # When running the container built on the CI
- # run: CONTAINER_TAG=parsec-service-test-all ./fuzz.sh test
 
  on-disk-kim:
  name: OnDiskKIM E2E tests on all providers
  runs-on: ubuntu-latest
+ if: ${{ always() }}
+ needs: [build-and-export-test-all-docker]
  steps:
  - uses: actions/checkout@v2
- # Use the following step when updating the `parsec-service-test-all` image
- # - name: Build the container
- # run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
+ - name: Load Docker
+ uses: ./.github/actions/load_docker
+ if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
+ with:
+ image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
+ image-path: "/tmp"
  - name: Run the container to execute the test script
- run:
- docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh on-disk-kim
- # When running the container built on the CI
- # run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh on-disk-kim
+ run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh on-disk-kim
 
  cross-compilation:
  # Currently only the Mbed Crypto, PKCS 11, and TPM providers are tested as the other ones need to cross-compile other libraries.
  name: Cross-compile Parsec to various targets
  runs-on: ubuntu-latest
  steps:
  - uses: actions/checkout@v2
- # Use the following step when updating the `parsec-service-test-cross-compile` image
- # - name: Build the container
- # run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-cross-compile -f parsec-service-test-cross-compile.Dockerfile . && popd
  - name: Run the container to execute the test script
  run:
  docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-cross-compile /tmp/parsec/test/cross-compile.sh