From 99f06702c232b773ede7ff055d617cb8db423b48 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Fri, 13 Dec 2024 19:41:17 -0500
Subject: [PATCH] ci: Add github actions to replace Travis

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .github/actions/test-swtpm/action.yml | 46 ++++++++++++++
 .github/workflows/ci.yml              | 90 +++++++++++++++++++++++++++
 2 files changed, 136 insertions(+)
 create mode 100644 .github/actions/test-swtpm/action.yml
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/actions/test-swtpm/action.yml b/.github/actions/test-swtpm/action.yml
new file mode 100644
index 000000000..24e8c0e93
--- /dev/null
+++ b/.github/actions/test-swtpm/action.yml
@@ -0,0 +1,46 @@
+runs:
+  using: "composite"
+  steps:
+    - name: Build and test
+      shell: bash
+      run: |
+        sudo apt-get -y install automake autoconf libtool libssl-dev sed make gawk \
+          sed bash dh-exec python3-pip libfuse-dev libglib2.0-dev libjson-glib-dev \
+          libgmp-dev expect libtasn1-dev socat findutils gnutls-dev gnutls-bin softhsm2 \
+          libseccomp-dev tss2
+        if [ ! -d libtpms ]; then
+          git clone https://github.com/stefanberger/libtpms;
+        fi
+        pushd libtpms
+          if [ -n "${LIBTPMS_GIT_CHECKOUT}" ]; then
+            git checkout "${LIBTPMS_GIT_CHECKOUT}" -b testing;
+          fi
+          CFLAGS="${LIBTPMS_CFLAGS:--g -O2}" LDFLAGS="${LIBTPMS_LDFLAGS}" \
+            ./autogen.sh --with-openssl --prefix=${LIBTPMS_PREFIX:-/usr} --with-tpm2 ${LIBTPMS_CONFIG}
+          make -j$(${NPROC:-nproc})
+          sudo make install
+        popd
+        ./autogen.sh ${CONFIG}
+        ${SUDO} make clean
+        export SWTPM_TEST_EXPENSIVE=${SWTPM_TEST_EXPENSIVE:-1}
+        export SWTPM_TEST_IBMTSS2=${SWTPM_TEST_IBMTSS2:-0}
+        export SWTPM_TEST_STORE_VOLATILE=${SWTPM_TEST_STORE_VOLATILE:-0}
+        set +e
+        ${SUDO} make -j$(${NPROC:-nproc}) ${CHECK} VERBOSE=1
+        if [ $? -ne 0 ]; then
+          for f in swtpm/tests/*.log; do echo ">>>>>>> $f <<<<<<<"; tail -n 50 $f; done
+          exit 1
+        fi
+        set -e
+        if [ -n "${COVERALLS_REPO_TOKEN}" ]; then
+          uidgid="$(id -nu):$(id -ng)"
+          sudo chown -R ${uidgid} ./
+          pip install setuptools==59.6.0  # Default Jammy version
+          pip install cpp-coveralls
+          cpp-coveralls -e libtpms --gcov-options '\-lp'
+        fi
+        if [ -n "${RUN_TEST}" ]; then
+          sudo make install
+          sudo ${PREFIX}/bin/swtpm_setup \
+                --tpmstate /tmp --create-ek-cert --create-platform-cert --tpm2 || exit 1
+        fi
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 000000000..8dd0d7d96
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,90 @@
+name: Check
+
+on:
+  pull_request:
+    branches: [ "master", "stable-*" ]
+
+jobs:
+  test-distcheck:
+    runs-on: ubuntu-20.04
+    env:
+      PREFIX:   "/usr"
+      CONFIG:   "--with-openssl --prefix=/usr"
+      CHECK:    "distcheck"
+      RUN_TEST: "1"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build libtpms and swtpm and test
+        uses: ./.github/actions/test-swtpm
+
+  test-coveralls:
+    runs-on: ubuntu-22.04
+    env:
+      PREFIX:               "/usr"
+      CONFIG:               "--with-openssl --prefix=/usr --enable-test-coverage"
+      CHECK:                "check"
+      SWTPM_TEST_IBMTSS2:   "1"
+      COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build libtpms and swtpm and test
+        uses: ./.github/actions/test-swtpm
+
+  test-asan:
+    runs-on: ubuntu-20.04
+    env:
+      CFLAGS:         "-fsanitize=address -g -fno-omit-frame-pointer -fno-sanitize-recover"
+      LIBTPMS_CFLAGS: "-fsanitize=address -g -fno-omit-frame-pointer -fno-sanitize-recover"
+      LIBS:           "-lasan"
+      ASAN_OPTIONS:   "halt_on_error=1"
+      PREFIX:         "/usr"
+      CONFIG:         "--with-openssl --prefix=/usr --without-seccomp"
+      SUDO:           "sudo"
+      CHECK:          "check"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build libtpms and swtpm and test
+        uses: ./.github/actions/test-swtpm
+
+  test-asan-non-openssl:
+    runs-on: ubuntu-20.04
+    env:
+      CFLAGS:         "-fsanitize=address -g -fno-omit-frame-pointer -fno-sanitize-recover"
+      LIBTPMS_CFLAGS: "-fsanitize=address -g -fno-omit-frame-pointer -fno-sanitize-recover"
+      LIBTPMS_CONFIG: "--disable-use-openssl-functions"
+      LIBS:           "-lasan"
+      ASAN_OPTIONS:   "halt_on_error=1"
+      PREFIX:         "/usr"
+      CONFIG:         "--with-openssl --prefix=/usr --without-seccomp"
+      SUDO:           "sudo"
+      CHECK:          "check"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build libtpms and swtpm and test
+        uses: ./.github/actions/test-swtpm
+
+  test-ubsan:
+    runs-on: ubuntu-20.04
+    env:
+      CFLAGS:         "-fsanitize=undefined -g -fno-omit-frame-pointer -fno-sanitize-recover"
+      LIBTPMS_CFLAGS: "-fsanitize=undefined -g -fno-omit-frame-pointer -fno-sanitize-recover"
+      LIBS:           "-lubsan"
+      UBSAN_OPTIONS:  "halt_on_error=1"
+      PREFIX:         "/usr"
+      CONFIG:         "--with-openssl --prefix=/usr"
+      SUDO:           "sudo"
+      CHECK:          "check"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build libtpms and swtpm and test
+        uses: ./.github/actions/test-swtpm