Skip to content
Continuous Integration

Add a Security Vulnerability Reporting section in the README #1673

Sign in to view logs

Add a Security Vulnerability Reporting section in the README

Add a Security Vulnerability Reporting section in the README #1673

Workflow file for this run

.github/workflows/ci.yml at f5c0802
name: Continuous Integration
on: [push, pull_request, workflow_dispatch]
env:
# TEST_ALL_DOCKER_IMAGE: 'parsec-service-test-all'
TEST_ALL_DOCKER_IMAGE: 'ghcr.io/parallaxsecond/parsec-service-test-all'
jobs:
build-and-export-test-all-docker:
runs-on: ubuntu-latest
# If TEST_ALL_DOCKER_IMAGE is 'parsec-service-test-all' or any local image,
# the following condition must evaluate true to execute this job
# Else it must evaluate false to NOT execute this job
# Unfortunately, env.TEST_ALL_DOCKER_IMAGE cannot be used here as the `env` context is not recognized at this level.
if: ${{ false }} # env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all'
steps:
- uses: actions/checkout@v3
- name: Build the docker container
run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd
- name: Export the docker container
run: docker save parsec-service-test-all > /tmp/parsec-service-test-all.tar
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: parsec-service-test-all
path: /tmp/parsec-service-test-all.tar
all-providers:
name: Various tests targeting a Parsec image with all providers included
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh all
build-all-providers:
name: Cargo check all-providers (current Rust stable & old compiler)
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh cargo-check
mbed-crypto-provider:
name: Integration tests using Mbed Crypto provider
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh mbed-crypto
pkcs11-provider:
name: Integration tests using PKCS 11 provider
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh pkcs11 --no-stress-test
tpm-provider:
name: Integration tests using TPM provider
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh tpm
trusted-service-provider:
name: Integration tests using Crypto Trusted Service provider
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh trusted-service
cryptoauthlib-provider:
name: Integration tests using CryptoAuthentication Library provider
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh cryptoauthlib --no-stress-test
fuzz-test-checker:
name: Check that the fuzz testing framework is still working
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
# Not running stress tests because rust-cryptoauthlib test-interface does not support required calls
- name: Run the fuzz test script From Container
# When running the container built on the CI
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
run: CONTAINER_TAG=parsec-service-test-all ./fuzz.sh test
- name: Run the fuzz test script
if: ${{ env.TEST_ALL_DOCKER_IMAGE != 'parsec-service-test-all' }}
run: ./fuzz.sh test
on-disk-kim:
name: OnDiskKIM E2E tests on all providers
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [build-and-export-test-all-docker]
steps:
- uses: actions/checkout@v2
- name: Load Docker
uses: ./.github/actions/load_docker
if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
with:
image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
image-path: "/tmp"
- name: Run the container to execute the test script
run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t ${{ env.TEST_ALL_DOCKER_IMAGE }} /tmp/parsec/ci.sh on-disk-kim
cross-compilation:
# Currently only the Mbed Crypto, PKCS 11, and TPM providers are tested as the other ones need to cross-compile other libraries.
name: Cross-compile Parsec to various targets
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run the container to execute the test script
run:
docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-cross-compile /tmp/parsec/test/cross-compile.sh
# When running the container built on the CI
# run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-cross-compile /tmp/parsec/test/cross-compile.sh
links:
name: Check links
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Link Checker
uses: peter-evans/link-checker@v1
with:
args: -v -r *.md
- name: Fail if there were link errors
run: exit ${{ steps.lc.outputs.exit_code }}