general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extract hw mode action common steps to composite_action/hw/

Browse Source
This commit is contained in:
Zheng, Qi 2021-11-09 11:13:20 +08:00 committed by Zongmin.Gu
parent 4373af1cdc
commit 580a981ee3
3 changed files with 150 additions and 351 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
.github/workflows/composite_action/hw/action.yml vendored Normal file
View File

@ -0,0 +1,59 @@
name: 'Occlum HW composite action'
description: 'Occlum HW mode container run and source build/install'
inputs:
container-name:
description: 'Occlum container name'
required: true
build-envs:
description: 'Occlum build environments'
required: false
default: 'OCCLUM_RELEASE_BUILD=1'
os:
description: 'Occlum docker image base OS'
required: false
default: 'ubuntu18.04'
runs:
using: "composite"
steps:
- name: Print info
run: echo Occlum build environment ${{ inputs.build-envs }}
shell: bash
- name: Get Occlum version
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV;
shell: bash
- name: Create container
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
docker run -itd --name=${{ inputs.container-name }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }};
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
docker run -itd --name=${{ inputs.container-name }} --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }};
else
echo "Unsupported Hardware"
fi;
shell: bash
- name: Update PCCS server
run: docker exec ${{ inputs.container-name }} bash -c "sed -r -i 's/PCCS_URL=https:\/\/localhost:8081\/sgx\/certification\/v3\//PCCS_URL=https:\/\/sgx-dcap-server.cn-shanghai.aliyuncs.com\/sgx\/certification\/v3\//g' /etc/sgx_default_qcnl.conf"
shell: bash
- name: Change download source of crates.io
run: |
docker exec ${{ inputs.container-name }} bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
shell: bash
- name: Build dependencies
run: docker exec ${{ inputs.container-name }} bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
shell: bash
- name: Build source
run: docker exec ${{ inputs.container-name }} bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; ${{ inputs.build-envs}} make install"
shell: bash

2
.github/workflows/demo_test.yml vendored
View File

@ -569,7 +569,7 @@ jobs:
with: with:
submodules: true submodules: true
- uses: ./.github/workflows/composite_action - uses: ./.github/workflows/composite_action/sim
with: with:
container-name: ${{ github.job }} container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1' build-envs: 'OCCLUM_RELEASE_BUILD=1'

440
.github/workflows/hw_mode_test.yml vendored
View File

@ -41,48 +41,20 @@ jobs:
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true submodules: true
- name: Get Occlum version - uses: ./.github/workflows/composite_action/hw
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; with:
container-name: ${{ github.job }}
- name: Create container build-envs: 'OCCLUM_RELEASE_BUILD=1'
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "occlum_test=$occlum_test" >> $GITHUB_ENV
- name: Update PCCS server
run: docker exec $occlum_test bash -c "sed -r -i 's/PCCS_URL=https:\/\/localhost:8081\/sgx\/certification\/v3\//PCCS_URL=https:\/\/sgx-dcap-server.cn-shanghai.aliyuncs.com\/sgx\/certification\/v3\//g' /etc/sgx_default_qcnl.conf"
- name: Change download source of crates.io
run: |
docker exec $occlum_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $occlum_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Build source
run: docker exec $occlum_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=y make install"
- name: Integration test - name: Integration test
run: docker exec $occlum_test bash -c "cd /root/occlum; OCCLUM_LOG_LEVEL=trace make test" run: docker exec ${{ github.job }} bash -c "cd /root/occlum; OCCLUM_LOG_LEVEL=trace make test"
- name: Integration test with Glibc - name: Integration test with Glibc
run: docker exec $occlum_test bash -c "cd /root/occlum; OCCLUM_LOG_LEVEL=trace make test-glibc" run: docker exec ${{ github.job }} bash -c "cd /root/occlum; OCCLUM_LOG_LEVEL=trace make test-glibc"
- name: Clean the environment - name: Clean the environment
if: ${{ always() }} if: ${{ always() }}
run: docker stop $occlum_test run: docker stop ${{ github.job }}
C_cpp_rust_golang_embedded_mode_support_test: C_cpp_rust_golang_embedded_mode_support_test:
@ -110,45 +82,20 @@ jobs:
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true submodules: true
- name: Get Occlum version - uses: ./.github/workflows/composite_action/hw
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; with:
container-name: ${{ github.job }}
- name: Create container build-envs: 'OCCLUM_RELEASE_BUILD=1'
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
language_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
language_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "language_support_test=$language_support_test" >> $GITHUB_ENV
- name: Configure dependency source
run: |
docker exec $language_support_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $language_support_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Make install
run: docker exec $language_support_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: C test - name: C test
run: docker exec $language_support_test bash -c "cd /root/occlum/demos/hello_c && make; run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/hello_c && make;
occlum new occlum_instance; occlum new occlum_instance;
cp hello_world occlum_instance/image/bin; cp hello_world occlum_instance/image/bin;
cd occlum_instance && occlum build; cd occlum_instance && occlum build;
occlum run /bin/hello_world" occlum run /bin/hello_world"
- name: C with encrypted image test - name: C with encrypted image test
run: docker exec $language_support_test bash -c "cd /root/occlum/demos/hello_c && make; run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/hello_c && make;
rm -rf occlum_instance && occlum new occlum_instance; rm -rf occlum_instance && occlum new occlum_instance;
occlum gen-image-key occlum_instance/image_key; occlum gen-image-key occlum_instance/image_key;
cp hello_world occlum_instance/image/bin; cp hello_world occlum_instance/image/bin;
@ -156,50 +103,50 @@ jobs:
occlum run /bin/hello_world" occlum run /bin/hello_world"
- name: C++ test - name: C++ test
run: docker exec $language_support_test bash -c "cd /root/occlum/demos/hello_cc && make; run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/hello_cc && make;
occlum new occlum_instance; occlum new occlum_instance;
cp hello_world occlum_instance/image/bin; cp hello_world occlum_instance/image/bin;
cd occlum_instance && occlum build; cd occlum_instance && occlum build;
occlum run /bin/hello_world" occlum run /bin/hello_world"
- name: Rust test - name: Rust test
run: docker exec $language_support_test bash -c "cd /root/occlum/demos/rust && ./run_rust_demo_on_occlum.sh" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/rust && ./run_rust_demo_on_occlum.sh"
- name: Embedded mode test - name: Embedded mode test
run: docker exec $language_support_test bash -c "cd /root/occlum/demos/embedded_mode && make; run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/embedded_mode && make;
make test" make test"
- name: Run Golang sqlite test - name: Run Golang sqlite test
run: docker exec $language_support_test bash -c "export GO111MODULE=on && export GOPROXY=https://goproxy.cn; run: docker exec ${{ github.job }} bash -c "export GO111MODULE=on && export GOPROXY=https://goproxy.cn;
cd /root/occlum/demos/golang/go_sqlite/ && ./run_go_sqlite_demo.sh" cd /root/occlum/demos/golang/go_sqlite/ && ./run_go_sqlite_demo.sh"
- name: Go server set up and run - name: Go server set up and run
run: docker exec $language_support_test bash -c "export GO111MODULE=on && export GOPROXY=https://goproxy.cn; run: docker exec ${{ github.job }} bash -c "export GO111MODULE=on && export GOPROXY=https://goproxy.cn;
cd /root/occlum/demos/golang/web_server && occlum-go mod init web_server && occlum-go get -u -v github.com/gin-gonic/gin; cd /root/occlum/demos/golang/web_server && occlum-go mod init web_server && occlum-go get -u -v github.com/gin-gonic/gin;
occlum-go build -o web_server ./web_server.go; occlum-go build -o web_server ./web_server.go;
./run_golang_on_occlum.sh" & ./run_golang_on_occlum.sh" &
- name: Set up Golang grpc pingpong test - name: Set up Golang grpc pingpong test
run: docker exec $language_support_test bash -c "export GO111MODULE=on && export GOPROXY=https://goproxy.cn; run: docker exec ${{ github.job }} bash -c "export GO111MODULE=on && export GOPROXY=https://goproxy.cn;
cd /root/occlum/demos/golang/grpc_pingpong && ./prepare_ping_pong.sh" cd /root/occlum/demos/golang/grpc_pingpong && ./prepare_ping_pong.sh"
- name: Start Golang grpc pingpong server - name: Start Golang grpc pingpong server
run: docker exec $language_support_test bash -c "cd /root/occlum/demos/golang/grpc_pingpong && ./run_pong_on_occlum.sh" & run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/golang/grpc_pingpong && ./run_pong_on_occlum.sh" &
- name: Run Golang grpc ping test - name: Run Golang grpc ping test
run: | run: |
sleep ${{ env.nap_time }}; sleep ${{ env.nap_time }};
docker exec $language_support_test bash -c "cd /root/occlum/demos/golang/grpc_pingpong && ./run_ping_on_occlum.sh" docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/golang/grpc_pingpong && ./run_ping_on_occlum.sh"
# Sleeps longer to make sure the server is up. # Sleeps longer to make sure the server is up.
- name: Curl test - name: Curl test
run: | run: |
sleep ${{ env.nap_time }}; sleep ${{ env.nap_time }};
docker exec $language_support_test bash -c "curl http://127.0.0.1:8090/ping" docker exec ${{ github.job }} bash -c "curl http://127.0.0.1:8090/ping"
- name: Clean the environment - name: Clean the environment
if: ${{ always() }} if: ${{ always() }}
run: docker stop $language_support_test run: docker stop ${{ github.job }}
Java_support_test: Java_support_test:
@ -227,51 +174,26 @@ jobs:
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true submodules: true
- name: Get Occlum version - uses: ./.github/workflows/composite_action/hw
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; with:
container-name: ${{ github.job }}
- name: Create container build-envs: 'OCCLUM_RELEASE_BUILD=1'
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
java_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
java_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "java_support_test=$java_support_test" >> $GITHUB_ENV
- name: Configure dependency source
run: |
docker exec $java_support_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $java_support_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Make install
run: docker exec $java_support_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: Compile Java - name: Compile Java
run: docker exec $java_support_test bash -c "cd /root/occlum/demos/java && occlum-javac ./hello_world/Main.java" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/java && occlum-javac ./hello_world/Main.java"
- name: Run hello world - name: Run hello world
run: docker exec $java_support_test bash -c "cd /root/occlum/demos/java && ./run_java_on_occlum.sh hello" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/java && ./run_java_on_occlum.sh hello"
- name: Compile processBuilder demo - name: Compile processBuilder demo
run: docker exec $java_support_test bash -c "cd /root/occlum/demos/java && occlum-javac ./processBuilder/processBuilder.java" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/java && occlum-javac ./processBuilder/processBuilder.java"
- name: Run processBuilder - name: Run processBuilder
run: docker exec $java_support_test bash -c "cd /root/occlum/demos/java && ./run_java_on_occlum.sh processBuilder" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/java && ./run_java_on_occlum.sh processBuilder"
- name: Clean the environment - name: Clean the environment
if: ${{ always() }} if: ${{ always() }}
run: docker stop $java_support_test run: docker stop ${{ github.job }}
Bazel_test: Bazel_test:
@ -299,57 +221,32 @@ jobs:
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true submodules: true
- name: Get Occlum version - uses: ./.github/workflows/composite_action/hw
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; with:
container-name: ${{ github.job }}
- name: Create container build-envs: 'OCCLUM_RELEASE_BUILD=1'
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
hello_bazel_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
hello_bazel_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "hello_bazel_test=$hello_bazel_test" >> $GITHUB_ENV
- name: Configure dependency source
run: |
docker exec $hello_bazel_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $hello_bazel_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Make install
run: docker exec $hello_bazel_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: Config git proxy - name: Config git proxy
run: | run: |
docker exec $hello_bazel_test bash -c "git config --global http.proxy socks5://localhost:5432" docker exec ${{ github.job }} bash -c "git config --global http.proxy socks5://localhost:5432"
docker exec $hello_bazel_test bash -c "git config --global https.proxy socks5://localhost:5432" docker exec ${{ github.job }} bash -c "git config --global https.proxy socks5://localhost:5432"
- name: Install bazel - name: Install bazel
run: docker exec $hello_bazel_test bash -c "cd /root/occlum/demos/hello_bazel && wget https://github.com/bazelbuild/bazel/releases/download/3.2.0/bazel-3.2.0-installer-linux-x86_64.sh; run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/hello_bazel && wget https://github.com/bazelbuild/bazel/releases/download/3.2.0/bazel-3.2.0-installer-linux-x86_64.sh;
chmod +x bazel-3.2.0-installer-linux-x86_64.sh; chmod +x bazel-3.2.0-installer-linux-x86_64.sh;
./bazel-3.2.0-installer-linux-x86_64.sh" ./bazel-3.2.0-installer-linux-x86_64.sh"
- name: Build bazel dependencies - name: Build bazel dependencies
run: docker exec $hello_bazel_test bash -c "cd /root/occlum/demos/hello_bazel && ./build_bazel_sample.sh" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/hello_bazel && ./build_bazel_sample.sh"
- name: Test bazel - name: Test bazel
run: docker exec $hello_bazel_test bash -c "cd /root/occlum/demos/hello_bazel && occlum new occlum_instance; run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/hello_bazel && occlum new occlum_instance;
cp examples/cpp-tutorial/stage3/bazel-bin/main/hello-world occlum_instance/image/bin; cp examples/cpp-tutorial/stage3/bazel-bin/main/hello-world occlum_instance/image/bin;
cd occlum_instance && occlum build; cd occlum_instance && occlum build;
occlum run /bin/hello-world" occlum run /bin/hello-world"
- name: Clean the environment - name: Clean the environment
run: docker stop $hello_bazel_test run: docker stop ${{ github.job }}
Fish_test: Fish_test:
@ -377,53 +274,28 @@ jobs:
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true submodules: true
- name: Get Occlum version - uses: ./.github/workflows/composite_action/hw
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; with:
container-name: ${{ github.job }}
- name: Create container build-envs: 'OCCLUM_RELEASE_BUILD=1'
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
fish_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
fish_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "fish_test=$fish_test" >> $GITHUB_ENV
- name: Configure dependency source
run: |
docker exec $fish_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $fish_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Make install
run: docker exec $fish_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: Config git proxy - name: Config git proxy
run: | run: |
docker exec $fish_test bash -c "git config --global http.proxy socks5://localhost:5432" docker exec ${{ github.job }} bash -c "git config --global http.proxy socks5://localhost:5432"
docker exec $fish_test bash -c "git config --global https.proxy socks5://localhost:5432" docker exec ${{ github.job }} bash -c "git config --global https.proxy socks5://localhost:5432"
- name: Build Fish dependencies - name: Build Fish dependencies
run: docker exec $fish_test bash -c "cd /root/occlum/demos/fish && ./download_and_build.sh" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/fish && ./download_and_build.sh"
- name: Run Fish test - name: Run Fish test
run: docker exec $fish_test bash -c "cd /root/occlum/demos/fish && ./run_fish_test.sh" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/fish && ./run_fish_test.sh"
- name: Run Fish process rlimit test - name: Run Fish process rlimit test
run: docker exec $fish_test bash -c "cd /root/occlum/demos/fish && ./run_per_process_config_test.sh" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/fish && ./run_per_process_config_test.sh"
- name: Clean the environment - name: Clean the environment
if: ${{ always() }} if: ${{ always() }}
run: docker stop $fish_test run: docker stop ${{ github.job }}
Xgboost_test: Xgboost_test:
@ -451,53 +323,28 @@ jobs:
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true submodules: true
- name: Get Occlum version - uses: ./.github/workflows/composite_action/hw
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; with:
container-name: ${{ github.job }}
- name: Create container build-envs: 'OCCLUM_RELEASE_BUILD=1'
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
xgboost_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
xgboost_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "xgboost_test=$xgboost_test" >> $GITHUB_ENV
- name: Configure dependency source
run: |
docker exec $xgboost_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $xgboost_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Make install
run: docker exec $xgboost_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: Config git proxy - name: Config git proxy
run: | run: |
docker exec $xgboost_test bash -c "git config --global http.proxy socks5://localhost:5432" docker exec ${{ github.job }} bash -c "git config --global http.proxy socks5://localhost:5432"
docker exec $xgboost_test bash -c "git config --global https.proxy socks5://localhost:5432" docker exec ${{ github.job }} bash -c "git config --global https.proxy socks5://localhost:5432"
- name: Build xgboost dependencies - name: Build xgboost dependencies
run: docker exec $xgboost_test bash -c "cd /root/occlum/demos/xgboost && ./download_and_build_xgboost.sh" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/xgboost && ./download_and_build_xgboost.sh"
- name: Run xgboost test - name: Run xgboost test
run: docker exec $xgboost_test bash -c "cd /root/occlum/demos/xgboost && make test" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/xgboost && make test"
- name: Run xgboost cluster test - name: Run xgboost cluster test
run: docker exec $xgboost_test bash -c "cd /root/occlum/demos/xgboost && make test-local-cluster" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/xgboost && make test-local-cluster"
- name: Clean the environment - name: Clean the environment
if: ${{ always() }} if: ${{ always() }}
run: docker stop $xgboost_test run: docker stop ${{ github.job }}
Sqlite_test: Sqlite_test:
@ -525,50 +372,25 @@ jobs:
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true submodules: true
- name: Get Occlum version - uses: ./.github/workflows/composite_action/hw
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; with:
container-name: ${{ github.job }}
- name: Create container build-envs: 'OCCLUM_RELEASE_BUILD=1'
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
sqlite_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
sqlite_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "sqlite_test=$sqlite_test" >> $GITHUB_ENV
- name: Configure dependency source
run: |
docker exec $sqlite_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $sqlite_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Make install
run: docker exec $sqlite_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: Config git proxy - name: Config git proxy
run: | run: |
docker exec $sqlite_test bash -c "git config --global http.proxy socks5://localhost:5432" docker exec ${{ github.job }} bash -c "git config --global http.proxy socks5://localhost:5432"
docker exec $sqlite_test bash -c "git config --global https.proxy socks5://localhost:5432" docker exec ${{ github.job }} bash -c "git config --global https.proxy socks5://localhost:5432"
- name: Build sqlite dependencies - name: Build sqlite dependencies
run: docker exec $sqlite_test bash -c "cd /root/occlum/demos/sqlite && ./download_and_build_sqlite.sh" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/sqlite && ./download_and_build_sqlite.sh"
- name: Run sqlite test - name: Run sqlite test
run: docker exec $sqlite_test bash -c "cd /root/occlum/demos/sqlite && ./run_sqlite_on_occlum.sh" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/sqlite && ./run_sqlite_on_occlum.sh"
- name: Clean the environment - name: Clean the environment
if: ${{ always() }} if: ${{ always() }}
run: docker stop $sqlite_test run: docker stop ${{ github.job }}
Python_musl_support_test: Python_musl_support_test:
@ -999,39 +821,13 @@ jobs:
ref: refs/pull/${{ github.event.pull_request.number }}/merge ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true submodules: true
- name: Get Occlum version - uses: ./.github/workflows/composite_action/hw
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; with:
container-name: ${{ github.job }}
- name: Create container build-envs: 'OCCLUM_RELEASE_BUILD=1'
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
ra_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "ra_test=$ra_test" >> $GITHUB_ENV
- name: Update PCCS server
run: docker exec $ra_test bash -c "sed -r -i 's/PCCS_URL=https:\/\/localhost:8081\/sgx\/certification\/v3\//PCCS_URL=https:\/\/sgx-dcap-server.cn-shanghai.aliyuncs.com\/sgx\/certification\/v3\//g' /etc/sgx_default_qcnl.conf"
- name: Change download source of crates.io
run: |
docker exec $ra_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $ra_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Build source
run: docker exec $ra_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=y make install"
- name: Build and run remote attestation demo - name: Build and run remote attestation demo
run: docker exec $ra_test bash -c "cd /root/occlum/demos/remote_attestation/dcap; ./run_dcap_quote_on_occlum.sh" run: docker exec ${{ github.job }} bash -c "cd /root/occlum/demos/remote_attestation/dcap; ./run_dcap_quote_on_occlum.sh"
Stress_test_with_musl: Stress_test_with_musl:
@ -1051,47 +847,19 @@ jobs:
with: with:
submodules: true submodules: true
- name: Get Occlum version - uses: ./.github/workflows/composite_action/hw
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; with:
container-name: ${{ github.job }}
- name: Create container build-envs: 'OCCLUM_RELEASE_BUILD=1'
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "occlum_test=$occlum_test" >> $GITHUB_ENV
- name: Update PCCS server
run: docker exec $occlum_test bash -c "sed -r -i 's/PCCS_URL=https:\/\/localhost:8081\/sgx\/certification\/v3\//PCCS_URL=https:\/\/sgx-dcap-server.cn-shanghai.aliyuncs.com\/sgx\/certification\/v3\//g' /etc/sgx_default_qcnl.conf"
- name: Change download source of crates.io
run: |
docker exec $occlum_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $occlum_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Build source
run: docker exec $occlum_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=y make install"
- name: Stress test with musl - name: Stress test with musl
run: docker exec $occlum_test bash -c "cd /root/occlum; make test times=${{ env.repeat_times }}" run: docker exec ${{ github.job }} bash -c "cd /root/occlum; make test times=${{ env.repeat_times }}"
- name: Show failed cases and clean the environment - name: Show failed cases and clean the environment
if: ${{ always() }} if: ${{ always() }}
run: | run: |
docker exec $occlum_test bash -c "cat /root/occlum/build/test/.fail" docker exec ${{ github.job }} bash -c "cat /root/occlum/build/test/.fail"
docker stop $occlum_test docker stop ${{ github.job }}
Stress_test_with_glibc: Stress_test_with_glibc:
@ -1111,44 +879,16 @@ jobs:
with: with:
submodules: true submodules: true
- name: Get Occlum version - uses: ./.github/workflows/composite_action/hw
run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; with:
container-name: ${{ github.job }}
- name: Create container build-envs: 'OCCLUM_RELEASE_BUILD=1'
run: |
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "occlum_test=$occlum_test" >> $GITHUB_ENV
- name: Update PCCS server
run: docker exec $occlum_test bash -c "sed -r -i 's/PCCS_URL=https:\/\/localhost:8081\/sgx\/certification\/v3\//PCCS_URL=https:\/\/sgx-dcap-server.cn-shanghai.aliyuncs.com\/sgx\/certification\/v3\//g' /etc/sgx_default_qcnl.conf"
- name: Change download source of crates.io
run: |
docker exec $occlum_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $occlum_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Build source
run: docker exec $occlum_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=y make install"
- name: Stress test with Glibc - name: Stress test with Glibc
run: docker exec $occlum_test bash -c "cd /root/occlum; make test-glibc times=${{ env.repeat_times }}" run: docker exec ${{ github.job }} bash -c "cd /root/occlum; make test-glibc times=${{ env.repeat_times }}"
- name: Show failed cases and clean the environment - name: Show failed cases and clean the environment
if: ${{ always() }} if: ${{ always() }}
run: | run: |
docker exec $occlum_test bash -c "cat /root/occlum/build/test/.fail" docker exec ${{ github.job }} bash -c "cat /root/occlum/build/test/.fail"
docker stop $occlum_test docker stop ${{ github.job }}