Skip to content

Commit

Permalink
Merge pull request #63 from olisystems/cl/merge-upstream
Browse files Browse the repository at this point in the history 
Merge upstream: add mrenclave publishing form CI
  • Loading branch information
@clangenb
clangenb authored Nov 1, 2023
2 parents b1bd9aa + fa900d6 commit cff2fe0
Show file tree
Hide file tree
Showing 47 changed files with 1,023 additions and 297 deletions.
132 changes: 80 additions & 52 deletions .github/workflows/build_and_test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ jobs:
run: |
fingerprint=$RANDOM
echo "FINGERPRINT=$fingerprint" >> $GITHUB_ENV
SGX_MODE_LOWERCASE=$(echo "${${{ matrix.sgx_mode }},,}")
echo "IMAGE_SUFFIX=$SGX_MODE_LOWERCASE-${{ matrix.flavor_id }}-${{ github.sha }}" >> $GITHUB_ENV
if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
echo "DOCKER_DEVICES=--device=/dev/sgx/enclave --device=/dev/sgx/provision" >> $GITHUB_ENV
echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd --volume /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" >> $GITHUB_ENV
Expand All @@ -64,7 +66,7 @@ jobs:
env:
DOCKER_BUILDKIT: 1
run: >
docker build -t integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}
docker build -t integritee-worker-${{ env.IMAGE_SUFFIX }}
--target deployed-worker
--build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg FINGERPRINT=${FINGERPRINT} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }} --build-arg SGX_MODE=${{ matrix.sgx_mode }}
-f build.Dockerfile .
Expand All @@ -73,78 +75,100 @@ jobs:
env:
DOCKER_BUILDKIT: 1
run: >
docker build -t integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}
docker build -t integritee-cli-client-${{ env.IMAGE_SUFFIX }}
--target deployed-client
--build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg FINGERPRINT=${FINGERPRINT} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }}
-f build.Dockerfile .
- run: docker images --all

- name: Test Enclave # cargo test is not supported in the enclave, see: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/232
run: docker run ${{ env.DOCKER_DEVICES }} ${{ env.DOCKER_VOLUMES }} integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} test --all
run: docker run ${{ env.DOCKER_DEVICES }} ${{ env.DOCKER_VOLUMES }} integritee-worker-${{ env.IMAGE_SUFFIX }} test --all

- name: Export worker image(s)
run: |
docker image save integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} | gzip > integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
docker image save integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} | gzip > integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
docker image save integritee-worker-${{ env.IMAGE_SUFFIX }} | gzip > integritee-worker-${{ env.IMAGE_SUFFIX }}.tar.gz
docker image save integritee-cli-client-${{ env.IMAGE_SUFFIX }} | gzip > integritee-cli-client-${{ env.IMAGE_SUFFIX }}.tar.gz
- name: Upload worker image
uses: actions/upload-artifact@v3
with:
name: integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
path: integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
name: integritee-worker-${{ env.IMAGE_SUFFIX }}.tar.gz
path: integritee-worker-${{ env.IMAGE_SUFFIX }}.tar.gz

- name: Upload CLI client image
uses: actions/upload-artifact@v3
with:
name: integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
path: integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
name: integritee-cli-client-${{ env.IMAGE_SUFFIX }}.tar.gz
path: integritee-cli-client-${{ env.IMAGE_SUFFIX }}.tar.gz

- name: Create Enclave Digest File
run: |
mrenclave_hex=$(docker run integritee-worker-${{ env.IMAGE_SUFFIX }} mrenclave | grep -oP ':\s*\K[a-fA-F0-9]+')
echo "$mrenclave_hex" > mrenclave-${{ env.IMAGE_SUFFIX }}.hex
- name: Upload Enclave Digest File
uses: actions/upload-artifact@v3
with:
name: mrenclave-${{ env.IMAGE_SUFFIX }}.hex
path: mrenclave-${{ env.IMAGE_SUFFIX }}.hex

- name: Delete images
run: |
if [[ "$(docker images -q integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} 2> /dev/null)" != "" ]]; then
docker image rmi --force integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} 2>/dev/null
if [[ "$(docker images -q integritee-worker-${{ env.IMAGE_SUFFIX }} 2> /dev/null)" != "" ]]; then
docker image rmi --force integritee-worker-${{ env.IMAGE_SUFFIX }} 2>/dev/null
fi
if [[ "$(docker images -q integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} 2> /dev/null)" != "" ]]; then
docker image rmi --force integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} 2>/dev/null
if [[ "$(docker images -q integritee-cli-client-${{ env.IMAGE_SUFFIX }} 2> /dev/null)" != "" ]]; then
docker image rmi --force integritee-cli-client-${{ env.IMAGE_SUFFIX }} 2>/dev/null
fi
docker images --all
clippy:
code-quality:
runs-on: ubuntu-latest
container: "integritee/integritee-dev:0.2.2"
strategy:
fail-fast: false
matrix:
check: [
# Worker
# Use release mode as the CI runs out of disk space otherwise.
cargo clippy --release -- -D warnings,
cargo clippy --release --features evm -- -D warnings,
cargo clippy --release --features sidechain -- -D warnings,
cargo clippy --release --features teeracle -- -D warnings,
cargo clippy --release --features offchain-worker -- -D warnings,

# Enclave
cd enclave-runtime && cargo clippy -- -D warnings,
cd enclave-runtime && cargo clippy --features evm -- -D warnings,
cd enclave-runtime && cargo clippy --features sidechain -- -D warnings,
cd enclave-runtime && cargo clippy --features teeracle -- -D warnings,
cd enclave-runtime && cargo clippy --features offchain-worker -- -D warnings,

# Fmt
cargo fmt --all -- --check,
cd enclave-runtime && cargo fmt --all -- --check,
]
steps:
- uses: actions/checkout@v3
- name: init rust
# enclave is not in the same workspace
- name: init-rust-target
# Enclave is not in the same workspace
run: rustup show && cd enclave-runtime && rustup show

- name: Clippy default features
run: cargo clippy -- -D warnings
- name: Enclave # Enclave is separate as it's not in the workspace
run: cd enclave-runtime && cargo clippy -- -D warnings

- name: Clippy with Offchain-worker feature
run: |
cargo clippy --features offchain-worker -- -D warnings
cd enclave-runtime && cargo clippy --features offchain-worker -- -D warnings
- uses: Swatinem/rust-cache@v2
with:
key: ${{ matrix.check }}

- name: Fail-fast; cancel other jobs
if: failure()
uses: andymckay/cancel-action@0.3
- name: ${{ matrix.check }}
run: ${{ matrix.check }}

fmt:
toml-fmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: init rust
run: rustup show

- name: Worker & Client
run: cargo fmt --all -- --check
- name: Enclave # Enclave is separate as it's not in the workspace
run: cd enclave-runtime && cargo fmt --all -- --check

- name: Install taplo
run: cargo install taplo-cli --locked
- name: Cargo.toml fmt
Expand Down Expand Up @@ -178,6 +202,8 @@ jobs:
- name: Set env
run: |
version=$RANDOM
SGX_MODE_LOWERCASE=$(echo "${${{ matrix.sgx_mode }},,}")
echo "IMAGE_SUFFIX=$SGX_MODE_LOWERCASE-${{ matrix.flavor_id }}-${{ github.sha }}" >> $GITHUB_ENV
echo "FLAVOR_ID=${{ matrix.flavor_id }}" >> $GITHUB_ENV
echo "PROJECT=${{ matrix.flavor_id }}-${{ matrix.demo_name }}" >> $GITHUB_ENV
echo "VERSION=dev.$version" >> $GITHUB_ENV
Expand All @@ -196,21 +222,21 @@ jobs:
- name: Download Worker Image
uses: actions/download-artifact@v3
with:
name: integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
name: integritee-worker-${{ env.IMAGE_SUFFIX }}.tar.gz
path: .

- name: Download CLI client Image
uses: actions/download-artifact@v3
with:
name: integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
name: integritee-cli-client-${{ env.IMAGE_SUFFIX }}.tar.gz
path: .

- name: Load Worker & Client Images
env:
DOCKER_BUILDKIT: 1
run: |
docker image load --input integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
docker image load --input integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
docker image load --input integritee-worker-${{ env.IMAGE_SUFFIX }}.tar.gz
docker image load --input integritee-cli-client-${{ env.IMAGE_SUFFIX }}.tar.gz
docker images --all
##
Expand All @@ -225,8 +251,8 @@ jobs:
if [[ "$(docker images -q ${{ env.CLIENT_IMAGE_TAG }} 2> /dev/null)" == "" ]]; then
docker image rmi --force ${{ env.CLIENT_IMAGE_TAG }} 2>/dev/null
fi
docker tag integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.WORKER_IMAGE_TAG }}
docker tag integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.CLIENT_IMAGE_TAG }}
docker tag integritee-worker-${{ env.IMAGE_SUFFIX }} ${{ env.WORKER_IMAGE_TAG }}
docker tag integritee-cli-client-${{ env.IMAGE_SUFFIX }} ${{ env.CLIENT_IMAGE_TAG }}
docker pull integritee/integritee-node:1.1.3
docker tag integritee/integritee-node:1.1.3 ${{ env.INTEGRITEE_NODE }}
docker images --all
Expand Down Expand Up @@ -273,11 +299,11 @@ jobs:
- name: Delete images
run: |
if [[ "$(docker images -q integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} 2> /dev/null)" != "" ]]; then
docker image rmi --force integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} 2>/dev/null
if [[ "$(docker images -q integritee-worker-${{ env.IMAGE_SUFFIX }} 2> /dev/null)" != "" ]]; then
docker image rmi --force integritee-worker-${{ env.IMAGE_SUFFIX }} 2>/dev/null
fi
if [[ "$(docker images -q integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} 2> /dev/null)" != "" ]]; then
docker image rmi --force integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} 2>/dev/null
if [[ "$(docker images -q integritee-cli-client-${{ env.IMAGE_SUFFIX }} 2> /dev/null)" != "" ]]; then
docker image rmi --force integritee-cli-client-${{ env.IMAGE_SUFFIX }} 2>/dev/null
fi
if [[ "$(docker images -q ${{ env.WORKER_IMAGE_TAG }} 2> /dev/null)" != "" ]]; then
docker image rmi --force ${{ env.WORKER_IMAGE_TAG }} 2>/dev/null
Expand All @@ -294,7 +320,7 @@ jobs:
runs-on: integritee-builder-sgx
name: Release Build of teeracle
if: startsWith(github.ref, 'refs/tags/')
needs: [build-test, integration-tests]
needs: [ build-test, integration-tests ]

strategy:
fail-fast: false
Expand Down Expand Up @@ -322,6 +348,8 @@ jobs:
run: |
fingerprint=$RANDOM
echo "FINGERPRINT=$fingerprint" >> $GITHUB_ENV
SGX_MODE_LOWERCASE=$(echo "${${{ matrix.sgx_mode }},,}")
echo "IMAGE_SUFFIX=$SGX_MODE_LOWERCASE-${{ matrix.flavor_id }}-${{ github.sha }}" >> $GITHUB_ENV
if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
echo "DOCKER_DEVICES=--device=/dev/sgx/enclave --device=/dev/sgx/provision" >> $GITHUB_ENV
echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd --volume /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" >> $GITHUB_ENV
Expand Down Expand Up @@ -368,8 +396,8 @@ jobs:
- name: Save released teeracle
run: |
docker image save integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} | gzip > integritee-worker-${{ matrix.flavor_id }}-${{ github.ref_name }}.tar.gz
docker images --all
docker image save integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} | gzip > integritee-worker-${{ matrix.flavor_id }}-${{ github.ref_name }}.tar.gz
docker images --all
- name: Upload teeracle image
uses: actions/upload-artifact@v3
Expand All @@ -379,16 +407,16 @@ jobs:

- name: Delete images
run: |
if [[ "$(docker images -q integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} 2> /dev/null)" != "" ]]; then
docker image rmi --force integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} 2>/dev/null
fi
docker images --all
if [[ "$(docker images -q integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} 2> /dev/null)" != "" ]]; then
docker image rmi --force integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} 2>/dev/null
fi
docker images --all
release:
runs-on: ubuntu-latest
name: Draft Release
if: startsWith(github.ref, 'refs/tags/')
needs: [build-test, integration-tests, release-build]
needs: [ build-test, integration-tests, release-build ]
outputs:
release_url: ${{ steps.create-release.outputs.html_url }}
asset_upload_url: ${{ steps.create-release.outputs.upload_url }}
Expand Down
Loading

0 comments on commit cff2fe0

Please sign in to comment.