parsec-service 1.5.0

A language-agnostic API to secure services in a platform-agnostic way
Documentation
name: Continuous Integration

on:
  push:
  pull_request:
  workflow_dispatch:
    inputs:
      trigger_test_all_docker:
        description: "'parsec-service-test-all' if docker build should be triggered"
        required: false
        default: ""
      trigger_test_cross_docker:
        description: "'parsec-service-test-cross-compile' if docker build should be triggered"
        required: false
        default: ""

env:
  MSRV: "1.85.0"
  TEST_ALL_DOCKER_IMAGE: ${{ github.event.inputs.trigger_test_all_docker || 'ghcr.io/parallaxsecond/parsec-service-test-all' }}
  TEST_CROSS_DOCKER_IMAGE: ${{ github.event.inputs.trigger_test_cross_docker || 'ghcr.io/parallaxsecond/parsec-service-test-cross-compile' }}

jobs:
  build-and-export-test-all-docker:
    runs-on: ubuntu-latest
    # For running this job  we need to manually trigger the CI and set the variable
    if: ${{ github.event.inputs.trigger_test_all_docker == 'parsec-service-test-all' }}
    steps:
    - uses: actions/checkout@v3
    - name: Build and Export Docker Image
      uses: ./.github/actions/build_export_docker
      with:
        image-name: "parsec-service-test-all"

  build-and-export-cross-compile-docker:
    runs-on: ubuntu-latest
    # For running this job  we need to manually trigger the CI and set the variable
    if: ${{ github.event.inputs.trigger_test_cross_docker == 'parsec-service-test-cross-compile' }}
    steps:
    - uses: actions/checkout@v3
    - name: Build and Export Docker Image
      uses: ./.github/actions/build_export_docker
      with:
        image-name: "parsec-service-test-cross-compile"

  all-providers:
    name: Various tests targeting a Parsec image with all providers included
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-test-all-docker]
    steps:
      - uses: actions/checkout@v3
      - name: Run the container to execute the test script
        uses: ./.github/actions/ci_script
        with:
          ci-flags: "all"

  build-all-providers-msrv:
    name: MSRV - Cargo check all-providers
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-test-all-docker]
    steps:
      - uses: actions/checkout@v3
      - name: Run the container to execute the test script
        uses: ./.github/actions/ci_script
        with:
          ci-flags: "cargo-check"
          rs-version: ${{ env.MSRV }}

  build-all-providers-stable:
    name: Cargo check all-providers (current Rust stable)
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-test-all-docker]
    steps:
      - uses: actions/checkout@v3
      - name: Run the container to execute the test script
        uses: ./.github/actions/ci_script
        with:
          ci-flags: "cargo-check"

  mbed-crypto-provider:
    name: Integration tests using Mbed Crypto provider
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-test-all-docker]
    steps:
      - uses: actions/checkout@v3
      - name: Run the container to execute the test script
        uses: ./.github/actions/ci_script
        with:
          ci-flags: "mbed-crypto"

  pkcs11-provider:
    name: Integration tests using PKCS 11 provider
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-test-all-docker]
    steps:
      - uses: actions/checkout@v3
      - name: Run the container to execute the test script
        uses: ./.github/actions/ci_script
        with:
          ci-flags: "pkcs11 --no-stress-test"

  tpm-provider:
    name: Integration tests using TPM provider
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-test-all-docker]
    steps:
      - uses: actions/checkout@v3
      - name: Run the container to execute the test script
        uses: ./.github/actions/ci_script
        with:
          ci-flags: "tpm"

  trusted-service-provider:
    name: Integration tests using Crypto Trusted Service provider
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-test-all-docker]
    steps:
      - uses: actions/checkout@v3
      - name: Run the container to execute the test script
        uses: ./.github/actions/ci_script
        with:
          ci-flags: "trusted-service"

  cryptoauthlib-provider:
    name: Integration tests using CryptoAuthentication Library provider
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-test-all-docker]
    steps:
      - uses: actions/checkout@v3
      - name: Run the container to execute the test script
        uses: ./.github/actions/ci_script
        with:
          ci-flags: "cryptoauthlib --no-stress-test"

  fuzz-test-checker:
    name: Check that the fuzz testing framework is still working
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-test-all-docker]
    steps:
      - uses: actions/checkout@v2
      - name: Load Docker
        uses: ./.github/actions/load_docker
        if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
        with:
          image-name: "${{ env.TEST_ALL_DOCKER_IMAGE }}"
          image-path: "/tmp"
        # Not running stress tests because rust-cryptoauthlib test-interface does not support required calls
      - name: Run the fuzz test script From Container
        # When running the container built on the CI
        if: ${{ env.TEST_ALL_DOCKER_IMAGE == 'parsec-service-test-all' }}
        run: CONTAINER_TAG=parsec-service-test-all ./fuzz.sh test
      - name: Run the fuzz test script
        if: ${{ env.TEST_ALL_DOCKER_IMAGE != 'parsec-service-test-all' }}
        run: ./fuzz.sh test

  on-disk-kim:
    name: OnDiskKIM E2E tests on all providers
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-test-all-docker]
    steps:
      - uses: actions/checkout@v3
      - name: Run the container to execute the test script
        uses: ./.github/actions/ci_script
        with:
          ci-flags: "on-disk-kim"

  cross-compilation:
    # Currently only the Mbed Crypto, PKCS 11, and TPM providers are tested as the other ones need to cross-compile other libraries.
    name: Cross-compile Parsec to various targets
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [build-and-export-cross-compile-docker]
    steps:
      - uses: actions/checkout@v3
      - name: Load Docker
        uses: ./.github/actions/load_docker
        if: ${{ env.TEST_CROSS_DOCKER_IMAGE == 'parsec-service-test-cross-compile' }}
        with:
          image-name: "${{ env.TEST_CROSS_DOCKER_IMAGE }}"
          image-path: "/tmp"
      - name: Run the cross compiler tests using pre-built docker image
        if: ${{ env.TEST_CROSS_DOCKER_IMAGE != 'parsec-service-test-cross-compile' }}
        run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-cross-compile /tmp/parsec/test/cross-compile.sh
      - name: Run the cross compiler tests using image built on the CI
        if: ${{ env.TEST_CROSS_DOCKER_IMAGE == 'parsec-service-test-cross-compile' }}
        run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec "${{ env.TEST_CROSS_DOCKER_IMAGE }}" /tmp/parsec/test/cross-compile.sh

  links:
    name: Check links
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Link Checker
        uses: peter-evans/link-checker@v1
        with:
          args: -v -r *.md
      - name: Fail if there were link errors
        run: exit ${{ steps.lc.outputs.exit_code }}

  cargo-deny:
    name: "Run cargo deny"
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - uses: EmbarkStudios/cargo-deny-action@v2
      with:
        rust-version: ${{ env.MSRV }}

  mismatcher:
    name: Check for mismatched dependencies (those that have more than one version)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          ref: "${{ github.event.inputs.rev }}"
      - name: Run the container to execute the dependency mismatcher script
        uses: ./.github/actions/ci_script
        with:
          ci-flags: "mismatcher"