name: AWS SNP Launch Measurement on: schedule: # Run daily at 22:00. - cron: '0 22 * * *' workflow_dispatch: jobs: run: runs-on: ubuntu-22.04 steps: - name: Checkout repository uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: ref: ${{ github.head_ref }} - name: Install necessary tools run: | sudo apt-get update sudo apt-get install -y python3 python3-pip sudo python3 -m pip install --user --require-hashes -r .github/workflows/aws-snp-launchmeasurements-requirements.txt - name: Install Nix uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # v22 - name: Download Firmware release id: download-firmware uses: robinraju/release-downloader@efa4cd07bd0195e6cc65e9e30c251b49ce4d3e51 # tag=v1.8 with: repository: aws/uefi latest: true zipBall: true - name: Build UEFI firmware id: build-uefi shell: bash run: | # Unzip into a extra dir so that we can find "default.nix" and make sure we end up in the right directory. mkdir aws-uefi zipLocation=$(find . -name "uefi-*.zip") unzip -d aws-uefi "$zipLocation" buildfilePath="$(find aws-uefi -name 'default.nix')" pushd "$(dirname "$buildfilePath")" || exit 1 nix-build --pure ovmfPath=$(realpath result/ovmf_img.fd) echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT" - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: repository: IBM/sev-snp-measure.git ref: main path: sev-snp-measure - name: Run sev-snp-measure shell: bash run: | pushd sev-snp-measure || exit 1 echo '[]' > intermediate.json for vcpus in 2 4 8 16 32 48 64; do measurement="$(./sev-snp-measure.py --mode snp --vmm-type=ec2 --vcpus="$vcpus" --ovmf=${{ steps.build-uefi.outputs.ovmfPath }})" jq --arg vcpus "$vcpus" --arg measurement "$measurement" '. += [{"vcpus": $vcpus, "measurement": $measurement}]' intermediate.json > measurements.json cp measurements.json intermediate.json done jq < measurements.json