add Dockerfile
for reproducible build
#1275
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
paths-ignore: | |
- "**.md" | |
pull_request: | |
paths-ignore: | |
- "**.md" | |
workflow_dispatch: | |
name: Build | |
env: | |
AS: nasm | |
AR_x86_64_unknown_linux_gnu: llvm-ar | |
CC_x86_64_unknown_linux_gnu: clang | |
AR_x86_64_unknown_none: llvm-ar | |
CC_x86_64_unknown_none: clang | |
RUST_TOOLCHAIN: nightly-2023-08-28 | |
TOOLCHAIN_PROFILE: minimal | |
jobs: | |
system_compile: | |
name: Compile the final.bin file | |
runs-on: ${{ matrix.host_os }} | |
timeout-minutes: 30 | |
strategy: | |
matrix: | |
host_os: | |
- ubuntu-20.04 | |
- windows-2019 | |
steps: | |
# Install first since it's needed to build NASM | |
- name: Install LLVM and Clang | |
uses: KyleMayes/install-llvm-action@v1 | |
with: | |
version: "10.0" | |
directory: ${{ runner.temp }}/llvm | |
- name: install NASM | |
uses: ilammy/setup-nasm@v1 | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: ${{ env.TOOLCHAIN_PROFILE }} | |
toolchain: ${{ env.RUST_TOOLCHAIN }} | |
override: true | |
components: rust-src | |
- name: Cache | |
uses: Swatinem/rust-cache@v2 | |
- name: Run cargo install cargo-xbuild | |
uses: actions-rs/cargo@v1 | |
with: | |
command: install | |
args: cargo-xbuild | |
- name: Preparation Work | |
run: bash sh_script/preparation.sh | |
- name: Test Shim Crates | |
run: make test | |
- name: Build Release TdShim | |
uses: actions-rs/cargo@v1 | |
with: | |
command: xbuild | |
args: -p td-shim --target x86_64-unknown-none --release --features=main,tdx | |
- name: Build Debug TdShim | |
uses: actions-rs/cargo@v1 | |
with: | |
command: xbuild | |
args: -p td-shim --target x86_64-unknown-none --features=main,tdx --no-default-features | |
- name: Build td-shim-tools | |
run: | | |
cargo build -p td-shim-tools | |
- name: Build image without payload | |
run: | | |
cargo image --release | |
- name: Meta data check | |
run: | | |
cargo run -p td-shim-tools --bin td-shim-checker --no-default-features --features=loader -- target/release/final.bin | |
- name: Build debug image without payload | |
run: | | |
cargo image | |
- name: Build Release Elf format payload | |
run: | | |
cargo image --example-payload --release | |
- name: Build Debug Elf format payload | |
run: | | |
cargo image --example-payload |