From 37a5259edc51718970323454fa1eddda447f5148 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 14:08:49 +0000 Subject: [PATCH 01/86] Container images release experiments --- .github/workflows/containers.yml | 45 +++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 69c22e172229..a423f48c8d19 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -1,8 +1,13 @@ -name: "Build and Publish SGX Release Containers to ACR" +name: "Build and Publish Release Containers to ACR" on: release: types: [published] + push: + branches: + - "main" + - "releases/**" + - "additional_containers" # TODO: Remove env: ACR_REGISTRY: ccfmsrc.azurecr.io @@ -19,26 +24,60 @@ jobs: run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" id: tref + # Build development containers - name: Build App Dev SGX container run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + # Build runtime containers - name: Build App Run SGX container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=true" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx - name: Build JS App Run SGX container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=true --extra-vars run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx + - name: Build App Run SNP container + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" --extra-vars sgx_dependencies=false -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp + + - name: Build JS App Run SNP container + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false --extra-vars run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp + + - name: Build App Run Virtual container + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" --extra-vars sgx_dependencies=false -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual + + - name: Build JS App Run Virtual container + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false --extra-vars run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual + + publish: + name: "Publish Containers (release only)" + if: github.event.release.action == "published" + runs-on: ubuntu-latest + needs: build + steps: - name: Log in run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY + # Push development containers - name: Push App Dev SGX container run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx + # Push runtime containers - name: Push App Run SGX container run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx - name: Push JS App Run SGX container run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx + - name: Push App Run SNP container + run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp + + - name: Push JS App Run SNP container + run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp + + - name: Push App Run Virtual container + run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual + + - name: Push JS App Run Virtual container + run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual + - name: Push App Dev SGX devcontainer run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer From bb72f9d089aa8cc9815abf22072671819fbe2a13 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 14:11:05 +0000 Subject: [PATCH 02/86] this? --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index a423f48c8d19..6b9b7d46888f 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -49,7 +49,7 @@ jobs: publish: name: "Publish Containers (release only)" - if: github.event.release.action == "published" + if: github.event_name == "release" and github.event_action == "published" runs-on: ubuntu-latest needs: build steps: From 6ee5d9a9d612dcd94945c60ec0447e6323fb4dd4 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 14:15:22 +0000 Subject: [PATCH 03/86] now? --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 6b9b7d46888f..5f883f7cdf97 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -49,7 +49,7 @@ jobs: publish: name: "Publish Containers (release only)" - if: github.event_name == "release" and github.event_action == "published" + if: github.event.release.action == 'published' runs-on: ubuntu-latest needs: build steps: From 8949d8d3d04462ddd7183c138b35f5cdbc990de9 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 14:24:28 +0000 Subject: [PATCH 04/86] Tag from branch name --- .github/workflows/containers.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 5f883f7cdf97..e66cda33075a 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -6,7 +6,6 @@ on: push: branches: - "main" - - "releases/**" - "additional_containers" # TODO: Remove env: @@ -20,8 +19,16 @@ jobs: steps: - uses: actions/checkout@v2 - - name: Truncate ref + # For a release, get git tag... + - name: Get image tag from git tag run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" + if: github.event.release.action == 'published' + id: tref + + # ... otherwise, get branch name + - name: Get image tag from branch name + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + if: github.event_name == 'push' id: tref # Build development containers From 63aad8d03ae63a5ab758a024795b317b3be68332 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 14:27:56 +0000 Subject: [PATCH 05/86] . --- .github/workflows/containers.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index e66cda33075a..27dd066754e9 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -21,15 +21,15 @@ jobs: # For a release, get git tag... - name: Get image tag from git tag - run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" - if: github.event.release.action == 'published' + run: echo "my_tag" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + # if: github.event.release.action == 'published' id: tref - # ... otherwise, get branch name - - name: Get image tag from branch name - run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" - if: github.event_name == 'push' - id: tref + # # ... otherwise, get branch name + # - name: Get image tag from branch name + # run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + # if: github.event_name == 'push' + # id: tref # Build development containers - name: Build App Dev SGX container From f83e280fcf99318e4ebeb98c50af080ab4bbc666 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 14:28:40 +0000 Subject: [PATCH 06/86] .. --- .github/workflows/containers.yml | 2 +- cmake/cpack_settings.cmake | 10 +++++++--- docker/app_run | 18 +++--------------- docker/sgx_deps_pin.sh | 25 +++++++++++++++++++++++++ getting_started/setup_vm/app-run.yml | 10 +++++++--- 5 files changed, 43 insertions(+), 22 deletions(-) create mode 100755 docker/sgx_deps_pin.sh diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 27dd066754e9..3cd6acbae17b 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -21,7 +21,7 @@ jobs: # For a release, get git tag... - name: Get image tag from git tag - run: echo "my_tag" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + run: echo "##[set-output name=tag;]my_tag" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert # if: github.event.release.action == 'published' id: tref diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake index 32870d218793..91f8fbb405cf 100644 --- a/cmake/cpack_settings.cmake +++ b/cmake/cpack_settings.cmake @@ -10,7 +10,7 @@ set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) if(CCF_VERSION_SUFFIX) set(CPACK_DEBIAN_PACKAGE_VERSION - "${CCF_RELEASE_VERSION}~${CCF_VERSION_SUFFIX}" + "${CCF_RELEASE_VERSION}~${CCF_VERSION_SUFFIX}" ) message( STATUS "Debian package will include suffix: ${CPACK_DEBIAN_PACKAGE_VERSION}" @@ -18,9 +18,13 @@ if(CCF_VERSION_SUFFIX) endif() # CPack variables for Debian packages -set(CPACK_DEBIAN_PACKAGE_DEPENDS +if("sgx" IN_LIST COMPILE_TARGETS) + set(CPACK_DEBIAN_PACKAGE_DEPENDS "open-enclave (>=0.18.2), libuv1 (>= 1.34.2), libc++1-10, libc++abi1-10, openssl (>=1.1.1)" -) + ) +else() +endif() + set(CPACK_DEBIAN_FILE_NAME DEB-DEFAULT) include(CPack) diff --git a/docker/app_run b/docker/app_run index da931f54ddc2..294000575983 100644 --- a/docker/app_run +++ b/docker/app_run @@ -4,24 +4,12 @@ FROM ubuntu:20.04 ARG extra_vars +ARG target RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries -# Work-around for https://github.com/intel/linux-sgx/issues/395 -RUN mkdir -p /etc/init - -ENV UBUNTU=focal -ENV PSW_VERSION=2.17.100 -RUN if [ -z "$PSW_VERSION" ]; then echo "Please set PSW_VERSION (e.g. 2.11)." >&2; exit 1; fi - -RUN apt-get update && apt-get install -y wget gnupg - -# Use the APT preference file to pin sgx packages to specific versions -# Reference https://manpages.debian.org/buster/apt/apt_preferences.5.en.html -# Download the pref file from https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/ -# Assuming file name to follow *sgx__${UBUNTU}_custom_version.cfg convention -RUN ["/bin/bash", "-c", "wget -r -l1 --no-parent -nd -A *sgx_$(echo ${PSW_VERSION//./_})_${UBUNTU}_custom_version.cfg https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/"] -RUN ["/bin/bash", "-c", "mv *sgx_$(echo ${PSW_VERSION//./_})_${UBUNTU}_custom_version.cfg /etc/apt/preferences.d/intel-sgx.pref"] +COPY ./docker/sgx_deps_pin.sh / +RUN /sgx_deps_pin.sh && rm /sgx_deps_pin.sh COPY getting_started/setup_vm/ /setup_vm/ RUN apt update \ diff --git a/docker/sgx_deps_pin.sh b/docker/sgx_deps_pin.sh new file mode 100755 index 000000000000..c27282fb3e85 --- /dev/null +++ b/docker/sgx_deps_pin.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the Apache 2.0 License. + +set -ex + +# Work-around for https://github.com/intel/linux-sgx/issues/395 +mkdir -p /etc/init + +UBUNTU=focal +PSW_VERSION=2.17.100 + +if [ -z "$PSW_VERSION" ]; then + echo "Please set PSW_VERSION (e.g. 2.11)." >&2; + exit 1; +fi + +apt-get update && apt-get install -y wget gnupg + +# Use the APT preference file to pin sgx packages to specific versions +# Reference https://manpages.debian.org/buster/apt/apt_preferences.5.en.html +# Download the pref file from https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/ +# Assuming file name to follow *sgx__${UBUNTU}_custom_version.cfg convention +wget -r -l1 --no-parent -nd -A "*sgx_$(echo ${PSW_VERSION//./_})_${UBUNTU}_custom_version.cfg" "https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files" +mv "*sgx_$(echo ${PSW_VERSION//./_})_${UBUNTU}_custom_version.cfg" "/etc/apt/preferences.d/intel-sgx.pref" \ No newline at end of file diff --git a/getting_started/setup_vm/app-run.yml b/getting_started/setup_vm/app-run.yml index 0fcd43e83272..adb60c7b1f06 100644 --- a/getting_started/setup_vm/app-run.yml +++ b/getting_started/setup_vm/app-run.yml @@ -1,16 +1,20 @@ - hosts: localhost vars: run_only: true + sgx_dependencies: true tasks: - import_role: name: intel tasks_from: sgx-psw.yml + when: sgx_dependencies|bool - import_role: name: intel tasks_from: sgx-group.yml + when: sgx_dependencies|bool - import_role: name: az_dcap tasks_from: install.yml - - import_role: - name: ccf_install - tasks_from: deb_install.yml + when: sgx_dependencies|bool + # - import_role: + # name: ccf_install + # tasks_from: deb_install.yml From 5ee9f007cc052f2eb564ad97d0a8d24b1ccb20ce Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 14:33:19 +0000 Subject: [PATCH 07/86] .. --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 3cd6acbae17b..ec2077a7ddda 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -21,7 +21,7 @@ jobs: # For a release, get git tag... - name: Get image tag from git tag - run: echo "##[set-output name=tag;]my_tag" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert # if: github.event.release.action == 'published' id: tref From 87b78c7c19a4c4109082ff4526fa510f98f25b67 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 14:56:58 +0000 Subject: [PATCH 08/86] Move SGX deps pinning to other file --- docker/app_dev | 20 ++++---------------- docker/app_run | 5 +++-- docker/ccf_ci | 18 +++--------------- docker/sgx_deps_pin.sh | 4 ++-- 4 files changed, 12 insertions(+), 35 deletions(-) diff --git a/docker/app_dev b/docker/app_dev index 6a98041499e7..8d8108b0627b 100644 --- a/docker/app_dev +++ b/docker/app_dev @@ -5,23 +5,11 @@ FROM ubuntu:20.04 ARG extra_vars -RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries +RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries -# Work-around for https://github.com/intel/linux-sgx/issues/395 -RUN mkdir -p /etc/init - -ENV UBUNTU=focal -ENV PSW_VERSION=2.17.100 -RUN if [ -z "$PSW_VERSION" ]; then echo "Please set PSW_VERSION (e.g. 2.11)." >&2; exit 1; fi - -RUN apt-get update && apt-get install -y wget gnupg - -# Use the APT preference file to pin sgx packages to specific versions -# Reference https://manpages.debian.org/buster/apt/apt_preferences.5.en.html -# Download the pref file from https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/ -# Assuming file name to follow *sgx__${UBUNTU}_custom_version.cfg convention -RUN ["/bin/bash", "-c", "wget -r -l1 --no-parent -nd -A *sgx_$(echo ${PSW_VERSION//./_})_${UBUNTU}_custom_version.cfg https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/"] -RUN ["/bin/bash", "-c", "mv *sgx_$(echo ${PSW_VERSION//./_})_${UBUNTU}_custom_version.cfg /etc/apt/preferences.d/intel-sgx.pref"] +WORKDIR / +COPY ./docker/sgx_deps_pin.sh / +RUN ./sgx_deps_pin.sh && rm ./sgx_deps_pin.sh COPY getting_started/setup_vm/ /setup_vm/ RUN apt update \ diff --git a/docker/app_run b/docker/app_run index 294000575983..936b1c25cd51 100644 --- a/docker/app_run +++ b/docker/app_run @@ -6,10 +6,11 @@ FROM ubuntu:20.04 ARG extra_vars ARG target -RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries +RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries +WORKDIR / COPY ./docker/sgx_deps_pin.sh / -RUN /sgx_deps_pin.sh && rm /sgx_deps_pin.sh +RUN ./sgx_deps_pin.sh && rm ./sgx_deps_pin.sh COPY getting_started/setup_vm/ /setup_vm/ RUN apt update \ diff --git a/docker/ccf_ci b/docker/ccf_ci index 3f6a69ca0f10..b0a14bbcc3a1 100644 --- a/docker/ccf_ci +++ b/docker/ccf_ci @@ -7,21 +7,9 @@ ARG extra_vars RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries -# Work-around for https://github.com/intel/linux-sgx/issues/395 -RUN mkdir -p /etc/init - -ENV UBUNTU=focal -ENV PSW_VERSION=2.17.100 -RUN if [ -z "$PSW_VERSION" ]; then echo "Please set PSW_VERSION (e.g. 2.11)." >&2; exit 1; fi - -RUN apt-get update && apt-get install -y wget gnupg - -# Use the APT preference file to pin sgx packages to specific versions -# Reference https://manpages.debian.org/buster/apt/apt_preferences.5.en.html -# Download the pref file from https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/ -# Assuming file name to follow *sgx__${UBUNTU}_custom_version.cfg convention -RUN ["/bin/bash", "-c", "wget -r -l1 --no-parent -nd -A *sgx_$(echo ${PSW_VERSION//./_})_${UBUNTU}_custom_version.cfg https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/"] -RUN ["/bin/bash", "-c", "mv *sgx_$(echo ${PSW_VERSION//./_})_${UBUNTU}_custom_version.cfg /etc/apt/preferences.d/intel-sgx.pref"] +WORKDIR / +COPY ./docker/sgx_deps_pin.sh / +RUN ./sgx_deps_pin.sh && rm ./sgx_deps_pin.sh COPY getting_started/setup_vm/ /setup_vm/ RUN apt update \ diff --git a/docker/sgx_deps_pin.sh b/docker/sgx_deps_pin.sh index c27282fb3e85..10857a82434e 100755 --- a/docker/sgx_deps_pin.sh +++ b/docker/sgx_deps_pin.sh @@ -21,5 +21,5 @@ apt-get update && apt-get install -y wget gnupg # Reference https://manpages.debian.org/buster/apt/apt_preferences.5.en.html # Download the pref file from https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/ # Assuming file name to follow *sgx__${UBUNTU}_custom_version.cfg convention -wget -r -l1 --no-parent -nd -A "*sgx_$(echo ${PSW_VERSION//./_})_${UBUNTU}_custom_version.cfg" "https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files" -mv "*sgx_$(echo ${PSW_VERSION//./_})_${UBUNTU}_custom_version.cfg" "/etc/apt/preferences.d/intel-sgx.pref" \ No newline at end of file +wget -r -l1 --no-parent -nd -A "*sgx_${PSW_VERSION//./_}_${UBUNTU}_custom_version.cfg" "https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files" +mv ./*"sgx_${PSW_VERSION//./_}_${UBUNTU}_custom_version.cfg" "/etc/apt/preferences.d/intel-sgx.pref" \ No newline at end of file From 3f18feeba6477e3228cb16234b78e83104745793 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 15:09:11 +0000 Subject: [PATCH 09/86] Fix tag name of main branch --- .github/workflows/containers.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index ec2077a7ddda..cf3242d4bc04 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -19,18 +19,15 @@ jobs: steps: - uses: actions/checkout@v2 - # For a release, get git tag... - - name: Get image tag from git tag - run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert - # if: github.event.release.action == 'published' + - name: Get image tag from git tag (release) or branch name + run: | + if [ ${GITHUB_REF} == *"ref/tags"* ]; then + echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" + else + echo "##[set-output name=tag;]${GITHUB_REF#refs/heads/}" + fi id: tref - # # ... otherwise, get branch name - # - name: Get image tag from branch name - # run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" - # if: github.event_name == 'push' - # id: tref - # Build development containers - name: Build App Dev SGX container run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer From 302d7b9f3a63f91f772b556bb2df6c7d67f72040 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 15:10:45 +0000 Subject: [PATCH 10/86] Quotes fixes --- .github/workflows/containers.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index cf3242d4bc04..c103f9086882 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -40,13 +40,13 @@ jobs: run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=true --extra-vars run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx - name: Build App Run SNP container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" --extra-vars sgx_dependencies=false -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp - name: Build JS App Run SNP container run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false --extra-vars run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp - name: Build App Run Virtual container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" --extra-vars sgx_dependencies=false -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual - name: Build JS App Run Virtual container run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false --extra-vars run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual From 240899766ebf8e26288a350536ceea2828e06e58 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 15:21:20 +0000 Subject: [PATCH 11/86] Add more dev containers --- .github/workflows/containers.yml | 24 ++++++++++++++++-------- getting_started/setup_vm/app-dev.yml | 5 +++++ getting_started/setup_vm/app-run.yml | 7 ++++--- 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index c103f9086882..b8bdcc7489d8 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -19,18 +19,20 @@ jobs: steps: - uses: actions/checkout@v2 - - name: Get image tag from git tag (release) or branch name - run: | - if [ ${GITHUB_REF} == *"ref/tags"* ]; then - echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" - else - echo "##[set-output name=tag;]${GITHUB_REF#refs/heads/}" - fi + - name: Get image tag from git tag (release) + run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert id: tref # Build development containers + # Note: Keep SGX lts-devcontainer tag as default dev container for now - name: Build App Dev SGX container - run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=true" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + + - name: Build App Dev SNP container + run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-snp + + - name: Build App Dev Virtual container + run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-virtual # Build runtime containers - name: Build App Run SGX container @@ -64,6 +66,12 @@ jobs: - name: Push App Dev SGX container run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx + - name: Push App Dev SNP container + run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-snp + + - name: Push App Dev Virtual container + run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-virtual + # Push runtime containers - name: Push App Run SGX container run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx diff --git a/getting_started/setup_vm/app-dev.yml b/getting_started/setup_vm/app-dev.yml index f7cec6d4a47b..7e7b3eadd9fe 100644 --- a/getting_started/setup_vm/app-dev.yml +++ b/getting_started/setup_vm/app-dev.yml @@ -1,19 +1,24 @@ - hosts: localhost vars: run_only: false + sgx_dependencies: true tasks: - import_role: name: intel tasks_from: sgx-psw.yml + when: sgx_dependencies|bool - import_role: name: intel tasks_from: sgx-group.yml + when: sgx_dependencies|bool - import_role: name: az_dcap tasks_from: install.yml + when: sgx_dependencies|bool - import_role: name: openenclave tasks_from: binary_install.yml + when: sgx_dependencies|bool - import_role: name: ccf_build tasks_from: install.yml diff --git a/getting_started/setup_vm/app-run.yml b/getting_started/setup_vm/app-run.yml index adb60c7b1f06..6b60e36ea5cf 100644 --- a/getting_started/setup_vm/app-run.yml +++ b/getting_started/setup_vm/app-run.yml @@ -15,6 +15,7 @@ name: az_dcap tasks_from: install.yml when: sgx_dependencies|bool - # - import_role: - # name: ccf_install - # tasks_from: deb_install.yml + # TODO: Currently does not work on non-SGX as unique debian package requires Open Enclave! + - import_role: + name: ccf_install + tasks_from: deb_install.yml From 2617c6af0e8a056a44cdf406b26676a4253b1195 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 15:27:05 +0000 Subject: [PATCH 12/86] Fix YML --- getting_started/setup_vm/app-dev.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/getting_started/setup_vm/app-dev.yml b/getting_started/setup_vm/app-dev.yml index 7e7b3eadd9fe..e2681cc4c876 100644 --- a/getting_started/setup_vm/app-dev.yml +++ b/getting_started/setup_vm/app-dev.yml @@ -6,19 +6,19 @@ - import_role: name: intel tasks_from: sgx-psw.yml - when: sgx_dependencies|bool + when: sgx_dependencies|bool - import_role: name: intel tasks_from: sgx-group.yml - when: sgx_dependencies|bool + when: sgx_dependencies|bool - import_role: name: az_dcap tasks_from: install.yml - when: sgx_dependencies|bool + when: sgx_dependencies|bool - import_role: name: openenclave tasks_from: binary_install.yml - when: sgx_dependencies|bool + when: sgx_dependencies|bool - import_role: name: ccf_build tasks_from: install.yml @@ -26,5 +26,5 @@ name: ccf_install tasks_from: deb_install.yml - import_role: - name: protoc - tasks_from: install.yml + name: protoc + tasks_from: install.yml From 3fbc78c95ec493f9e4ba5b72cdac006455eadaa6 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 15:34:57 +0000 Subject: [PATCH 13/86] . --- .github/workflows/containers.yml | 1 - getting_started/setup_vm/app-dev.yml | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index b8bdcc7489d8..ccf21724620d 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -5,7 +5,6 @@ on: types: [published] push: branches: - - "main" - "additional_containers" # TODO: Remove env: diff --git a/getting_started/setup_vm/app-dev.yml b/getting_started/setup_vm/app-dev.yml index e2681cc4c876..7934f5e86a3f 100644 --- a/getting_started/setup_vm/app-dev.yml +++ b/getting_started/setup_vm/app-dev.yml @@ -26,5 +26,5 @@ name: ccf_install tasks_from: deb_install.yml - import_role: - name: protoc - tasks_from: install.yml + name: protoc + tasks_from: install.yml From 19f5eb32eb2995565354bfa0d81f3ddc4df956f1 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 16:39:57 +0000 Subject: [PATCH 14/86] Cleanup --- .github/workflows/containers.yml | 23 +++++++++++++---------- docker/README.md | 2 +- docker/app_dev | 29 ++++++++++++++++++++--------- docker/app_run | 28 +++++++++++++++++++--------- docker/ccf_ci | 27 +++++++++++++++++++-------- docker/sgx_deps_pin.sh | 2 ++ 6 files changed, 74 insertions(+), 37 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index ccf21724620d..4a6aefd96a1b 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -10,6 +10,7 @@ on: env: ACR_REGISTRY: ccfmsrc.azurecr.io ACR_TOKEN_NAME: app-push-token + DOCKER_BUILDKIT: 1 # https://docs.docker.com/develop/develop-images/build_enhancements/ jobs: build: @@ -22,35 +23,37 @@ jobs: run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert id: tref + # TODO: Templates! + # Build development containers - # Note: Keep SGX lts-devcontainer tag as default dev container for now + # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - name: Build App Dev SGX container - run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=true" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + run: docker build -f docker/app_dev . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=true" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - name: Build App Dev SNP container - run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-snp + run: docker build -f docker/app_dev . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-snp - name: Build App Dev Virtual container - run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-virtual + run: docker build -f docker/app_dev . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-virtual # Build runtime containers - name: Build App Run SGX container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=true" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx + run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=true" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx - name: Build JS App Run SGX container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=true --extra-vars run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx + run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=true run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx - name: Build App Run SNP container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp + run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp - name: Build JS App Run SNP container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false --extra-vars run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp + run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp - name: Build App Run Virtual container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual + run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual - name: Build JS App Run Virtual container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}} --extra-vars sgx_dependencies=false --extra-vars run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual + run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual publish: name: "Publish Containers (release only)" diff --git a/docker/README.md b/docker/README.md index 85d43aa5ef8d..88d108445d34 100644 --- a/docker/README.md +++ b/docker/README.md @@ -8,5 +8,5 @@ To build a given image, run: ```bash $ cd CCF/ -$ docker build -t -f docker/ . +$ docker build -t -f docker/ --build-arg="target=" . ``` diff --git a/docker/app_dev b/docker/app_dev index 8d8108b0627b..5d40c0998a71 100644 --- a/docker/app_dev +++ b/docker/app_dev @@ -1,21 +1,32 @@ -# Application Continuous Integration image -# Contains a CCF release, compile toolchain and Azure CLI tooling +# Application Development image +# Contains a CCF release for platform and toolchain for target platform -FROM ubuntu:20.04 +ARG platform +ARG ansible_vars -ARG extra_vars - -RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries +# SGX +FROM ubuntu:20.04 AS base-sgx WORKDIR / COPY ./docker/sgx_deps_pin.sh / RUN ./sgx_deps_pin.sh && rm ./sgx_deps_pin.sh -COPY getting_started/setup_vm/ /setup_vm/ +# SNP +FROM ubuntu:20.04 AS base-snp + +# Virtual +FROM ubuntu:20.04 AS base-virtual + +# Final dev image +FROM base-${platform} AS final + +RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries + +COPY getting_started/setup_vm/ /tmp/setup_vm/ RUN apt update \ && apt install -y ansible software-properties-common bsdmainutils dnsutils \ - && cd setup_vm \ - && ansible-playbook app-dev.yml $extra_vars \ + && cd /tmp/setup_vm \ + && ansible-playbook app-dev.yml --extra-vars "$ansible_vars" \ && rm -rf /tmp/* \ && apt remove -y ansible software-properties-common \ && apt -y autoremove \ diff --git a/docker/app_run b/docker/app_run index 936b1c25cd51..40f87c0f0b0b 100644 --- a/docker/app_run +++ b/docker/app_run @@ -1,22 +1,32 @@ # Application Runtime image -# Contains the cchost binary and its runtime dependencies +# Contains the cchost binary and its runtime dependencies for target platform -FROM ubuntu:20.04 +ARG platform +ARG ansible_vars -ARG extra_vars -ARG target - -RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries +# SGX +FROM ubuntu:20.04 AS base-sgx WORKDIR / COPY ./docker/sgx_deps_pin.sh / RUN ./sgx_deps_pin.sh && rm ./sgx_deps_pin.sh -COPY getting_started/setup_vm/ /setup_vm/ +# SNP +FROM ubuntu:20.04 AS base-snp + +# Virtual +FROM ubuntu:20.04 AS base-virtual + +# Final runtime image +FROM base-${platform} AS final + +RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries + +COPY getting_started/setup_vm/ /tmp/setup_vm/ RUN apt update \ && apt install -y ansible software-properties-common curl bsdmainutils dnsutils \ - && cd setup_vm \ - && ansible-playbook app-run.yml $extra_vars \ + && cd /tmp/setup_vm \ + && ansible-playbook app-run.yml --extra-vars "$ansible_vars" \ && rm -rf /tmp/* \ && apt remove -y ansible software-properties-common curl \ && apt -y autoremove \ diff --git a/docker/ccf_ci b/docker/ccf_ci index b0a14bbcc3a1..e53542732f78 100644 --- a/docker/ccf_ci +++ b/docker/ccf_ci @@ -1,21 +1,32 @@ # CCF Continuous Integration image -# Contains CCF build dependencies, compile toolchain and Azure CLI tooling +# Contains CCF build dependencies and toolchain for target platform -FROM ubuntu:20.04 +ARG platform +ARG ansible_vars -ARG extra_vars - -RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries +# SGX +FROM ubuntu:20.04 AS base-sgx WORKDIR / COPY ./docker/sgx_deps_pin.sh / RUN ./sgx_deps_pin.sh && rm ./sgx_deps_pin.sh -COPY getting_started/setup_vm/ /setup_vm/ +# SNP +FROM ubuntu:20.04 AS base-snp + +# Virtual +FROM ubuntu:20.04 AS base-virtual + +# Final CCF CI image +FROM base-${platform} AS final + +RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries + +COPY getting_started/setup_vm/ /tmp/setup_vm/ RUN apt update \ && apt install -y ansible software-properties-common bsdmainutils dnsutils \ - && cd setup_vm \ - && ansible-playbook ccf-dev.yml \ + && cd /tmp/setup_vm \ + && ansible-playbook ccf-dev.yml --extra-vars "$ansible_vars" \ && rm -rf /tmp/* \ && apt remove -y ansible software-properties-common \ && apt -y autoremove \ diff --git a/docker/sgx_deps_pin.sh b/docker/sgx_deps_pin.sh index 10857a82434e..2da9335d8d33 100755 --- a/docker/sgx_deps_pin.sh +++ b/docker/sgx_deps_pin.sh @@ -7,6 +7,8 @@ set -ex # Work-around for https://github.com/intel/linux-sgx/issues/395 mkdir -p /etc/init +echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries + UBUNTU=focal PSW_VERSION=2.17.100 From 6f2d1eca2dceaf828675515fb51314605ae71dc3 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:13:21 +0000 Subject: [PATCH 15/86] WIP --- .github/workflows/container_template.yml | 15 ++++++++++++++ .github/workflows/containers.yml | 26 ++++++++++++++++-------- docker/app_dev | 2 +- docker/app_run | 2 +- docker/ccf_ci | 2 +- getting_started/setup_vm/app-dev.yml | 11 +++++----- getting_started/setup_vm/app-run.yml | 8 ++++---- 7 files changed, 45 insertions(+), 21 deletions(-) create mode 100644 .github/workflows/container_template.yml diff --git a/.github/workflows/container_template.yml b/.github/workflows/container_template.yml new file mode 100644 index 000000000000..12c5c581ca4b --- /dev/null +++ b/.github/workflows/container_template.yml @@ -0,0 +1,15 @@ +# Re-usable workflow for per-platform container build + +on: + workflow_call: + inputs: + platform: + required: true + type: string + +jobs: + template_build_container: + runs-on: ubuntu-latest + steps: + - name: Build App Dev SGX container + run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 4a6aefd96a1b..5a5684693eb8 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -13,6 +13,14 @@ env: DOCKER_BUILDKIT: 1 # https://docs.docker.com/develop/develop-images/build_enhancements/ jobs: + build_matrix: + strategy: + matrix: + platform: [sgx, snp, virtual] + uses: ./container_template.yml + with: + platform: ${{ matrix.platform }} + build: name: "Build Containers" runs-on: ubuntu-latest @@ -28,32 +36,32 @@ jobs: # Build development containers # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - name: Build App Dev SGX container - run: docker build -f docker/app_dev . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=true" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + run: docker build -f docker/app_dev . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - name: Build App Dev SNP container - run: docker build -f docker/app_dev . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-snp + run: docker build -f docker/app_dev . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-snp - name: Build App Dev Virtual container - run: docker build -f docker/app_dev . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-virtual + run: docker build -f docker/app_dev . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-virtual # Build runtime containers - name: Build App Run SGX container - run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=true" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx + run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx - name: Build JS App Run SGX container - run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=true run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx + run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx - name: Build App Run SNP container - run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp + run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp - name: Build JS App Run SNP container - run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp + run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp - name: Build App Run Virtual container - run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual + run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual - name: Build JS App Run Virtual container - run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} sgx_dependencies=false run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual + run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual publish: name: "Publish Containers (release only)" diff --git a/docker/app_dev b/docker/app_dev index 5d40c0998a71..88670abf7b52 100644 --- a/docker/app_dev +++ b/docker/app_dev @@ -26,7 +26,7 @@ COPY getting_started/setup_vm/ /tmp/setup_vm/ RUN apt update \ && apt install -y ansible software-properties-common bsdmainutils dnsutils \ && cd /tmp/setup_vm \ - && ansible-playbook app-dev.yml --extra-vars "$ansible_vars" \ + && ansible-playbook app-dev.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" \ && rm -rf /tmp/* \ && apt remove -y ansible software-properties-common \ && apt -y autoremove \ diff --git a/docker/app_run b/docker/app_run index 40f87c0f0b0b..ec683ce74349 100644 --- a/docker/app_run +++ b/docker/app_run @@ -26,7 +26,7 @@ COPY getting_started/setup_vm/ /tmp/setup_vm/ RUN apt update \ && apt install -y ansible software-properties-common curl bsdmainutils dnsutils \ && cd /tmp/setup_vm \ - && ansible-playbook app-run.yml --extra-vars "$ansible_vars" \ + && ansible-playbook app-run.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" \ && rm -rf /tmp/* \ && apt remove -y ansible software-properties-common curl \ && apt -y autoremove \ diff --git a/docker/ccf_ci b/docker/ccf_ci index e53542732f78..cf744c3e2e2a 100644 --- a/docker/ccf_ci +++ b/docker/ccf_ci @@ -26,7 +26,7 @@ COPY getting_started/setup_vm/ /tmp/setup_vm/ RUN apt update \ && apt install -y ansible software-properties-common bsdmainutils dnsutils \ && cd /tmp/setup_vm \ - && ansible-playbook ccf-dev.yml --extra-vars "$ansible_vars" \ + && ansible-playbook ccf-dev.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" \ && rm -rf /tmp/* \ && apt remove -y ansible software-properties-common \ && apt -y autoremove \ diff --git a/getting_started/setup_vm/app-dev.yml b/getting_started/setup_vm/app-dev.yml index 7934f5e86a3f..1b00780bdb55 100644 --- a/getting_started/setup_vm/app-dev.yml +++ b/getting_started/setup_vm/app-dev.yml @@ -1,27 +1,28 @@ - hosts: localhost vars: run_only: false - sgx_dependencies: true + platform: "sgx" tasks: - import_role: name: intel tasks_from: sgx-psw.yml - when: sgx_dependencies|bool + when: platform == "sgx" - import_role: name: intel tasks_from: sgx-group.yml - when: sgx_dependencies|bool + when: platform == "sgx" - import_role: name: az_dcap tasks_from: install.yml - when: sgx_dependencies|bool + when: platform == "sgx" - import_role: name: openenclave tasks_from: binary_install.yml - when: sgx_dependencies|bool + when: platform == "sgx" - import_role: name: ccf_build tasks_from: install.yml + # TODO: Currently does not work on non-SGX as unique debian package requires Open Enclave! - import_role: name: ccf_install tasks_from: deb_install.yml diff --git a/getting_started/setup_vm/app-run.yml b/getting_started/setup_vm/app-run.yml index 6b60e36ea5cf..01d45357392f 100644 --- a/getting_started/setup_vm/app-run.yml +++ b/getting_started/setup_vm/app-run.yml @@ -1,20 +1,20 @@ - hosts: localhost vars: run_only: true - sgx_dependencies: true + platform: "sgx" tasks: - import_role: name: intel tasks_from: sgx-psw.yml - when: sgx_dependencies|bool + when: platform == "sgx" - import_role: name: intel tasks_from: sgx-group.yml - when: sgx_dependencies|bool + when: platform == "sgx" - import_role: name: az_dcap tasks_from: install.yml - when: sgx_dependencies|bool + when: platform == "sgx" # TODO: Currently does not work on non-SGX as unique debian package requires Open Enclave! - import_role: name: ccf_install From 6cd04aab21999e9939b09b444274c698653cc445 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:16:54 +0000 Subject: [PATCH 16/86] version --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 5a5684693eb8..f353b71d54bd 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -17,7 +17,7 @@ jobs: strategy: matrix: platform: [sgx, snp, virtual] - uses: ./container_template.yml + uses: ./container_template.yml@main with: platform: ${{ matrix.platform }} From 0ff5ef4489cd3c50ed19fc7949c7dd6e19135158 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:17:30 +0000 Subject: [PATCH 17/86] root --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index f353b71d54bd..af9435452657 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -17,7 +17,7 @@ jobs: strategy: matrix: platform: [sgx, snp, virtual] - uses: ./container_template.yml@main + uses: .github/workflows/container_template.yml@main with: platform: ${{ matrix.platform }} From 79a3e136951d1027fe946e52e06fcd33e9de8e17 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:17:55 +0000 Subject: [PATCH 18/86] local path --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index af9435452657..7c1129422475 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -17,7 +17,7 @@ jobs: strategy: matrix: platform: [sgx, snp, virtual] - uses: .github/workflows/container_template.yml@main + uses: ./.github/workflows/container_template.yml@main with: platform: ${{ matrix.platform }} From 82b6553c696114f9f1d5910ad342afbdfec8c27f Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:18:56 +0000 Subject: [PATCH 19/86] . --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 7c1129422475..c3b219040689 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -17,7 +17,7 @@ jobs: strategy: matrix: platform: [sgx, snp, virtual] - uses: ./.github/workflows/container_template.yml@main + uses: ./.github/workflows/container_template.yml with: platform: ${{ matrix.platform }} From dad0e750ff3ba0ed6a0e8ec652adb5114d704ff2 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:20:35 +0000 Subject: [PATCH 20/86] . --- .github/workflows/container_template.yml | 7 +++++-- .github/workflows/containers.yml | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/container_template.yml b/.github/workflows/container_template.yml index 12c5c581ca4b..105fe98a8d54 100644 --- a/.github/workflows/container_template.yml +++ b/.github/workflows/container_template.yml @@ -6,10 +6,13 @@ on: platform: required: true type: string + tag: + required: true + type: string jobs: template_build_container: runs-on: ubuntu-latest steps: - - name: Build App Dev SGX container - run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + - name: Build App Dev ${{ inputs.platform }} container + run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{ inputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ inputs.tag }}-${{ inputs.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ inputs.platform }} diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index c3b219040689..5f526130c44a 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -20,6 +20,7 @@ jobs: uses: ./.github/workflows/container_template.yml with: platform: ${{ matrix.platform }} + tag: ${{steps.tref.outputs.tag}} build: name: "Build Containers" From f4efb67f244462f8e938dc5b9df3a886ee5d298a Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:24:46 +0000 Subject: [PATCH 21/86] This? --- .github/workflows/containers.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 5f526130c44a..daa2b34f70c8 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -14,13 +14,20 @@ env: jobs: build_matrix: + name: "Build containers for all platforms" + steps: + - name: Get image tag from git tag (release) + run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + id: tref + strategy: matrix: platform: [sgx, snp, virtual] + uses: ./.github/workflows/container_template.yml with: platform: ${{ matrix.platform }} - tag: ${{steps.tref.outputs.tag}} + tag: ${{ steps.tref.outputs.tag }} build: name: "Build Containers" @@ -35,7 +42,7 @@ jobs: # TODO: Templates! # Build development containers - # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x + # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x TODO:: even with template - name: Build App Dev SGX container run: docker build -f docker/app_dev . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer From 17d00b53ee88840ca5250f79bd4dfd5db16d3577 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:25:11 +0000 Subject: [PATCH 22/86] . --- .github/workflows/containers.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index daa2b34f70c8..13fb4bb4ee43 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -17,8 +17,8 @@ jobs: name: "Build containers for all platforms" steps: - name: Get image tag from git tag (release) - run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert - id: tref + run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + id: tref strategy: matrix: From 09b32c7e902761d2ae70e081d38fc775807fd7eb Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:26:46 +0000 Subject: [PATCH 23/86] . --- .github/workflows/container_template.yml | 9 +++++---- .github/workflows/containers.yml | 6 ------ 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/.github/workflows/container_template.yml b/.github/workflows/container_template.yml index 105fe98a8d54..eda42bdcd06f 100644 --- a/.github/workflows/container_template.yml +++ b/.github/workflows/container_template.yml @@ -6,13 +6,14 @@ on: platform: required: true type: string - tag: - required: true - type: string jobs: template_build_container: runs-on: ubuntu-latest steps: + - name: Get image tag from git tag (release) + run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + id: tref + - name: Build App Dev ${{ inputs.platform }} container - run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{ inputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ inputs.tag }}-${{ inputs.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ inputs.platform }} + run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ inputs.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ inputs.platform }} diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 13fb4bb4ee43..c721eee9538f 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -15,11 +15,6 @@ env: jobs: build_matrix: name: "Build containers for all platforms" - steps: - - name: Get image tag from git tag (release) - run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert - id: tref - strategy: matrix: platform: [sgx, snp, virtual] @@ -27,7 +22,6 @@ jobs: uses: ./.github/workflows/container_template.yml with: platform: ${{ matrix.platform }} - tag: ${{ steps.tref.outputs.tag }} build: name: "Build Containers" From 863472073d7e9bd743dabb605aea8693b9d1b199 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:45:32 +0000 Subject: [PATCH 24/86] . --- .github/workflows/container_template.yml | 5 ++++- .github/workflows/containers.yml | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/container_template.yml b/.github/workflows/container_template.yml index eda42bdcd06f..e3a51cae3658 100644 --- a/.github/workflows/container_template.yml +++ b/.github/workflows/container_template.yml @@ -6,6 +6,9 @@ on: platform: required: true type: string + container_registry: + required: true + type: string jobs: template_build_container: @@ -16,4 +19,4 @@ jobs: id: tref - name: Build App Dev ${{ inputs.platform }} container - run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ inputs.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ inputs.platform }} + run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t ${{ inputs.container_registry }}/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ inputs.platform }} -t ${{ inputs.container_registry }}/public/ccf/app/dev:lts-devcontainer-${{ inputs.platform }} diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index c721eee9538f..187432886cf5 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -22,6 +22,7 @@ jobs: uses: ./.github/workflows/container_template.yml with: platform: ${{ matrix.platform }} + container_registry: $ACR_REGISTRY build: name: "Build Containers" From d65a649738f31e7982900d44cc3afb2dfcadca48 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:47:47 +0000 Subject: [PATCH 25/86] . --- .github/workflows/container_template.yml | 2 +- .github/workflows/containers.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/container_template.yml b/.github/workflows/container_template.yml index e3a51cae3658..41872ba22446 100644 --- a/.github/workflows/container_template.yml +++ b/.github/workflows/container_template.yml @@ -11,7 +11,7 @@ on: type: string jobs: - template_build_container: + build_containers: runs-on: ubuntu-latest steps: - name: Get image tag from git tag (release) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 187432886cf5..e54656c4071c 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -22,7 +22,7 @@ jobs: uses: ./.github/workflows/container_template.yml with: platform: ${{ matrix.platform }} - container_registry: $ACR_REGISTRY + container_registry: ${{ env.ACR_REGISTRY }} build: name: "Build Containers" From 4613c54dc43b7400dd750017b2ce0c75b92145a4 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:54:10 +0000 Subject: [PATCH 26/86] . --- .github/workflows/container_template.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/container_template.yml b/.github/workflows/container_template.yml index 41872ba22446..e74ce597852a 100644 --- a/.github/workflows/container_template.yml +++ b/.github/workflows/container_template.yml @@ -6,9 +6,9 @@ on: platform: required: true type: string - container_registry: - required: true - type: string + +env: + ACR_REGISTRY: ccfmsrc.azurecr.io jobs: build_containers: @@ -19,4 +19,4 @@ jobs: id: tref - name: Build App Dev ${{ inputs.platform }} container - run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t ${{ inputs.container_registry }}/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ inputs.platform }} -t ${{ inputs.container_registry }}/public/ccf/app/dev:lts-devcontainer-${{ inputs.platform }} + run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ inputs.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ inputs.platform }} From a8c81c72871aed2deb53d9fdbc97cd6300896fb7 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:54:38 +0000 Subject: [PATCH 27/86] . --- .github/workflows/containers.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index e54656c4071c..c721eee9538f 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -22,7 +22,6 @@ jobs: uses: ./.github/workflows/container_template.yml with: platform: ${{ matrix.platform }} - container_registry: ${{ env.ACR_REGISTRY }} build: name: "Build Containers" From 46a751d10fa2b042ae96f10698656beb359e15a1 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:57:34 +0000 Subject: [PATCH 28/86] checkout --- .github/workflows/container_template.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/container_template.yml b/.github/workflows/container_template.yml index e74ce597852a..a4873ab8cbb9 100644 --- a/.github/workflows/container_template.yml +++ b/.github/workflows/container_template.yml @@ -14,6 +14,8 @@ jobs: build_containers: runs-on: ubuntu-latest steps: + - uses: actions/checkout@v2 + - name: Get image tag from git tag (release) run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert id: tref From 316cb7691462b337e2d18614462839bbdb45df7e Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 17:59:27 +0000 Subject: [PATCH 29/86] . --- .github/workflows/container_template.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/container_template.yml b/.github/workflows/container_template.yml index a4873ab8cbb9..1d167e73c99e 100644 --- a/.github/workflows/container_template.yml +++ b/.github/workflows/container_template.yml @@ -22,3 +22,9 @@ jobs: - name: Build App Dev ${{ inputs.platform }} container run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ inputs.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ inputs.platform }} + + - name: Build App Run ${{ inputs.platform }} container + run: docker build -f docker/app_run . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ inputs.platform }} + + - name: Build JS App Run ${{ inputs.platform }} container + run: docker build -f docker/app_run . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ inputs.platform }} From 9f46674558de2749614bbb59a0965c07e7717401 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Fri, 21 Oct 2022 18:05:27 +0000 Subject: [PATCH 30/86] Template publish --- .github/workflows/container_template.yml | 2 + .github/workflows/containers.yml | 87 +++--------------------- .github/workflows/publish_containers.yml | 38 +++++++++++ 3 files changed, 48 insertions(+), 79 deletions(-) create mode 100644 .github/workflows/publish_containers.yml diff --git a/.github/workflows/container_template.yml b/.github/workflows/container_template.yml index 1d167e73c99e..3a8e2485d6e6 100644 --- a/.github/workflows/container_template.yml +++ b/.github/workflows/container_template.yml @@ -28,3 +28,5 @@ jobs: - name: Build JS App Run ${{ inputs.platform }} container run: docker build -f docker/app_run . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ inputs.platform }} + + # TODO: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x TODO:: even with template diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index c721eee9538f..9d81dfa00dfd 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -13,7 +13,7 @@ env: DOCKER_BUILDKIT: 1 # https://docs.docker.com/develop/develop-images/build_enhancements/ jobs: - build_matrix: + build: name: "Build containers for all platforms" strategy: matrix: @@ -23,85 +23,14 @@ jobs: with: platform: ${{ matrix.platform }} - build: - name: "Build Containers" - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Get image tag from git tag (release) - run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert - id: tref - - # TODO: Templates! - - # Build development containers - # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x TODO:: even with template - - name: Build App Dev SGX container - run: docker build -f docker/app_dev . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - - - name: Build App Dev SNP container - run: docker build -f docker/app_dev . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-snp - - - name: Build App Dev Virtual container - run: docker build -f docker/app_dev . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-virtual - - # Build runtime containers - - name: Build App Run SGX container - run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx - - - name: Build JS App Run SGX container - run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx - - - name: Build App Run SNP container - run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp - - - name: Build JS App Run SNP container - run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp - - - name: Build App Run Virtual container - run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual - - - name: Build JS App Run Virtual container - run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual - publish: - name: "Publish Containers (release only)" + name: "Publish containers for all platforms" if: github.event.release.action == 'published' - runs-on: ubuntu-latest needs: build - steps: - - name: Log in - run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - - # Push development containers - - name: Push App Dev SGX container - run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx - - - name: Push App Dev SNP container - run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-snp - - - name: Push App Dev Virtual container - run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-virtual - - # Push runtime containers - - name: Push App Run SGX container - run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx - - - name: Push JS App Run SGX container - run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx - - - name: Push App Run SNP container - run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp - - - name: Push JS App Run SNP container - run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp - - - name: Push App Run Virtual container - run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual - - - name: Push JS App Run Virtual container - run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual + strategy: + matrix: + platform: [sgx, snp, virtual] - - name: Push App Dev SGX devcontainer - run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + uses: ./.github/workflows/publish_containers.yml + with: + platform: ${{ matrix.platform }} diff --git a/.github/workflows/publish_containers.yml b/.github/workflows/publish_containers.yml new file mode 100644 index 000000000000..81955942481b --- /dev/null +++ b/.github/workflows/publish_containers.yml @@ -0,0 +1,38 @@ +# Re-usable workflow for per-platform container build + +on: + workflow_call: + inputs: + platform: + required: true + type: string + +env: + ACR_REGISTRY: ccfmsrc.azurecr.io + +jobs: + publish_containers: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Log in + run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY + + - name: Get image tag from git tag (release) + run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + id: tref + + - name: Push App Dev ${{ inputs.platform }} container + run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-${{ inputs.platform }} + + - name: Push App Run ${{ inputs.platform }} container + run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ inputs.platform }} + + - name: Push JS App Run ${{ inputs.platform }} container + run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ inputs.platform }} + + # - name: Push App Dev SGX devcontainer + # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + + # TODO: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x TODO:: even with template From 36162c434626111654de4ab3606d9edf31113146 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 12:54:13 +0000 Subject: [PATCH 31/86] inline matrix --- .github/workflows/containers.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 9d81dfa00dfd..2797a593ffb0 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -19,9 +19,15 @@ jobs: matrix: platform: [sgx, snp, virtual] - uses: ./.github/workflows/container_template.yml - with: - platform: ${{ matrix.platform }} + steps: + - uses: actions/checkout@v2 + + - name: Get image tag from git tag (release) + run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + id: tref + + - name: Build App Dev ${{ matrix.platform }} container + run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} publish: name: "Publish containers for all platforms" From c58492cdc224e9e4536782fad8ad9c548ad36959 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 12:54:49 +0000 Subject: [PATCH 32/86] . --- .github/workflows/containers.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 2797a593ffb0..7e5ab1f3bf54 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -15,6 +15,7 @@ env: jobs: build: name: "Build containers for all platforms" + runs-on: ubuntu-latest strategy: matrix: platform: [sgx, snp, virtual] From 92eddd2903fd631b155426583f21d441ba4d7552 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 12:59:26 +0000 Subject: [PATCH 33/86] All inline --- .github/workflows/container_template.yml | 32 -------------------- .github/workflows/containers.yml | 35 ++++++++++++++++++++-- .github/workflows/publish_containers.yml | 38 ------------------------ 3 files changed, 32 insertions(+), 73 deletions(-) delete mode 100644 .github/workflows/container_template.yml delete mode 100644 .github/workflows/publish_containers.yml diff --git a/.github/workflows/container_template.yml b/.github/workflows/container_template.yml deleted file mode 100644 index 3a8e2485d6e6..000000000000 --- a/.github/workflows/container_template.yml +++ /dev/null @@ -1,32 +0,0 @@ -# Re-usable workflow for per-platform container build - -on: - workflow_call: - inputs: - platform: - required: true - type: string - -env: - ACR_REGISTRY: ccfmsrc.azurecr.io - -jobs: - build_containers: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Get image tag from git tag (release) - run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert - id: tref - - - name: Build App Dev ${{ inputs.platform }} container - run: docker build -f docker/app_dev . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ inputs.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ inputs.platform }} - - - name: Build App Run ${{ inputs.platform }} container - run: docker build -f docker/app_run . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ inputs.platform }} - - - name: Build JS App Run ${{ inputs.platform }} container - run: docker build -f docker/app_run . --build-arg="platform=${{ inputs.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ inputs.platform }} - - # TODO: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x TODO:: even with template diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 7e5ab1f3bf54..7950e9bf4ded 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -30,14 +30,43 @@ jobs: - name: Build App Dev ${{ matrix.platform }} container run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + - name: Build App Run ${{ matrix.platform }} container + run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + + - name: Build JS App Run ${{ matrix.platform }} container + run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + + # TODO: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x TODO:: even with template + publish: name: "Publish containers for all platforms" + runs-on: ubuntu-latest if: github.event.release.action == 'published' needs: build strategy: matrix: platform: [sgx, snp, virtual] - uses: ./.github/workflows/publish_containers.yml - with: - platform: ${{ matrix.platform }} + steps: + - uses: actions/checkout@v2 + + - name: Log in + run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY + + - name: Get image tag from git tag (release) + run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + id: tref + + - name: Push App Dev ${{ matrix.platform }} container + run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + + - name: Push App Run ${{ matrix.platform }} container + run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + + - name: Push JS App Run ${{ matrix.platform }} container + run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + + # - name: Push App Dev SGX devcontainer + # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + + # TODO: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x TODO:: even with template diff --git a/.github/workflows/publish_containers.yml b/.github/workflows/publish_containers.yml deleted file mode 100644 index 81955942481b..000000000000 --- a/.github/workflows/publish_containers.yml +++ /dev/null @@ -1,38 +0,0 @@ -# Re-usable workflow for per-platform container build - -on: - workflow_call: - inputs: - platform: - required: true - type: string - -env: - ACR_REGISTRY: ccfmsrc.azurecr.io - -jobs: - publish_containers: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Log in - run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - - - name: Get image tag from git tag (release) - run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert - id: tref - - - name: Push App Dev ${{ inputs.platform }} container - run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-${{ inputs.platform }} - - - name: Push App Run ${{ inputs.platform }} container - run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ inputs.platform }} - - - name: Push JS App Run ${{ inputs.platform }} container - run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ inputs.platform }} - - # - name: Push App Dev SGX devcontainer - # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - - # TODO: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x TODO:: even with template From be3784ffea4b8dab8a9e95323dae53809ffd6e82 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 13:08:05 +0000 Subject: [PATCH 34/86] lts-devcontainer --- .github/workflows/containers.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 7950e9bf4ded..835e2c9bab33 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -28,7 +28,12 @@ jobs: id: tref - name: Build App Dev ${{ matrix.platform }} container - run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + + # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x + - name: Tag App Dev SGX image as lts-devcontainer + run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + if: ${{ matrix.platform }} == "sgx" - name: Build App Run ${{ matrix.platform }} container run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} @@ -60,13 +65,13 @@ jobs: - name: Push App Dev ${{ matrix.platform }} container run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x + - name: Push App Dev ${{ matrix.platform }} container + run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + if: ${{ matrix.platform }} == "sgx" + - name: Push App Run ${{ matrix.platform }} container run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} - name: Push JS App Run ${{ matrix.platform }} container run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ matrix.platform }} - - # - name: Push App Dev SGX devcontainer - # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - - # TODO: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x TODO:: even with template From a418177b5644284cac20884cae0d6784fab346f1 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 13:09:08 +0000 Subject: [PATCH 35/86] . --- .github/workflows/containers.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 835e2c9bab33..f02d84a28791 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -27,22 +27,21 @@ jobs: run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert id: tref - - name: Build App Dev ${{ matrix.platform }} container - run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} - + # TODO: Move me down! # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - name: Tag App Dev SGX image as lts-devcontainer run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer if: ${{ matrix.platform }} == "sgx" + - name: Build App Dev ${{ matrix.platform }} container + run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + - name: Build App Run ${{ matrix.platform }} container run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} - name: Build JS App Run ${{ matrix.platform }} container run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ matrix.platform }} - # TODO: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x TODO:: even with template - publish: name: "Publish containers for all platforms" runs-on: ubuntu-latest From 1e5a3189531f9ca8ebf9212fba6a5a81df510f64 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 13:10:52 +0000 Subject: [PATCH 36/86] This? --- .github/workflows/containers.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index f02d84a28791..ea90ba2f2349 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -31,7 +31,7 @@ jobs: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - name: Tag App Dev SGX image as lts-devcontainer run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - if: ${{ matrix.platform }} == "sgx" + if: matrix.platform == "sgx" - name: Build App Dev ${{ matrix.platform }} container run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} @@ -67,7 +67,7 @@ jobs: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - name: Push App Dev ${{ matrix.platform }} container run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - if: ${{ matrix.platform }} == "sgx" + if: matrix.platform == "sgx" - name: Push App Run ${{ matrix.platform }} container run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} From df98dcd1653552e2aeb88662c3b12acfd5db9849 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 13:11:37 +0000 Subject: [PATCH 37/86] . --- .github/workflows/containers.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index ea90ba2f2349..d3e7520964d9 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -31,7 +31,7 @@ jobs: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - name: Tag App Dev SGX image as lts-devcontainer run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - if: matrix.platform == "sgx" + if: matrix.platform == 'sgx' - name: Build App Dev ${{ matrix.platform }} container run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} @@ -67,7 +67,7 @@ jobs: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - name: Push App Dev ${{ matrix.platform }} container run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - if: matrix.platform == "sgx" + if: matrix.platform == 'sgx' - name: Push App Run ${{ matrix.platform }} container run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} From 328121ddd29ad015cff791fb8dbb99617f480c9e Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 13:12:17 +0000 Subject: [PATCH 38/86] Only on SGX! --- .github/workflows/containers.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index d3e7520964d9..f61c840e3c77 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -27,15 +27,14 @@ jobs: run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert id: tref - # TODO: Move me down! + - name: Build App Dev ${{ matrix.platform }} container + run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - name: Tag App Dev SGX image as lts-devcontainer run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer if: matrix.platform == 'sgx' - - name: Build App Dev ${{ matrix.platform }} container - run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} - - name: Build App Run ${{ matrix.platform }} container run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} From 5d7312c9f8f6634ea3c41fa9d14a41392ad8c091 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 14:56:57 +0000 Subject: [PATCH 39/86] Fix --- .github/workflows/containers.yml | 2 +- docker/app_dev | 6 ++++-- docker/app_run | 4 +++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index f61c840e3c77..8a12a519f75f 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -1,4 +1,4 @@ -name: "Build and Publish Release Containers to ACR" +name: "Build and Publish Release Containers to MCR" on: release: diff --git a/docker/app_dev b/docker/app_dev index 88670abf7b52..09478e184f85 100644 --- a/docker/app_dev +++ b/docker/app_dev @@ -2,14 +2,13 @@ # Contains a CCF release for platform and toolchain for target platform ARG platform -ARG ansible_vars # SGX FROM ubuntu:20.04 AS base-sgx WORKDIR / COPY ./docker/sgx_deps_pin.sh / -RUN ./sgx_deps_pin.sh && rm ./sgx_deps_pin.sh +RUN ./sgx_deps_pin.sh && rm /sgx_deps_pin.sh # SNP FROM ubuntu:20.04 AS base-snp @@ -20,6 +19,9 @@ FROM ubuntu:20.04 AS base-virtual # Final dev image FROM base-${platform} AS final +ARG platform +ARG ansible_vars + RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries COPY getting_started/setup_vm/ /tmp/setup_vm/ diff --git a/docker/app_run b/docker/app_run index ec683ce74349..20e1c5362dd3 100644 --- a/docker/app_run +++ b/docker/app_run @@ -2,7 +2,6 @@ # Contains the cchost binary and its runtime dependencies for target platform ARG platform -ARG ansible_vars # SGX FROM ubuntu:20.04 AS base-sgx @@ -20,6 +19,9 @@ FROM ubuntu:20.04 AS base-virtual # Final runtime image FROM base-${platform} AS final +ARG platform +ARG ansible_vars + RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries COPY getting_started/setup_vm/ /tmp/setup_vm/ From 01b7bc18d2f00ae89e08ac2506bae66723da3278 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 15:08:37 +0000 Subject: [PATCH 40/86] Skip install deps --- .../setup_vm/roles/ccf_install/tasks/deb_install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml index f0b7640a2a81..8c4c5ef081de 100644 --- a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml +++ b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml @@ -14,7 +14,8 @@ - name: Install CCF apt: deb: "{{ ccf_deb_url.stdout }}" - become: yes + become: true + install_recommends: no - name: Copy cchost copy: From 99c1fd33ffc0705f8ad98460266d2c8e2ba524ee Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 15:11:16 +0000 Subject: [PATCH 41/86] Indent --- .../setup_vm/roles/ccf_install/tasks/deb_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml index 8c4c5ef081de..c509d5d41798 100644 --- a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml +++ b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml @@ -14,8 +14,8 @@ - name: Install CCF apt: deb: "{{ ccf_deb_url.stdout }}" + install_recommends: no become: true - install_recommends: no - name: Copy cchost copy: From 821a194cee93e9854e65edacd749ea2abc2fcca0 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 15:51:21 +0000 Subject: [PATCH 42/86] Runs on main --- .github/workflows/containers.yml | 15 +++++++++++++-- docker/app_dev | 4 ++-- docker/app_run | 4 ++-- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 8a12a519f75f..d9be920544b5 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -6,6 +6,7 @@ on: push: branches: - "additional_containers" # TODO: Remove + - "main" env: ACR_REGISTRY: ccfmsrc.azurecr.io @@ -23,10 +24,20 @@ jobs: steps: - uses: actions/checkout@v2 - - name: Get image tag from git tag (release) - run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + - name: Get image tag from git tag (release) or latest (branch) + run: | + if [ ${GITHUB_REF} == *"ref/tags"* ]; then + echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + else + echo "latest" + fi id: tref + # - name: Get image tag from git tag (release) + # run: | + # echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + # id: tref + - name: Build App Dev ${{ matrix.platform }} container run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} diff --git a/docker/app_dev b/docker/app_dev index 09478e184f85..22785890f581 100644 --- a/docker/app_dev +++ b/docker/app_dev @@ -1,7 +1,7 @@ # Application Development image # Contains a CCF release for platform and toolchain for target platform -ARG platform +ARG platform=sgx # SGX FROM ubuntu:20.04 AS base-sgx @@ -19,7 +19,7 @@ FROM ubuntu:20.04 AS base-virtual # Final dev image FROM base-${platform} AS final -ARG platform +ARG platform=sgx ARG ansible_vars RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries diff --git a/docker/app_run b/docker/app_run index 20e1c5362dd3..9611c95db1af 100644 --- a/docker/app_run +++ b/docker/app_run @@ -1,7 +1,7 @@ # Application Runtime image # Contains the cchost binary and its runtime dependencies for target platform -ARG platform +ARG platform=sgx # SGX FROM ubuntu:20.04 AS base-sgx @@ -19,7 +19,7 @@ FROM ubuntu:20.04 AS base-virtual # Final runtime image FROM base-${platform} AS final -ARG platform +ARG platform=sgx ARG ansible_vars RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries From ea19655e5f9a8a143264cacf067e14b4c381beb6 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 15:53:25 +0000 Subject: [PATCH 43/86] . --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index d9be920544b5..cc768c597ebc 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -29,7 +29,7 @@ jobs: if [ ${GITHUB_REF} == *"ref/tags"* ]; then echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert else - echo "latest" + echo echo "##[set-output name=tag;]latest" fi id: tref From 1b11b2f664f1567142b5d403f4d37e6b3c3928ed Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 15:58:06 +0000 Subject: [PATCH 44/86] . --- .github/workflows/containers.yml | 7 +------ cmake/cpack_settings.cmake | 5 +++-- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index cc768c597ebc..32fb36a3e586 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - platform: [sgx, snp, virtual] + platform: [sgx] #, snp, virtual] TODO: Fix steps: - uses: actions/checkout@v2 @@ -33,11 +33,6 @@ jobs: fi id: tref - # - name: Get image tag from git tag (release) - # run: | - # echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert - # id: tref - - name: Build App Dev ${{ matrix.platform }} container run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake index 91f8fbb405cf..0eb5833bc58e 100644 --- a/cmake/cpack_settings.cmake +++ b/cmake/cpack_settings.cmake @@ -10,7 +10,7 @@ set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) if(CCF_VERSION_SUFFIX) set(CPACK_DEBIAN_PACKAGE_VERSION - "${CCF_RELEASE_VERSION}~${CCF_VERSION_SUFFIX}" + "${CCF_RELEASE_VERSION}~${CCF_VERSION_SUFFIX}" ) message( STATUS "Debian package will include suffix: ${CPACK_DEBIAN_PACKAGE_VERSION}" @@ -20,9 +20,10 @@ endif() # CPack variables for Debian packages if("sgx" IN_LIST COMPILE_TARGETS) set(CPACK_DEBIAN_PACKAGE_DEPENDS - "open-enclave (>=0.18.2), libuv1 (>= 1.34.2), libc++1-10, libc++abi1-10, openssl (>=1.1.1)" + "open-enclave (>=0.18.2), libuv1 (>= 1.34.2), libc++1-10, libc++abi1-10, openssl (>=1.1.1)" ) else() + endif() set(CPACK_DEBIAN_FILE_NAME DEB-DEFAULT) From f8b673678a1ea84e007f2362436ead52eb0ea14c Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 16:27:23 +0000 Subject: [PATCH 45/86] Only include openenclave as deps if compile targets is SGX --- cmake/cpack_settings.cmake | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake index 0eb5833bc58e..61f838d1ae51 100644 --- a/cmake/cpack_settings.cmake +++ b/cmake/cpack_settings.cmake @@ -10,20 +10,23 @@ set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) if(CCF_VERSION_SUFFIX) set(CPACK_DEBIAN_PACKAGE_VERSION - "${CCF_RELEASE_VERSION}~${CCF_VERSION_SUFFIX}" + "${CCF_RELEASE_VERSION}~${CCF_VERSION_SUFFIX}" ) message( STATUS "Debian package will include suffix: ${CPACK_DEBIAN_PACKAGE_VERSION}" ) endif() -# CPack variables for Debian packages +set(CCF_DEB_BASE_DEPENDENCIES "libuv1 (>= 1.34.2);libc++1-10;libc++abi1-10;openssl (>=1.1.1)") +set(CCF_DEB_DEPENDENCIES ${CCF_DEB_BASE_DEPENDENCIES}) + if("sgx" IN_LIST COMPILE_TARGETS) - set(CPACK_DEBIAN_PACKAGE_DEPENDS - "open-enclave (>=0.18.2), libuv1 (>= 1.34.2), libc++1-10, libc++abi1-10, openssl (>=1.1.1)" - ) -else() + list(APPEND CCF_DEB_DEPENDENCIES "open-enclave (>=0.18.2)") +endif() +# CPack variables for Debian packages +if("sgx" IN_LIST COMPILE_TARGETS) + list(JOIN CCF_DEB_DEPENDENCIES ", " CPACK_DEBIAN_PACKAGE_DEPENDS) endif() set(CPACK_DEBIAN_FILE_NAME DEB-DEFAULT) From 2887798024219fb83b933ecc4d8fe660a6b97c6d Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 16:36:32 +0000 Subject: [PATCH 46/86] Include version --- cmake/cpack_settings.cmake | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake index 61f838d1ae51..aa59ef4374a2 100644 --- a/cmake/cpack_settings.cmake +++ b/cmake/cpack_settings.cmake @@ -8,16 +8,19 @@ set(CPACK_RESOURCE_FILE_LICENSE "${CCF_DIR}/LICENSE") set(CPACK_PACKAGE_VERSION ${CCF_RELEASE_VERSION}) set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) +set(CPACK_DEBIAN_PACKAGE_VERSION "${CCF_RELEASE_VERSION}-${COMPILE_TARGETS}") + if(CCF_VERSION_SUFFIX) set(CPACK_DEBIAN_PACKAGE_VERSION - "${CCF_RELEASE_VERSION}~${CCF_VERSION_SUFFIX}" - ) - message( - STATUS "Debian package will include suffix: ${CPACK_DEBIAN_PACKAGE_VERSION}" + "${CPACK_DEBIAN_PACKAGE_VERSION}~${CCF_VERSION_SUFFIX}" ) endif() -set(CCF_DEB_BASE_DEPENDENCIES "libuv1 (>= 1.34.2);libc++1-10;libc++abi1-10;openssl (>=1.1.1)") +message(STATUS "Debian package version: ${CPACK_DEBIAN_PACKAGE_VERSION}") + +set(CCF_DEB_BASE_DEPENDENCIES + "libuv1 (>= 1.34.2) ;libc++1-10;libc++abi1-10;openssl (>=1.1.1)" +) set(CCF_DEB_DEPENDENCIES ${CCF_DEB_BASE_DEPENDENCIES}) if("sgx" IN_LIST COMPILE_TARGETS) From 38fa755af4a29bc91d8738230e6a01b8b8c9ab88 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 24 Oct 2022 16:37:47 +0000 Subject: [PATCH 47/86] Cleanup --- .github/workflows/containers.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 32fb36a3e586..f9912ca8b836 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - platform: [sgx] #, snp, virtual] TODO: Fix + platform: [sgx, snp, virtual] steps: - uses: actions/checkout@v2 @@ -27,7 +27,7 @@ jobs: - name: Get image tag from git tag (release) or latest (branch) run: | if [ ${GITHUB_REF} == *"ref/tags"* ]; then - echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" else echo echo "##[set-output name=tag;]latest" fi @@ -63,7 +63,7 @@ jobs: run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - name: Get image tag from git tag (release) - run: echo "##[set-output name=tag;]2.0.8" # echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" TODO: Revert + run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" id: tref - name: Push App Dev ${{ matrix.platform }} container From ee40f88348f8513806702d6725b52948674af71a Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 10:27:05 +0000 Subject: [PATCH 48/86] . --- cmake/cpack_settings.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake index aa59ef4374a2..6df051b07b3e 100644 --- a/cmake/cpack_settings.cmake +++ b/cmake/cpack_settings.cmake @@ -19,7 +19,7 @@ endif() message(STATUS "Debian package version: ${CPACK_DEBIAN_PACKAGE_VERSION}") set(CCF_DEB_BASE_DEPENDENCIES - "libuv1 (>= 1.34.2) ;libc++1-10;libc++abi1-10;openssl (>=1.1.1)" + "libuv1 (>= 1.34.2);libc++1-10;libc++abi1-10;openssl (>=1.1.1)" ) set(CCF_DEB_DEPENDENCIES ${CCF_DEB_BASE_DEPENDENCIES}) From 91f3ce761c359ef87cadac3bec589475a7ba1053 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 10:45:21 +0000 Subject: [PATCH 49/86] Deb package per platform --- .../setup_vm/roles/ccf_install/tasks/deb_install.yml | 4 ++-- getting_started/setup_vm/roles/ccf_install/vars/common.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml index c509d5d41798..336d3d7d01da 100644 --- a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml +++ b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml @@ -5,9 +5,9 @@ shell: cmd: | if [ "{{ ccf_ver }}" = "latest" ]; then - curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep -v unsafe | cut -d\" -f4 + curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep {{ platform }} | egrep -v unsafe | cut -d\" -f4 else - echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}_amd64.deb" + echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}-{{ platform }}_amd64.deb" fi register: ccf_deb_url diff --git a/getting_started/setup_vm/roles/ccf_install/vars/common.yml b/getting_started/setup_vm/roles/ccf_install/vars/common.yml index 79f7dd9a9f81..4b2dc83b9613 100644 --- a/getting_started/setup_vm/roles/ccf_install/vars/common.yml +++ b/getting_started/setup_vm/roles/ccf_install/vars/common.yml @@ -1,3 +1,4 @@ ccf_ver: "latest" run_js: false ccf_js_app_name: "libjs_generic.enclave.so.signed" +platform: "sgx" From 40d789bf4ba2aa394c4970d06e0ad88dcb01b527 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 13:43:54 +0000 Subject: [PATCH 50/86] Fix CI container pipeline --- docker/ccf_ci | 6 ++++-- .../setup_vm/roles/ccf_install/tasks/deb_install.yml | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docker/ccf_ci b/docker/ccf_ci index cf744c3e2e2a..bb0bf346a262 100644 --- a/docker/ccf_ci +++ b/docker/ccf_ci @@ -1,8 +1,7 @@ # CCF Continuous Integration image # Contains CCF build dependencies and toolchain for target platform -ARG platform -ARG ansible_vars +ARG platform=sgx # SGX FROM ubuntu:20.04 AS base-sgx @@ -20,6 +19,9 @@ FROM ubuntu:20.04 AS base-virtual # Final CCF CI image FROM base-${platform} AS final +ARG platform=sgx +ARG ansible_vars + RUN echo "APT::Acquire::Retries \"5\";" | tee /etc/apt/apt.conf.d/80-retries COPY getting_started/setup_vm/ /tmp/setup_vm/ diff --git a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml index 336d3d7d01da..35b793f91f72 100644 --- a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml +++ b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml @@ -5,9 +5,11 @@ shell: cmd: | if [ "{{ ccf_ver }}" = "latest" ]; then - curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep {{ platform }} | egrep -v unsafe | cut -d\" -f4 + curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep -v unsafe | cut -d\" -f4 + # TODO: Revert curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep {{ platform }} | egrep -v unsafe | cut -d\" -f4 else - echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}-{{ platform }}_amd64.deb" + echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}_amd64.deb" + # TODO Revert echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}-{{ platform }}_amd64.deb" fi register: ccf_deb_url From 6850d6ca7d0b57e70f330b32f3fec13dd24465ce Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 14:09:10 +0000 Subject: [PATCH 51/86] . --- .../setup_vm/roles/ccf_install/tasks/deb_install.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml index 35b793f91f72..07df8835b09c 100644 --- a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml +++ b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml @@ -5,18 +5,15 @@ shell: cmd: | if [ "{{ ccf_ver }}" = "latest" ]; then - curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep -v unsafe | cut -d\" -f4 - # TODO: Revert curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep {{ platform }} | egrep -v unsafe | cut -d\" -f4 + curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep {{ platform }} | egrep -v unsafe | cut -d\" -f4 else - echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}_amd64.deb" - # TODO Revert echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}-{{ platform }}_amd64.deb" + echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}-{{ platform }}_amd64.deb" fi register: ccf_deb_url - name: Install CCF apt: deb: "{{ ccf_deb_url.stdout }}" - install_recommends: no become: true - name: Copy cchost From f81a957007fd0954e53d5abc42d082f9ab3b10d0 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 15:19:12 +0000 Subject: [PATCH 52/86] Update actions checkout version --- .github/workflows/ci-containers.yml | 2 +- .github/workflows/containers.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-containers.yml b/.github/workflows/ci-containers.yml index 51a9f5ff5b95..49d1c01b710e 100644 --- a/.github/workflows/ci-containers.yml +++ b/.github/workflows/ci-containers.yml @@ -14,7 +14,7 @@ jobs: name: "Build and Publish SGX CI Containers" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Truncate ref run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf_ci_image/}" diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index f9912ca8b836..eba992ea4cdd 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -22,7 +22,7 @@ jobs: platform: [sgx, snp, virtual] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Get image tag from git tag (release) or latest (branch) run: | @@ -57,7 +57,7 @@ jobs: platform: [sgx, snp, virtual] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Log in run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY From 49755dae5445f88e26e6d338ac43bd9d18b2995c Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 15:19:15 +0000 Subject: [PATCH 53/86] . --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7f34806a7576..f5586be1f2c1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 From bf787a54b60058e041a8dc0f4a2cff5b90d5e997 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 15:33:59 +0000 Subject: [PATCH 54/86] Fixing set-output --- .github/workflows/ci-containers.yml | 2 +- .github/workflows/containers.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-containers.yml b/.github/workflows/ci-containers.yml index 49d1c01b710e..451150db5854 100644 --- a/.github/workflows/ci-containers.yml +++ b/.github/workflows/ci-containers.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@v3 - name: Truncate ref - run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf_ci_image/}" + run: echo "{tag}=${GITHUB_REF#refs/tags/ccf_ci_image/} >> $GITHUB_STATE" id: tref - name: Build CCF CI container diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index eba992ea4cdd..4bc4e82306c7 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -27,9 +27,9 @@ jobs: - name: Get image tag from git tag (release) or latest (branch) run: | if [ ${GITHUB_REF} == *"ref/tags"* ]; then - echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" + echo "{tag}=${GITHUB_REF#refs/tags/ccf-} >> $GITHUB_STATE" else - echo echo "##[set-output name=tag;]latest" + echo "{tag}={latest} >> $GITHUB_STATE" fi id: tref @@ -63,7 +63,7 @@ jobs: run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - name: Get image tag from git tag (release) - run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" + run: echo "{tag}=${GITHUB_REF#refs/tags/ccf-} >> $GITHUB_STATE" id: tref - name: Push App Dev ${{ matrix.platform }} container From a76482e032978e9353d4902b93faecf641fed7ae Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 15:35:10 +0000 Subject: [PATCH 55/86] output not state --- .github/workflows/ci-containers.yml | 2 +- .github/workflows/containers.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-containers.yml b/.github/workflows/ci-containers.yml index 451150db5854..44e4554c5d85 100644 --- a/.github/workflows/ci-containers.yml +++ b/.github/workflows/ci-containers.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@v3 - name: Truncate ref - run: echo "{tag}=${GITHUB_REF#refs/tags/ccf_ci_image/} >> $GITHUB_STATE" + run: echo "{tag}=${GITHUB_REF#refs/tags/ccf_ci_image/} >> $GITHUB_OUTPUT" id: tref - name: Build CCF CI container diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 4bc4e82306c7..7ffb5e262e65 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -27,9 +27,9 @@ jobs: - name: Get image tag from git tag (release) or latest (branch) run: | if [ ${GITHUB_REF} == *"ref/tags"* ]; then - echo "{tag}=${GITHUB_REF#refs/tags/ccf-} >> $GITHUB_STATE" + echo "{tag}=${GITHUB_REF#refs/tags/ccf-} >> $GITHUB_OUTPUT" else - echo "{tag}={latest} >> $GITHUB_STATE" + echo "{tag}={latest} >> $GITHUB_OUTPUT" fi id: tref @@ -63,7 +63,7 @@ jobs: run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - name: Get image tag from git tag (release) - run: echo "{tag}=${GITHUB_REF#refs/tags/ccf-} >> $GITHUB_STATE" + run: echo "{tag}=${GITHUB_REF#refs/tags/ccf-} >> $GITHUB_OUTPUT" id: tref - name: Push App Dev ${{ matrix.platform }} container From 6af7b8083bcd97010e8b3ed6a39c656430b6b360 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 15:37:52 +0000 Subject: [PATCH 56/86] .. --- .github/workflows/ci-containers.yml | 2 +- .github/workflows/containers.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-containers.yml b/.github/workflows/ci-containers.yml index 44e4554c5d85..d97c4c4fc641 100644 --- a/.github/workflows/ci-containers.yml +++ b/.github/workflows/ci-containers.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@v3 - name: Truncate ref - run: echo "{tag}=${GITHUB_REF#refs/tags/ccf_ci_image/} >> $GITHUB_OUTPUT" + run: echo "{tag}=${GITHUB_REF#refs/tags/ccf_ci_image/}" >> $GITHUB_OUTPUT id: tref - name: Build CCF CI container diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 7ffb5e262e65..e67f8fafdcc4 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -27,9 +27,9 @@ jobs: - name: Get image tag from git tag (release) or latest (branch) run: | if [ ${GITHUB_REF} == *"ref/tags"* ]; then - echo "{tag}=${GITHUB_REF#refs/tags/ccf-} >> $GITHUB_OUTPUT" + echo "{tag}=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT else - echo "{tag}={latest} >> $GITHUB_OUTPUT" + echo "{tag}={latest}" >> $GITHUB_OUTPUT fi id: tref @@ -63,7 +63,7 @@ jobs: run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - name: Get image tag from git tag (release) - run: echo "{tag}=${GITHUB_REF#refs/tags/ccf-} >> $GITHUB_OUTPUT" + run: echo "{tag}=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT id: tref - name: Push App Dev ${{ matrix.platform }} container From 2d6e5fe3cb3577dffb6e3d98fd6ae020c024799e Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 15:38:52 +0000 Subject: [PATCH 57/86] . --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index e67f8fafdcc4..8e68136a5609 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -29,7 +29,7 @@ jobs: if [ ${GITHUB_REF} == *"ref/tags"* ]; then echo "{tag}=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT else - echo "{tag}={latest}" >> $GITHUB_OUTPUT + echo "{tag}={latest#/refs}" >> $GITHUB_OUTPUT fi id: tref From cd6d77eb64c7d8d3e9fb5a22d771c62547214199 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 15:40:39 +0000 Subject: [PATCH 58/86] ... --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 8e68136a5609..0ee039be50d9 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -29,7 +29,7 @@ jobs: if [ ${GITHUB_REF} == *"ref/tags"* ]; then echo "{tag}=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT else - echo "{tag}={latest#/refs}" >> $GITHUB_OUTPUT + echo "{tag}=${GITHUB_REF#refs}" >> $GITHUB_OUTPUT fi id: tref From 374652099b2dfb0cfcb1f5d1da87f22d9a2b78ef Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 15:41:44 +0000 Subject: [PATCH 59/86] latest --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 0ee039be50d9..f6772ec147a1 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -29,7 +29,7 @@ jobs: if [ ${GITHUB_REF} == *"ref/tags"* ]; then echo "{tag}=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT else - echo "{tag}=${GITHUB_REF#refs}" >> $GITHUB_OUTPUT + echo "{tag}=latest" >> $GITHUB_OUTPUT fi id: tref From 57d5558c3c23b6ea02b1ea5d43e4824080b40590 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Oct 2022 15:43:51 +0000 Subject: [PATCH 60/86] . --- .github/workflows/ci-containers.yml | 2 +- .github/workflows/containers.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-containers.yml b/.github/workflows/ci-containers.yml index d97c4c4fc641..cf30669c3e72 100644 --- a/.github/workflows/ci-containers.yml +++ b/.github/workflows/ci-containers.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@v3 - name: Truncate ref - run: echo "{tag}=${GITHUB_REF#refs/tags/ccf_ci_image/}" >> $GITHUB_OUTPUT + run: echo "tag=${GITHUB_REF#refs/tags/ccf_ci_image/}" >> $GITHUB_OUTPUT id: tref - name: Build CCF CI container diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index f6772ec147a1..476c2b3ce3f3 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -27,9 +27,9 @@ jobs: - name: Get image tag from git tag (release) or latest (branch) run: | if [ ${GITHUB_REF} == *"ref/tags"* ]; then - echo "{tag}=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT + echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT else - echo "{tag}=latest" >> $GITHUB_OUTPUT + echo "tag=latest" >> $GITHUB_OUTPUT fi id: tref @@ -63,7 +63,7 @@ jobs: run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - name: Get image tag from git tag (release) - run: echo "{tag}=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT + run: echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT id: tref - name: Push App Dev ${{ matrix.platform }} container From 2defd3a3bbbe1b6e15acf2582574a1a88032c735 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:04:46 +0000 Subject: [PATCH 61/86] COMPILE_TARGET --- cmake/cpack_settings.cmake | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake index 6df051b07b3e..60e81929d3cb 100644 --- a/cmake/cpack_settings.cmake +++ b/cmake/cpack_settings.cmake @@ -8,29 +8,26 @@ set(CPACK_RESOURCE_FILE_LICENSE "${CCF_DIR}/LICENSE") set(CPACK_PACKAGE_VERSION ${CCF_RELEASE_VERSION}) set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) -set(CPACK_DEBIAN_PACKAGE_VERSION "${CCF_RELEASE_VERSION}-${COMPILE_TARGETS}") +set(CPACK_DEBIAN_PACKAGE_VERSION "${CCF_RELEASE_VERSION}-${COMPILE_TARGET}") if(CCF_VERSION_SUFFIX) set(CPACK_DEBIAN_PACKAGE_VERSION - "${CPACK_DEBIAN_PACKAGE_VERSION}~${CCF_VERSION_SUFFIX}" + "${CPACK_DEBIAN_PACKAGE_VERSION}~${CCF_VERSION_SUFFIX}" ) endif() message(STATUS "Debian package version: ${CPACK_DEBIAN_PACKAGE_VERSION}") set(CCF_DEB_BASE_DEPENDENCIES - "libuv1 (>= 1.34.2);libc++1-10;libc++abi1-10;openssl (>=1.1.1)" + "libuv1 (>= 1.34.2);libc++1-10;libc++abi1-10;openssl (>=1.1.1)" ) set(CCF_DEB_DEPENDENCIES ${CCF_DEB_BASE_DEPENDENCIES}) -if("sgx" IN_LIST COMPILE_TARGETS) +if(COMPILE_TARGET STREQUAL "sgx") list(APPEND CCF_DEB_DEPENDENCIES "open-enclave (>=0.18.2)") endif() -# CPack variables for Debian packages -if("sgx" IN_LIST COMPILE_TARGETS) - list(JOIN CCF_DEB_DEPENDENCIES ", " CPACK_DEBIAN_PACKAGE_DEPENDS) -endif() +list(JOIN CCF_DEB_DEPENDENCIES ", " CPACK_DEBIAN_PACKAGE_DEPENDS) set(CPACK_DEBIAN_FILE_NAME DEB-DEFAULT) From 28c004be717cd5f9ceb82919f7a1df6ceeadbf4c Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:28:21 +0000 Subject: [PATCH 62/86] Fake release --- .azure-pipelines-templates/common.yml | 12 +++-- .azure-pipelines-templates/matrix.yml | 22 +++++++++ .azure-pipelines-templates/release.yml | 64 +++++++++++++------------- .azure-pipelines.yml | 13 +++--- 4 files changed, 68 insertions(+), 43 deletions(-) diff --git a/.azure-pipelines-templates/common.yml b/.azure-pipelines-templates/common.yml index e99bbfef587d..5472cf79af73 100644 --- a/.azure-pipelines-templates/common.yml +++ b/.azure-pipelines-templates/common.yml @@ -50,13 +50,15 @@ jobs: - ${{ if eq(parameters.suffix, 'Perf') }}: - template: push_perf_data.yml - - ${{ if and(eq(parameters.suffix, 'Release'), eq(parameters.target, 'SGX')) }}: - - template: cg.yml + - ${{ if eq(parameters.suffix, 'Release') }}: + - template: install_deb.yml + + - ? ${{ if and(eq(parameters.suffix, 'Release'), eq(parameters.target, 'SGX')) }} + : - template: cg.yml - template: publish_tls_report.yml - template: publish_compatibility_report.yml - - template: install_deb.yml - template: install_others.yml - template: publish_sbom.yml - - ${{ if and(eq(parameters.suffix, 'Unsafe'), eq(parameters.target, 'SGX')) }}: - - template: install_deb.yml + - ? ${{ if and(eq(parameters.suffix, 'Unsafe'), eq(parameters.target, 'SGX')) }} + : - template: install_deb.yml diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index 4304a8159c10..beed1d0aafd8 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -104,6 +104,26 @@ jobs: ctest_filter: "${{ parameters.test.release.ctest_args }}" depends_on: configure + - template: common.yml + parameters: + target: SNP + env: ${{ parameters.env.SNP }} + cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }}" + suffix: "Release" + artifact_name: "SNP_Release" + ctest_filter: "${{ parameters.test.release.ctest_args }}" + depends_on: configure + + - template: common.yml + parameters: + target: Virtual + env: ${{ parameters.env.Virtual }} + cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }}" + suffix: "Release" + artifact_name: "Virtual_Release" + ctest_filter: "${{ parameters.test.release.ctest_args }}" + depends_on: configure + # Build that produces unsafe binaries for troubleshooting purposes - template: common.yml parameters: @@ -121,4 +141,6 @@ jobs: depends_on: - Checks - SGX_Release + - Virtual_Release + - SNP_Release - SGX_Unsafe diff --git a/.azure-pipelines-templates/release.yml b/.azure-pipelines-templates/release.yml index 851e9cd1dcdb..319506ed8bec 100644 --- a/.azure-pipelines-templates/release.yml +++ b/.azure-pipelines-templates/release.yml @@ -23,37 +23,37 @@ jobs: rename.ul + _ *+*.deb || true displayName: Remove characters that break GitHubRelease - - task: GitHubRelease@0 - inputs: - gitHubConnection: ccf_release - repositoryName: "$(Build.Repository.Name)" - action: "create" - target: "$(Build.SourceVersion)" - tagSource: "auto" - assets: $(Build.ArtifactStagingDirectory)/**/* - assetUploadMode: "delete" - isDraft: true - isPreRelease: true - releaseNotesSource: "file" - releaseNotesFile: $(Build.BinariesDirectory)/rel-notes.md - addChangeLog: false - displayName: "GitHub Release" + # - task: GitHubRelease@0 + # inputs: + # gitHubConnection: ccf_release + # repositoryName: "$(Build.Repository.Name)" + # action: "create" + # target: "$(Build.SourceVersion)" + # tagSource: "auto" + # assets: $(Build.ArtifactStagingDirectory)/**/* + # assetUploadMode: "delete" + # isDraft: true + # isPreRelease: true + # releaseNotesSource: "file" + # releaseNotesFile: $(Build.BinariesDirectory)/rel-notes.md + # addChangeLog: false + # displayName: "GitHub Release" - - script: | - set -ex - python3.8 -m venv env - source ./env/bin/activate - pip install -r requirements.txt - pip install twine - twine upload -u __token__ -p $(pypi_token) $(Build.ArtifactStagingDirectory)/**/*.whl - workingDirectory: python - displayName: PyPi https://pypi.org/project/ccf/ + # - script: | + # set -ex + # python3.8 -m venv env + # source ./env/bin/activate + # pip install -r requirements.txt + # pip install twine + # twine upload -u __token__ -p $(pypi_token) $(Build.ArtifactStagingDirectory)/**/*.whl + # workingDirectory: python + # displayName: PyPi https://pypi.org/project/ccf/ - - script: | - set -ex - echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc - npm publish $(Build.ArtifactStagingDirectory)/**/microsoft-ccf-app*.tgz --access public - env: - NPM_TOKEN: $(npm_token) - workingDirectory: js/ccf-app - displayName: NPM https://www.npmjs.com/package/@microsoft/ccf-app + # - script: | + # set -ex + # echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc + # npm publish $(Build.ArtifactStagingDirectory)/**/microsoft-ccf-app*.tgz --access public + # env: + # NPM_TOKEN: $(npm_token) + # workingDirectory: js/ccf-app + # displayName: NPM https://www.npmjs.com/package/@microsoft/ccf-app diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index ea663095a52c..f37c3d9fa835 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -37,12 +37,13 @@ resources: options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /dev/shm:/tmp/ccache -v /lib/modules:/lib/modules:ro variables: - ${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-') }}: - perf_or_release: release - perf_tests: no_run - ${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-')) }}: - perf_or_release: perf - perf_tests: run + # TODO: Revert before merging! + # ${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-') }}: + perf_or_release: release + perf_tests: no_run + # ${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-')) }}: + # perf_or_release: perf + # perf_tests: run jobs: - template: .azure-pipelines-templates/configure.yml From 3f50a78b1c6cae787d4ddec6e0d3b3c1ad1f3e6f Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:30:30 +0000 Subject: [PATCH 63/86] . --- .azure-pipelines-templates/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index beed1d0aafd8..cd1c005c3958 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -107,7 +107,7 @@ jobs: - template: common.yml parameters: target: SNP - env: ${{ parameters.env.SNP }} + env: ${{ parameters.env.SNPCC }} cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }}" suffix: "Release" artifact_name: "SNP_Release" From f651b2a26ba061fbcec2f08b9b1382fdc9e39b5b Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:32:08 +0000 Subject: [PATCH 64/86] . --- .azure-pipelines-templates/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index cd1c005c3958..e7ddab16a0fc 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -106,7 +106,7 @@ jobs: - template: common.yml parameters: - target: SNP + target: SNPCC env: ${{ parameters.env.SNPCC }} cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }}" suffix: "Release" From 325a8757d3928bb933effa9e34736b372c8994ae Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:32:49 +0000 Subject: [PATCH 65/86] Remove SNP release --- .azure-pipelines-templates/matrix.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index e7ddab16a0fc..cb25063973c6 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -104,15 +104,15 @@ jobs: ctest_filter: "${{ parameters.test.release.ctest_args }}" depends_on: configure - - template: common.yml - parameters: - target: SNPCC - env: ${{ parameters.env.SNPCC }} - cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }}" - suffix: "Release" - artifact_name: "SNP_Release" - ctest_filter: "${{ parameters.test.release.ctest_args }}" - depends_on: configure + # - template: common.yml + # parameters: + # target: SNPCC + # env: ${{ parameters.env.SNPCC }} + # cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }}" + # suffix: "Release" + # artifact_name: "SNP_Release" + # ctest_filter: "${{ parameters.test.release.ctest_args }}" + # depends_on: configure - template: common.yml parameters: From 593b21323d1d2ac9e1a3b266f98a4a590c7af747 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:35:00 +0000 Subject: [PATCH 66/86] Remove virtual --- .azure-pipelines-templates/matrix.yml | 28 +++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index cb25063973c6..d582967d0302 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -104,26 +104,26 @@ jobs: ctest_filter: "${{ parameters.test.release.ctest_args }}" depends_on: configure - # - template: common.yml - # parameters: - # target: SNPCC - # env: ${{ parameters.env.SNPCC }} - # cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }}" - # suffix: "Release" - # artifact_name: "SNP_Release" - # ctest_filter: "${{ parameters.test.release.ctest_args }}" - # depends_on: configure - - template: common.yml parameters: - target: Virtual - env: ${{ parameters.env.Virtual }} - cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }}" + target: SNPCC + env: ${{ parameters.env.SNPCC }} + cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }} ${{ parameters.build.SNPCC.cmake_args }}" suffix: "Release" - artifact_name: "Virtual_Release" + artifact_name: "SNP_Release" ctest_filter: "${{ parameters.test.release.ctest_args }}" depends_on: configure + # - template: common.yml + # parameters: + # target: Virtual + # env: ${{ parameters.env.Virtual }} + # cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }} ${{ parameters.build.Virtual.cmake_args }}" + # suffix: "Release" + # artifact_name: "Virtual_Release" + # ctest_filter: "${{ parameters.test.release.ctest_args }}" + # depends_on: configure + # Build that produces unsafe binaries for troubleshooting purposes - template: common.yml parameters: From a276fd84c7ebaec74401e1079752f245b9ae8bc3 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:36:00 +0000 Subject: [PATCH 67/86] . --- .azure-pipelines-templates/matrix.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index d582967d0302..714ab1dc0018 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -110,7 +110,7 @@ jobs: env: ${{ parameters.env.SNPCC }} cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }} ${{ parameters.build.SNPCC.cmake_args }}" suffix: "Release" - artifact_name: "SNP_Release" + artifact_name: "SNPCC_Release" ctest_filter: "${{ parameters.test.release.ctest_args }}" depends_on: configure @@ -142,5 +142,5 @@ jobs: - Checks - SGX_Release - Virtual_Release - - SNP_Release + - SNPCC_Release - SGX_Unsafe From 1fc4ce3616e8477aa22b0b952f168f5cabc53239 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:36:44 +0000 Subject: [PATCH 68/86] . --- .azure-pipelines-templates/matrix.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index 714ab1dc0018..6f679d249b29 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -104,15 +104,15 @@ jobs: ctest_filter: "${{ parameters.test.release.ctest_args }}" depends_on: configure - - template: common.yml - parameters: - target: SNPCC - env: ${{ parameters.env.SNPCC }} - cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }} ${{ parameters.build.SNPCC.cmake_args }}" - suffix: "Release" - artifact_name: "SNPCC_Release" - ctest_filter: "${{ parameters.test.release.ctest_args }}" - depends_on: configure + # - template: common.yml + # parameters: + # target: SNPCC + # env: ${{ parameters.env.SNPCC }} + # cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }} ${{ parameters.build.SNPCC.cmake_args }}" + # suffix: "Release" + # artifact_name: "SNPCC_Release" + # ctest_filter: "${{ parameters.test.release.ctest_args }}" + # depends_on: configure # - template: common.yml # parameters: From 22bdb397b5a37e4660e10b09fd2436e6518c25e2 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:39:08 +0000 Subject: [PATCH 69/86] Fix SNP --- .azure-pipelines-templates/matrix.yml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index 6f679d249b29..992f8a8b0c81 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -12,6 +12,8 @@ parameters: SGX: container: sgx pool: 1es-dcv2-focal + SNPCC: + pool: sev-snp-pool build: common: @@ -20,6 +22,8 @@ parameters: cmake_args: "-DCOMPILE_TARGET=virtual" SGX: cmake_args: "-DCOMPILE_TARGET=sgx" + SNPCC: + cmake_args: "-DCOMPILE_TARGET=snp" debug: cmake_args: "-DCMAKE_BUILD_TYPE=Debug -DLVI_MITIGATIONS=OFF -DVERBOSE_LOGGING=ON" perf: @@ -104,15 +108,15 @@ jobs: ctest_filter: "${{ parameters.test.release.ctest_args }}" depends_on: configure - # - template: common.yml - # parameters: - # target: SNPCC - # env: ${{ parameters.env.SNPCC }} - # cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }} ${{ parameters.build.SNPCC.cmake_args }}" - # suffix: "Release" - # artifact_name: "SNPCC_Release" - # ctest_filter: "${{ parameters.test.release.ctest_args }}" - # depends_on: configure + - template: common.yml + parameters: + target: SNPCC + env: ${{ parameters.env.SNPCC }} + cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }} ${{ parameters.build.SNPCC.cmake_args }}" + suffix: "Release" + artifact_name: "SNPCC_Release" + ctest_filter: "${{ parameters.test.release.ctest_args }}" + depends_on: configure # - template: common.yml # parameters: From 9784f6293a73d55c2592fe45150f9c23e4735f4b Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:41:46 +0000 Subject: [PATCH 70/86] . --- .azure-pipelines-templates/matrix.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index 992f8a8b0c81..5db75a27d80d 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -118,15 +118,15 @@ jobs: ctest_filter: "${{ parameters.test.release.ctest_args }}" depends_on: configure - # - template: common.yml - # parameters: - # target: Virtual - # env: ${{ parameters.env.Virtual }} - # cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }} ${{ parameters.build.Virtual.cmake_args }}" - # suffix: "Release" - # artifact_name: "Virtual_Release" - # ctest_filter: "${{ parameters.test.release.ctest_args }}" - # depends_on: configure + - template: common.yml + parameters: + target: Virtual + env: ${{ parameters.env.Virtual }} + cmake_args: "${{ parameters.build.common.cmake_args }} ${{ parameters.build.release.cmake_args }} ${{ parameters.build.Virtual.cmake_args }}" + suffix: "Release" + artifact_name: "Virtual_Release" + ctest_filter: "${{ parameters.test.release.ctest_args }}" + depends_on: configure # Build that produces unsafe binaries for troubleshooting purposes - template: common.yml From da7d575f209448ed5299bddff32fd33af1538de0 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:45:22 +0000 Subject: [PATCH 71/86] . --- .azure-pipelines-templates/matrix.yml | 7 ++++--- CHANGELOG.md | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index 5db75a27d80d..d6bbff3dd213 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -94,9 +94,10 @@ jobs: # Release - ${{ if eq(parameters.perf_or_release, 'release') }}: - - template: checks.yml - parameters: - env: ${{ parameters.env.Hosted }} + # TODO: Re-enable + # - template: checks.yml + # parameters: + # env: ${{ parameters.env.Hosted }} - template: common.yml parameters: diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ebd822fd0df..03c8993a4844 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## Unreleased +## [3.0.0-rc0] ### Removed @@ -1737,3 +1737,4 @@ Initial pre-release [3.0.0-dev4]: https://github.com/microsoft/CCF/releases/tag/ccf-3.0.0-dev4 [3.0.0-dev6]: https://github.com/microsoft/CCF/releases/tag/ccf-3.0.0-dev6 [3.0.0-dev7]: https://github.com/microsoft/CCF/releases/tag/ccf-3.0.0-dev7 +[3.0.0-rc0]: https://github.com/microsoft/CCF/releases/tag/ccf-3.0.0-rc0 From 5dee9e7d407493381459e89aab12b9564a6f64db Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 09:46:10 +0000 Subject: [PATCH 72/86] .. --- .azure-pipelines-templates/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index d6bbff3dd213..412b0d66895c 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -144,7 +144,7 @@ jobs: parameters: env: ${{ parameters.env.Hosted }} depends_on: - - Checks + # - Checks - SGX_Release - Virtual_Release - SNPCC_Release From c47ab73f6bc375bfb1314d39bba7e8d139a23a0a Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 10:00:57 +0000 Subject: [PATCH 73/86] Revert this commit --- .azure-pipelines-templates/matrix.yml | 2 +- .github/workflows/containers.yml | 35 ++++++++++--------- .../roles/ccf_install/tasks/deb_install.yml | 4 +-- 3 files changed, 22 insertions(+), 19 deletions(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index 412b0d66895c..9b6676e4d727 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -144,7 +144,7 @@ jobs: parameters: env: ${{ parameters.env.Hosted }} depends_on: - # - Checks + # - Checks TODO: Re-enable - SGX_Release - Virtual_Release - SNPCC_Release diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 476c2b3ce3f3..b386ebc88ad9 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - platform: [sgx, snp, virtual] + platform: [sgx] # TODO: Reenable, snp, virtual] steps: - uses: actions/checkout@v3 @@ -59,23 +59,26 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Log in - run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY + # - name: Log in + # run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - - name: Get image tag from git tag (release) - run: echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT - id: tref + # - name: Get image tag from git tag (release) + # run: echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT + # id: tref - - name: Push App Dev ${{ matrix.platform }} container - run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + - name: Delete me + run: docker images - # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - - name: Push App Dev ${{ matrix.platform }} container - run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - if: matrix.platform == 'sgx' + # - name: Push App Dev ${{ matrix.platform }} container + # run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + + # # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x + # - name: Push App Dev ${{ matrix.platform }} container + # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + # if: matrix.platform == 'sgx' - - name: Push App Run ${{ matrix.platform }} container - run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + # - name: Push App Run ${{ matrix.platform }} container + # run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} - - name: Push JS App Run ${{ matrix.platform }} container - run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + # - name: Push JS App Run ${{ matrix.platform }} container + # run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ matrix.platform }} diff --git a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml index 07df8835b09c..1b827bad671f 100644 --- a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml +++ b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml @@ -5,9 +5,9 @@ shell: cmd: | if [ "{{ ccf_ver }}" = "latest" ]; then - curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep {{ platform }} | egrep -v unsafe | cut -d\" -f4 + curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep -v unsafe | cut -d\" -f4 # TODO: Revert | egrep {{ platform }} | egrep -v unsafe | cut -d\" -f4 else - echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}-{{ platform }}_amd64.deb" + echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}_amd64.deb" # TODO: Revert -{{ platform }}_amd64.deb" fi register: ccf_deb_url From bc32e068b4437d481be0f9649d79fc92823088fc Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 10:03:10 +0000 Subject: [PATCH 74/86] Revert me too --- .github/workflows/containers.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index b386ebc88ad9..bba17e16dc26 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -50,7 +50,7 @@ jobs: publish: name: "Publish containers for all platforms" runs-on: ubuntu-latest - if: github.event.release.action == 'published' + # if: github.event.release.action == 'published' TODO: Revert needs: build strategy: matrix: @@ -66,6 +66,7 @@ jobs: # run: echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT # id: tref + # TODO: Delete me - name: Delete me run: docker images From 7830fc7bc11ab7cafd4ec900c0b37e6d8fd22fc8 Mon Sep 17 00:00:00 2001 From: Dominic Ayre Date: Wed, 26 Oct 2022 11:13:43 +0100 Subject: [PATCH 75/86] Remove redundant matrix platform check --- .github/workflows/containers.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 3111f2a00e62..006be61ddb2f 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -36,7 +36,6 @@ jobs: # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - name: Tag App Dev sgx image as lts-devcontainer run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - if: matrix.platform == 'sgx' - name: Build App Run sgx container run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx From b8781582edd17d6aa8fa68d5b4b9943181e5d361 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 10:24:50 +0000 Subject: [PATCH 76/86] Let's try this --- .github/workflows/containers.yml | 58 +++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 12 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index bba17e16dc26..7dfb295e1201 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -33,19 +33,39 @@ jobs: fi id: tref - - name: Build App Dev ${{ matrix.platform }} container - run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 - # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - - name: Tag App Dev SGX image as lts-devcontainer - run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - if: matrix.platform == 'sgx' + - name: Build and export + uses: docker/build-push-action@v3 + with: + context: . + file: docker/app_dev + build-args: platform=${{ matrix.platform }}, ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }} + tags: $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }}, $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + outputs: type=docker,dest=/tmp/app-dev-${{ matrix.platform }}.tar - - name: Build App Run ${{ matrix.platform }} container - run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + - name: Upload artifact + uses: actions/upload-artifact@v3 + with: + name: app-dev-${{ matrix.platform }} + path: /tmp/app-dev-${{ matrix.platform }}.tar - - name: Build JS App Run ${{ matrix.platform }} container - run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + # - name: Build App Dev ${{ matrix.platform }} container + # run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" + + # -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + + # # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x + # - name: Tag App Dev SGX image as lts-devcontainer + # run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + # if: matrix.platform == 'sgx' + + # - name: Build App Run ${{ matrix.platform }} container + # run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + + # - name: Build JS App Run ${{ matrix.platform }} container + # run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ matrix.platform }} publish: name: "Publish containers for all platforms" @@ -59,6 +79,20 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: app-dev-${{ matrix.platform }} + path: /tmp + + - name: Load image + run: | + docker load --input /tmp/app-dev-${{ matrix.platform }}.tar + docker image ls -a + # - name: Log in # run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY @@ -67,8 +101,8 @@ jobs: # id: tref # TODO: Delete me - - name: Delete me - run: docker images + # - name: Delete me + # run: docker images # - name: Push App Dev ${{ matrix.platform }} container # run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-${{ matrix.platform }} From 7235a2e89b9c55296de66e2ea9c44bca49201b6f Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 10:27:34 +0000 Subject: [PATCH 77/86] . --- .github/workflows/containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 7dfb295e1201..9072e9e70766 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -42,7 +42,7 @@ jobs: context: . file: docker/app_dev build-args: platform=${{ matrix.platform }}, ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }} - tags: $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }}, $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + tags: ccfmsrc.azurecr.io/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }}, ccfmsrc.azurecr.io/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} outputs: type=docker,dest=/tmp/app-dev-${{ matrix.platform }}.tar - name: Upload artifact From 4f27dd72cb181a9fa09ba26b24708ad7410f1bc4 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 10:31:14 +0000 Subject: [PATCH 78/86] . --- .github/workflows/containers.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 9072e9e70766..f2fe3bb1fe7f 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -41,8 +41,8 @@ jobs: with: context: . file: docker/app_dev - build-args: platform=${{ matrix.platform }}, ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }} - tags: ccfmsrc.azurecr.io/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }}, ccfmsrc.azurecr.io/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + build-args: platform=${{ matrix.platform }}\nansible_vars=ccf_ver=${{ steps.tref.outputs.tag }} + tags: ccfmsrc.azurecr.io/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }},ccfmsrc.azurecr.io/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} outputs: type=docker,dest=/tmp/app-dev-${{ matrix.platform }}.tar - name: Upload artifact From 83210719bf04f54692ee0835fc0bfb2407166b4c Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 10:33:02 +0000 Subject: [PATCH 79/86] build args --- .github/workflows/containers.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index f2fe3bb1fe7f..1cefe405e4d0 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -41,7 +41,9 @@ jobs: with: context: . file: docker/app_dev - build-args: platform=${{ matrix.platform }}\nansible_vars=ccf_ver=${{ steps.tref.outputs.tag }} + build-args: | + "platform=${{ matrix.platform }}" + "ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" tags: ccfmsrc.azurecr.io/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }},ccfmsrc.azurecr.io/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} outputs: type=docker,dest=/tmp/app-dev-${{ matrix.platform }}.tar From 3798ad5350daf5b659e57f5170f8ea74a341c271 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 10:50:11 +0000 Subject: [PATCH 80/86] Fix --- .github/workflows/containers.yml | 135 +++++++++++++++---------------- 1 file changed, 63 insertions(+), 72 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 1cefe405e4d0..3111f2a00e62 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -6,7 +6,6 @@ on: push: branches: - "additional_containers" # TODO: Remove - - "main" env: ACR_REGISTRY: ccfmsrc.azurecr.io @@ -14,12 +13,9 @@ env: DOCKER_BUILDKIT: 1 # https://docs.docker.com/develop/develop-images/build_enhancements/ jobs: - build: - name: "Build containers for all platforms" + build_and_publish: + name: "Build and publish containers for all platforms" runs-on: ubuntu-latest - strategy: - matrix: - platform: [sgx] # TODO: Reenable, snp, virtual] steps: - uses: actions/checkout@v3 @@ -33,89 +29,84 @@ jobs: fi id: tref - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + # SGX + - name: Build App Dev sgx container + run: docker build -f docker/app_dev . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx - - name: Build and export - uses: docker/build-push-action@v3 - with: - context: . - file: docker/app_dev - build-args: | - "platform=${{ matrix.platform }}" - "ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" - tags: ccfmsrc.azurecr.io/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }},ccfmsrc.azurecr.io/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} - outputs: type=docker,dest=/tmp/app-dev-${{ matrix.platform }}.tar + # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x + - name: Tag App Dev sgx image as lts-devcontainer + run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + if: matrix.platform == 'sgx' - - name: Upload artifact - uses: actions/upload-artifact@v3 - with: - name: app-dev-${{ matrix.platform }} - path: /tmp/app-dev-${{ matrix.platform }}.tar + - name: Build App Run sgx container + run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx - # - name: Build App Dev ${{ matrix.platform }} container - # run: docker build -f docker/app_dev . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" + - name: Build JS App Run sgx container + run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx - # -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} + # SNP + - name: Build App Dev snp container + run: docker build -f docker/app_dev . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-snp -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-snp - # # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - # - name: Tag App Dev SGX image as lts-devcontainer - # run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-${{ matrix.platform }} $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - # if: matrix.platform == 'sgx' + - name: Build App Run snp container + run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp - # - name: Build App Run ${{ matrix.platform }} container - # run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + - name: Build JS App Run snp container + run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp - # - name: Build JS App Run ${{ matrix.platform }} container - # run: docker build -f docker/app_run . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + # Virtual + - name: Build App Dev virtual container + run: docker build -f docker/app_dev . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-virtual -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-virtual - publish: - name: "Publish containers for all platforms" - runs-on: ubuntu-latest - # if: github.event.release.action == 'published' TODO: Revert - needs: build - strategy: - matrix: - platform: [sgx, snp, virtual] + - name: Build App Run virtual container + run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual - steps: - - uses: actions/checkout@v3 + - name: Build JS App Run virtual container + run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}} run_js=true" -t $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + # Publish + - name: Log in + run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: app-dev-${{ matrix.platform }} - path: /tmp + # TODO: Revert + # ## SGX + # - name: Push App Dev sgx container + # run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx - - name: Load image - run: | - docker load --input /tmp/app-dev-${{ matrix.platform }}.tar - docker image ls -a + # # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x + # - name: Push App Dev sgx container + # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - # - name: Log in - # run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY + # - name: Push App Run sgx container + # run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx + + # - name: Push JS App Run sgx container + # run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx + + # ## SNP + # - name: Push App Dev snp container + # run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-snp + + # # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x + # - name: Push App Dev snp container + # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - # - name: Get image tag from git tag (release) - # run: echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT - # id: tref + # - name: Push App Run snp container + # run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp - # TODO: Delete me - # - name: Delete me - # run: docker images + # - name: Push JS App Run snp container + # run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp - # - name: Push App Dev ${{ matrix.platform }} container - # run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + # ## Virtual + # - name: Push App Dev virtual container + # run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-virtual - # # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - # - name: Push App Dev ${{ matrix.platform }} container + # # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x + # - name: Push App Dev virtual container # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - # if: matrix.platform == 'sgx' - # - name: Push App Run ${{ matrix.platform }} container - # run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + # - name: Push App Run virtual container + # run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual - # - name: Push JS App Run ${{ matrix.platform }} container - # run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-${{ matrix.platform }} + # - name: Push JS App Run virtual container + # run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual From 748d5540753de6efe97e514538777d830d0324ca Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 11:02:30 +0000 Subject: [PATCH 81/86] . --- .azure-pipelines-templates/common.yml | 8 ++++---- cmake/cpack_settings.cmake | 4 ++-- .../setup_vm/roles/ccf_install/tasks/deb_install.yml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.azure-pipelines-templates/common.yml b/.azure-pipelines-templates/common.yml index 5472cf79af73..40983cbee40c 100644 --- a/.azure-pipelines-templates/common.yml +++ b/.azure-pipelines-templates/common.yml @@ -53,12 +53,12 @@ jobs: - ${{ if eq(parameters.suffix, 'Release') }}: - template: install_deb.yml - - ? ${{ if and(eq(parameters.suffix, 'Release'), eq(parameters.target, 'SGX')) }} - : - template: cg.yml + - ${{ if and(eq(parameters.suffix, 'Release'), eq(parameters.target, 'SGX')) }}: + - template: cg.yml - template: publish_tls_report.yml - template: publish_compatibility_report.yml - template: install_others.yml - template: publish_sbom.yml - - ? ${{ if and(eq(parameters.suffix, 'Unsafe'), eq(parameters.target, 'SGX')) }} - : - template: install_deb.yml + - ${{ if and(eq(parameters.suffix, 'Unsafe'), eq(parameters.target, 'SGX')) }}: + - template: install_deb.yml diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_settings.cmake index 60e81929d3cb..d7dc3b50ac55 100644 --- a/cmake/cpack_settings.cmake +++ b/cmake/cpack_settings.cmake @@ -12,14 +12,14 @@ set(CPACK_DEBIAN_PACKAGE_VERSION "${CCF_RELEASE_VERSION}-${COMPILE_TARGET}") if(CCF_VERSION_SUFFIX) set(CPACK_DEBIAN_PACKAGE_VERSION - "${CPACK_DEBIAN_PACKAGE_VERSION}~${CCF_VERSION_SUFFIX}" + "${CPACK_DEBIAN_PACKAGE_VERSION}~${CCF_VERSION_SUFFIX}" ) endif() message(STATUS "Debian package version: ${CPACK_DEBIAN_PACKAGE_VERSION}") set(CCF_DEB_BASE_DEPENDENCIES - "libuv1 (>= 1.34.2);libc++1-10;libc++abi1-10;openssl (>=1.1.1)" + "libuv1 (>= 1.34.2);libc++1-10;libc++abi1-10;openssl (>=1.1.1)" ) set(CCF_DEB_DEPENDENCIES ${CCF_DEB_BASE_DEPENDENCIES}) diff --git a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml index 1b827bad671f..07df8835b09c 100644 --- a/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml +++ b/getting_started/setup_vm/roles/ccf_install/tasks/deb_install.yml @@ -5,9 +5,9 @@ shell: cmd: | if [ "{{ ccf_ver }}" = "latest" ]; then - curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep -v unsafe | cut -d\" -f4 # TODO: Revert | egrep {{ platform }} | egrep -v unsafe | cut -d\" -f4 + curl -s https://api.github.com/repos/microsoft/ccf/releases/latest | egrep 'https://.*\.deb' | egrep {{ platform }} | egrep -v unsafe | cut -d\" -f4 else - echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}_amd64.deb" # TODO: Revert -{{ platform }}_amd64.deb" + echo "https://github.com/microsoft/CCF/releases/download/ccf-{{ ccf_ver }}/ccf_{{ ccf_ver | replace('-', '_') }}-{{ platform }}_amd64.deb" fi register: ccf_deb_url From a2cc542984b720c2feb43099fa6012a2570a0549 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 12:18:02 +0000 Subject: [PATCH 82/86] Trigger CI --- .azure-pipelines-templates/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index 9b6676e4d727..a8d7d3a96369 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -94,7 +94,7 @@ jobs: # Release - ${{ if eq(parameters.perf_or_release, 'release') }}: - # TODO: Re-enable + # TODO: Re-enable. # - template: checks.yml # parameters: # env: ${{ parameters.env.Hosted }} From 76eeed1ad13ba5d7efe917dd4b1d3f94d3f12dcc Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 12:44:43 +0000 Subject: [PATCH 83/86] Revert changes --- .azure-pipelines-templates/matrix.yml | 9 ++-- .azure-pipelines-templates/release.yml | 64 +++++++++++++------------- .azure-pipelines.yml | 13 +++--- cmake/common.cmake | 2 - getting_started/setup_vm/app-dev.yml | 1 - getting_started/setup_vm/app-run.yml | 1 - 6 files changed, 42 insertions(+), 48 deletions(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index a8d7d3a96369..5db75a27d80d 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -94,10 +94,9 @@ jobs: # Release - ${{ if eq(parameters.perf_or_release, 'release') }}: - # TODO: Re-enable. - # - template: checks.yml - # parameters: - # env: ${{ parameters.env.Hosted }} + - template: checks.yml + parameters: + env: ${{ parameters.env.Hosted }} - template: common.yml parameters: @@ -144,7 +143,7 @@ jobs: parameters: env: ${{ parameters.env.Hosted }} depends_on: - # - Checks TODO: Re-enable + - Checks - SGX_Release - Virtual_Release - SNPCC_Release diff --git a/.azure-pipelines-templates/release.yml b/.azure-pipelines-templates/release.yml index 319506ed8bec..851e9cd1dcdb 100644 --- a/.azure-pipelines-templates/release.yml +++ b/.azure-pipelines-templates/release.yml @@ -23,37 +23,37 @@ jobs: rename.ul + _ *+*.deb || true displayName: Remove characters that break GitHubRelease - # - task: GitHubRelease@0 - # inputs: - # gitHubConnection: ccf_release - # repositoryName: "$(Build.Repository.Name)" - # action: "create" - # target: "$(Build.SourceVersion)" - # tagSource: "auto" - # assets: $(Build.ArtifactStagingDirectory)/**/* - # assetUploadMode: "delete" - # isDraft: true - # isPreRelease: true - # releaseNotesSource: "file" - # releaseNotesFile: $(Build.BinariesDirectory)/rel-notes.md - # addChangeLog: false - # displayName: "GitHub Release" + - task: GitHubRelease@0 + inputs: + gitHubConnection: ccf_release + repositoryName: "$(Build.Repository.Name)" + action: "create" + target: "$(Build.SourceVersion)" + tagSource: "auto" + assets: $(Build.ArtifactStagingDirectory)/**/* + assetUploadMode: "delete" + isDraft: true + isPreRelease: true + releaseNotesSource: "file" + releaseNotesFile: $(Build.BinariesDirectory)/rel-notes.md + addChangeLog: false + displayName: "GitHub Release" - # - script: | - # set -ex - # python3.8 -m venv env - # source ./env/bin/activate - # pip install -r requirements.txt - # pip install twine - # twine upload -u __token__ -p $(pypi_token) $(Build.ArtifactStagingDirectory)/**/*.whl - # workingDirectory: python - # displayName: PyPi https://pypi.org/project/ccf/ + - script: | + set -ex + python3.8 -m venv env + source ./env/bin/activate + pip install -r requirements.txt + pip install twine + twine upload -u __token__ -p $(pypi_token) $(Build.ArtifactStagingDirectory)/**/*.whl + workingDirectory: python + displayName: PyPi https://pypi.org/project/ccf/ - # - script: | - # set -ex - # echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc - # npm publish $(Build.ArtifactStagingDirectory)/**/microsoft-ccf-app*.tgz --access public - # env: - # NPM_TOKEN: $(npm_token) - # workingDirectory: js/ccf-app - # displayName: NPM https://www.npmjs.com/package/@microsoft/ccf-app + - script: | + set -ex + echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc + npm publish $(Build.ArtifactStagingDirectory)/**/microsoft-ccf-app*.tgz --access public + env: + NPM_TOKEN: $(npm_token) + workingDirectory: js/ccf-app + displayName: NPM https://www.npmjs.com/package/@microsoft/ccf-app diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index f37c3d9fa835..ea663095a52c 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -37,13 +37,12 @@ resources: options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /dev/shm:/tmp/ccache -v /lib/modules:/lib/modules:ro variables: - # TODO: Revert before merging! - # ${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-') }}: - perf_or_release: release - perf_tests: no_run - # ${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-')) }}: - # perf_or_release: perf - # perf_tests: run + ${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-') }}: + perf_or_release: release + perf_tests: no_run + ${{ if not(startsWith(variables['Build.SourceBranch'], 'refs/tags/ccf-')) }}: + perf_or_release: perf + perf_tests: run jobs: - template: .azure-pipelines-templates/configure.yml diff --git a/cmake/common.cmake b/cmake/common.cmake index 1b3626c511d9..0add7547cb3a 100644 --- a/cmake/common.cmake +++ b/cmake/common.cmake @@ -266,10 +266,8 @@ if(COMPILE_TARGET STREQUAL "sgx") target_compile_definitions(cchost PUBLIC PLATFORM_SGX) elseif(COMPILE_TARGET STREQUAL "snp") target_compile_definitions(cchost PUBLIC PLATFORM_SNP) - target_include_directories(cchost PRIVATE ${OE_INCLUDEDIR}) elseif(COMPILE_TARGET STREQUAL "virtual") target_compile_definitions(cchost PUBLIC PLATFORM_VIRTUAL) - target_include_directories(cchost PRIVATE ${OE_INCLUDEDIR}) endif() target_link_libraries( diff --git a/getting_started/setup_vm/app-dev.yml b/getting_started/setup_vm/app-dev.yml index 1b00780bdb55..bf169cc201fd 100644 --- a/getting_started/setup_vm/app-dev.yml +++ b/getting_started/setup_vm/app-dev.yml @@ -22,7 +22,6 @@ - import_role: name: ccf_build tasks_from: install.yml - # TODO: Currently does not work on non-SGX as unique debian package requires Open Enclave! - import_role: name: ccf_install tasks_from: deb_install.yml diff --git a/getting_started/setup_vm/app-run.yml b/getting_started/setup_vm/app-run.yml index 01d45357392f..fd0f6d09a28e 100644 --- a/getting_started/setup_vm/app-run.yml +++ b/getting_started/setup_vm/app-run.yml @@ -15,7 +15,6 @@ name: az_dcap tasks_from: install.yml when: platform == "sgx" - # TODO: Currently does not work on non-SGX as unique debian package requires Open Enclave! - import_role: name: ccf_install tasks_from: deb_install.yml From 08ec12ca44a37473a5a866eb43bb8cc4746a044b Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 12:46:57 +0000 Subject: [PATCH 84/86] Cleanup container GH Action --- .github/workflows/containers.yml | 68 +++++++++++++------------------- 1 file changed, 28 insertions(+), 40 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 006be61ddb2f..0ef5cc3311c9 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -30,12 +30,9 @@ jobs: id: tref # SGX - - name: Build App Dev sgx container - run: docker build -f docker/app_dev . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx - # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - - name: Tag App Dev sgx image as lts-devcontainer - run: docker tag $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-sgx $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + - name: Build App Dev sgx container + run: docker build -f docker/app_dev . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-sgx -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - name: Build App Run sgx container run: docker build -f docker/app_run . --build-arg="platform=sgx" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx @@ -45,7 +42,7 @@ jobs: # SNP - name: Build App Dev snp container - run: docker build -f docker/app_dev . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-snp -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-snp + run: docker build -f docker/app_dev . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-snp - name: Build App Run snp container run: docker build -f docker/app_run . --build-arg="platform=snp" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp @@ -55,7 +52,7 @@ jobs: # Virtual - name: Build App Dev virtual container - run: docker build -f docker/app_dev . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-virtual -t $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer-virtual + run: docker build -f docker/app_dev . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }}" -t $ACR_REGISTRY/public/ccf/app/dev:${{ steps.tref.outputs.tag }}-virtual - name: Build App Run virtual container run: docker build -f docker/app_run . --build-arg="platform=virtual" --build-arg="ansible_vars=ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual @@ -67,45 +64,36 @@ jobs: - name: Log in run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - # TODO: Revert - # ## SGX - # - name: Push App Dev sgx container - # run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx - - # # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - # - name: Push App Dev sgx container - # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - - # - name: Push App Run sgx container - # run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx + ## SGX + - name: Push App Dev sgx container + run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-sgx - # - name: Push JS App Run sgx container - # run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx + # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x + - name: Push App Dev sgx container + run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer - # ## SNP - # - name: Push App Dev snp container - # run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-snp + - name: Push App Run sgx container + run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-sgx - # # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - # - name: Push App Dev snp container - # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + - name: Push JS App Run sgx container + run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-sgx - # - name: Push App Run snp container - # run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp + ## SNP + - name: Push App Dev snp container + run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-snp - # - name: Push JS App Run snp container - # run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp + - name: Push App Run snp container + run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-snp - # ## Virtual - # - name: Push App Dev virtual container - # run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-virtual + - name: Push JS App Run snp container + run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-snp - # # Note: Keep SGX lts-devcontainer tag as default dev container until 4.x - # - name: Push App Dev virtual container - # run: docker push $ACR_REGISTRY/public/ccf/app/dev:lts-devcontainer + ## Virtual + - name: Push App Dev virtual container + run: docker push $ACR_REGISTRY/public/ccf/app/dev:${{steps.tref.outputs.tag}}-virtual - # - name: Push App Run virtual container - # run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual + - name: Push App Run virtual container + run: docker push $ACR_REGISTRY/public/ccf/app/run:${{steps.tref.outputs.tag}}-virtual - # - name: Push JS App Run virtual container - # run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual + - name: Push JS App Run virtual container + run: docker push $ACR_REGISTRY/public/ccf/app/run-js:${{steps.tref.outputs.tag}}-virtual From 7e013e0e7eaafb02475826cae2fdd332a4b8c7ab Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 12:48:34 +0000 Subject: [PATCH 85/86] . --- .github/workflows/containers.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 0ef5cc3311c9..1b6f91841332 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -3,9 +3,6 @@ name: "Build and Publish Release Containers to MCR" on: release: types: [published] - push: - branches: - - "additional_containers" # TODO: Remove env: ACR_REGISTRY: ccfmsrc.azurecr.io From 125efebd62479e0dcafbf2b13d15dbd88aa1fd3d Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Wed, 26 Oct 2022 13:22:22 +0000 Subject: [PATCH 86/86] Use IceLake pool for SGX build on CI --- .azure-pipelines-templates/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines-templates/matrix.yml b/.azure-pipelines-templates/matrix.yml index 5db75a27d80d..82129b648848 100644 --- a/.azure-pipelines-templates/matrix.yml +++ b/.azure-pipelines-templates/matrix.yml @@ -11,7 +11,7 @@ parameters: pool: 1es-dv4-focal SGX: container: sgx - pool: 1es-dcv2-focal + pool: 1es-dcdv3-focal SNPCC: pool: sev-snp-pool