Skip to content

Stepsecurity remediation 1726530247 #427

Stepsecurity remediation 1726530247

Stepsecurity remediation 1726530247 #427

Workflow file for this run

---
name: Build And Test
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
env:
CARGO_TERM_COLOR: always
PUBLIC_SIMICS_PKGS_URL_WINDOWS: "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/simics-6-packages-2024-05-win64.ispm"
# NOTE: We use the old ISPM because there is something wrong with 1.8.3 with unattended installation
# PUBLIC_SIMICS_ISPM_URL_WINDOWS: "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/881ee76a-c24d-41c0-af13-5d89b2a857ff/intel-simics-package-manager-1.7.5-win64.exe"
PUBLIC_SIMICS_ISPM_URL_WINDOWS: "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/intel-simics-package-manager-1.8.3-win64.exe"
PUBLIC_SIMICS_PKGS_URL: "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/simics-6-packages-2024-05-linux64.ispm"
PUBLIC_SIMICS_ISPM_URL: "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/intel-simics-package-manager-1.8.3-linux64.tar.gz"
PUBLIC_SIMICS_PACKAGE_VERSION_1000: "6.0.185"
PUBLIC_SIMICS_ISPM_VERSION: "1.8.3"
MINGW_URL: "https://github.com/brechtsanders/winlibs_mingw/releases/download/13.2.0-16.0.6-11.0.0-ucrt-r1/winlibs-x86_64-posix-seh-gcc-13.2.0-llvm-16.0.6-mingw-w64ucrt-11.0.0-r1.7z"
MINGW_VERSION: "13.2.0-16.0.6-11.0.0-ucrt-r1"
permissions:
contents: read
jobs:
cache_craff:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Add ISPM to PATH
run: |
echo "${HOME}/simics/ispm/" >> "${GITHUB_PATH}"
- name: Install Dependencies
run: |
sudo apt-get -y update && \
sudo apt-get -y install \
clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \
mtools ninja-build openssl libssl-dev python3 python3-pip
- name: Cache SIMICS Dependencies
id: cache-simics-packages
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: "${HOME}/simics"
key: simics-linux-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}-${{ env.PUBLIC_SIMICS_ISPM_VERSION }}
- name: Install SIMICS (External)
if: ${{ steps.cache-simics-packages.outputs.cache-hit != 'true' }}
run: |
mkdir -p "${HOME}/simics/ispm/" && \
curl --noproxy -L -o "${HOME}/simics/ispm.tar.gz" \
"${{ env.PUBLIC_SIMICS_ISPM_URL }}" && \
curl --noproxy -L -o "${HOME}/simics/simics.ispm" \
"${{ env.PUBLIC_SIMICS_PKGS_URL }}" && \
tar -C "${HOME}/simics/ispm" --strip-components=1 \
-xvf "${HOME}/simics/ispm.tar.gz"
- name: Set up SIMICS Install Directory
run: |
ispm settings install-dir "${HOME}/simics"
- name: Install SIMICS Packages
if: ${{ steps.cache-simics-packages.outputs.cache-hit != 'true' }}
run: |
ispm packages --install-bundle "${HOME}/simics/simics.ispm" \
--non-interactive --trust-insecure-packages
- name: Copy CRAFF Utilities
run: |
mkdir bin && \
cp "${HOME}/simics/simics-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}/linux64/bin/craff" bin/craff && \
cp "${HOME}/simics/simics-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}/linux64/bin/craff-fs" bin/craff-fs
- name: Upload Test Artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: craff-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}
path: bin/
build_test_artifacts_riscv_64:
name: Build Test Artifacts (RISCV-64)
runs-on: ubuntu-latest
needs: cache_craff
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Install Dependencies
run: |
sudo apt-get -y update && \
sudo apt-get -y install \
clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \
mtools ninja-build openssl libssl-dev python3 python3-pip lld
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
- name: Download Craff
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: craff-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}
path: bin/
- name: Make Craff Executable
run: |
chmod 755 bin/*
chmod +x bin/*
- name: Cache Test Artifacts
id: cache-test-artifacts-riscv-64
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: tests/rsrc/riscv-64/
key: cache-test-artifacts-${{ hashFiles('tests/rsrc/riscv-64/**/*') }}
- name: Build Test Artifacts
if: ${{ steps.cache-test-artifacts-riscv-64.outputs.cache-hit != 'true' }}
run: |
cd tests/rsrc/riscv-64
./build.sh
- name: Upload Test Artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: test-artifacts-riscv-64
path: tests/rsrc/riscv-64
build_test_artifacts_x86_64_breakpoint_uefi_edk2:
name: Build Test Artifacts (x86_64 Breakpoints UEFI EDK2)
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Install Dependencies
run: |
sudo apt-get -y update && \
sudo apt-get -y install \
clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \
mtools ninja-build openssl libssl-dev python3 python3-pip lld
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
- name: Cache Test Artifacts
id: cache-test-artifacts-x86_64-breakpoint-uefi-edk2
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: tests/rsrc/x86_64-breakpoint-uefi-edk2
key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86_64-breakpoint-uefi-edk2/**/*') }}
- name: Build Test Artifacts
if: ${{ steps.cache-test-artifacts-x86_64-breakpoint-uefi-edk2.outputs.cache-hit != 'true' }}
run: |
cd tests/rsrc/x86_64-breakpoint-uefi-edk2
./build.sh
- name: Upload Test Artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: test-artifacts-x86_64-breakpoint-uefi-edk2
path: tests/rsrc/x86_64-breakpoint-uefi-edk2
build_test_artifacts_x86_64_crash-uefi:
name: Build Test Artifacts (x86_64 Crash UEFI)
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Install Dependencies
run: |
sudo apt-get -y update && \
sudo apt-get -y install \
clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \
mtools ninja-build openssl libssl-dev python3 python3-pip lld
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
- name: Cache Test Artifacts
id: cache-test-artifacts-x86_64-crash-uefi
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: tests/rsrc/x86_64-crash-uefi
key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86_64-crash-uefi/**/*') }}
- name: Build Test Artifacts
if: ${{ steps.cache-test-artifacts-x86_64-crash-uefi.outputs.cache-hit != 'true' }}
run: |
cd tests/rsrc/x86_64-crash-uefi
./build.sh
- name: Upload Test Artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: test-artifacts-x86_64-crash-uefi
path: tests/rsrc/x86_64-crash-uefi
build_test_artifacts_x86_64_timeout_uefi_edk2:
name: Build Test Artifacts (x86_64 Timeout UEFI EDK2)
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Install Dependencies
run: |
sudo apt-get -y update && \
sudo apt-get -y install \
clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \
mtools ninja-build openssl libssl-dev python3 python3-pip lld
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
- name: Cache Test Artifacts
id: cache-test-artifacts-x86_64-timeout-uefi-edk2
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: tests/rsrc/x86_64-timeout-uefi-edk2
key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86_64-timeout-uefi-edk2/**/*') }}
- name: Build Test Artifacts
if: ${{ steps.cache-test-artifacts-x86_64-timeout-uefi-edk2.outputs.cache-hit != 'true' }}
run: |
cd tests/rsrc/x86_64-timeout-uefi-edk2
./build.sh
- name: Upload Test Artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: test-artifacts-x86_64-timeout-uefi-edk2
path: tests/rsrc/x86_64-timeout-uefi-edk2
build_test_artifacts_x86_64_uefi:
name: Build Test Artifacts (x86_64 UEFI)
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Install Dependencies
run: |
sudo apt-get -y update && \
sudo apt-get -y install \
clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \
mtools ninja-build openssl libssl-dev python3 python3-pip lld
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
- name: Cache Test Artifacts
id: cache-test-artifacts-x86_64-uefi
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: tests/rsrc/x86_64-uefi
key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86_64-uefi/**/*') }}
- name: Build Test Artifacts
if: ${{ steps.cache-test-artifacts-x86_64-uefi.outputs.cache-hit != 'true' }}
run: |
cd tests/rsrc/x86_64-uefi
./build.sh
- name: Upload Test Artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: test-artifacts-x86_64-uefi
path: tests/rsrc/x86_64-uefi
build_test_artifacts_x86_64_uefi_edk2:
name: Build Test Artifacts (x86_64 UEFI EDK2)
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Install Dependencies
run: |
sudo apt-get -y update && \
sudo apt-get -y install \
clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \
mtools ninja-build openssl libssl-dev python3 python3-pip lld
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
- name: Cache Test Artifacts
id: cache-test-artifacts-x86_64-uefi-edk2
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: tests/rsrc/x86_64-uefi-edk2
key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86_64-uefi-edk2/**/*') }}
- name: Build Test Artifacts
if: ${{ steps.cache-test-artifacts-x86_64-uefi-edk2.outputs.cache-hit != 'true' }}
run: |
cd tests/rsrc/x86_64-uefi-edk2
./build.sh
- name: Upload Test Artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: test-artifacts-x86_64-uefi-edk2
path: tests/rsrc/x86_64-uefi-edk2
build_test_artifacts_x86_user:
name: Build Test Artifacts (x86)
runs-on: ubuntu-latest
needs: cache_craff
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Install Dependencies
run: |
sudo apt-get -y update && \
sudo apt-get -y install \
clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \
mtools ninja-build openssl libssl-dev python3 python3-pip lld \
build-essential gcc-multilib
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
- name: Download Craff
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: craff-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}
path: bin/
- name: Make Craff Executable
run: |
chmod 755 bin/*
chmod +x bin/*
- name: Cache Test Artifacts
id: cache-test-artifacts-x86-user
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: tests/rsrc/x86-user/
key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86-user/**/*') }}
- name: Build Test Artifacts
if: ${{ steps.cache-test-artifacts-x86-user.outputs.cache-hit != 'true' }}
run: |
cd tests/rsrc/x86-user
./build.sh
- name: Upload Test Artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: test-artifacts-x86-user
path: tests/rsrc/x86-user
build_and_test:
name: Build and Test (Linux)
container: fedora:38
runs-on: ubuntu-latest
needs:
- build_test_artifacts_riscv_64
- build_test_artifacts_x86_64_breakpoint_uefi_edk2
- build_test_artifacts_x86_64_crash-uefi
- build_test_artifacts_x86_64_timeout_uefi_edk2
- build_test_artifacts_x86_64_uefi
- build_test_artifacts_x86_64_uefi_edk2
- build_test_artifacts_x86_user
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Add ISPM to PATH
run: |
echo "${HOME}/simics/ispm/" >> "${GITHUB_PATH}"
- name: Install Dependencies
run: |
dnf -y update && \
dnf -y install \
alsa-lib atk clang clang-libs clang-resource-filesystem \
clang-tools-extra cmake cups curl dosfstools g++ gcc git \
git-lfs glibc-devel glibc-devel.i686 glibc-static \
glibc-static.i686 gtk3 jq lld lld-devel lld-libs llvm llvm-libs \
llvm-static make mesa-libgbm mtools ninja-build openssl \
openssl-devel openssl-libs python3 python3-pip yamllint
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
- name: Delete Un-Built Test Dependencies
run: |
rm -rf tests/rsrc/
- name: Download Test Artifacts (RISCV-64)
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: test-artifacts-riscv-64
path: tests/rsrc/riscv-64
- name: Download Test Artifacts (x86_64 Breakpoints UEFI EDK2)
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: test-artifacts-x86_64-breakpoint-uefi-edk2
path: tests/rsrc/x86_64-breakpoint-uefi-edk2
- name: Download Test Artifacts (x86_64 Timeout UEFI EDK2)
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: test-artifacts-x86_64-crash-uefi
path: tests/rsrc/x86_64-crash-uefi
- name: Download Test Artifacts (x86_64 Timeout UEFI EDK2)
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: test-artifacts-x86_64-timeout-uefi-edk2
path: tests/rsrc/x86_64-timeout-uefi-edk2
- name: Download Test Artifacts (x86_64 UEFI)
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: test-artifacts-x86_64-uefi
path: tests/rsrc/x86_64-uefi
- name: Download Test Artifacts (x86_64 UEFI EDK2)
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: test-artifacts-x86_64-uefi-edk2
path: tests/rsrc/x86_64-uefi-edk2
- name: Download Test Artifacts (x86)
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: test-artifacts-x86-user
path: tests/rsrc/x86-user
- name: Take Ownership of Test Dependencies
run: |
ls -lahR tests/rsrc/
chown -R "${USER}:${USER}" tests/rsrc/
chmod -R 0755 tests/rsrc/
- uses: dtolnay/rust-toolchain@83bdede770b06329615974cf8c786f845d824dfb # nightly
with:
toolchain: nightly
components: rustfmt,clippy,miri
- name: Cache SIMICS Dependencies
id: cache-simics-packages
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: ~/simics
key: simics-linux-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}-${{ env.PUBLIC_SIMICS_ISPM_VERSION }}
- name: Install SIMICS (External)
if: ${{ steps.cache-simics-packages.outputs.cache-hit != 'true' }}
run: |
mkdir -p "${HOME}/simics/ispm/" && \
curl -L -o "${HOME}/simics/ispm.tar.gz" \
"${{ env.PUBLIC_SIMICS_ISPM_URL }}" && \
curl -L -o "${HOME}/simics/simics.ispm" \
"${{ env.PUBLIC_SIMICS_PKGS_URL }}" && \
tar -C "${HOME}/simics/ispm" --strip-components=1 \
-xvf "${HOME}/simics/ispm.tar.gz"
- name: Set up SIMICS Install Directory
run: |
ispm settings install-dir "${HOME}/simics"
- name: Install SIMICS Packages
if: ${{ steps.cache-simics-packages.outputs.cache-hit != 'true' }}
run: |
ispm packages --install-bundle "${HOME}/simics/simics.ispm" \
--non-interactive --trust-insecure-packages
- name: Install SIMICS Build
run: |
cargo install cargo-simics-build
- name: Build TSFFS Package
run: |
cargo simics-build -r
- name: CT39 - Clippy Check Project
run: |
cargo clippy > clippy.log \
|| ( echo "❗ [CT39 (1/2)] Failed clippy static analysis checks" && exit 1 )
cargo clippy --message-format=json 2> /dev/null | jq 'select(.reason == "compiler-message")' 2>/dev/null > clippy.json
cargo clippy --message-format=json > clippy-full.json 2>&1
echo "✅ [CT39 (1/2)] Passed clippy static analysis checks"
- name: Upload Clippy Check Results
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: clippy-json
path: |
clippy.json
clippy-full.json
clippy.log
- name: Test Project
run: |
SIMICS_TEST_CLEANUP_EACH=1 SIMICS_TEST_LOCAL_PACKAGES_ONLY=1 cargo test --no-fail-fast -r _latest || ( echo "❗ Tests failed" && exit 1 )
echo "✅ Tests passed"
- name: Build Docs
run: |
cargo doc --workspace --no-deps
build_windows:
name: Build and Test (Windows)
runs-on: windows-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Add ISPM and MinGW to PATH
run: |
set PATH $env:PATH
"C:\MinGW\bin" | Out-File -FilePath $env:GITHUB_PATH
"C:\ISPM\" | Out-File -FilePath $env:GITHUB_PATH -Append
"$PATH" | Out-File -FilePath $env:GITHUB_PATH -Append
echo "Current PATH: " $env:GITHUB_PATH
- name: Cache MinGW
id: cache-mingw
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: C:\MinGW\
key: mingw-${{ env.MINGW_VERSION }}
- name: Download and Extract MinGW-w64
if: ${{ steps.cache-mingw.outputs.cache-hit != 'true' }}
run: |
$ProgressPreference = 'SilentlyContinue'
echo "Downloading MinGW"
Invoke-WebRequest -URI ${{ env.MINGW_URL }} -OutFile mingw.7z
echo "Downloaded MinGW. Extracting MinGW."
7z x mingw.7z -oC:\mingw-w64\
echo "Extracted MinGW."
mv C:\mingw-w64\mingw64\ C:\MinGW\
- name: Download and Install Rust
run: |
$ProgressPreference = 'SilentlyContinue'
echo "Downloading Rustup"
Invoke-WebRequest -URI https://win.rustup.rs/x86_64 -OutFile C:\rustup-init.exe
echo "Installing Rust"
C:\rustup-init.exe --default-toolchain nightly --default-host x86_64-pc-windows-gnu -y
- name: Cache SIMICS
id: cache-simics-packages-windows
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
C:\ISPM\
C:\SIMICS\
key: simics-windows-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}-${{ env.PUBLIC_SIMICS_ISPM_VERSION }}
# ispm-installer.exe is a NSIS installer for the elctron build. We want the
# default options, so we pass /S to install silently and /D to change directory.
# NOTE that the argument to /D must never contain quotes!:
# https://nsis.sourceforge.io/Docs/Chapter3.html#installerusage
#
# NOTE: We use | Out-Null on the installer command to make powershell wait for it
# to actually finish instead of forking it to the background
- name: Download and Install ISPM
shell: powershell
if: ${{ steps.cache-simics-packages-windows.outputs.cache-hit != 'true' }}
run: |
Invoke-WebRequest -URI ${{ env.PUBLIC_SIMICS_ISPM_URL_WINDOWS }} -OutFile C:\ispm-installer.exe
C:\ispm-installer.exe /S /D=C:\ISPM\ | Out-Null
- name: Set SIMICS Install Directory
run: |
ispm.exe settings install-dir C:\SIMICS\
- name: Download and Install SIMICS Packages
if: ${{ steps.cache-simics-packages-windows.outputs.cache-hit != 'true' }}
run: |
$ProgressPreference = 'SilentlyContinue'
echo "Downloading Simics 6 Packages"
Invoke-WebRequest -URI ${{ env.PUBLIC_SIMICS_PKGS_URL_WINDOWS }} -OutFile C:\simics-6-packages.ispm
echo "Installing ISPM packages"
ispm.exe packages --install-bundle C:\simics-6-packages.ispm --non-interactive --trust-insecure-packages
echo "Installed ISPM packages"
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
- name: Setup, Build, and Install TSFFS
run: |
cargo install cargo-simics-build
cargo simics-build -r
- name: Upload Distribution Package
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: simics-pkg-31337-win64
path: target/release/simics-pkg-31337-*-win64.ispm
build_dist:
name: Build for Distribution
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
- name: Cache Builder Dependencies
id: cache-builder-dependencies
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: .github/builder/rsrc
key: "cache-builder-dependencies-${{ hashFiles('.github/builder/common.sh') }}"
# NOTE: This script only downloads the builder dependencies if they do not already exist,
# but it always verifies them.
- name: Build Distribution Package
run: |
./scripts/build.sh
- name: Upload Distribution Package
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: simics-pkg-31337-linux64
path: packages/simics-pkg-31337-*-linux64.ispm