deps: fix RUSTSEC-2026-0097 by updating jwt-simple to 0.12.15 #3399
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: attestation-agent basic build and unit tests | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| paths: | |
| - 'attestation-agent/**' | |
| - '.github/workflows/aa_basic.yml' | |
| - 'Cargo.toml' | |
| - 'Cargo.lock' | |
| pull_request: | |
| paths: | |
| - 'attestation-agent/**' | |
| - '.github/workflows/aa_basic.yml' | |
| - 'Cargo.toml' | |
| - 'Cargo.lock' | |
| create: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| basic_ci: | |
| if: github.event_name != 'push' | |
| name: Check | |
| defaults: | |
| run: | |
| working-directory: ./attestation-agent | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| instance: | |
| - ubuntu-24.04 | |
| - ubuntu-24.04-s390x | |
| - ubuntu-24.04-arm | |
| include: | |
| - instance: ubuntu-24.04 | |
| make_args: "" | |
| cargo_test_opts: "--features openssl,rust-crypto,all-attesters,kbs,coco_as,ttrpc,grpc" | |
| - instance: ubuntu-24.04-s390x | |
| make_args: "ATTESTER=se-attester TEE_PLATFORM=se" | |
| cargo_test_opts: "--no-default-features --features openssl,passport,se-attester,kbs,coco_as" | |
| - instance: ubuntu-24.04-arm | |
| make_args: "ATTESTER=cca-attester TEE_PLATFORM=cca" | |
| cargo_test_opts: "--no-default-features --features openssl,rust-crypto,passport,cca-attester,kbs,coco_as,ttrpc,grpc" | |
| runs-on: ${{ matrix.instance }} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 | |
| with: | |
| egress-policy: audit | |
| - name: Code checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 1 | |
| - name: Install Rust toolchain | |
| uses: actions-rust-lang/setup-rust-toolchain@2b1f5e9b395427c92ee4e3331786ca3c37afe2d7 # v1.16.0 | |
| with: | |
| components: rustfmt, clippy | |
| - name: Install TPM dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libtss2-dev | |
| if: matrix.instance == 'ubuntu-24.04' | |
| - name: Install dm-verity dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libdevmapper-dev | |
| - name: Gnu build and install with ttrpc | |
| run: | | |
| mkdir -p ${HOME}/.local/bin | |
| eval make ttrpc=true ${MAKE_ARGS} && make install PREFIX=${HOME}/.local | |
| env: | |
| MAKE_ARGS: ${{ matrix.make_args }} | |
| - name: Musl build with all platform | |
| run: | | |
| make LIBC=musl ttrpc=true ATTESTER=none | |
| if: matrix.instance == 'ubuntu-24.04' | |
| - name: Run cargo test | |
| run: | | |
| sudo -E PATH=$PATH -s cargo test ${{ matrix.cargo_test_opts }} -p attestation-agent -p attester -p coco_keyprovider -p kbc -p kbs_protocol -p crypto -p resource_uri | |
| - name: Run cargo fmt check | |
| run: cargo fmt --all -- --check | |
| - name: Run rust lint check | |
| run: | | |
| sudo -E PATH=$PATH -s make lint |