Enhance rune CI test

1. Reconstruct workflow to reduce code duplication 2. Support occlum 0.19.0 3. Remove openjdk-web and openjdk-web pod
2021-01-05 19:02:16 +08:00 · 2021-01-05 19:02:16 +08:00 · 4474791c6d
commit 4474791c6d
parent 29ba19c34f
1 changed files with 32 additions and 126 deletions
--- a/.github/workflows/rune_test.yml
+++ b/.github/workflows/rune_test.yml
@ -8,8 +8,11 @@ env:
 jobs:
  # TODO: add rune circtl test on ubuntu image.
-  Rune_with_docker_ubuntu_test:
+  Rune_test:
    runs-on: [self-hosted, SGX1-HW]
    strategy:
      matrix:
        tag: [ubuntu18.04, centos8.1]
    steps:
    - name: Clean before running
      run: |
@ -25,12 +28,12 @@ jobs:
    - name: Create container
      run: |
-        rune_ubuntu_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04)
+        rune_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum inclavarecontainers/test:${{ matrix.tag }}-occlum-$OCCLUM_VERSION)
-        echo "rune_ubuntu_test=$rune_ubuntu_test" >> $GITHUB_ENV
+        echo "rune_test=$rune_test" >> $GITHUB_ENV
    - name: Change download source of crates.io
      run: |
-        docker exec $rune_ubuntu_test bash -c "cat <<- EOF >/root/.cargo/config
+        docker exec $rune_test bash -c "cat <<- EOF >/root/.cargo/config
        [source.crates-io]
        registry = \"https://github.com/rust-lang/crates.io-index\"
        replace-with = 'ustc'
@ -39,146 +42,49 @@ jobs:
        EOF"
    - name: Build Occlum dependencies
-      run: docker exec $rune_ubuntu_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
+      run: docker exec $rune_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
    - name: Install Occlum
-      run: docker exec $rune_ubuntu_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make && make install"
+      run: docker exec $rune_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make && make install"
-    - name: Install rune
+    - name: Install rune and shim-rune
      run: docker exec $rune_ubuntu_test bash -c "wget $REPO/deb-repo/pool/main/r/rune/rune_$RUNE_VERSION-1_amd64.deb;
        dpkg -i rune_$RUNE_VERSION-1_amd64.deb"
    - name: Install and configure docker
      run: |
-        docker exec $rune_ubuntu_test bash -c "apt-get update;
+        if [ '${{ matrix.tag }}' = 'ubuntu18.04' ]; then
-        apt-get install -y apt-transport-https ca-certificates curl software-properties-common;
+          docker exec $rune_test bash -c "wget $REPO/deb-repo/pool/main/r/rune/rune_$RUNE_VERSION-1_amd64.deb; dpkg -i rune_$RUNE_VERSION-1_amd64.deb"
-        curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -;
+        else
-        add-apt-repository 'deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic stable';
+          docker exec $rune_test bash -c "rpm -ivh $REPO/rpm-repo/rune-$RUNE_VERSION-1.el8.x86_64.rpm $REPO/rpm-repo/shim-rune-$RUNE_VERSION-1.el8.x86_64.rpm"
-        apt-get install -y docker-ce"
+        fi;
-        docker exec $rune_ubuntu_test bash -c "mkdir /etc/docker;
+    - name: Start docker daemon
-        cat <<- EOF >/etc/docker/daemon.json
+      run: |
-        {
+        if [ '${{ matrix.tag }}' = 'ubuntu18.04' ]; then
-            \"runtimes\":{
+          docker exec $rune_test bash -c "service docker start"
-                \"rune\":{
+        else
-                    \"path\":\"/usr/local/bin/rune\",
+          docker exec $rune_test bash -c "dockerd -b docker0 --storage-driver=vfs &"
-                    \"runtimeArgs\":[]
+        fi;
                  }
              },
              \"storage-driver\": \"vfs\"
        }
        EOF"
        docker exec $rune_ubuntu_test bash -c "service docker start"
    - name: Build Occlum application image
-      run: |
+      run: docker exec $rune_test bash -c "occlum-gcc -o hello_world hello_world.c;
        docker exec $rune_ubuntu_test bash -c "cat <<- EOF >/root/hello_world.c
        "#include\<stdio.h\>"
        int main ()
        {
            printf(\"Hello World\n\");
            return 0;
        }
        EOF"
        docker exec $rune_ubuntu_test bash -c "occlum-gcc -o hello_world hello_world.c;
        occlum new occlum_instance && cd occlum_instance;
        cp ../hello_world image/bin/ && occlum build;
        occlum package occlum_instance.tar.gz"
        docker exec $rune_ubuntu_test bash -c "cat <<- EOF >/root/occlum_instance/Dockerfile
        FROM centos:8.1.1911
        RUN mkdir -p /run/rune
        WORKDIR /run/rune
        ADD occlum_instance.tar.gz /run/rune
        ENTRYPOINT [\"/bin/hello_world\"]
        EOF"
        docker exec $rune_ubuntu_test bash -c "cd /root/occlum_instance;
        docker build . -t occlum-app"
    - name: Run Occlum image
      run: docker exec $rune_ubuntu_test bash -c "docker run -i --rm --runtime=rune -e ENCLAVE_TYPE=intelSgx -e ENCLAVE_RUNTIME_PATH=/opt/occlum/build/lib/libocclum-pal.so -e ENCLAVE_RUNTIME_ARGS=occlum_instance occlum-app"
    - name: Clean the environment
      if: ${{ always() }}
      run: docker stop $rune_ubuntu_test
  Rune_with_docker_and_crictl_centos_test:
    runs-on: [self-hosted, SGX1-HW]
    steps:
    - name: Clean before running
      run: |
        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
    - uses: actions/checkout@v1
      with:
        submodules: true
    - name: Create container
      run: |
        rune_crictl_centos=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum crictl-occlum:centos8.1)
        echo "rune_crictl_centos=$rune_crictl_centos" >> $GITHUB_ENV
    - name: Change download source of crates.io
      run: |
        docker exec $rune_crictl_centos bash -c "cat <<- EOF >/root/.cargo/config
        [source.crates-io]
        registry = \"https://github.com/rust-lang/crates.io-index\"
        replace-with = 'ustc'
        [source.ustc]
        registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
        EOF"
    - name: Build Occlum dependencies
      run: docker exec $rune_crictl_centos bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
    - name: Install Occlum
      run: docker exec $rune_crictl_centos bash -c "cd /root/occlum;
        OCCLUM_RELEASE_BUILD=1 make && make install"
    - name: Get version
      run: echo "RUNE_VERSION=$(wget -q https://raw.githubusercontent.com/alibaba/inclavare-containers/master/VERSION && cat VERSION)" >> $GITHUB_ENV && rm -f VERSION
    - name: Install rune and shim-rune package
      run: docker exec $rune_crictl_centos bash -c "rpm -ivh $REPO/rpm-repo/rune-$RUNE_VERSION-1.el8.x86_64.rpm $REPO/rpm-repo/shim-rune-$RUNE_VERSION-1.el8.x86_64.rpm"
    - name: Build Occlum application image
      run: docker exec $rune_crictl_centos bash -c "dockerd -b docker0 --storage-driver=vfs &"
        docker exec $rune_crictl_centos bash -c "occlum-gcc -o hello_world hello_world.c;
        occlum new occlum_instance && cd occlum_instance;
        cp ../hello_world image/bin/ && occlum build;
        occlum package occlum_instance.tar.gz;
-        cp /root/Dockerfile /root/occlum_instance;
+        docker build . -t occlum-app -f /root/Dockerfile-occlum"
        docker build . -t occlum-app"
-    - name: Run Occlum application image
+    - name: Run Occlum image
-      run: docker exec $rune_crictl_centos bash -c "docker run -i --rm --runtime=rune -e ENCLAVE_TYPE=intelSgx -e ENCLAVE_RUNTIME_PATH=/opt/occlum/build/lib/libocclum-pal.so -e ENCLAVE_RUNTIME_ARGS=occlum_instance occlum-app"
+      run: docker exec $rune_test bash -c "docker run -i --rm --runtime=rune -e ENCLAVE_TYPE=intelSgx -e ENCLAVE_RUNTIME_PATH=/opt/occlum/build/lib/libocclum-pal.so -e ENCLAVE_RUNTIME_ARGS=occlum_instance occlum-app"
    - name: Run occlum-hello pod
-      if: ${{ always() }}
+      if: ${{ contains(matrix.tag, 'centos8.1') }}
-      run: docker exec $rune_crictl_centos bash -c "containerd" &
+      run: docker exec $rune_test bash -c "containerd" &
-        docker exec $rune_crictl_centos bash -c "cd /root/samples && ./clean.sh;
+        docker exec $rune_test bash -c "cd /root/samples && ./clean.sh;
        crictl run --timeout 3s hello.yaml pod.yaml && ./show.sh"
    - name: Run dragonwell-web pod
      if: ${{ always() }}
      run: docker exec $rune_crictl_centos bash -c "cd /root/samples && ./clean.sh;
        crictl run --timeout 3s dragonwell.yaml pod.yaml && ./show.sh"
    - name: Run openjdk-web pod
      if: ${{ always() }}
      run: docker exec $rune_crictl_centos bash -c "cd /root/samples && ./clean.sh;
        crictl run --timeout 3s jdk.yaml pod.yaml && ./show.sh"
    - name: Run golang-web pod
-      if: ${{ always() }}
+      if: ${{ contains(matrix.tag, 'centos8.1') }}
-      run: docker exec $rune_crictl_centos bash -c "cd /root/samples && ./clean.sh;
+      run: docker exec $rune_test bash -c "cd /root/samples && ./clean.sh;
        crictl run --timeout 3s golang.yaml pod.yaml && ./show.sh"
    - name: Clean the environment
      if: ${{ always() }}
-      run: docker stop $rune_crictl_centos
+      run: docker stop $rune_test