Skip to content

Implement key ladder in ROM and RT FW. #8519

Implement key ladder in ROM and RT FW.

Implement key ladder in ROM and RT FW. #8519

Workflow file for this run

# docs: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
name: Build and Test
on:
push:
branches: ["main"]
pull_request:
workflow_call:
workflow_dispatch:
jobs:
build_and_test:
runs-on: ubuntu-20.04
env:
CARGO_INCREMENTAL: 0
SCCACHE_VERSION: 0.3.3
SCCACHE_GHA_CACHE_TO: sccache-caliptra-sw
SCCACHE_GHA_CACHE_FROM: sccache-caliptra-sw
# CPTRA_COVERAGE_PATH: /tmp
# Change this to a new random value if you suspect the cache is corrupted
SCCACHE_C_CUSTOM_CACHE_BUSTER: 8b42a6e70ec4
# Compiler warnings should fail to compile
EXTRA_CARGO_CONFIG: "target.'cfg(all())'.rustflags = [\"-Dwarnings\"]"
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Test commit name
run: |
echo "Build-Test: release_ref=$(git rev-parse HEAD)"
- name: Pull dpe submodule
run: |
git submodule update --init dpe
- name: Install required packages
run: |
sudo apt-get update -qy && sudo apt-get install libftdi1-dev libusb-1.0-0-dev golang-1.20-go
- name: Restore sccache binary
uses: actions/cache/restore@v3
id: sccache_bin_restore
with:
path: ~/.cargo/bin/sccache
key: sccache-bin-${{ env.SCCACHE_VERSION }}-${{ env.SCCACHE_C_CUSTOM_CACHE_BUSTER }}
- name: Install sccache
if: steps.sccache_bin_restore.outputs.cache-hit != 'true'
run: |
cargo install sccache --version ${SCCACHE_VERSION} --no-default-features --features=gha --locked
# Save the sccache binary immediately so we can reuse it in future runs
# even if the rest of the current run fails.
- name: Save sccache binary
uses: actions/cache/save@v3
if: steps.sccache_bin_restore.outputs.cache-hit != 'true'
with:
path: ~/.cargo/bin/sccache
key: ${{ steps.sccache_bin_restore.outputs.cache-primary-key }}
- name: Configure sccache
uses: actions/github-script@v6
with:
script: |
core.exportVariable('RUSTC_WRAPPER', process.env.HOME + '/.cargo/bin/sccache');
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
- name: Check that Cargo.lock doesn't need to be updated
# Note: this isn't the same as checking that Cargo.lock is up to date
# (cargo update --locked), which makes sure that every package is the
# latest published version. This is just ensuring that every
# dependency has an entry in Cargo.lock that is compatible with the
# version requirements in all Cargo.toml files.
run: |
# This works because cargo tree requires a Cargo.lock with no required updates
cargo tree --locked > /dev/null || (
echo "Please include required changes to Cargo.lock in your pull request"
# Without the --locked flag, cargo will do the minimal possible update to Cargo.lock
cargo tree > /dev/null 2> /dev/null
# Print out the differences to ease debugging
git diff Cargo.lock
exit 1
)
- name: Check source-code formatting (run "cargo fmt" if this fails)
run: |
cargo fmt --check --all
- name: Check license headers
run: |
cargo run -p caliptra-file-header-fix --locked -- --check
- name: Build
run: |
cargo --config "$EXTRA_CARGO_CONFIG" build --locked
CARGO_TARGET_DIR=target cargo --config "$EXTRA_CARGO_CONFIG" build --locked --manifest-path ci-tools/fpga-boss/Cargo.toml
drivers/test-fw/build.sh
(cd fmc && ./build.sh)
(cd runtime && ./build.sh)
(cd rom/dev && ./build.sh)
sccache --show-stats
# Clippy needs to build crates as part of the check, so do it after the
# build.
- name: Clippy lint check
run: |
# Clippy doesn't look at --config, so manually set RUSTFLAGS to the
# same as the build steps to avoid invalidating the cargo cache.
RUSTFLAGS="-Dwarnings" cargo clippy --locked --all-targets -- -D warnings
CARGO_TARGET_DIR=target RUSTFLAGS="-Dwarnings" cargo clippy --locked --all-targets --manifest-path ci-tools/fpga-boss/Cargo.toml -- -D warnings
# As fuzzing targets are not part of the workspace, perform their tests explicitly.
- name: Build test fuzzing targets
# Intermittently fails and is too slow
if: false
run: |
rustup toolchain install nightly-2023-04-15
cargo +nightly-2023-04-15 install cargo-fuzz cargo-afl
for target in dpe/dpe/fuzz/ drivers/fuzz/ image/verify/fuzz/ x509/fuzz/; do
pushd $target; \
cargo fmt --check; \
# TODO: Depends on https://github.com/chipsalliance/caliptra-sw/issues/681
#cargo clippy; \
cargo +nightly-2023-04-15 fuzz build --features libfuzzer-sys; \
cargo +nightly-2023-04-15 afl build --features afl; \
popd; \
done
for target in drivers/fuzz/ image/verify/fuzz/; do
pushd $target; \
cargo +nightly-2023-04-15 fuzz build --features libfuzzer-sys,struct-aware; \
cargo +nightly-2023-04-15 afl build --features afl,struct-aware; \
popd; \
done
- name: Run tests
run: |
CPTRA_COVERAGE_PATH=/tmp cargo --config "$EXTRA_CARGO_CONFIG" test --locked
CPTRA_COVERAGE_PATH=/tmp cargo --config "$EXTRA_CARGO_CONFIG" run --manifest-path ./coverage/Cargo.toml
CARGO_TARGET_DIR=target cargo --config "$EXTRA_CARGO_CONFIG" test --locked --manifest-path ci-tools/fpga-boss/Cargo.toml
sccache --show-stats
- name: Run emulator conformance tests
run: |
sudo apt-get install gcc-riscv64-unknown-elf binutils-riscv64-unknown-elf
(cd /tmp/ && git clone --depth 1 --branch old-framework-2.x https://github.com/riscv-non-isa/riscv-arch-test)
cargo --config "$EXTRA_CARGO_CONFIG" run --locked -p compliance-test -- --test_root_path /tmp/riscv-arch-test
- name: ROM Makefile
run: |
(cd rom/dev && make run)
- name: Caliptra HW-Model C Binding Smoke Test
run: |
git submodule update --init
(cd hw-model/c-binding/examples && make run)
- name: Caliptra C API Hwmodel Integration Test
run: |
(cd libcaliptra/examples/hwmodel && make && ./hwmodel)
- name: DPE Verification Tests
run: |
(cd test/dpe_verification && make run)