Adds building and testing of examples to CI.

.github/workflows/ci.yml

@@ -121,6 +121,7 @@ jobs:
         run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env RUST_TOOLCHAIN_VERSION=1.74.0 ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/lint-checks.sh
       - name: Check Clippy lints latest
         run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/lint-checks.sh
+
   # Check that it is possible to build the documentation the same way as it is done in Docs.rs
   docs-rs:
     name: Check Docs.rs compatibility
@@ -132,4 +133,15 @@ jobs:
       - uses: dtolnay/rust-toolchain@nightly
       - uses: dtolnay/install@cargo-docs-rs
       - run: cargo docs-rs -p tss-esapi
-      - run: cargo docs-rs -p tss-esapi-sys
+      - run: cargo docs-rs -p tss-esapi-sys
+
+  # Check that examples builds can be executed.
+  tests-examples:
+    name: Check examples
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - name: Build the container
+        run: docker build -t fedoracontainer tss-esapi/tests/ --file tss-esapi/tests/Dockerfile-fedora
+      - name: Run the container
+        run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --env USE_FROZEN_LOCKFILE=1 fedoracontainer dbus-run-session -- /tmp/rust-tss-esapi/tss-esapi/tests/examples.sh

tss-esapi/examples/symmetric_file_encrypt_decrypt.rs

@@ -1,6 +1,5 @@
 use core::str;
-use std::convert::TryFrom;
-use std::fs;
+use std::{convert::TryFrom, fs, path::Path};
 use tss_esapi::{
     attributes::ObjectAttributesBuilder,
     interface_types::{
@@ -14,6 +13,9 @@ use tss_esapi::{
     Context, TctiNameConf,
 };
 
+const DEFAULT_INITIAL_DATA_FILE: &str =
+    "tss-esapi/examples/symmetric_file_encrypt_decrypt_example.txt";
+
 fn main() {
     // Create a new TPM context. This reads from the environment variable `TPM2TOOLS_TCTI` or `TCTI`
     //
@@ -68,12 +70,20 @@ fn main() {
     // Once the key is created, we have it's parameters in the private and public values.
     // We now need to load it into the tpm so that it can be used.
     //
-    // The enc_private and public values can be serialised and persisted - that way they can
+    // The enc_private and public values can be serialized and persisted - that way they can
     // be reloaded for future use.
 
     // We load the data from a file system file, it can be somewhat large (like a certificate), larger than MaxBuffer::MAX_SIZE
-    let initial_data = fs::read("tss-esapi/examples/symmetric_file_encrypt_decrypt_example.txt")
-        .expect("could not open data file");
+    let initial_data_file_str = std::env::var("EXAMPLES_INITIAL_DATA_FILE")
+        .unwrap_or(DEFAULT_INITIAL_DATA_FILE.to_string());
+    let initial_data_file = Path::new(&initial_data_file_str);
+    if !initial_data_file.is_file() {
+        panic!(
+            "The initial data file: {}, does not exist",
+            initial_data_file.display()
+        );
+    }
+    let initial_data = fs::read(initial_data_file).expect("could not open data file");
 
     // We create an initialisation vector, since it is needed for decryption, it should be persisted in a real world use case
     let iv = context

tss-esapi/tests/examples.sh

@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+
+# Copyright 2025 Contributors to the Parsec project.
+# SPDX-License-Identifier: Apache-2.0
+
+# This script builds and tests the examples.
+# It can be run inside the container which Dockerfile
+# is in the same folder.
+
+set -euf -o pipefail
+
+#################################################
+# Change rust toolchain version
+#################################################
+if [[ ! -z ${RUST_TOOLCHAIN_VERSION:+x} ]]; then
+	rustup override set ${RUST_TOOLCHAIN_VERSION}
+	# Use the frozen Cargo lock to prevent any drift from MSRV being upgraded
+	# underneath our feet.
+	cp tests/Cargo.lock.frozen ../Cargo.lock
+fi
+
+############################
+# Run the TPM SWTPM server #
+############################
+mkdir /tmp/tpmdir
+swtpm_setup --tpm2 \
+    --tpmstate /tmp/tpmdir \
+    --createek --decryption --create-ek-cert \
+    --create-platform-cert \
+    --pcr-banks sha1,sha256 \
+    --display
+swtpm socket --tpm2 \
+    --tpmstate dir=/tmp/tpmdir \
+    --flags startup-clear \
+    --ctrl type=tcp,port=2322 \
+    --server type=tcp,port=2321 \
+    --daemon
+
+####################
+# Start tpm2-abrmd #
+####################
+tpm2-abrmd \
+    --logger=stdout \
+    --tcti=swtpm: \
+    --allow-root \
+    --session \
+    --flush-all &
+
+#################
+# Clear the TPM #
+#################
+tpm2_startup -c -T tabrmd:bus_type=session
+
+########################
+# Declare the examples #
+########################
+examples=(
+    "duplication_secret"
+    "duplication"
+    "hmac"
+    "rsa_oaep"
+    "sealed_data_object"
+    "symmetric_file_encrypt_decrypt"
+)
+
+##########################################
+# Environment variables used by examples #
+##########################################
+export EXAMPLES_INITIAL_DATA_FILE="/tmp/rust-tss-esapi/tss-esapi/examples/symmetric_file_encrypt_decrypt_example.txt"
+
+####################
+# Run the examples #
+####################
+for e in ${examples[@]}; do
+    TEST_TCTI=tabrmd:bus_type=session RUST_BACKTRACE=1 RUST_LOG=info cargo run --example ${e}
+done