build(deps): bump github/codeql-action from 4.32.1 to 4.32.2 #464
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration (Emulation Mode) | |
| # Trigger on push and pull request events | |
| on: | |
| push: | |
| paths-ignore: | |
| - "**.md" | |
| - "doc/**" | |
| pull_request: | |
| paths-ignore: | |
| - "**.md" | |
| - "doc/**" | |
| workflow_dispatch: | |
| env: | |
| AS: nasm | |
| RUST_TOOLCHAIN: 1.88.0 | |
| TOOLCHAIN_PROFILE: minimal | |
| permissions: | |
| contents: read | |
| jobs: | |
| emulation-tests: | |
| name: ${{ matrix.test-name }} | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 60 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - test-name: "Build and Test (Skip RA)" | |
| test-type: "skip-ra" | |
| install-jq: 'false' | |
| timeout-seconds: 300 | |
| test-command: "./migtdemu.sh --skip-ra --both --no-sudo --log-level info" | |
| artifact-name: "skip-ra-test-logs" | |
| - test-name: "Policy v2 with Mock Report" | |
| test-type: "policy-v2" | |
| install-jq: 'true' | |
| timeout-seconds: 900 | |
| test-command: "./sh_script/build_AzCVMEmu_policy_and_test.sh --mock-report" | |
| artifact-name: "policy-v2-test-logs" | |
| - test-name: "Policy v2 with Mock Report and IGVM Attest" | |
| test-type: "policy-v2-igvm" | |
| install-jq: 'true' | |
| timeout-seconds: 900 | |
| test-command: "./sh_script/build_AzCVMEmu_policy_and_test.sh --mock-report --extra-features igvm-attest" | |
| artifact-name: "policy-v2-igvm-test-logs" | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| submodules: recursive | |
| - name: Setup build environment | |
| uses: ./.github/actions/setup-build-environment | |
| with: | |
| install-tpm-tools: 'true' | |
| install-jq: ${{ matrix.install-jq }} | |
| - name: Build MigTD for skip-ra test | |
| if: matrix.test-type == 'skip-ra' | |
| run: | | |
| echo "Building MigTD with AzCVMEmu and test features for emulation testing..." | |
| cargo build --release --features "AzCVMEmu,test_disable_ra_and_accept_all" --no-default-features | |
| - name: Verify emulation script | |
| if: matrix.test-type == 'skip-ra' | |
| run: | | |
| if [[ ! -f "./migtdemu.sh" ]]; then | |
| echo "Error: migtdemu.sh not found" | |
| exit 1 | |
| fi | |
| chmod +x ./migtdemu.sh | |
| if [[ ! -f "./target/release/migtd" ]]; then | |
| echo "Error: migtd binary not found after build" | |
| exit 1 | |
| fi | |
| echo "Emulation script and binary are ready" | |
| - name: Prepare policy v2 script | |
| if: matrix.test-type == 'policy-v2' || matrix.test-type == 'policy-v2-igvm' | |
| run: chmod +x ./sh_script/build_AzCVMEmu_policy_and_test.sh | |
| - name: Run test | |
| id: test_run | |
| run: | | |
| echo "Running: ${{ matrix.test-name }}" | |
| echo "Command: ${{ matrix.test-command }}" | |
| set +e | |
| timeout ${{ matrix.timeout-seconds }} ${{ matrix.test-command }} | |
| EXIT_CODE=$? | |
| set -e | |
| echo "Test completed with exit code: $EXIT_CODE" | |
| if [[ $EXIT_CODE -eq 0 ]]; then | |
| echo "✅ Test completed successfully" | |
| echo "test_status=success" >> $GITHUB_OUTPUT | |
| elif [[ $EXIT_CODE -eq 124 ]]; then | |
| echo "❌ Test timed out after ${{ matrix.timeout-seconds }} seconds" | |
| echo "test_status=timeout" >> $GITHUB_OUTPUT | |
| exit 1 | |
| else | |
| echo "❌ Test failed with exit code $EXIT_CODE" | |
| echo "test_status=failed" >> $GITHUB_OUTPUT | |
| exit $EXIT_CODE | |
| fi | |
| - name: Check test outputs | |
| if: always() | |
| run: | | |
| echo "=== Test Execution Summary ===" | |
| echo "Test: ${{ matrix.test-name }}" | |
| echo "Status: ${{ steps.test_run.outputs.test_status || 'unknown' }}" | |
| if [[ -f "dest.out.log" ]]; then | |
| DEST_LOG_SIZE=$(wc -l < dest.out.log) | |
| echo "Destination log found: $DEST_LOG_SIZE lines" | |
| echo "" | |
| echo "=== Last 50 lines of destination log ===" | |
| tail -n 50 dest.out.log | |
| echo "" | |
| echo "=== First 20 lines of destination log ===" | |
| head -n 20 dest.out.log | |
| else | |
| echo "No destination log file found" | |
| fi | |
| # Check policy files for policy v2 tests | |
| if [[ "${{ matrix.test-type }}" == "policy-v2" || "${{ matrix.test-type }}" == "policy-v2-igvm" ]]; then | |
| if [[ -f "config/AzCVMEmu/policy_v2_signed.json" ]]; then | |
| POLICY_SIZE=$(wc -c < config/AzCVMEmu/policy_v2_signed.json) | |
| echo "" | |
| echo "Policy file generated: ${POLICY_SIZE} bytes" | |
| fi | |
| if [[ -f "config/AzCVMEmu/policy_issuer_chain.pem" ]]; then | |
| echo "Certificate chain file generated" | |
| fi | |
| fi | |
| # Check for core dumps (skip-ra test) | |
| if [[ "${{ matrix.test-type }}" == "skip-ra" ]]; then | |
| if ls core* 1> /dev/null 2>&1; then | |
| echo "" | |
| echo "=== Core dumps found ===" | |
| ls -la core* | |
| fi | |
| fi | |
| - name: Upload test artifacts on failure | |
| if: failure() | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: ${{ matrix.artifact-name }}-${{ github.run_id }} | |
| path: | | |
| dest.out.log | |
| *.log | |
| core* | |
| config/AzCVMEmu/policy_v2_signed.json | |
| config/AzCVMEmu/policy_issuer_chain.pem | |
| target/release/migtd | |
| retention-days: 7 | |
| if-no-files-found: ignore | |
| - name: Report final status | |
| if: always() | |
| run: | | |
| echo "=== ${{ matrix.test-name }} ===" | |
| case "${{ steps.test_run.outputs.test_status }}" in | |
| "success") | |
| echo "🎉 Test passed successfully!" | |
| ;; | |
| "timeout") | |
| echo "⏰ Test timed out after ${{ matrix.timeout-seconds }} seconds" | |
| echo "Check logs for hanging processes or infinite loops." | |
| ;; | |
| "failed"|*) | |
| echo "❌ Test failed" | |
| echo "Check the test logs above and uploaded artifacts for debugging details." | |
| ;; | |
| esac |