From 5ec042012807213fb1d96bb40faa5854b28f56d8 Mon Sep 17 00:00:00 2001
From: Xynnn007 <xynnn@linux.alibaba.com>
Date: Mon, 20 Nov 2023 14:55:52 +0800
Subject: [PATCH 1/4] cdh/hub: fix document

The code block is not rusty, they are only examples for kernel cmdlines

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
---
 confidential-data-hub/hub/src/auth/kbs.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/confidential-data-hub/hub/src/auth/kbs.rs b/confidential-data-hub/hub/src/auth/kbs.rs
index e22e5f609..afd95f21e 100644
--- a/confidential-data-hub/hub/src/auth/kbs.rs
+++ b/confidential-data-hub/hub/src/auth/kbs.rs
@@ -8,12 +8,12 @@
 //!
 //! For the first implementation, it is assumed that all the resource
 //! ids are from the kernel commandline in the following format:
-//! ```
+//! ```shell
 //! cdh.kbs_resources=<resource id 1>::<target path 1>,<resource id 2>::<target path 2>...
 //! ```
 //!
 //! for example
-//! ```
+//! ```shell
 //! cdh.kbs_resources=kbs:///default/key/1::/run/temp1,kbs:///default/key/2::/run/temp2
 //! ```
 //!

From 76ff34727c649afd2b99d6c515ffa47defc96de3 Mon Sep 17 00:00:00 2001
From: Xynnn007 <xynnn@linux.alibaba.com>
Date: Mon, 20 Nov 2023 14:58:17 +0800
Subject: [PATCH 2/4] cdh/kms/aliyun: fix unit test

If we want to ignore every test case in `rstest`, we should add `ignore`
macro to every case.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
---
 confidential-data-hub/kms/src/plugins/aliyun/client.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/confidential-data-hub/kms/src/plugins/aliyun/client.rs b/confidential-data-hub/kms/src/plugins/aliyun/client.rs
index 297b6b22f..9bbf12f9e 100644
--- a/confidential-data-hub/kms/src/plugins/aliyun/client.rs
+++ b/confidential-data-hub/kms/src/plugins/aliyun/client.rs
@@ -317,9 +317,10 @@ mod tests {
 
     use crate::{plugins::aliyun::client::AliyunKmsClient, Decrypter, Encrypter};
 
-    #[ignore]
     #[rstest]
+    #[ignore]
     #[case(b"this is a test plaintext")]
+    #[ignore]
     #[case(b"this is a another test plaintext")]
     #[tokio::test]
     async fn key_lifetime(#[case] plaintext: &[u8]) {

From 2958a3f84857b18dc9b65ef1adaf31a4e0f49bd6 Mon Sep 17 00:00:00 2001
From: Xynnn007 <xynnn@linux.alibaba.com>
Date: Mon, 20 Nov 2023 17:16:40 +0800
Subject: [PATCH 3/4] ci: add basic ci for CDH

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
---
 .github/workflows/cdh_basic.yml | 78 +++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 .github/workflows/cdh_basic.yml

diff --git a/.github/workflows/cdh_basic.yml b/.github/workflows/cdh_basic.yml
new file mode 100644
index 000000000..201578fee
--- /dev/null
+++ b/.github/workflows/cdh_basic.yml
@@ -0,0 +1,78 @@
+name: confidential-data-hub basic build and unit tests
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - 'confidential-data-hub/**'
+      - '.github/workflows/cdh_basic.yml'
+      - 'Cargo.toml'
+  pull_request:
+    paths:
+      - 'confidential-data-hub/**'
+      - '.github/workflows/cdh_basic.yml'
+      - 'Cargo.toml'
+  create:
+  workflow_dispatch:
+
+jobs:
+  basic_ci:
+    name: Check
+    defaults:
+      run:
+        working-directory: ./confidential-data-hub
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        rust:
+          - stable
+    steps:
+      - name: Code checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Install Rust toolchain (${{ matrix.rust }})
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: ${{ matrix.rust }}
+          override: true
+          components: rustfmt, clippy
+
+      - name: Install protoc
+        run: |
+          sudo apt-get update && sudo apt-get install -y protobuf-compiler
+
+      - name: Build and install
+        run: |
+          make && make install
+
+      - name: Musl build
+        run: |
+          make LIBC=musl
+
+      - name: s390x build
+        run:
+          make ARCH=s390x
+
+      - name: Run cargo test
+        uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: --features kbs,aliyun,sev,bin -p kms -p confidential-data-hub -p secret -p image
+
+      - name: Run cargo fmt check
+        uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+          args: -p kms -p confidential-data-hub -p secret -p image -- --check
+
+      - name: Run rust lint check
+        uses: actions-rs/cargo@v1
+        with:
+          command: clippy
+          # We are getting error in generated code due to derive_partial_eq_without_eq check, so ignore it for now
+          args: -p kms -p confidential-data-hub -p secret -p image -- -D warnings -A clippy::derive-partial-eq-without-eq 

From 64b4ddd09a446e61bf80e0c40bd64806327792e2 Mon Sep 17 00:00:00 2001
From: Xynnn007 <xynnn@linux.alibaba.com>
Date: Mon, 20 Nov 2023 17:33:49 +0800
Subject: [PATCH 4/4] cdh/kms/aliyun: fix lint error

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
---
 confidential-data-hub/kms/src/plugins/aliyun/client.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/confidential-data-hub/kms/src/plugins/aliyun/client.rs b/confidential-data-hub/kms/src/plugins/aliyun/client.rs
index 9bbf12f9e..28c8d2e70 100644
--- a/confidential-data-hub/kms/src/plugins/aliyun/client.rs
+++ b/confidential-data-hub/kms/src/plugins/aliyun/client.rs
@@ -224,9 +224,9 @@ impl Decrypter for AliyunKmsClient {
 }
 
 impl AliyunKmsClient {
-    const API_VERSION: &str = "dkms-gcs-0.2";
-    const SIGNATURE_METHOD: &str = "RSA_PKCS1_SHA_256";
-    const CONTENT_TYPE: &str = "application/x-protobuf";
+    const API_VERSION: &'static str = "dkms-gcs-0.2";
+    const SIGNATURE_METHOD: &'static str = "RSA_PKCS1_SHA_256";
+    const CONTENT_TYPE: &'static str = "application/x-protobuf";
 
     fn build_headers(&self, api_name: &str, body: &[u8]) -> anyhow::Result<HeaderMap> {
         let mut headers = HeaderMap::new();