From 4474791c6d3acbcc72563819048e96fc11a04bd7 Mon Sep 17 00:00:00 2001
From: Shirong Hao <shirong@linux.alibaba.com>
Date: Tue, 5 Jan 2021 19:02:16 +0800
Subject: [PATCH] Enhance rune CI test

1. Reconstruct workflow to reduce code duplication
2. Support occlum 0.19.0
3. Remove openjdk-web and openjdk-web pod
---
 .github/workflows/rune_test.yml | 158 +++++++-------------------------
 1 file changed, 32 insertions(+), 126 deletions(-)

diff --git a/.github/workflows/rune_test.yml b/.github/workflows/rune_test.yml
index 3950317d..51373c1a 100644
--- a/.github/workflows/rune_test.yml
+++ b/.github/workflows/rune_test.yml
@@ -8,8 +8,11 @@ env:
 
 jobs:
   # TODO: add rune circtl test on ubuntu image.
-  Rune_with_docker_ubuntu_test:
+  Rune_test:
     runs-on: [self-hosted, SGX1-HW]
+    strategy:
+      matrix:
+        tag: [ubuntu18.04, centos8.1]
     steps:
     - name: Clean before running
       run: |
@@ -25,12 +28,12 @@ jobs:
 
     - name: Create container
       run: |
-        rune_ubuntu_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04)
-        echo "rune_ubuntu_test=$rune_ubuntu_test" >> $GITHUB_ENV
+        rune_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum inclavarecontainers/test:${{ matrix.tag }}-occlum-$OCCLUM_VERSION)
+        echo "rune_test=$rune_test" >> $GITHUB_ENV
 
     - name: Change download source of crates.io
       run: |
-        docker exec $rune_ubuntu_test bash -c "cat <<- EOF >/root/.cargo/config
+        docker exec $rune_test bash -c "cat <<- EOF >/root/.cargo/config
         [source.crates-io]
         registry = \"https://github.com/rust-lang/crates.io-index\"
         replace-with = 'ustc'
@@ -39,146 +42,49 @@ jobs:
         EOF"
 
     - name: Build Occlum dependencies
-      run: docker exec $rune_ubuntu_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
+      run: docker exec $rune_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
 
     - name: Install Occlum
-      run: docker exec $rune_ubuntu_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make && make install"
+      run: docker exec $rune_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make && make install"
 
-    - name: Install rune
-      run: docker exec $rune_ubuntu_test bash -c "wget $REPO/deb-repo/pool/main/r/rune/rune_$RUNE_VERSION-1_amd64.deb;
-        dpkg -i rune_$RUNE_VERSION-1_amd64.deb"
-
-    - name: Install and configure docker
+    - name: Install rune and shim-rune
       run: |
-        docker exec $rune_ubuntu_test bash -c "apt-get update;
-        apt-get install -y apt-transport-https ca-certificates curl software-properties-common;
-        curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -;
-        add-apt-repository 'deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic stable';
-        apt-get install -y docker-ce"
+        if [ '${{ matrix.tag }}' = 'ubuntu18.04' ]; then
+          docker exec $rune_test bash -c "wget $REPO/deb-repo/pool/main/r/rune/rune_$RUNE_VERSION-1_amd64.deb; dpkg -i rune_$RUNE_VERSION-1_amd64.deb"
+        else
+          docker exec $rune_test bash -c "rpm -ivh $REPO/rpm-repo/rune-$RUNE_VERSION-1.el8.x86_64.rpm $REPO/rpm-repo/shim-rune-$RUNE_VERSION-1.el8.x86_64.rpm"
+        fi;
 
-        docker exec $rune_ubuntu_test bash -c "mkdir /etc/docker;
-        cat <<- EOF >/etc/docker/daemon.json
-        {
-            \"runtimes\":{
-                \"rune\":{
-                    \"path\":\"/usr/local/bin/rune\",
-                    \"runtimeArgs\":[]
-                  }
-              },
-              \"storage-driver\": \"vfs\"
-        }
-        EOF"
-
-        docker exec $rune_ubuntu_test bash -c "service docker start"
+    - name: Start docker daemon
+      run: |
+        if [ '${{ matrix.tag }}' = 'ubuntu18.04' ]; then
+          docker exec $rune_test bash -c "service docker start"
+        else
+          docker exec $rune_test bash -c "dockerd -b docker0 --storage-driver=vfs &"
+        fi;
 
     - name: Build Occlum application image
-      run: |
-        docker exec $rune_ubuntu_test bash -c "cat <<- EOF >/root/hello_world.c
-        "#include\<stdio.h\>"
-        int main ()
-        {
-            printf(\"Hello World\n\");
-            return 0;
-        }
-        EOF"
-
-        docker exec $rune_ubuntu_test bash -c "occlum-gcc -o hello_world hello_world.c;
-        occlum new occlum_instance && cd occlum_instance;
-        cp ../hello_world image/bin/ && occlum build;
-        occlum package occlum_instance.tar.gz"
-
-        docker exec $rune_ubuntu_test bash -c "cat <<- EOF >/root/occlum_instance/Dockerfile
-        FROM centos:8.1.1911
-        RUN mkdir -p /run/rune
-        WORKDIR /run/rune
-        ADD occlum_instance.tar.gz /run/rune
-        ENTRYPOINT [\"/bin/hello_world\"]
-        EOF"
-
-        docker exec $rune_ubuntu_test bash -c "cd /root/occlum_instance;
-        docker build . -t occlum-app"
-
-    - name: Run Occlum image
-      run: docker exec $rune_ubuntu_test bash -c "docker run -i --rm --runtime=rune -e ENCLAVE_TYPE=intelSgx -e ENCLAVE_RUNTIME_PATH=/opt/occlum/build/lib/libocclum-pal.so -e ENCLAVE_RUNTIME_ARGS=occlum_instance occlum-app"
-
-    - name: Clean the environment
-      if: ${{ always() }}
-      run: docker stop $rune_ubuntu_test
-
-  Rune_with_docker_and_crictl_centos_test:
-    runs-on: [self-hosted, SGX1-HW]
-    steps:
-    - name: Clean before running
-      run: |
-        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
-
-    - uses: actions/checkout@v1
-      with:
-        submodules: true
-
-    - name: Create container
-      run: |
-        rune_crictl_centos=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum crictl-occlum:centos8.1)
-        echo "rune_crictl_centos=$rune_crictl_centos" >> $GITHUB_ENV
-
-    - name: Change download source of crates.io
-      run: |
-        docker exec $rune_crictl_centos bash -c "cat <<- EOF >/root/.cargo/config
-        [source.crates-io]
-        registry = \"https://github.com/rust-lang/crates.io-index\"
-        replace-with = 'ustc'
-        [source.ustc]
-        registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
-        EOF"
-
-    - name: Build Occlum dependencies
-      run: docker exec $rune_crictl_centos bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
-
-    - name: Install Occlum
-      run: docker exec $rune_crictl_centos bash -c "cd /root/occlum;
-        OCCLUM_RELEASE_BUILD=1 make && make install"
-
-    - name: Get version
-      run: echo "RUNE_VERSION=$(wget -q https://raw.githubusercontent.com/alibaba/inclavare-containers/master/VERSION && cat VERSION)" >> $GITHUB_ENV && rm -f VERSION
-
-    - name: Install rune and shim-rune package
-      run: docker exec $rune_crictl_centos bash -c "rpm -ivh $REPO/rpm-repo/rune-$RUNE_VERSION-1.el8.x86_64.rpm $REPO/rpm-repo/shim-rune-$RUNE_VERSION-1.el8.x86_64.rpm"
-
-    - name: Build Occlum application image
-      run: docker exec $rune_crictl_centos bash -c "dockerd -b docker0 --storage-driver=vfs &"
-
-        docker exec $rune_crictl_centos bash -c "occlum-gcc -o hello_world hello_world.c;
+      run: docker exec $rune_test bash -c "occlum-gcc -o hello_world hello_world.c;
         occlum new occlum_instance && cd occlum_instance;
         cp ../hello_world image/bin/ && occlum build;
         occlum package occlum_instance.tar.gz;
-        cp /root/Dockerfile /root/occlum_instance;
-        docker build . -t occlum-app"
+        docker build . -t occlum-app -f /root/Dockerfile-occlum"
 
-    - name: Run Occlum application image
-      run: docker exec $rune_crictl_centos bash -c "docker run -i --rm --runtime=rune -e ENCLAVE_TYPE=intelSgx -e ENCLAVE_RUNTIME_PATH=/opt/occlum/build/lib/libocclum-pal.so -e ENCLAVE_RUNTIME_ARGS=occlum_instance occlum-app"
+    - name: Run Occlum image
+      run: docker exec $rune_test bash -c "docker run -i --rm --runtime=rune -e ENCLAVE_TYPE=intelSgx -e ENCLAVE_RUNTIME_PATH=/opt/occlum/build/lib/libocclum-pal.so -e ENCLAVE_RUNTIME_ARGS=occlum_instance occlum-app"
 
     - name: Run occlum-hello pod
-      if: ${{ always() }}
-      run: docker exec $rune_crictl_centos bash -c "containerd" &
+      if: ${{ contains(matrix.tag, 'centos8.1') }}
+      run: docker exec $rune_test bash -c "containerd" &
 
-        docker exec $rune_crictl_centos bash -c "cd /root/samples && ./clean.sh;
+        docker exec $rune_test bash -c "cd /root/samples && ./clean.sh;
         crictl run --timeout 3s hello.yaml pod.yaml && ./show.sh"
 
-    - name: Run dragonwell-web pod
-      if: ${{ always() }}
-      run: docker exec $rune_crictl_centos bash -c "cd /root/samples && ./clean.sh;
-        crictl run --timeout 3s dragonwell.yaml pod.yaml && ./show.sh"
-
-    - name: Run openjdk-web pod
-      if: ${{ always() }}
-      run: docker exec $rune_crictl_centos bash -c "cd /root/samples && ./clean.sh;
-        crictl run --timeout 3s jdk.yaml pod.yaml && ./show.sh"
-
     - name: Run golang-web pod
-      if: ${{ always() }}
-      run: docker exec $rune_crictl_centos bash -c "cd /root/samples && ./clean.sh;
+      if: ${{ contains(matrix.tag, 'centos8.1') }}
+      run: docker exec $rune_test bash -c "cd /root/samples && ./clean.sh;
         crictl run --timeout 3s golang.yaml pod.yaml && ./show.sh"
 
     - name: Clean the environment
       if: ${{ always() }}
-      run: docker stop $rune_crictl_centos
+      run: docker stop $rune_test