Publish new per target platform CI docker images (#4461)

microsoft · Nov 3, 2022 · 48067a2 · 48067a2
1 parent 4898b12
commit 48067a2
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 9 deletions.
diff --git a/.github/workflows/ci-containers.yml b/.github/workflows/ci-containers.yml
@@ -8,10 +8,11 @@ on:
 env:
   ACR_REGISTRY: ccfmsrc.azurecr.io
   ACR_TOKEN_NAME: ci-push-token
+  DOCKER_BUILDKIT: 1 # https://docs.docker.com/develop/develop-images/build_enhancements/
 
 jobs:
   build:
-    name: "Build and Publish SGX CI Containers"
+    name: "Build and Publish CI Containers"
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -20,11 +21,17 @@ jobs:
         run: echo "tag=${GITHUB_REF#refs/tags/ccf_ci_image/}" >> $GITHUB_OUTPUT
         id: tref
 
-      - name: Build CCF CI container
-        run: docker build -f docker/ccf_ci . -t $ACR_REGISTRY/ccf/ci/sgx:${{steps.tref.outputs.tag}}
+      - name: Build CCF CI sgx container
+        run: docker build -f docker/ccf_ci . --build-arg="platform=sgx" -t $ACR_REGISTRY/ccf/ci:${{steps.tref.outputs.tag}}-sgx
+
+      - name: Build CCF CI snp container
+        run: docker build -f docker/ccf_ci . --build-arg="platform=snp" -t $ACR_REGISTRY/ccf/ci:${{steps.tref.outputs.tag}}-snp
+
+      - name: Build CCF CI virtual container
+        run: docker build -f docker/ccf_ci . --build-arg="platform=virtual" -t $ACR_REGISTRY/ccf/ci:${{steps.tref.outputs.tag}}-virtual
 
       - name: Log in
         run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_CI_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY
 
       - name: Push CI container
-        run: docker push $ACR_REGISTRY/ccf/ci/sgx:${{steps.tref.outputs.tag}}
+        run: docker push $ACR_REGISTRY/ccf/ci --all-tags
diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake
@@ -27,7 +27,7 @@ set(OE_VERSION "0.18.2")
 if(COMPILE_TARGET STREQUAL "sgx")
   list(APPEND CCF_DEB_DEPENDENCIES "open-enclave (>=${OE_VERSION})")
 else()
-  list(APPEND CCF_DEB_DEPENDENCIES "open-enclave-host-verify (>=${OE_VERSION})")
+  list(APPEND CCF_DEB_DEPENDENCIES "open-enclave-hostverify (>=${OE_VERSION})")
 endif()
 
 list(JOIN CCF_DEB_DEPENDENCIES ", " CPACK_DEBIAN_PACKAGE_DEPENDS)

diff --git a/getting_started/setup_vm/app-dev.yml b/getting_started/setup_vm/app-dev.yml
@@ -14,7 +14,6 @@
     - import_role:
         name: az_dcap
         tasks_from: install.yml
-      when: platform == "sgx"
     - import_role:
         name: openenclave
         tasks_from: binary_install.yml

diff --git a/getting_started/setup_vm/app-run.yml b/getting_started/setup_vm/app-run.yml
@@ -11,9 +11,6 @@
         name: intel
         tasks_from: sgx-group.yml
       when: platform == "sgx"
-    # Note: The az_dcap role is required so that open-enclave/
-    # open-enclave-host-verify is automatically installed when
-    # the CCF debian package is.
     - import_role:
         name: az_dcap
         tasks_from: install.yml

diff --git a/getting_started/setup_vm/ccf-dev.yml b/getting_started/setup_vm/ccf-dev.yml
@@ -3,15 +3,22 @@
     - import_role:
         name: intel
         tasks_from: sgx-psw.yml
+      when: platform == "sgx"
     - import_role:
         name: intel
         tasks_from: sgx-group.yml
+      when: platform == "sgx"
     - import_role:
         name: az_dcap
         tasks_from: install.yml
     - import_role:
         name: openenclave
         tasks_from: binary_install.yml
+      when: platform == "sgx"
+    - import_role:
+        name: openenclave
+        tasks_from: install_host_verify.yml
+      when: platform != "sgx"
     - import_role:
         name: nodejs
         tasks_from: install.yml