Skip to content

Commit 527b19b

Browse files
LakshmiSaiHarikaLakshmiSaiHarika
committed
New SEV CI PR test workflow for SNP host and guest on the self-hosted runner
This workflow performs SEV cargo tests on the SNP host followed by cargo unit tests on SNP guest(without flags). Signed-off-by: Harika Nittala <[email protected]>
1 parent d2e6d09 commit 527b19b

File tree

1 file changed

+207
-0
lines changed

1 file changed

+207
-0
lines changed

.github/workflows/sev_ci_pr_test.yaml

Lines changed: 207 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,207 @@
1+
name: SEV CI PR test
2+
3+
on:
4+
pull_request_target:
5+
types:
6+
- reopened
7+
- opened
8+
- edited
9+
- synchronize
10+
workflow_dispatch:
11+
inputs:
12+
pull_request_number:
13+
description: 'Specify the pull request number'
14+
required: true
15+
pull_request_branch:
16+
description: 'Specify the pull request source branch'
17+
required: true
18+
19+
jobs:
20+
host_firmware_tests:
21+
runs-on: self-hosted
22+
steps:
23+
- name: Checkout Repository
24+
uses: actions/checkout@v3
25+
26+
- name: Show the active SNP host kernel version on the host
27+
run: uname -r
28+
29+
- name: Check if SNP is enabled on the host
30+
run: |
31+
set -e
32+
source ./.github/workflows/snp_function_declarations.sh
33+
verify_snp_host
34+
35+
- name: Set the PR number and PR branch environment based on GH Action event type
36+
run: |
37+
event_pr_number=''
38+
event_pr_branch=''
39+
40+
if [ ${{ github.event_name }} == "pull_request_target" ]; then
41+
event_pr_number=${{ github.event.pull_request.number }}
42+
event_pr_branch=${{ github.event.pull_request.head.ref }}
43+
elif [ ${{ github.event_name }} == "workflow_dispatch" ]; then
44+
event_pr_number=${{ github.event.inputs.pull_request_number }}
45+
event_pr_branch=${{ github.event.inputs.pull_request_branch }}
46+
fi
47+
48+
echo "pr_number=${event_pr_number}" >> $GITHUB_ENV
49+
echo "pr_branch=${event_pr_branch}" >> $GITHUB_ENV
50+
51+
- name: Show the GH environment variable current values
52+
run: |
53+
echo "GH Action PR number = ${{ env.pr_number }}"
54+
echo "GH Action PR branch = ${{ env.pr_branch }}"
55+
56+
- name: Run sev library cargo test on the host(without flags)
57+
run: |
58+
set -e
59+
60+
# Give user access to /dev/sev to run cargo tests w/o permission issues
61+
sudo usermod -a -G kvm $USER
62+
sudo setfacl -m g:kvm:rw /dev/sev
63+
64+
# Install dependencies on the host
65+
source ./.github/workflows/snp_function_declarations.sh
66+
check_rust_on_host
67+
68+
# Fetch and checkout SEV PR on the host
69+
cd ${HOME}
70+
git clone https://github.com/virtee/sev.git
71+
cd sev
72+
73+
# Checkout the PR branch
74+
if [[ ${{ github.event_name }} == "pull_request_target" || ${{ github.event_name }} == "workflow_dispatch" ]]; then
75+
git fetch origin pull/${{ env.pr_number }}/head:${{ env.pr_branch }}
76+
git switch ${{ env.pr_branch }}
77+
fi
78+
79+
# Cargo SEV PR test on the host
80+
cargo test
81+
82+
- name: Cleanup sev on the host
83+
if: success() || failure()
84+
run: rm -rf ${HOME}/sev
85+
86+
snp_guest_tests:
87+
runs-on: self-hosted
88+
steps:
89+
- name: Checkout Repository
90+
uses: actions/checkout@v3
91+
92+
- name: Sleep for 35 seconds
93+
run: sleep 35
94+
95+
- name: Set the next available guest network port number
96+
run: |
97+
export DOTENV_PATH="${HOME}/.env"
98+
echo "guest_port_in_use=$(python ./.github/workflows/handle_guest_network_ports.py get-next-available-port-number)" >> $GITHUB_ENV
99+
100+
- name: Set the PR number and PR branch environment based on GH Action event type
101+
run: |
102+
event_pr_number=''
103+
event_pr_branch=''
104+
105+
if [ ${{ github.event_name }} == "pull_request_target" ]; then
106+
event_pr_number=${{ github.event.pull_request.number }}
107+
event_pr_branch=${{ github.event.pull_request.head.ref }}
108+
elif [ ${{ github.event_name }} == "workflow_dispatch" ]; then
109+
echo "workflow dispatch"
110+
event_pr_number=${{ github.event.inputs.pull_request_number }}
111+
event_pr_branch=${{ github.event.inputs.pull_request_branch }}
112+
fi
113+
114+
echo "pr_number=${event_pr_number}" >> $GITHUB_ENV
115+
echo "pr_branch=${event_pr_branch}" >> $GITHUB_ENV
116+
117+
- name: View and set the SNP guest name
118+
run: |
119+
echo "Guest Name = snp-guest-sev-${{ env.pr_number }}"
120+
echo "guest_name=snp-guest-sev-${{ env.pr_number }}" >> $GITHUB_ENV
121+
122+
- name: Show the GH environment variable current values
123+
run: |
124+
echo "current guest port in use = ${{ env.guest_port_in_use }}"
125+
echo "GH Action PR number = ${{ env.pr_number }}"
126+
echo "GH Action PR branch = ${{ env.pr_branch }}"
127+
128+
- name: Launch SNP enabled guest
129+
run: |
130+
set -e
131+
wget https://raw.githubusercontent.com/LakshmiSaiHarika/sev-utils/Fedora-Latest-SNP-kernel-Upstream/tools/snp.sh
132+
chmod +x snp.sh
133+
134+
export GUEST_NAME=${{ env.guest_name }}
135+
export HOST_SSH_PORT=${{ env.guest_port_in_use }}
136+
137+
./snp.sh launch-guest
138+
139+
- name: Show SNP enabled guest qemu commandline in use
140+
run: cat ${HOME}/snp/launch/${{ env.guest_name }}/qemu.cmdline
141+
142+
- name: Show the SNP Guest Kernel version
143+
run: |
144+
set -e
145+
146+
source ./.github/workflows/snp_function_declarations.sh
147+
ssh_guest_command "uname -r" ${{ env.guest_name }} ${{ env.guest_port_in_use }}
148+
149+
- name: Verify SNP on the guest via MSR
150+
run: |
151+
set -e
152+
153+
source ./.github/workflows/snp_function_declarations.sh
154+
verify_snp_guest_msr ${{ env.guest_name }} ${{ env.guest_port_in_use }}
155+
156+
- name: Run sev library cargo test on the guest(without flags)
157+
run: |
158+
set -e
159+
source ./.github/workflows/snp_function_declarations.sh
160+
161+
# Install sev dependencies as a root user
162+
ssh_guest_command "sudo su - <<EOF
163+
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs -sSf | sh -s -- -y
164+
source "/home/root/.cargo/env" 2>/dev/null
165+
sudo dnf install -y git gcc
166+
EOF" ${{ env.guest_name }} ${{ env.guest_port_in_use }}
167+
168+
# Perform sev CI PR test on SNP guest as root user to fix OS permission denied issues
169+
ssh_guest_command "sudo su - <<EOF
170+
git clone https://github.com/virtee/sev.git
171+
cd ./sev
172+
173+
# Checkout the PR branch
174+
if [[ ${{ github.event_name }} == "pull_request_target" || ${{ github.event_name }} == "workflow_dispatch" ]]; then
175+
git fetch origin pull/${{ env.pr_number }}/head:${{ env.pr_branch }}
176+
git switch ${{ env.pr_branch }}
177+
fi
178+
179+
cargo test
180+
EOF" ${{ env.guest_name }} ${{ env.guest_port_in_use }}
181+
182+
- name: Stop the active running SNP guest for this PR
183+
if: success() || failure()
184+
continue-on-error: true
185+
run: |
186+
export GUEST_NAME=${{ env.guest_name }}
187+
export HOST_SSH_PORT=${{ env.guest_port_in_use }}
188+
189+
./snp.sh stop-guests
190+
191+
- name: Remove current active guest network port from GHAW network port file
192+
if: success() || failure()
193+
run: |
194+
export DOTENV_PATH="${HOME}/.env"
195+
python ./.github/workflows/handle_guest_network_ports.py remove-ghaw-used-port-number ${{ env.guest_port_in_use }}
196+
197+
- name: Cleanup SNP guest folder
198+
if: success() || failure()
199+
run: |
200+
rm -rf ${HOME}/snp/launch/${{ env.guest_name }}
201+
ssh-keygen -R [localhost]:${{ env.guest_port_in_use }}
202+
203+
# Update this workflow title dynamically with PR details
204+
run-name: |
205+
${{ (startsWith(github.event_name, 'workflow_dispatch') && format('sev PR CI test for PR #{0}/PR source branch({1})', github.event.inputs.pull_request_number, github.event.inputs.pull_request_branch)) ||
206+
(startsWith(github.event_name, 'pull_request') && format('{0}', github.event.pull_request.title )) }}
207+

0 commit comments

Comments
 (0)