Use toolchains from the git clone source instead of from the local path

Signed-off-by: Zheng, Qi <huaiqing.zq@antgroup.com>

.github/workflows/build_and_push_aliyunlinux_image.yml

@@ -18,13 +18,6 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v2
 
-    # Because "Build and push" step `context` field can't be subdir,
-    # we need to copy files needed by dockerfile to root dir of the project
-    - name: Copy context for docker build
-      run: |
-        cp -r tools/toolchains .
-        cp -r tools/docker .
-
     - name: Get Occlum release version
       run: echo "RELEASE_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV;
 

.github/workflows/build_and_push_docker_image.yml

@@ -23,13 +23,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
 
-      # Because "Build and push" step `context` field can't be subdir,
-      # we need to copy files needed by dockerfile to root dir of the project
-      - name: Copy context for docker build
-        run: |
-          cp -r tools/toolchains .
-          cp -r tools/docker .
-
       - name: Get Occlum release version
         run: echo "RELEASE_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV;
 

tools/docker/Dockerfile.aliyunlinux3

@@ -120,32 +120,27 @@ RUN wget http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz && \
     cp ./cpuid-20200211/cpuid /usr/bin/ && \
     rm -rf /tmp/cpuid-20200211*
 
+
+# Download the Occlum source
+ARG OCCLUM_BRANCH
+WORKDIR /root
+RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
+    cp -r /root/occlum/tools/toolchains/* /tmp/ && mkdir -p /opt/occlum/ && \
+    cp /root/occlum/tools/docker/start_aesm.sh /opt/occlum/
+
 # Install Occlum toolchain
-COPY toolchains/musl-gcc /tmp/musl-gcc
 WORKDIR /tmp
 RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
 ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
 
 # Install glibc
-COPY toolchains/glibc /tmp/glibc
 WORKDIR /tmp
 RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
 
 # Install Occlum Golang toolchain
-COPY toolchains/golang /tmp/golang
 WORKDIR /tmp
-RUN yum install -y go && cd golang && ./build.sh && rm -rf /tmp/golang
-ENV PATH="/usr/local/occlum/golang/bin:$PATH"
-
-# Install Occlum Java toolchain (JDK 11)
-ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
-COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
-RUN rm $JDK11_PATH/lib/security/cacerts
-COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
-COPY toolchains/java /tmp/java
-WORKDIR /tmp
-RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
-ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
+RUN cd golang && ./build.sh && rm -rf /tmp/golang
+ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
 
 # Install Rust
 ENV PATH="/root/.cargo/bin:$PATH"
@@ -156,18 +151,24 @@ RUN curl https://sh.rustup.rs -sSf | \
     cargo -V
 
 # Install Occlum Rust toolchain
-COPY toolchains/rust /tmp/rust
 WORKDIR /tmp
 RUN cd rust && ./build.sh && rm -rf /tmp/rust
 ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
 
-ARG OCCLUM_BRANCH
+# Install Occlum Java toolchain (JDK 11)
+ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
+COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
+RUN rm $JDK11_PATH/lib/security/cacerts
+COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
+WORKDIR /tmp
+RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
+ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
+
+
 ENV LD_LIBRARY_PATH="/opt/intel/sgxpsw/aesm:/usr/lib64/:/usr/local/lib:/opt/intel/sgxsdk/sdk_libs:/usr/lib:$LD_LIBRARY_PATH"
-# Install the latest version of Occlum
-WORKDIR /root/occlum
-RUN rm -rf occlum && \
-    git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
-    cd occlum && \
+# Build and install Occlum
+WORKDIR /root
+RUN cd occlum && \
     source /opt/intel/sgxsdk/environment && \
     make submodule && \
     OCCLUM_RELEASE_BUILD=1 make install && \
@@ -179,7 +180,6 @@ RUN rm -rf occlum && \
 # To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
 # as a "real" service since the pid 1 is not systemd in Docker. So we start
 # up AESM service when an user login with an interative shell.
-COPY docker/start_aesm.sh /opt/occlum/
-RUN mkdir -p /var/run/aesmd && echo 'sudo /opt/occlum/start_aesm.sh' >> /root/.bashrc
+RUN mkdir -p /var/run/aesmd && echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
 
 WORKDIR /root

tools/docker/Dockerfile.centos8.2

@@ -68,40 +68,6 @@ RUN curl https://sh.rustup.rs -sSf | \
     rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
     cargo -V
 
-# Install Occlum toolchain
-COPY toolchains/musl-gcc /tmp/musl-gcc
-WORKDIR /tmp
-RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
-ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
-
-# Install glibc
-COPY toolchains/glibc /tmp/glibc
-WORKDIR /tmp
-RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
-
-# Install Occlum Golang toolchain
-COPY toolchains/golang /tmp/golang
-WORKDIR /tmp
-RUN cd golang && ./build.sh && rm -rf /tmp/golang
-ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
-
-# Install Occlum Rust toolchain
-COPY toolchains/rust /tmp/rust
-WORKDIR /tmp
-RUN cd rust && ./build.sh && rm -rf /tmp/rust
-ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
-ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
-
-# Install Occlum Java toolchain (JDK 11)
-ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
-COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
-RUN rm $JDK11_PATH/lib/security/cacerts
-COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
-COPY toolchains/java /tmp/java
-WORKDIR /tmp
-RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
-ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
-
 # Install SGX PSW
 WORKDIR /tmp
 RUN echo "ca_directory=/etc/ssl/certs" >> /etc/wgetrc && \
@@ -145,12 +111,46 @@ RUN git clone -b sgx_2.13.3_for_occlum https://github.com/occlum/linux-sgx && \
     echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
     rm -rf /tmp/linux-sgx
 
-# Install the latest version of Occlum
+# Download the Occlum source
 ARG OCCLUM_BRANCH
 WORKDIR /root
 RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
-    cd occlum && \
-    source /root/.bashrc && \
+    cp -r /root/occlum/tools/toolchains/* /tmp/ && mkdir -p /opt/occlum/ && \
+    cp /root/occlum/tools/docker/start_aesm.sh /opt/occlum/
+
+# Install Occlum toolchain
+WORKDIR /tmp
+RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
+ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
+
+# Install glibc
+WORKDIR /tmp
+RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
+
+# Install Occlum Golang toolchain
+WORKDIR /tmp
+RUN cd golang && ./build.sh && rm -rf /tmp/golang
+ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
+
+# Install Occlum Rust toolchain
+WORKDIR /tmp
+RUN cd rust && ./build.sh && rm -rf /tmp/rust
+ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
+ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
+
+# Install Occlum Java toolchain (JDK 11)
+ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
+COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
+RUN rm $JDK11_PATH/lib/security/cacerts
+COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
+WORKDIR /tmp
+RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
+ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
+
+# Build and install Occlum
+WORKDIR /root
+RUN cd occlum && \
+    source /opt/intel/sgxsdk/environment && \
     make submodule && \
     OCCLUM_RELEASE_BUILD=1 make && \
     make install && \
@@ -162,7 +162,6 @@ RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
 # To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
 # as a "real" service since the pid 1 is not systemd in Docker. So we start
 # up AESM service when an user login with an interative shell.
-COPY docker/start_aesm.sh /opt/occlum/
 RUN mkdir -p /var/run/aesmd && echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
 
 WORKDIR /root

tools/docker/Dockerfile.ubuntu18.04

@@ -83,40 +83,6 @@ RUN curl https://sh.rustup.rs -sSf | \
     rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git && \
     cargo -V 
 
-# Install Occlum toolchain
-COPY toolchains/musl-gcc /tmp/musl-gcc
-WORKDIR /tmp
-RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
-ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
-
-# Install glibc
-COPY toolchains/glibc /tmp/glibc
-WORKDIR /tmp
-RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
-
-# Install Occlum Golang toolchain
-COPY toolchains/golang /tmp/golang
-WORKDIR /tmp
-RUN cd golang && ./build.sh && rm -rf /tmp/golang
-ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
-
-# Install Occlum Rust toolchain
-COPY toolchains/rust /tmp/rust
-WORKDIR /tmp
-RUN cd rust && ./build.sh && rm -rf /tmp/rust
-ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
-ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
-
-# Install Occlum Java toolchain (JDK 11)
-ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
-COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
-RUN rm $JDK11_PATH/lib/security/cacerts
-COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
-COPY toolchains/java /tmp/java
-WORKDIR /tmp
-RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
-ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
-
 # Install SGX PSW
 ARG PSW_VERSION=2.13.103.1
 ARG DCAP_VERSION=1.10.103.1
@@ -162,11 +128,44 @@ RUN git clone -b sgx_2.13.3_for_occlum https://github.com/occlum/linux-sgx && \
     echo 'source /opt/intel/sgxsdk/environment' >> /root/.bashrc && \
     rm -rf /tmp/linux-sgx
 
-# Install the latest version of Occlum
+# Download the Occlum source
 ARG OCCLUM_BRANCH
 WORKDIR /root
 RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
-    cd occlum && \
+    cp -r /root/occlum/tools/toolchains/* /tmp/ && mkdir -p /opt/occlum/ && \
+    cp /root/occlum/tools/docker/start_aesm.sh /opt/occlum/
+
+# Install Occlum toolchain
+WORKDIR /tmp
+RUN cd musl-gcc && ./build.sh && ./install_zlib.sh && rm -rf /tmp/musl-gcc
+ENV PATH="/opt/occlum/build/bin:/usr/local/occlum/bin:$PATH"
+
+# Install glibc
+WORKDIR /tmp
+RUN cd glibc && ./build.sh && rm -rf /tmp/glibc
+
+# Install Occlum Golang toolchain
+WORKDIR /tmp
+RUN cd golang && ./build.sh && rm -rf /tmp/golang
+ENV PATH="/opt/occlum/toolchains/golang/bin:$PATH"
+
+# Install Occlum Rust toolchain
+WORKDIR /tmp
+RUN cd rust && ./build.sh && rm -rf /tmp/rust
+ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH"
+ENV LD_LIBRARY_PATH="/opt/intel/sgxsdk/sdk_libs"
+
+# Install Occlum Java toolchain (JDK 11)
+ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk
+COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH
+RUN rm $JDK11_PATH/lib/security/cacerts
+COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts
+WORKDIR /tmp
+RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java
+ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH"
+
+WORKDIR /root
+RUN cd occlum && \
     source /opt/intel/sgxsdk/environment && \
     make submodule && \
     OCCLUM_RELEASE_BUILD=1 make && \
@@ -179,7 +178,6 @@ RUN git clone -b $OCCLUM_BRANCH https://github.com/occlum/occlum && \
 # To do so, we add the script to ~/.bashrc. We cannot use systemd to run AESM
 # as a "real" service since the pid 1 is not systemd in Docker. So we start
 # up AESM service when an user login with an interative shell.
-COPY docker/start_aesm.sh /opt/occlum/ 
 RUN mkdir -p /var/run/aesmd && echo '/opt/occlum/start_aesm.sh' >> /root/.bashrc
 
 WORKDIR /root

tools/docker/README.md

@@ -4,19 +4,21 @@ This folder contains scripts and Dockerfiles for users to build the Docker image
 for Occlum. An Occlum Docker image sets up the development environment for
 Occlum and also gets Occlum preinstalled.
 
-Currently, three Linux OS distributions are supported: Ubuntu 18.04, CentOS 7.5 and CentOS 8.1.
+Currently, three Linux OS distributions are supported: Ubuntu 18.04, CentOS 8.2 and aliyunlinux3.
 
 ## How to Build
 
 To build an Occlum Docker image, run the following command
 ```
-./build_image.sh <OCCLUM_LABEL> <OS_NAME>
+./build_image.sh <OCCLUM_LABEL> <OS_NAME> <OCCLUM_BRANCH>
 ```
 where `<OCCLUM_LABEL>` is an arbitrary string chosen by the user to
 describe the version of Occlum preinstalled in the Docker image
-(e.g., "latest", "0.15.0", and "prerelease") and `<OS_NAME>` is the
+(e.g., "latest", "0.24.0", and "prerelease") and `<OS_NAME>` is the
 name of the OS distribution that the Docker image is based on.
 Currently, `<OS_NAME>` must be one of the following values:
-`ubuntu18.04` and `centos8.2`.
+`ubuntu18.04`, `centos8.2` and `aliyunlinux3`.
+`<OCCLUM_BRANCH>` indicates which the docker image is built on, e.g "0.24.0".
+It is optional, if not provided, "master" branch will be used.
 
 The resulting Docker image will have `occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>` as its label.

tools/docker/build_image.sh

@@ -12,7 +12,7 @@ build_image
 Build an Occlum Docker image for a specific OS
 
 USAGE:
-    build_image.sh <OCCLUM_LABEL> <OS_NAME>
+    build_image.sh <OCCLUM_LABEL> <OS_NAME> <OCCLUM_BRANCH>
 
 <OCCLUM_LABEL>:
     An arbitrary string chosen by the user to describe the version of Occlum preinstalled in the Docker image, e.g., "latest", "0.12.0", "prerelease", and etc.
@@ -23,6 +23,10 @@ USAGE:
         centos8.2           Use CentOS 8.2 as the base image
         aliyunlinux3        Use AliyunLinux 3 as the base image
 
+<OCCLUM_BRANCH>:
+    The Occlum branch which the docker image is built on, e.g "0.24.0".
+    It is optional, if not provided, "master" branch will be used.
+
 The resulting Docker image will have "occlum/occlum:<OCCLUM_LABEL>-<OS_NAME>" as its label.
 EOF
     exit 1
@@ -34,9 +38,9 @@ if [[ ( "$#" < 2 ) ]] ; then
     report_error
 fi
 
-occlum_branch=master
 occlum_label=$1
 os_name=$2
+occlum_branch=${3:-master}
 
 function check_item_in_list() {
     item=$1