ci: Enable ci tests on arm64

Signed-off-by: Seunguk Shin <[email protected]>

.github/workflows/aa_basic.yml

@@ -37,13 +37,17 @@ jobs:
         instance:
           - ubuntu-24.04
           - s390x
+          - ubuntu-24.04-arm
         include:
           - instance: ubuntu-24.04
             make_args: ""
             cargo_test_opts: "--features openssl,rust-crypto,all-attesters,kbs,coco_as,ttrpc,grpc"
           - instance: s390x
             make_args: "ATTESTER=se-attester TEE_PLATFORM=se"
             cargo_test_opts: "--no-default-features --features openssl,passport,se-attester,kbs,coco_as"
+          - instance: ubuntu-24.04-arm
+            make_args: "ATTESTER=cca-attester TEE_PLATFORM=cca"
+            cargo_test_opts: "--no-default-features --features openssl,rust-crypto,passport,cca-attester,kbs,coco_as,ttrpc,grpc"
     runs-on: ${{ matrix.instance }}
     steps:
       - name: Code checkout

.github/workflows/aa_cc_kbc.yml

@@ -29,17 +29,26 @@ jobs:
     defaults:
       run:
         working-directory: ./attestation-agent
-    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
         rust:
           - stable
-        attester:
-          - snp-attester
-          - tdx-attester
-          - az-snp-vtpm-attester
-          - az-tdx-vtpm-attester
+        instance:
+          - ubuntu-24.04
+          - ubuntu-24.04-arm
+        include:
+          - instance: ubuntu-24.04
+            attester: snp-attester
+          - instance: ubuntu-24.04
+            attester: tdx-attester
+          - instance: ubuntu-24.04
+            attester: az-snp-vtpm-attester
+          - instance: ubuntu-24.04
+            attester: az-tdx-vtpm-attester
+          - instance: ubuntu-24.04-arm
+            attester: cca-attester
+    runs-on: ${{ matrix.instance }}
     steps:
       - name: Code checkout
         uses: actions/checkout@v4
@@ -57,11 +66,13 @@ jobs:
       - uses: ./.github/actions/install-intel-dcap
         with:
           ubuntu-version: noble
+        if: matrix.instance == 'ubuntu-24.04'
 
       - name: Install TPM dependencies
         run: |
           sudo apt-get update
           sudo apt-get install -y libtss2-dev
+        if: matrix.instance == 'ubuntu-24.04'
 
       - name: Install protoc
         run: |

.github/workflows/aa_crypto.yml

@@ -25,13 +25,16 @@ jobs:
     defaults:
       run:
         working-directory: ./attestation-agent
-    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
+        instance:
+          - ubuntu-24.04
+          - ubuntu-24.04-arm
         suites:
           - rust-crypto
           - openssl
+    runs-on: ${{ matrix.instance }}
 
     steps:
       - name: Code checkout

.github/workflows/aa_release.yml

@@ -13,6 +13,12 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
@@ -25,6 +31,6 @@ jobs:
         with:
           context: .
           file: ./attestation-agent/docker/Dockerfile.keyprovider
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ghcr.io/confidential-containers/staged-images/coco-keyprovider:${{ github.sha }}, ghcr.io/confidential-containers/staged-images/coco-keyprovider:latest

.github/workflows/aa_sample_keyprovider.yml

@@ -21,12 +21,15 @@ jobs:
   coco_keyprovider_ci:
     if: github.event_name != 'push'
     name: Check
-    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
         rust:
           - stable
+        instance:
+          - ubuntu-24.04
+          - ubuntu-24.04-arm
+    runs-on: ${{ matrix.instance }}
 
     steps:
       - name: Code checkout

.github/workflows/api-server-rest-basic.yml

@@ -35,6 +35,7 @@ jobs:
         instance:
           - ubuntu-24.04
           - s390x
+          - ubuntu-24.04-arm
         rust:
           - stable
     runs-on: ${{ matrix.instance }}
@@ -63,7 +64,7 @@ jobs:
       - name: Musl build with default features
         run: |
           make LIBC=musl
-        if: matrix.instance == 'ubuntu-24.04'
+        if: ${{ startsWith(matrix.instance, 'ubuntu-24.04') }}
 
       - name: Run cargo test
         uses: actions-rs/cargo@v1

.github/workflows/cdh_basic.yml

@@ -35,6 +35,7 @@ jobs:
         instance:
           - ubuntu-24.04
           - s390x
+          - ubuntu-24.04-arm
         rust:
           - stable
     runs-on: ${{ matrix.instance }}
@@ -63,7 +64,7 @@ jobs:
       - name: Musl build
         run: |
           make LIBC=musl
-        if: matrix.instance == 'ubuntu-24.04'
+        if: ${{ startsWith(matrix.instance, 'ubuntu-24.04') }}
 
       - name: Run cargo test
         run: |

.github/workflows/image_rs_build.yml

@@ -37,6 +37,7 @@ jobs:
         instance:
           - ubuntu-24.04
           - s390x
+          - ubuntu-24.04-arm
     runs-on: ${{ matrix.instance }}
     steps:
       - name: Code checkout
@@ -142,4 +143,4 @@ jobs:
       - name: Run cargo test - kata-cc (native-tls version) with keywrap-ttrpc (default) + keywrap-jwe + nydus
         run: |
           sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=kata-cc-native-tls,keywrap-jwe,nydus
-        if: matrix.instance == 'ubuntu-24.04'
+        if: ${{ startsWith(matrix.instance, 'ubuntu-24.04') }}

.github/workflows/ocicrypt_rs_build.yml

@@ -25,13 +25,16 @@ jobs:
   ci:
     if: github.event_name != 'push'
     name: Check
-    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
+        instance:
+          - ubuntu-24.04
+          - ubuntu-24.04-arm
         rust:
           - 1.83.0
           - stable
+    runs-on: ${{ matrix.instance }}
 
     steps:
       - name: Code checkout

.github/workflows/trustee-attester.yml

@@ -28,11 +28,14 @@ jobs:
         instance:
           - ubuntu-24.04
           - s390x
+          - ubuntu-24.04-arm
         include:
           - instance: ubuntu-24.04
             cargo_test_opts: "-p kbs_protocol --bin trustee-attester --no-default-features --features background_check,passport,openssl,all-attesters,bin"
           - instance: s390x
             cargo_test_opts: "-p kbs_protocol --bin trustee-attester --no-default-features --features background_check,passport,openssl,se-attester,bin"
+          - instance: ubuntu-24.04-arm
+            cargo_test_opts: "-p kbs_protocol --bin trustee-attester --no-default-features --features background_check,passport,openssl,cca-attester,bin"
     runs-on: ${{ matrix.instance }}
     steps:
       - name: Code checkout

attestation-agent/Makefile

@@ -108,8 +108,8 @@ else
     features := $(features),rust-crypto
 endif
 
-ifeq ($(ARCH), s390x)
-    LINT_OPTION = lint-s390x
+ifeq ($(ARCH), $(filter $(ARCH), s390x aarch64))
+    LINT_OPTION = lint-$(ARCH)
 else
     LINT_OPTION = lint-default
 endif
@@ -128,6 +128,9 @@ lint-default:
 lint-s390x:
 	cd attestation-agent && cargo clippy --no-default-features --features openssl,kbs,coco_as,bin,grpc,ttrpc
 
+lint-aarch64:
+	cd attestation-agent && cargo clippy --no-default-features --features openssl,rust-crypto,cca-attester,kbs,coco_as,bin,grpc,ttrpc
+
 install: 
 	install -D -m0755 $(TARGET) $(DESTDIR)/$(BIN_NAME)
 

attestation-agent/docker/Dockerfile.keyprovider

@@ -1,7 +1,7 @@
 # Copyright (c) 2023 by Alibaba.
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
-FROM rust:1.75-slim-bookworm as builder
+FROM rust:1.84-slim-bookworm as builder
 
 LABEL org.opencontainers.image.source="https://github.com/confidential-containers/guest-components/blob/main/attestation-agent/docker/Dockerfile.keyprovider"