Backport patches for usage of github actions

.github/actions/test-swtpm/action.yml

@@ -0,0 +1,46 @@
+runs:
+  using: "composite"
+  steps:
+    - name: Build and test
+      shell: bash
+      run: |
+        sudo apt-get -y install automake autoconf libtool libssl-dev sed make gawk \
+          sed bash dh-exec python3-pip libfuse-dev libglib2.0-dev libjson-glib-dev \
+          libgmp-dev expect libtasn1-dev socat findutils gnutls-dev gnutls-bin softhsm2 \
+          libseccomp-dev tss2 ${PACKAGES}
+        if [ ! -d libtpms ]; then
+          git clone https://github.com/stefanberger/libtpms;
+        fi
+        pushd libtpms
+          if [ -n "${LIBTPMS_GIT_CHECKOUT}" ]; then
+            git checkout "${LIBTPMS_GIT_CHECKOUT}" -b testing;
+          fi
+          CFLAGS="${LIBTPMS_CFLAGS:--g -O2}" LDFLAGS="${LIBTPMS_LDFLAGS}" \
+            ./autogen.sh --with-openssl --prefix=${LIBTPMS_PREFIX:-/usr} --with-tpm2 ${LIBTPMS_CONFIG}
+          make -j$(${NPROC:-nproc})
+          sudo make install
+        popd
+        ./autogen.sh ${CONFIG}
+        ${SUDO} make clean
+        export SWTPM_TEST_EXPENSIVE=${SWTPM_TEST_EXPENSIVE:-1}
+        export SWTPM_TEST_IBMTSS2=${SWTPM_TEST_IBMTSS2:-0}
+        export SWTPM_TEST_STORE_VOLATILE=${SWTPM_TEST_STORE_VOLATILE:-0}
+        set +e
+        ${SUDO:+${SUDO} -E} make -j$(${NPROC:-nproc}) ${CHECK} VERBOSE=1
+        if [ $? -ne 0 ]; then
+          for f in swtpm/tests/*.log; do echo ">>>>>>> $f <<<<<<<"; tail -n 50 $f; done
+          exit 1
+        fi
+        set -e
+        if [ -n "${COVERALLS_REPO_TOKEN}" ]; then
+          uidgid="$(id -nu):$(id -ng)"
+          sudo chown -R ${uidgid} ./
+          pip install setuptools==59.6.0  # Default Jammy version
+          pip install cpp-coveralls
+          cpp-coveralls -e libtpms --gcov-options '\-lp'
+        fi
+        if [ -n "${RUN_TEST}" ]; then
+          sudo make install
+          sudo ${PREFIX}/bin/swtpm_setup \
+                --tpmstate /tmp --create-ek-cert --create-platform-cert --tpm2 || exit 1
+        fi

.github/workflows/ci.yml

@@ -0,0 +1,77 @@
+name: Check
+
+on:
+  pull_request:
+    branches: [ "master", "stable-*" ]
+
+jobs:
+  test-distcheck:
+    runs-on: ubuntu-20.04
+    env:
+      PREFIX:   "/usr"
+      CONFIG:   "--with-openssl --prefix=/usr"
+      CHECK:    "distcheck"
+      RUN_TEST: "1"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build libtpms and swtpm and test
+        uses: ./.github/actions/test-swtpm
+
+  test-coveralls:
+    runs-on: ubuntu-22.04
+    env:
+      PREFIX:                    "/usr"
+      CONFIG:                    "--with-openssl --prefix=/usr --enable-test-coverage"
+      SUDO:                      "sudo"
+      CHECK:                     "check"
+      SWTPM_TEST_IBMTSS2:        "1"
+      SWTPM_TEST_STORE_VOLATILE: "1"
+      COVERALLS_REPO_TOKEN:      ${{ secrets.COVERALLS_REPO_TOKEN }}
+      PACKAGES:                  libtpm2-pkcs11-tools
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build libtpms and swtpm and test
+        uses: ./.github/actions/test-swtpm
+
+  test-asan-ubsan:
+    runs-on: ubuntu-20.04
+    env:
+      CFLAGS:         "-fsanitize=address,undefined -g -fno-omit-frame-pointer -fno-sanitize-recover"
+      LIBTPMS_CFLAGS: "-fsanitize=address,undefined -g -fno-omit-frame-pointer -fno-sanitize-recover"
+      LIBS:           "-lasan -lubsan"
+      ASAN_OPTIONS:   "halt_on_error=1"
+      UBSAN_OPTIONS:  "halt_on_error=1"
+      PREFIX:         "/usr"
+      CONFIG:         "--with-openssl --prefix=/usr --without-seccomp"
+      SUDO:           "sudo"
+      CHECK:          "check"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build libtpms and swtpm and test
+        uses: ./.github/actions/test-swtpm
+
+  test-asan-ubsan-non-openssl:
+    runs-on: ubuntu-20.04
+    env:
+      CFLAGS:         "-fsanitize=address,undefined -g -fno-omit-frame-pointer -fno-sanitize-recover"
+      LIBTPMS_CFLAGS: "-fsanitize=address,undefined -g -fno-omit-frame-pointer -fno-sanitize-recover"
+      LIBTPMS_CONFIG: "--disable-use-openssl-functions"
+      LIBS:           "-lasan -lubsan"
+      ASAN_OPTIONS:   "halt_on_error=1"
+      UBSAN_OPTIONS:  "halt_on_error=1"
+      PREFIX:         "/usr"
+      CONFIG:         "--with-openssl --prefix=/usr --without-seccomp"
+      SUDO:           "sudo"
+      CHECK:          "check"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build libtpms and swtpm and test
+        uses: ./.github/actions/test-swtpm

.github/workflows/docker.yaml

@@ -10,15 +10,6 @@ on:
 
 jobs:
 
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: hadolint/hadolint-action@v3.1.0
-        with:
-          recursive: true
-          ignore: DL3018
-
   build:
     runs-on: ubuntu-latest
     permissions:
@@ -32,6 +23,12 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Run linter
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          recursive: true
+          ignore: DL3018
+
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
         uses: docker/setup-buildx-action@v3.0.0
@@ -74,34 +71,3 @@ jobs:
           platforms: linux/amd64
           #platforms: linux/amd64,linux/arm/v7,linux/arm/v6
           no-cache: true
-
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3.0.0
-      - name: Start containers
-        run: |
-          sudo apt-get install -y docker-compose
-          docker-compose up --build --force-recreate --detach
-      - name: Run Tests
-        run: |
-          set -x
-          docker-compose ps
-          name=$(docker-compose ps | grep swtpm-test | awk '{print $1}')
-          rc=$(docker wait "${name}")
-          if [ "${rc}" != "0" ]; then
-            echo "test failed:"
-            docker logs "${name}"
-            exit 1
-          fi
-
-      - name: Logs
-        if: always()
-        run: docker-compose logs
-
-      - name: Stop containers
-        if: always()
-        run: docker-compose down
-