Introduce keylime TEE attestation service support #1679
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: KBS Rust Suites | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| paths: | |
| - 'kbs/**' | |
| - '.github/workflows/kbs-rust.yml' | |
| - 'Cargo.toml' | |
| pull_request: | |
| paths: | |
| - 'kbs/**' | |
| - '.github/workflows/kbs-rust.yml' | |
| - 'Cargo.toml' | |
| permissions: | |
| contents: read | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| ci: | |
| name: Check | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - instance: ubuntu-24.04 | |
| test_features: "" | |
| - instance: ubuntu-24.04-arm | |
| test_features: "coco-as-builtin,coco-as-grpc,intel-trust-authority-as,sample_only,cca-attester" | |
| runs-on: ${{ matrix.instance }} | |
| steps: | |
| - name: Code checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust toolchain | |
| uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2 | |
| with: | |
| components: rustfmt, clippy | |
| - name: Building dependencies installation | |
| run: | | |
| sudo apt-get update && sudo apt-get install -y protobuf-compiler libprotobuf-dev libtss2-dev | |
| - name: Install TPM dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libtss2-dev | |
| - name: Install TDX dependencies | |
| if: ${{ matrix.instance == 'ubuntu-24.04' }} | |
| run: | | |
| curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg | |
| echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list | |
| sudo apt-get update | |
| sudo apt-get install -y libsgx-dcap-quote-verify-dev | |
| - name: KBS Build [Default/Built-in CoCo AS] | |
| working-directory: kbs | |
| run: make | |
| - name: KBS Build [gRPC CoCo AS] | |
| working-directory: kbs | |
| run: make COCO_AS_INTEGRATE_TYPE=grpc | |
| - name: build KBS for Intel Trust Authority | |
| working-directory: kbs | |
| run: make AS_TYPE=intel-trust-authority-as | |
| - name: Lint | |
| working-directory: kbs | |
| run: make lint TEST_FEATURES=${{ matrix.test_features }} | |
| - name: Format | |
| working-directory: kbs | |
| run: make format | |
| - name: Test | |
| working-directory: kbs | |
| run: make check TEST_FEATURES=${{ matrix.test_features }} |