Skip to content

Basic integration test of oak containers attestation. #13118

Basic integration test of oak containers attestation.

Basic integration test of oak containers attestation. #13118

Workflow file for this run

name: Continuous Integration
on:
push:
branches: [main]
pull_request:
branches: [main]
# See https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
xtask:
runs-on: ubuntu-20.04
timeout-minutes: 120
# We use the same job template, but parametrize the actual command to be passed to the xtask
# binary using the matrix strategy, so that we get the commands running in parallel.
strategy:
fail-fast: false
matrix:
# Do not add `run-ci` to these commands. We parse them for `xtask run-ci`.
cmd:
- check-format
- run-cargo-deny
- run-cargo-udeps
- run-bazel-tests
- run-cargo-fuzz -- -max_total_time=2
- completion
- run-cargo-clippy
steps:
- name: Checkout branch
uses: actions/checkout@v3
with:
fetch-depth: 2
# See build.yaml.
- name: Free disk space
run: |
set -o errexit
set -o xtrace
df --human-readable
sudo apt-get remove --yes \
'^dotnet-.*' '^llvm-.*' 'php.*' azure-cli \
hhvm google-chrome-stable firefox powershell
df --human-readable
sudo apt-get autoremove --yes
df --human-readable
sudo apt clean
df --human-readable
docker rmi $(docker image ls --all --quiet)
df --human-readable
rm --recursive --force "${AGENT_TOOLSDIRECTORY}"
df --human-readable
- name: Docker pull
timeout-minutes: 10
run: |
./scripts/docker_pull
df --human-readable
- name: Run command
env:
RUST_BACKTRACE: 1
RUST_LOG: debug
# Do not run tests that require KVM on GitHub Actions, since nested virtualization is not supported.
OAK_KVM_TESTS: skip
run: |
./scripts/docker_run nix develop .#ci --command ./scripts/xtask ${{ matrix.cmd }}
df --human-readable
# Ensure that the previous steps did not modify our source-code and that
# relevant build artifacts are ignored by git.
- name: Git check diff
run: ./scripts/docker_run ./scripts/git_check_diff