Problem: cargo audit is failing (#604) #1125
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: tmkms | |
on: | |
push: | |
branches: main | |
merge_group: | |
pull_request: | |
branches: | |
- main | |
env: | |
CARGO_TERM_COLOR: always | |
RUSTFLAGS: -Dwarnings | |
jobs: | |
rustfmt: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: rustfmt | |
- run: cargo fmt --all -- --check | |
clippy: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install deps | |
run: sudo apt-get update && sudo apt-get install protobuf-compiler | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
components: clippy | |
toolchain: nightly-2023-02-20 | |
- run: cargo clippy --all -- -D warnings | |
audit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: nightly-2023-02-20 | |
- name: Install cargo audit | |
run: cargo install cargo-audit | |
# TODO: unmaintained dependencies -- need to be fixed in upstream | |
# RUSTSEC-2019-0036,RUSTSEC-2020-0036: failure crate used in upstream sgxs-* crates | |
# RUSTSEC-2020-0071: time crate used in upstream sgxs-* crates | |
# RUSTSEC-2021-0127: serde_cbor used in upstream nsm-* crates | |
# RUSTSEC-2020-0016,RUSTSEC-2021-0124: net2 used in mio from older tokio (used in sgx crates) | |
# RUSTSEC-2022-0041: old cross-beam used in the sgx runner crate | |
# RUSTSEC-2023-0005: old tokio used in the sgx runner crate (enclave-runner) | |
# RUSTSEC-2023-0045: old cross-beam used in the sgx runner crate | |
- run: > | |
cargo audit --deny warnings | |
--ignore RUSTSEC-2020-0071 | |
--ignore RUSTSEC-2021-0124 | |
--ignore RUSTSEC-2020-0036 | |
--ignore RUSTSEC-2020-0016 | |
--ignore RUSTSEC-2021-0127 | |
--ignore RUSTSEC-2019-0036 | |
--ignore RUSTSEC-2022-0041 | |
--ignore RUSTSEC-2023-0005 | |
--ignore RUSTSEC-2023-0045 | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
crate: | |
- tmkms-nitro-helper | |
- tmkms-light-sgx-runner | |
- tmkms-softsign | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install deps | |
run: sudo apt-get update && sudo apt-get install protobuf-compiler | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
targets: x86_64-unknown-linux-gnu | |
toolchain: nightly-2023-02-20 | |
- run: cargo build --target x86_64-unknown-linux-gnu -p ${{ matrix.crate }} --release | |
- name: 'Tar files' | |
run: cd target/x86_64-unknown-linux-gnu/release/ && tar -cvf tmkms-softsign.tar tmkms-softsign | |
if: startsWith(matrix.crate, 'tmkms-softsign') | |
- uses: actions/upload-artifact@v2 | |
if: startsWith(matrix.crate, 'tmkms-softsign') | |
with: | |
name: tmkms-softsign | |
path: target/x86_64-unknown-linux-gnu/release/tmkms-softsign.tar | |
build-sgx: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
targets: x86_64-fortanix-unknown-sgx | |
toolchain: nightly-2023-02-20 | |
- run: cargo build --target x86_64-fortanix-unknown-sgx -p tmkms-light-sgx-app --release | |
build-nitro: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build tmkms-nitro-enclave with docker | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: false | |
platforms: linux/amd64,linux/arm64 | |
file: Dockerfile.nitro | |
build-args: | | |
RUST_TOOLCHAIN=1.66.1 | |
run-integration-tests: | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: cachix/install-nix-action@v19 | |
with: | |
# pin to nix-2.13 to workaround compability issue of 2.14, | |
# see: https://github.com/cachix/install-nix-action/issues/161 | |
install_url: https://releases.nixos.org/nix/nix-2.13.3/install | |
- uses: cachix/cachix-action@v12 | |
with: | |
name: crypto-com | |
skipPush: true | |
- uses: actions/download-artifact@v2 | |
with: | |
name: tmkms-softsign | |
path: integration-test | |
- run: cd integration-test && tar -xvf tmkms-softsign.tar && chmod +x tmkms-softsign && nix develop --extra-experimental-features nix-command --extra-experimental-features flakes -c ./run.sh |