diff --git a/.dockerignore b/.dockerignore index f82d6e8b32..e77752005c 100644 --- a/.dockerignore +++ b/.dockerignore @@ -8,6 +8,7 @@ docs/ local-setup/ scripts/ target/ +enclave-runtime/target/ tmp/ *.Dockerfile Dockerfile \ No newline at end of file diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index d961435ce7..14f856713c 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -56,6 +56,8 @@ jobs: - name: Set env run: | + fingerprint=$RANDOM + echo "FINGERPRINT=$fingerprint" >> $GITHUB_ENV if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then echo "DOCKER_DEVICES=--device=/dev/sgx/enclave --device=/dev/sgx/provision" >> $GITHUB_ENV echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd" >> $GITHUB_ENV @@ -76,7 +78,7 @@ jobs: run: > docker build -t integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} --target deployed-worker - --build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }} --build-arg SGX_MODE=${{ matrix.sgx_mode }} + --build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg FINGERPRINT=${FINGERPRINT} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }} --build-arg SGX_MODE=${{ matrix.sgx_mode }} -f build.Dockerfile . - name: Build CLI client @@ -278,6 +280,7 @@ jobs: fi docker tag integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.WORKER_IMAGE_TAG }} docker tag integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.CLIENT_IMAGE_TAG }} + docker pull integritee/integritee-node-dev:1.0.33 docker tag integritee/integritee-node-dev:1.0.33 ${{ env.INTEGRITEE_NODE }} docker images --all diff --git a/build.Dockerfile b/build.Dockerfile index 466c02ebe6..214af47795 100644 --- a/build.Dockerfile +++ b/build.Dockerfile @@ -1,3 +1,4 @@ +# syntax=docker/dockerfile:experimental # Copyright 2021 Integritee AG # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,49 +16,17 @@ # This is a multi-stage docker file, where the first stage is used # for building and the second deploys the built application. -### Builder Stage -################################################## -FROM integritee/integritee-dev:0.2.1 AS builder -LABEL maintainer="zoltan@integritee.network" - -# set environment variables -ENV SGX_SDK /opt/sgxsdk -ENV PATH "$PATH:${SGX_SDK}/bin:${SGX_SDK}/bin/x64:/opt/rust/bin//bin" -ENV PKG_CONFIG_PATH "${PKG_CONFIG_PATH}:${SGX_SDK}/pkgconfig" -ENV LD_LIBRARY_PATH "${LD_LIBRARY_PATH}:${SGX_SDK}/sdk_libs" -ENV CARGO_NET_GIT_FETCH_WITH_CLI true - -# Default SGX MODE is software mode -ARG SGX_MODE=SW -ENV SGX_MODE=$SGX_MODE - -ENV HOME=/home/ubuntu/work - -ARG WORKER_MODE_ARG -ENV WORKER_MODE=$WORKER_MODE_ARG - -ARG ADDITIONAL_FEATURES_ARG -ENV ADDITIONAL_FEATURES=$ADDITIONAL_FEATURES_ARG - -WORKDIR $HOME/worker -COPY . . - -RUN make - -RUN cargo test --release - - -### Cached Builder Stage (WIP) +### Cached Builder Stage ################################################## # A builder stage that uses sccache to speed up local builds with docker # Installation and setup of sccache should be moved to the integritee-dev image, so we don't # always need to compile and install sccache on CI (where we have no caching so far). -FROM integritee/integritee-dev:0.2.1 AS cached-builder +FROM integritee/integritee-dev:0.2.1 AS builder LABEL maintainer="zoltan@integritee.network" # set environment variables ENV SGX_SDK /opt/sgxsdk -ENV PATH "$PATH:${SGX_SDK}/bin:${SGX_SDK}/bin/x64:/opt/rust/bin/bin" +ENV PATH "$PATH:${SGX_SDK}/bin:${SGX_SDK}/bin/x64:/opt/rust/bin" ENV PKG_CONFIG_PATH "${PKG_CONFIG_PATH}:${SGX_SDK}/pkgconfig" ENV LD_LIBRARY_PATH "${LD_LIBRARY_PATH}:${SGX_SDK}/sdk_libs" ENV CARGO_NET_GIT_FETCH_WITH_CLI true @@ -66,23 +35,31 @@ ENV CARGO_NET_GIT_FETCH_WITH_CLI true ARG SGX_MODE=SW ENV SGX_MODE=$SGX_MODE -ENV HOME=/home/ubuntu/work +ENV WORKHOME=/home/ubuntu/work +ENV HOME=/home/ubuntu + +RUN rustup default stable +RUN cargo install sccache -RUN rustup default stable && cargo install sccache -ENV SCCACHE_CACHE_SIZE="3G" +ENV SCCACHE_CACHE_SIZE="20G" ENV SCCACHE_DIR=$HOME/.cache/sccache ENV RUSTC_WRAPPER="/opt/rust/bin/sccache" ARG WORKER_MODE_ARG +ARG ADDITIONAL_FEATURES_ARG ENV WORKER_MODE=$WORKER_MODE_ARG +ENV ADDITIONAL_FEATURES=$ADDITIONAL_FEATURES_ARG -WORKDIR $HOME/worker -COPY . . +ARG FINGERPRINT=none -RUN --mount=type=cache,id=cargo,target=${HOME}/.cache/sccache make && sccache --show-stats +WORKDIR $WORKHOME/worker -RUN --mount=type=cache,id=cargo,target=${HOME}/.cache/sccache cargo test --release && sccache --show-stats +COPY . . +RUN --mount=type=cache,id=cargo-registry,target=/opt/rust/registry \ + --mount=type=cache,id=cargo-git,target=/opt/rust/git/db \ + --mount=type=cache,id=cargo-sccache-${WORKER_MODE}${ADDITIONAL_FEATURES},target=/home/ubuntu/.cache/sccache \ + echo ${FINGERPRINT} && make && cargo test --release && sccache --show-stats ### Base Runner Stage ### The runner needs the aesmd service for the `SGX_MODE=HW`.