The initial hyperlight-wasm commit 🎉

Co-authored-by: Aaron Schlesinger <aaron@ecomaz.net>
Co-authored-by: Mark Rossetti <marosset@microsoft.com>
Co-authored-by: Simon Davies <simongdavies@users.noreply.github.com>
Co-authored-by: Ludvig Liljenberg <lliljenberg@microsoft.com>
Co-authored-by: Shyam Rajendran <rshyam.psg@gmail.com>
Co-authored-by: David Justice <devigned@users.noreply.github.com>
Co-authored-by: Dan Chiarlone <dchiarlone@microsoft.com>
Co-authored-by: Pooja Trivedi <poojatrivedi@microsoft.com>

Author: syntactically

.devcontainer/Dockerfile

@@ -0,0 +1,81 @@
+## Dockerfile for devcontainer
+
+FROM mcr.microsoft.com/devcontainers/base:debian AS base
+
+ARG USER=vscode
+ARG GROUP=vscode
+
+ENV HOME="/home/${USER}"
+ENV PATH="$HOME/.cargo/bin:$PATH"
+
+# Install dependencies
+RUN apt-get update \
+    && apt-get -y install \
+        build-essential \
+        cmake \
+        curl \
+        gdb \
+        git \
+        gnupg \
+        gnuplot \
+        lsb-release \
+        make \
+        software-properties-common \
+        sudo \
+        wget \
+        netcat-openbsd
+
+ARG GCC_VERSION=12
+
+RUN apt-get install -y g++-multilib \
+    && apt-get install -y libgcc-${GCC_VERSION}-dev \
+    && apt-get install -y lib32gcc-${GCC_VERSION}-dev 
+
+ARG LLVM_VERSION=17
+
+# Install llvm
+RUN wget https://apt.llvm.org/llvm.sh \
+    && chmod +x ./llvm.sh         \
+    && sudo ./llvm.sh ${LLVM_VERSION} all      \
+    && sudo ln -s /usr/lib/llvm-${LLVM_VERSION}/bin/clang-cl /usr/bin/clang-cl \
+    && sudo ln -s /usr/lib/llvm-${LLVM_VERSION}/bin/llvm-lib /usr/bin/llvm-lib \
+    && sudo ln -s /usr/lib/llvm-${LLVM_VERSION}/bin/lld-link /usr/bin/lld-link \
+    && sudo ln -s /usr/lib/llvm-${LLVM_VERSION}/bin/llvm-ml /usr/bin/llvm-ml   \
+    && sudo ln -s /usr/lib/llvm-${LLVM_VERSION}/bin/ld.lld /usr/bin/ld.lld     \
+    && sudo ln -s /usr/lib/llvm-${LLVM_VERSION}/bin/clang /usr/bin/clang
+
+FROM base AS dev
+
+# Make sure the devcontainer user has sudo access
+RUN chown -R "${USER}:${GROUP}" /home/${USER} \
+    && echo "${USER} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+# Persist bash history
+RUN SNIPPET="export PROMPT_COMMAND='history -a' && export HISTFILE=/commandhistory/.bash_history" \
+    && mkdir /commandhistory \
+    && touch /commandhistory/.bash_history \
+    && chown -R "${USER}" /commandhistory \
+    && echo "$SNIPPET" >> "/home/${USER}/.bashrc"
+# Install python3
+ARG WASI_SDK_VERSION_FULL=20.0
+ARG WASI_SDK_VERSION_MAJOR=${WASI_SDK_VERSION_FULL%%.*}
+# Install wasi-sdk
+RUN wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-${WASI_SDK_VERSION_MAJOR}/wasi-sdk-${WASI_SDK_VERSION_FULL}-linux.tar.gz \
+    && tar xvf wasi-sdk-${WASI_SDK_VERSION_FULL}-linux.tar.gz \
+    && rm wasi-sdk-${WASI_SDK_VERSION_FULL}-linux.tar.gz \
+    && mv /wasi-sdk-${WASI_SDK_VERSION_FULL}  /opt/wasi-sdk
+
+USER $USER
+
+ARG RUST_TOOLCHAIN=1.82.0
+
+# Install rust
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
+    && rustup default ${RUST_TOOLCHAIN} \
+    && rustup target add x86_64-unknown-linux-gnu \
+    && rustup target add x86_64-unknown-none      \
+    && rustup target add x86_64-pc-windows-msvc   \
+    && rustup toolchain add nightly-x86_64-unknown-linux-gnu \
+    && cargo install just \
+    && cargo install --locked wasm-tools \
+    && cargo install wkg

.devcontainer/devcontainer.json

@@ -0,0 +1,43 @@
+// For more info on the configuration below, check out the link:
+// https://code.visualstudio.com/docs/devcontainers/create-dev-container
+{
+    "name": "Hyperlight-Wasm",
+    "image": "ghcr.io/hyperlight-dev/hyperlight-wasm-devcontainer:latest",
+
+    "containerUser": "vscode",
+    // Environment for the container also used by the `postCreateCommand`
+    "containerEnv": {
+      "DEVICE": "/dev/kvm",
+      "REMOTE_USER": "vscode",
+      "REMOTE_GROUP": "vscode"
+    },
+  
+    "runArgs": [
+        "--device=/dev/kvm"
+    ],
+  
+    // use `postStartCommand` for additional setup commands
+    // this is run after the container is created and the user has been added
+    "postStartCommand": "bash .devcontainer/setup.sh",
+  
+    "customizations": {
+      "vscode": {
+        "extensions": [
+          "ms-vscode.cpptools-extension-pack",
+          "ms-vscode.cmake-tools",
+          "rust-lang.rust-analyzer",
+          "vadimcn.vscode-lldb"
+        ],
+        "settings": {
+          "rust-analyzer.rustfmt.extraArgs": [
+            "+nightly" // required for rustfmt.toml which uses nightly features
+          ],
+           // This is needed to allow tests to find files when running under the debugger
+          "rust-analyzer.runnables.extraEnv": {
+              "RUST_DIR_FOR_DEBUGGING_TESTS": "${workspaceFolder}/src/hyperlight_wasm"
+          }
+        }
+      }
+    }
+  }
+  

.devcontainer/setup.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Change device ownership
+sudo chown -R $REMOTE_USER:$REMOTE_GROUP $DEVICE

.editorconfig

@@ -0,0 +1,29 @@
+# Reference: https://github.com/dotnet/roslyn/blob/main/.editorconfig
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+[*]
+indent_style = space
+indent_size = 4
+insert_final_newline = true
+charset = utf-8
+
+# JSON files
+[*.json]
+indent_size = 2
+
+# YAML files
+[*.yml]
+indent_size = 2
+[*.yaml]
+indent_size = 2
+
+# Powershell files
+[*.ps1]
+indent_size = 2
+
+# Shell script files
+[*.sh]
+end_of_line = lf
+indent_size = 2

.github/dependabot.yml

@@ -0,0 +1,12 @@
+version: 2
+updates: 
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "main"
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "main"

.github/release.yml

@@ -0,0 +1,10 @@
+# .github/release.yml
+
+changelog:
+  categories:
+    - title: Full Changelog (excl. dependencies)
+      labels:
+        - "*"
+    - title: Full Changelog (dependencies)
+      labels:
+        - kind/dependencies

.github/workflows/Benchmarks.yml

@@ -0,0 +1,88 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+name: Benchmarks
+
+on:
+  workflow_call: # this is called from CreateRelease.yml
+
+# The reason for default shell bash is because on our self-hosted windows runners,
+# the default shell is powershell, which doesn't work correctly together with `just` commands.
+# Even if a command inside a just-recipe fails, github reports the step as successful.
+# The problem may or may not be related to our custom windows runner not applying the
+# powershell steps outlined here 
+# https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
+defaults:
+    run:
+      shell: bash
+
+jobs:
+  build-wasm-examples:
+    uses: ./.github/workflows/dep_build_wasm_examples.yml
+  
+  benchmark:
+    needs:
+      - build-wasm-examples
+    strategy:
+      fail-fast: true
+      matrix:
+        hypervisor: [hyperv, mshv, mshv3, kvm] # hyperv is windows, mshv and kvm are linux
+        cpu: [amd, intel]
+        config: [release] # don't want to benchmark debug-builds
+
+    runs-on: ${{ fromJson(format('["self-hosted", "{0}", "X64", "1ES.Pool=hld-{1}-{2}"]', matrix.hypervisor == 'hyperv' && 'Windows' || 'Linux', matrix.hypervisor == 'hyperv' && 'win2022' || matrix.hypervisor == 'mshv3' && 'azlinux3-mshv' || matrix.hypervisor, matrix.cpu)) }} 
+    
+    steps:
+    - uses: actions/checkout@v4
+
+    - uses: hyperlight-dev/ci-setup-workflow@v1.3.0
+      with:
+        rust-toolchain: "1.82.0"
+
+    - name: Build Wasm Runtime Binary
+      working-directory: ./src/hyperlight_wasm
+      run: just build-wasm-runtime ${{ matrix.config }}
+    
+    - uses: dtolnay/rust-toolchain@1.82.0
+      with:
+        components: clippy, rustfmt
+
+    - name: Download Wasm Modules
+      uses: actions/download-artifact@v4
+      with:
+        name: guest-modules
+        path: ./x64/${{ matrix.config }}
+
+    ### Benchmarks ###
+
+    # Install GH cli (needed for just bench-download)
+    - name: Install github-cli (Linux mariner)
+      if: runner.os == 'Linux' && matrix.hypervisor == 'mshv' || matrix.hypervisor == 'mshv3'
+      run: sudo dnf install gh -y
+
+    - name: Install github-cli (Linux ubuntu)
+      if: runner.os == 'Linux' && matrix.hypervisor == 'kvm'
+      run: sudo apt install gh -y
+
+    - name: Fetch tags
+      run: |
+        git fetch --tags origin
+      
+    - name: Download benchmark from most recent release
+      run: |
+        just bench-download ${{ runner.os }} ${{ matrix.hypervisor }}
+      continue-on-error: true
+      working-directory: ./src/hyperlight_wasm
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Run Benchmarks
+      run: |
+        just bench-ci dev release
+      working-directory: ./src/hyperlight_wasm
+
+    - name: Upload Benchmarks
+      uses: actions/upload-artifact@v4
+      with: 
+        name: benchmarks_${{runner.os}}_${{matrix.hypervisor}}
+        path: ./target/criterion/
+        if-no-files-found: error

.github/workflows/CargoAudit.yml

@@ -0,0 +1,29 @@
+name: Audit cargo dependencies for security vulnerabilities
+on:
+  schedule:
+    - cron: "0 8 * * 1" # run at 8am every Monday
+  workflow_dispatch: # allow manual triggering
+
+permissions:
+    issues: write # Creates issues for any vulnerabilities found
+    contents: read 
+    checks: write # Needs to create check
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      # We are not using the common workflow here because it installs a lot of tools we don't need
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: "1.82.0"
+          
+      - uses: extractions/setup-just@v3
+        with:
+          just-version: "1.27"
+                 
+      - uses: rustsec/audit-check@v2.0.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/CleanUp.yml

@@ -0,0 +1,27 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+# This job cleans up old pre-releases and pre-releases packages retaining the last 40 versions
+
+name: Clean up old pre-releases and packages
+on:
+  schedule:
+    - cron: '0 8 * * 1' # run at 8am every Monday
+  workflow_dispatch: # allow manual triggering
+permissions:
+  actions: write  # required for reading & deleting github actions artifacts
+  contents: write  # required for reading releases
+jobs:
+  cleanup:
+    name: Clean up old pre-releases and packages
+    runs-on: ubuntu-latest
+    steps:
+      # https://github.com/marketplace/actions/delete-releases
+      - name: Delete old 'hyperlight-wasm' releases
+        uses: sgpublic/delete-release-action@v1.2
+        with:
+          release-drop: false
+          pre-release-drop: true
+          pre-release-keep-count: 5
+          pre-release-drop-tag: true
+          draft-drop: false
+        env:
+          GITHUB_TOKEN: ${{ github.token }}