Skip to content

build and share docker image across jobs #628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Sep 6, 2022
Merged

build and share docker image across jobs #628

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
86465be
Share a built docker image across Github jobs
mohamedasaker-arm Jul 28, 2022
5224685
Use composit action to reuse the loading docker steps
mohamedasaker-arm Jul 29, 2022
02d9459
Load and run the local docker image if only it's built locally
mohamedasaker-arm Jul 29, 2022
88eae7a
Remove load docker step from cross-compilation job
mohamedasaker-arm Aug 1, 2022
4ff9f7f
Fix: Fuzz-test checker job
mohamedasaker-arm Aug 2, 2022
8270d3d
Disable Docker build
mohamedasaker-arm Sep 5, 2022
607cf43
Fix typo in ci.yml file
mohamedasaker-arm Sep 6, 2022
ec62bb8
Merge branch 'main' into ci/build-share-docker-image-across-jobs
gowthamsk-arm Sep 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .github/actions/load_docker/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: "Load docker image"
description: "Load docker image"
inputs:
image-name:
required: true
description: "Docker image name"
image-path:
required: true
description: "Path to save the docker image"
# ...name, description and inputs as above
runs:
using: "composite"
steps:
- uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.image-name }}
path: ${{ inputs.image-path }}
- name: Load image
run: docker load --input ${{ inputs.image-path }}/${{ inputs.image-name }}.tar
shell: bash
177 changes: 109 additions & 68 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,145 +2,186 @@ name: Continuous Integration

on: [push, pull_request, workflow_dispatch]

env:
# TEST_ALL_DOCKER_IMAGE: 'parsec-service-test-all'
TEST_ALL_DOCKER_IMAGE: 'ghcr.io/parallaxsecond/parsec-service-test-all'

jobs:
build-and-export-test-all-docker:
runs-on: ubuntu-latest
# If TEST_ALL_DOCKER_IMAGE is 'parsec-service-test-all' or any local image,
# the following condition must evaluate true to execute this job
# Else it must evaluate false to NOT execute this job
# Unfortunately, env.TEST_ALL_DOCKER_IMAGE cannot be used here as the `env` context is not recognized at this level.
if: ${{ false }} # env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all'
steps:
- uses: actions/checkout@v3
- name: Build the docker container
run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Export the docker container
run: docker save parsec-service-test-all > /tmp/parsec-service-test-all.tar
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: parsec-service-test-all
path: /tmp/parsec-service-test-all.tar

all-providers:
name: Various tests targeting a Parsec image with all providers included
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
# Use the following step when updating the `parsec-service-test-all` image
# - name: Build the container
# run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run:
docker run -v $(pwd):/tmp/parsec -w /tmp/parsec
ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh all
# When running the container built on the CI
# run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh all
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh all

build-all-providers:
name: Cargo check all-providers (current Rust stable & old compiler)
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
# Use the following step when updating the `parsec-service-test-all` image
# - name: Build the container
# run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run:
docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh cargo-check
# When running the container built on the CI
# run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh cargo-check
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh cargo-check

mbed-crypto-provider:
name: Integration tests using Mbed Crypto provider
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
# Use the following step when updating the `parsec-service-test-all` image
# - name: Build the container
# run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run:
docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh mbed-crypto
# When running the container built on the CI
# run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh mbed-crypto
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh mbed-crypto

pkcs11-provider:
name: Integration tests using PKCS 11 provider
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
# Use the following step when updating the `parsec-service-test-all` image
# - name: Build the container
# run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
# Not running stress tests because they fail, presumably because of the same issue as #264
run:
docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh pkcs11 --no-stress-test
# When running the container built on the CI
# run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh pkcs11 --no-stress-test
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh pkcs11 --no-stress-test

tpm-provider:
name: Integration tests using TPM provider
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
# Use the following step when updating the `parsec-service-test-all` image
# - name: Build the container
# run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run:
docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh tpm
# When running the container built on the CI
# run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh tpm
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh tpm

trusted-service-provider:
name: Integration tests using Crypto Trusted Service provider
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
# Use the following step when updating the `parsec-service-test-all` image
# - name: Build the container
# run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run:
docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh trusted-service
# When running the container built on the CI
# run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh trusted-service
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh trusted-service

cryptoauthlib-provider:
name: Integration tests using CryptoAuthentication Library provider
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
# Use the following step when updating the `parsec-service-test-all` image
# - name: Build the container
# run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
# Not running stress tests because rust-cryptoauthlib test-interface does not support required calls
run:
docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh cryptoauthlib --no-stress-test
# When running the container built on the CI
# run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh cryptoauthlib --no-stress-test
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh cryptoauthlib --no-stress-test

fuzz-test-checker:
name: Check that the fuzz testing framework is still working
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
# Use the following step when updating the `parsec-service-test-all` image
# - name: Build the container
# run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Run the fuzz test script
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
# Not running stress tests because rust-cryptoauthlib test-interface does not support required calls
- name: Run the fuzz test script From Container
# When running the container built on the CI
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
run: CONTAINER_TAG=parsec-service-test-all ./fuzz.sh test
- name: Run the fuzz test script
if: ${{ env.TEST_ALL_DOCKER_IMAGE != 'parsec-service-test-all' }}
run: ./fuzz.sh test
# When running the container built on the CI
# run: CONTAINER_TAG=parsec-service-test-all ./fuzz.sh test

on-disk-kim:
name: OnDiskKIM E2E tests on all providers
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
# Use the following step when updating the `parsec-service-test-all` image
# - name: Build the container
# run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run:
docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh on-disk-kim
# When running the container built on the CI
# run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-all /tmp/parsec/ci.sh on-disk-kim
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh on-disk-kim

cross-compilation:
# Currently only the Mbed Crypto, PKCS 11, and TPM providers are tested as the other ones need to cross-compile other libraries.
name: Cross-compile Parsec to various targets
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# Use the following step when updating the `parsec-service-test-cross-compile` image
# - name: Build the container
# run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-cross-compile -f parsec-service-test-cross-compile.Dockerfile . && popd
- name: Run the container to execute the test script
run:
docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-cross-compile /tmp/parsec/test/cross-compile.sh
Expand Down