From 0beb76c9ab7c384682c0f81db1bb5db909769090 Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Wed, 2 Oct 2024 15:56:31 +0300 Subject: [PATCH] gh: use Ubuntu 24.04 runners ubuntu-latest now points to ubuntu-24.04 so we have a mix of Ubuntu runners in use. Move everything to ubuntu-24.04 to pin to a specific version. Signed-off-by: Mikko Ylinen --- .github/workflows/aa_basic.yml | 14 +++++++------- .github/workflows/aa_cc_kbc.yml | 6 +++--- .github/workflows/aa_crypto.yml | 2 +- .github/workflows/aa_release.yml | 2 +- .github/workflows/aa_sample_keyprovider.yml | 2 +- .github/workflows/aa_sev_kbc.yml | 2 +- .github/workflows/api-server-rest-basic.yml | 4 ++-- .github/workflows/cdh_basic.yml | 4 ++-- .github/workflows/dco.yml | 2 +- .github/workflows/image_rs_build.yml | 20 ++++++++++---------- .github/workflows/links.yml | 2 +- .github/workflows/ocicrypt_rs_build.yml | 2 +- .github/workflows/vendor_release.yml | 2 +- 13 files changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/aa_basic.yml b/.github/workflows/aa_basic.yml index 0eff512a0..fece620ca 100644 --- a/.github/workflows/aa_basic.yml +++ b/.github/workflows/aa_basic.yml @@ -35,10 +35,10 @@ jobs: rust: - stable instance: - - ubuntu-22.04 + - ubuntu-24.04 - s390x include: - - instance: ubuntu-22.04 + - instance: ubuntu-24.04 make_args: "" cargo_test_opts: "--features openssl,rust-crypto,all-attesters,kbs,coco_as" cargo_lint_opts: "--workspace" @@ -67,17 +67,17 @@ jobs: - name: Install TDX dependencies run: | - sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg - sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list + curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg + echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list sudo apt-get update sudo apt-get install -y --no-install-recommends libtdx-attest-dev - if: matrix.instance == 'ubuntu-22.04' + if: matrix.instance == 'ubuntu-24.04' - name: Install TPM dependencies run: | sudo apt-get update sudo apt-get install -y libtss2-dev - if: matrix.instance == 'ubuntu-22.04' + if: matrix.instance == 'ubuntu-24.04' - name: Install dm-verity dependencies run: | @@ -94,7 +94,7 @@ jobs: - name: Musl build with all platform run: | make LIBC=musl ttrpc=true ATTESTER=none - if: matrix.instance == 'ubuntu-22.04' + if: matrix.instance == 'ubuntu-24.04' - name: Run cargo test uses: actions-rs/cargo@v1 diff --git a/.github/workflows/aa_cc_kbc.yml b/.github/workflows/aa_cc_kbc.yml index 701b4533d..a4154d1b3 100644 --- a/.github/workflows/aa_cc_kbc.yml +++ b/.github/workflows/aa_cc_kbc.yml @@ -29,7 +29,7 @@ jobs: defaults: run: working-directory: ./attestation-agent - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -57,8 +57,8 @@ jobs: - name: Install TDX dependencies run: | - sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg - sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list + curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg + echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list sudo apt-get update sudo apt-get install -y --no-install-recommends libtdx-attest-dev diff --git a/.github/workflows/aa_crypto.yml b/.github/workflows/aa_crypto.yml index d219cdb1d..a6f88053f 100644 --- a/.github/workflows/aa_crypto.yml +++ b/.github/workflows/aa_crypto.yml @@ -25,7 +25,7 @@ jobs: defaults: run: working-directory: ./attestation-agent - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: diff --git a/.github/workflows/aa_release.yml b/.github/workflows/aa_release.yml index 944f02e1c..f616b94cf 100644 --- a/.github/workflows/aa_release.yml +++ b/.github/workflows/aa_release.yml @@ -8,7 +8,7 @@ jobs: build-and-push-images: permissions: packages: write - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/aa_sample_keyprovider.yml b/.github/workflows/aa_sample_keyprovider.yml index b8ec783bf..e48ffcf69 100644 --- a/.github/workflows/aa_sample_keyprovider.yml +++ b/.github/workflows/aa_sample_keyprovider.yml @@ -21,7 +21,7 @@ jobs: coco_keyprovider_ci: if: github.event_name != 'push' name: Check - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: diff --git a/.github/workflows/aa_sev_kbc.yml b/.github/workflows/aa_sev_kbc.yml index e5869390d..9f5a6b665 100644 --- a/.github/workflows/aa_sev_kbc.yml +++ b/.github/workflows/aa_sev_kbc.yml @@ -24,7 +24,7 @@ jobs: defaults: run: working-directory: ./attestation-agent - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: diff --git a/.github/workflows/api-server-rest-basic.yml b/.github/workflows/api-server-rest-basic.yml index a17e7d4df..d42624e51 100644 --- a/.github/workflows/api-server-rest-basic.yml +++ b/.github/workflows/api-server-rest-basic.yml @@ -33,7 +33,7 @@ jobs: fail-fast: false matrix: instance: - - ubuntu-latest + - ubuntu-24.04 - s390x rust: - stable @@ -64,7 +64,7 @@ jobs: - name: Musl build with default features run: | make LIBC=musl - if: matrix.instance == 'ubuntu-latest' + if: matrix.instance == 'ubuntu-24.04' - name: Run cargo test uses: actions-rs/cargo@v1 diff --git a/.github/workflows/cdh_basic.yml b/.github/workflows/cdh_basic.yml index 57ae407b7..c8926d172 100644 --- a/.github/workflows/cdh_basic.yml +++ b/.github/workflows/cdh_basic.yml @@ -33,7 +33,7 @@ jobs: fail-fast: false matrix: instance: - - ubuntu-latest + - ubuntu-24.04 - s390x rust: - stable @@ -63,7 +63,7 @@ jobs: - name: Musl build run: | make LIBC=musl - if: matrix.instance == 'ubuntu-latest' + if: matrix.instance == 'ubuntu-24.04' - name: Run cargo test run: | diff --git a/.github/workflows/dco.yml b/.github/workflows/dco.yml index 1eb5d31a0..1496a1613 100644 --- a/.github/workflows/dco.yml +++ b/.github/workflows/dco.yml @@ -3,7 +3,7 @@ on: [pull_request] jobs: commits_check_job: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 name: Commits Check steps: - name: Get PR Commits diff --git a/.github/workflows/image_rs_build.yml b/.github/workflows/image_rs_build.yml index 11e42fadf..8cfe13fac 100644 --- a/.github/workflows/image_rs_build.yml +++ b/.github/workflows/image_rs_build.yml @@ -35,7 +35,7 @@ jobs: - 1.76.0 - stable instance: - - ubuntu-latest + - ubuntu-24.04 - s390x runs-on: ${{ matrix.instance }} steps: @@ -58,29 +58,29 @@ jobs: - name: Install TDX dependencies run: | - sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg - sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list + curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg + echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list sudo apt-get update sudo apt-get install -y --no-install-recommends libtdx-attest-dev - if: matrix.instance == 'ubuntu-latest' + if: matrix.instance == 'ubuntu-24.04' - name: Install TPM dependencies run: | sudo apt-get update sudo apt-get install -y libtss2-dev - if: matrix.instance == 'ubuntu-latest' + if: matrix.instance == 'ubuntu-24.04' - name: Install dm-verity dependencies run: | sudo apt-get update sudo apt-get install -y libdevmapper-dev - if: matrix.instance == 'ubuntu-latest' + if: matrix.instance == 'ubuntu-24.04' - name: Install cross-compliation support dependencies run: | sudo apt install -y gcc-powerpc64le-linux-gnu rustup target add powerpc64le-unknown-linux-gnu - if: matrix.instance == 'ubuntu-latest' + if: matrix.instance == 'ubuntu-24.04' - name: Run cargo fmt check uses: actions-rs/cargo@v1 @@ -99,7 +99,7 @@ jobs: run: | cargo clippy -p image-rs --all-targets --features=enclave-cc-cckbc-native-tls --no-default-features -- -D warnings cargo clippy -p image-rs --all-targets --features=kata-cc-native-tls,nydus --no-default-features -- -D warnings - if: matrix.instance == 'ubuntu-latest' + if: matrix.instance == 'ubuntu-24.04' - name: Run cargo build uses: actions-rs/cargo@v1 @@ -110,7 +110,7 @@ jobs: - name: Run cargo build, cross-compiling for powerpc64le run: | sudo -E PATH=$PATH -s RUSTFLAGS=" -C linker=powerpc64le-linux-gnu-gcc" cargo build --target powerpc64le-unknown-linux-gnu -p image-rs --features default - if: matrix.instance == 'ubuntu-latest' + if: matrix.instance == 'ubuntu-24.04' - name: Run cargo test - default run: | @@ -145,4 +145,4 @@ jobs: - name: Run cargo test - kata-cc (native-tls version) with keywrap-ttrpc (default) + keywrap-jwe + nydus run: | sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=kata-cc-native-tls,keywrap-jwe,nydus - if: matrix.instance == 'ubuntu-latest' + if: matrix.instance == 'ubuntu-24.04' diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index 6e049d4da..312010269 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -9,7 +9,7 @@ on: jobs: checklinks: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/.github/workflows/ocicrypt_rs_build.yml b/.github/workflows/ocicrypt_rs_build.yml index f5dfaeb6c..d9a15a81c 100644 --- a/.github/workflows/ocicrypt_rs_build.yml +++ b/.github/workflows/ocicrypt_rs_build.yml @@ -25,7 +25,7 @@ jobs: ci: if: github.event_name != 'push' name: Check - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: diff --git a/.github/workflows/vendor_release.yml b/.github/workflows/vendor_release.yml index 08c19b686..86aca3f95 100644 --- a/.github/workflows/vendor_release.yml +++ b/.github/workflows/vendor_release.yml @@ -6,7 +6,7 @@ on: jobs: generate-and-publish-vendored-code: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4