From 554f7dd2c51364d52d34695ac38b48e66ce84f4d Mon Sep 17 00:00:00 2001
From: "Hui, Chunyang" <sanqian.hcy@antfin.com>
Date: Mon, 16 Nov 2020 06:26:28 +0000
Subject: [PATCH] Add SGX hardware mode test

Currently, only a subset of tests are enabled. Other tests will be
enabled in the future.
---
 .github/workflows/hw_mode_test.yml | 335 +++++++++++++++++++++++++++++
 1 file changed, 335 insertions(+)
 create mode 100644 .github/workflows/hw_mode_test.yml

diff --git a/.github/workflows/hw_mode_test.yml b/.github/workflows/hw_mode_test.yml
new file mode 100644
index 00000000..5ce5944f
--- /dev/null
+++ b/.github/workflows/hw_mode_test.yml
@@ -0,0 +1,335 @@
+name: SGX Hardware Mode Test
+
+on: [push]
+
+env:
+  nap_time: 60
+
+jobs:
+  Make-test-on-ubuntu:
+    runs-on: [self-hosted, SGX1-HW]
+    steps:
+    - name: Clean before running
+      run: |
+        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
+
+    - uses: actions/checkout@v1
+      with:
+        submodules: true
+
+    - name: Get Occlum version
+      run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV;
+
+    - name: Create container
+      run: |
+        docker rm -f occlum_test || true
+        docker run --name=occlum_test -itd --privileged --rm --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04
+
+    - name: Change download source of crates.io
+      run: |
+        docker exec occlum_test bash -c "cat <<- EOF >/root/.cargo/config
+        [source.crates-io]
+        registry = \"https://github.com/rust-lang/crates.io-index\"
+        replace-with = 'ustc'
+        [source.ustc]
+        registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
+        EOF"
+
+    - name: Build Dependencies
+      run:  docker exec occlum_test bash -c "cd /root/occlum; make submodule"
+
+    - name: Build Source
+      run: |
+        docker exec occlum_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=y make install"
+
+    - name: Integration test
+      run:  docker exec occlum_test bash -c "cd /root/occlum; make test"
+
+    - name: Clean the environment
+      run: docker stop occlum_test
+
+
+  C_cpp_rust_golang_embedded_mode_support_test:
+    needs: make-test-on-ubuntu
+    runs-on: [self-hosted, SGX1-HW]
+    steps:
+    - name: Clean before running
+      run: |
+        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
+
+    - name: Get occlum version
+      run: |
+        cd ${{ github.workspace }}
+        echo "OCCLUM_VERSION=$(grep "Version =" src/pal/include/occlum_version.h |  awk '{print $4}')" >> $GITHUB_ENV
+
+    - name: Create container
+      run: |
+        docker rm -f language_support_test || true
+        docker run --name=language_support_test -itd --privileged --rm --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-ubuntu18.04
+
+    - name: Configure dependency source
+      run: |
+        docker exec language_support_test bash -c "cat <<- EOF >/root/.cargo/config
+        [source.crates-io]
+        registry = \"https://github.com/rust-lang/crates.io-index\"
+        replace-with = 'ustc'
+        [source.ustc]
+        registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
+        EOF"
+
+    # Just re-use the build from "make-test-on-ubuntu" job
+    - name: Make install
+      run: docker exec language_support_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
+
+    - name: C test
+      run: docker exec language_support_test bash -c "cd /root/occlum/demos/hello_c && make;
+            occlum new occlum_instance;
+            cp hello_world occlum_instance/image/bin;
+            cd occlum_instance && occlum build;
+            occlum run /bin/hello_world"
+
+    - name: C++ test
+      run: docker exec language_support_test bash -c "cd /root/occlum/demos/hello_cc && make;
+            occlum new occlum_instance;
+            cp hello_world occlum_instance/image/bin;
+            cd occlum_instance && occlum build;
+            occlum run /bin/hello_world"
+
+    - name: Rust test
+      run: docker exec language_support_test bash -c "cd /root/occlum/demos/rust && ./run_rust_demo_on_occlum.sh"
+
+    - name: Embedded mode test
+      run: docker exec language_support_test bash -c "cd /root/occlum/demos/embedded_mode && make;
+            make test"
+
+    - name: Go Server set up and run
+      run: docker exec language_support_test bash -c "export GO111MODULE=on && export GOPROXY=https://goproxy.cn;
+            cd /root/occlum/demos/golang/web_server && occlum-go get -u -v github.com/gin-gonic/gin;
+            occlum-go build -o web_server ./web_server.go;
+            ./run_golang_on_occlum.sh" &
+
+    - name: Curl test
+      run: |
+        sleep ${{ env.nap_time }};
+        docker exec language_support_test bash -c "curl http://127.0.0.1:8090/ping"
+
+    - name: Set up Golang grpc pingpong test
+      run: docker exec language_support_test bash -c "export GO111MODULE=on && export GOPROXY=https://goproxy.cn;
+            cd /root/occlum/demos/golang/grpc_pingpong && ./prepare_ping_pong.sh"
+
+    - name: Start Golang grpc pingpong server
+      run: docker exec language_support_test bash -c "cd /root/occlum/demos/golang/grpc_pingpong && ./run_pong_on_occlum.sh" &
+
+    - name: Run Golang grpc ping test
+      run: |
+        sleep ${{ env.nap_time }};
+        docker exec language_support_test bash -c "cd /root/occlum/demos/golang/grpc_pingpong && ./run_ping_on_occlum.sh"
+
+    - name: Run Golang sqlite test
+      run: docker exec language_support_test bash -c "export GO111MODULE=on && export GOPROXY=https://goproxy.cn;
+            cd /root/occlum/demos/golang/go_sqlite/ && ./run_go_sqlite_demo.sh"
+
+    - name: Clean the environment
+      run: docker stop language_support_test
+
+
+  Java_support_test:
+    needs: make-test-on-ubuntu
+    runs-on: [self-hosted, SGX1-HW]
+    steps:
+    - name: Clean before running
+      run: |
+        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
+
+    - name: Get occlum version
+      run: |
+        cd ${{ github.workspace }}
+        echo "OCCLUM_VERSION=$(grep "Version =" src/pal/include/occlum_version.h |  awk '{print $4}')" >> $GITHUB_ENV
+
+    - name: Create container
+      run: |
+        docker rm -f java_support_test || true
+        docker run --name=java_support_test -itd --privileged --rm --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-ubuntu18.04
+
+    - name: Configure dependency source
+      run: |
+        docker exec java_support_test bash -c "cat <<- EOF >/root/.cargo/config
+        [source.crates-io]
+        registry = \"https://github.com/rust-lang/crates.io-index\"
+        replace-with = 'ustc'
+        [source.ustc]
+        registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
+        EOF"
+
+    # Just re-use the build from "make-test-on-ubuntu" job
+    - name: Make install
+      run: docker exec java_support_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
+
+    - name: Compile Java
+      run: docker exec java_support_test bash -c "cd /root/occlum/demos/java && occlum-javac ./hello_world/Main.java"
+
+    - name: Run hello world
+      run: docker exec java_support_test bash -c "cd /root/occlum/demos/java && ./run_java_on_occlum.sh hello"
+
+    - name: Clean the environment
+      run: docker stop java_support_test
+
+
+  Bazel_test:
+    needs: make-test-on-ubuntu
+    runs-on: [self-hosted, SGX1-HW]
+    steps:
+    - name: Clean before running
+      run: |
+        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
+
+    - name: Get occlum version
+      run: |
+        cd ${{ github.workspace }}
+        echo "OCCLUM_VERSION=$(grep "Version =" src/pal/include/occlum_version.h |  awk '{print $4}')" >> $GITHUB_ENV
+
+    - name: Create container
+      run: |
+        docker rm -f hello_bazel_test || true
+        docker run --name=hello_bazel_test -itd --privileged --rm --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-ubuntu18.04
+
+    - name: Configure dependency source
+      run: |
+        docker exec hello_bazel_test bash -c "cat <<- EOF >/root/.cargo/config
+        [source.crates-io]
+        registry = \"https://github.com/rust-lang/crates.io-index\"
+        replace-with = 'ustc'
+        [source.ustc]
+        registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
+        EOF"
+
+    # Just re-use the build from "make-test-on-ubuntu" job
+    - name: Make install
+      run: docker exec hello_bazel_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
+
+    - name: Install bazel
+      run: docker exec hello_bazel_test bash -c "cd /root/occlum/demos/hello_bazel && wget https://github.com/bazelbuild/bazel/releases/download/3.2.0/bazel-3.2.0-installer-linux-x86_64.sh;
+              chmod +x bazel-3.2.0-installer-linux-x86_64.sh;
+              ./bazel-3.2.0-installer-linux-x86_64.sh"
+
+    - name: Build bazel dependencies
+      run: docker exec hello_bazel_test bash -c "cd /root/occlum/demos/hello_bazel && ./build_bazel_sample.sh"
+
+    - name: Test bazel
+      run: docker exec hello_bazel_test bash -c "cd /root/occlum/demos/hello_bazel && occlum new occlum_instance;
+            cp examples/cpp-tutorial/stage3/bazel-bin/main/hello-world occlum_instance/image/bin;
+            cd occlum_instance && occlum build;
+            occlum run /bin/hello-world"
+
+    - name: Clean the environment
+      run: docker stop hello_bazel_test
+
+
+  Sqlite_test:
+    needs: make-test-on-ubuntu
+    runs-on: [self-hosted, SGX1-HW]
+    steps:
+    - name: Clean before running
+      run: |
+        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
+
+    - name: Get occlum version
+      run: |
+        cd ${{ github.workspace }}
+        echo "OCCLUM_VERSION=$(grep "Version =" src/pal/include/occlum_version.h |  awk '{print $4}')" >> $GITHUB_ENV
+
+    - name: Create container
+      run: |
+        docker rm -f sqlite_test || true
+        docker run --name=sqlite_test -itd --privileged --rm --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-ubuntu18.04
+
+    - name: Configure dependency source
+      run: |
+        docker exec sqlite_test bash -c "cat <<- EOF >/root/.cargo/config
+        [source.crates-io]
+        registry = \"https://github.com/rust-lang/crates.io-index\"
+        replace-with = 'ustc'
+        [source.ustc]
+        registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
+        EOF"
+
+    # Just re-use the build from "make-test-on-ubuntu" job
+    - name: Make install
+      run: docker exec sqlite_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
+
+    - name: Build sqlite dependencies
+      run: docker exec sqlite_test bash -c "cd /root/occlum/demos/sqlite && ./download_and_build_sqlite.sh"
+
+    - name: Run sqlite test
+      run: docker exec sqlite_test bash -c "cd /root/occlum/demos/sqlite && ./run_sqlite_on_occlum.sh"
+
+    - name: Clean the environment
+      run: docker stop sqlite_test
+
+
+  Python_support_test:
+    needs: make-test-on-ubuntu
+    runs-on: [self-hosted, SGX1-HW]
+    steps:
+    - name: Clean before running
+      run: |
+        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
+
+    - name: Create container
+      run: |
+        docker rm -f python_support_test || true
+        docker run --name=python_support_test -itd --privileged --rm --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-python
+
+    - name: Configure dependency source
+      run: |
+        docker exec python_support_test bash -c "cat <<- EOF >/root/.cargo/config
+        [source.crates-io]
+        registry = \"https://github.com/rust-lang/crates.io-index\"
+        replace-with = 'ustc'
+        [source.ustc]
+        registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
+        EOF"
+
+    # Just re-use the build from "make-test-on-ubuntu" job
+    - name: Make install
+      run: docker exec python_support_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
+
+    - name: Run python support test
+      run: docker exec python_support_test bash -c "cd /root/occlum/demos/python; ./run_python_on_occlum.sh"
+
+    - name: Clean the environment
+      run: docker stop python_support_test
+
+
+  Openvino_test:
+    needs: make-test-on-ubuntu
+    runs-on: [self-hosted, SGX1-HW]
+    steps:
+    - name: Clean before running
+      run: |
+        sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
+
+    - name: Create container
+      run: |
+        docker rm -f openvino_test || true
+        docker run --name=openvino_test -itd --privileged --rm --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-openvino
+
+    - name: Configure dependency source
+      run: |
+        docker exec openvino_test bash -c "cat <<- EOF >/root/.cargo/config
+        [source.crates-io]
+        registry = \"https://github.com/rust-lang/crates.io-index\"
+        replace-with = 'ustc'
+        [source.ustc]
+        registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
+        EOF"
+
+    # Just re-use the build from "make-test-on-ubuntu" job
+    - name: Make install
+      run: docker exec openvino_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
+
+    - name: Run openVINO benchmark
+      run: docker exec openvino_test bash -c "cd /root/demos/openvino && ./run_benchmark_on_occlum.sh"
+
+    - name: Clean the environment
+      run: docker stop openvino_test