From 7b5b3355755ea8db8d53eec3dbde53feccca8ebb Mon Sep 17 00:00:00 2001 From: zhubojun Date: Fri, 17 Jun 2022 09:33:01 +0800 Subject: [PATCH] [ci] Workaround git 'unsafe repository' --- .github/workflows/code_coverage.yaml | 17 ++++---------- .../workflows/composite_action/hw/action.yml | 15 +++---------- .../composite_action/prebuild/action.yml | 22 +++++++++++++++++++ .../workflows/composite_action/sim/action.yml | 15 +++---------- .github/workflows/demo_test.yml | 20 +++++++++++++++++ .github/workflows/hw_mode_test.yml | 20 +++++++++++++++++ 6 files changed, 72 insertions(+), 37 deletions(-) create mode 100644 .github/workflows/composite_action/prebuild/action.yml diff --git a/.github/workflows/code_coverage.yaml b/.github/workflows/code_coverage.yaml index 7942d1f5..07cc0146 100644 --- a/.github/workflows/code_coverage.yaml +++ b/.github/workflows/code_coverage.yaml @@ -19,19 +19,10 @@ jobs: - name: Create container run: docker run -itd --name=code_coverage -e OCCLUM_LOG_LEVEL=trace -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-ubuntu20.04 - - - name: work around permission issue - run: | - docker exec code_coverage bash -c "git config --global --add safe.directory /root/occlum"; - docker exec code_coverage bash -c "git config --global --add safe.directory /root/occlum/deps/grpc-rust"; - docker exec code_coverage bash -c "git config --global --add safe.directory /root/occlum/deps/itoa-sgx"; - docker exec code_coverage bash -c "git config --global --add safe.directory /root/occlum/deps/resolv-conf"; - docker exec code_coverage bash -c "git config --global --add safe.directory /root/occlum/deps/ringbuf"; - docker exec code_coverage bash -c "git config --global --add safe.directory /root/occlum/deps/rust-sgx-sdk"; - docker exec code_coverage bash -c "git config --global --add safe.directory /root/occlum/deps/sefs"; - docker exec code_coverage bash -c "git config --global --add safe.directory /root/occlum/deps/serde-json-sgx"; - docker exec code_coverage bash -c "git config --global --add safe.directory /root/occlum/deps/serde-sgx" - shell: bash + + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: 'code_coverage' - name: Build dependencies run: docker exec code_coverage bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule" diff --git a/.github/workflows/composite_action/hw/action.yml b/.github/workflows/composite_action/hw/action.yml index 316f2e3e..c3b9712a 100644 --- a/.github/workflows/composite_action/hw/action.yml +++ b/.github/workflows/composite_action/hw/action.yml @@ -60,18 +60,9 @@ runs: docker exec ${{ env.CONTAINER_NAME }} bash -c "git config --global https.proxy socks5://localhost:5432" shell: bash - - name: work around permission issue - run: | - docker exec ${{ env.CONTAINER_NAME }} bash -c "git config --global --add safe.directory /root/occlum"; - docker exec ${{ env.CONTAINER_NAME }} bash -c "git config --global --add safe.directory /root/occlum/deps/grpc-rust"; - docker exec ${{ env.CONTAINER_NAME }} bash -c "git config --global --add safe.directory /root/occlum/deps/itoa-sgx"; - docker exec ${{ env.CONTAINER_NAME }} bash -c "git config --global --add safe.directory /root/occlum/deps/resolv-conf"; - docker exec ${{ env.CONTAINER_NAME }} bash -c "git config --global --add safe.directory /root/occlum/deps/ringbuf"; - docker exec ${{ env.CONTAINER_NAME }} bash -c "git config --global --add safe.directory /root/occlum/deps/rust-sgx-sdk"; - docker exec ${{ env.CONTAINER_NAME }} bash -c "git config --global --add safe.directory /root/occlum/deps/sefs"; - docker exec ${{ env.CONTAINER_NAME }} bash -c "git config --global --add safe.directory /root/occlum/deps/serde-json-sgx"; - docker exec ${{ env.CONTAINER_NAME }} bash -c "git config --global --add safe.directory /root/occlum/deps/serde-sgx" - shell: bash + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: ${{ env.CONTAINER_NAME }} - name: Build dependencies run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule" diff --git a/.github/workflows/composite_action/prebuild/action.yml b/.github/workflows/composite_action/prebuild/action.yml new file mode 100644 index 00000000..d7e44c3d --- /dev/null +++ b/.github/workflows/composite_action/prebuild/action.yml @@ -0,0 +1,22 @@ +name: 'Occlum composite action for pre-build' +description: 'Prepare environment before build Occlum' +inputs: + container-name: + description: 'Occlum container name' + required: true + +runs: + using: "composite" + steps: + - name: work around permission issue + run: | + docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum"; + docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/grpc-rust"; + docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/itoa-sgx"; + docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/resolv-conf"; + docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/ringbuf"; + docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/rust-sgx-sdk"; + docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/sefs"; + docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/serde-json-sgx"; + docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/serde-sgx" + shell: bash \ No newline at end of file diff --git a/.github/workflows/composite_action/sim/action.yml b/.github/workflows/composite_action/sim/action.yml index 95e8fb7c..15d4c8cc 100644 --- a/.github/workflows/composite_action/sim/action.yml +++ b/.github/workflows/composite_action/sim/action.yml @@ -28,18 +28,9 @@ runs: run: docker run -itd --name=${{ inputs.container-name }} -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:${{ env.OCCLUM_VERSION }}-${{ inputs.os }} shell: bash - - name: work around permission issue - run: | - docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum"; - docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/grpc-rust"; - docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/itoa-sgx"; - docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/resolv-conf"; - docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/ringbuf"; - docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/rust-sgx-sdk"; - docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/sefs"; - docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/serde-json-sgx"; - docker exec ${{ inputs.container-name }} bash -c "git config --global --add safe.directory /root/occlum/deps/serde-sgx" - shell: bash + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: ${{ inputs.container-name }} - name: Build dependencies run: docker exec ${{ inputs.container-name }} bash -c "cd /root/occlum; make submodule" diff --git a/.github/workflows/demo_test.yml b/.github/workflows/demo_test.yml index 65254c0c..1b3e3cf9 100644 --- a/.github/workflows/demo_test.yml +++ b/.github/workflows/demo_test.yml @@ -315,6 +315,10 @@ jobs: - name: Create container run: docker run -itd --name=${{ github.job }} -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-grpc + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: ${{ github.job }} + - name: Build dependencies run: docker exec ${{ github.job }} bash -c "cd /root/occlum; make submodule" @@ -343,6 +347,10 @@ jobs: - name: Create container run: docker run -itd --name=${{ github.job }} -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-grpc + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: ${{ github.job }} + - name: Build dependencies run: docker exec ${{ github.job }} bash -c "cd /root/occlum; make submodule" @@ -405,6 +413,10 @@ jobs: - name: Create container run: docker run -itd --name=${{ github.job }} -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-openvino + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: ${{ github.job }} + - name: Build dependencies run: docker exec ${{ github.job }} bash -c "cd /root/occlum; make submodule" @@ -425,6 +437,10 @@ jobs: - name: Create container run: docker run -itd --name=${{ github.job }} -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-python + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: ${{ github.job }} + - name: Build dependencies run: docker exec ${{ github.job }} bash -c "cd /root/occlum; make submodule" @@ -664,6 +680,10 @@ jobs: gvisor_test=$(docker run -itd -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-gvisor_test); echo "gvisor_test=$gvisor_test" >> $GITHUB_ENV + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: $gvisor_test + - name: Build dependencies run: docker exec $gvisor_test bash -c "cd /root/occlum; make submodule" diff --git a/.github/workflows/hw_mode_test.yml b/.github/workflows/hw_mode_test.yml index eb142377..2dadbdb5 100644 --- a/.github/workflows/hw_mode_test.yml +++ b/.github/workflows/hw_mode_test.yml @@ -419,6 +419,10 @@ jobs: fi; echo "python_musl_support_test=$python_musl_support_test" >> $GITHUB_ENV + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: $python_musl_support_test + - name: Configure dependency source run: | docker exec $python_musl_support_test bash -c "cat <<- EOF >/root/.cargo/config @@ -484,6 +488,10 @@ jobs: fi; echo "openvino_test=$openvino_test" >> $GITHUB_ENV + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: $openvino_test + - name: Configure dependency source run: | docker exec $openvino_test bash -c "cat <<- EOF >/root/.cargo/config @@ -546,6 +554,10 @@ jobs: fi; echo "grpc_test=$grpc_test" >> $GITHUB_ENV + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: $grpc_test + - name: Change download source of crates.io run: | docker exec $grpc_test bash -c "cat <<- EOF >/root/.cargo/config @@ -630,6 +642,10 @@ jobs: fi; echo "gvisor_test=$gvisor_test" >> $GITHUB_ENV + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: $gvisor_test + - name: Change download source of crates.io run: | docker exec $gvisor_test bash -c "cat <<- EOF >/root/.cargo/config @@ -772,6 +788,10 @@ jobs: fi; echo "tf_serving_test=$tf_serving_test" >> $GITHUB_ENV + - uses: ./.github/workflows/composite_action/prebuild + with: + container-name: $tf_serving_test + - name: Change download source of crates.io run: | docker exec $tf_serving_test bash -c "cat <<- EOF >/root/.cargo/config