From cca7910c2fa0737a8645fbd9e402063cdbb803bc Mon Sep 17 00:00:00 2001
From: He Sun <bochang.sh@antgroup.com>
Date: Mon, 4 Jan 2021 14:42:43 +0800
Subject: [PATCH] Add CI support for gVisor syscall test image

---
 .github/workflows/build_and_push_ci_image.yml | 58 ++++++++++++++++---
 tools/docker/ci/Dockerfile.gvisor_test        | 22 +++++++
 2 files changed, 71 insertions(+), 9 deletions(-)
 create mode 100644 tools/docker/ci/Dockerfile.gvisor_test

diff --git a/.github/workflows/build_and_push_ci_image.yml b/.github/workflows/build_and_push_ci_image.yml
index 3d1da3ce..9021ad41 100644
--- a/.github/workflows/build_and_push_ci_image.yml
+++ b/.github/workflows/build_and_push_ci_image.yml
@@ -1,16 +1,17 @@
 name: Build Image for CI (Manual Trigger)
-# For some demos which need a lot of dependencies, building and installing depencies
-# during every test consumes much time. Thus, build images specific for these demos.
-# Now only gRPC OpenVINO and Python need its own test image. The images are stored in
-# "occlumbackup/occlum" dockerhub repo.
+# For some demos which need a lot of dependencies, building and installing
+# depencies during every test consumes much time. Thus, build images specific
+# for these demos.  Now only gRPC OpenVINO and Python need its own test image.
+# GVisor syscall test also compiles slow.  It needs its own image. The images
+# are stored in "occlumbackup/occlum" dockerhub repo.
 
 
 # This is a manual trigger.
 on:
   workflow_dispatch:
     inputs:
-      demo_name:
-        description: 'demo image name (must choose from <grpc, openvino, python>)'
+      image_name:
+        description: 'image name (must choose from <grpc, gvisor_test, openvino, python>)'
         required: true
         default: 'grpc'
       tag:
@@ -22,7 +23,7 @@ on:
 jobs:
   Build_grpc_image:
     runs-on: ubuntu-18.04
-    if: github.event.inputs.demo_name == 'grpc'
+    if: github.event.inputs.image_name == 'grpc'
 
     steps:
     - name: Checkout code
@@ -59,9 +60,48 @@ jobs:
         tags: occlumbackup/occlum:${{ github.event.inputs.tag }}-ubuntu18.04-grpc
 
 
+  Build_gvisor_test_image:
+    runs-on: ubuntu-18.04
+    if: github.event.inputs.image_name == 'gvisor_test'
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Get occlum version
+      run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV;
+
+    # Because "Build and push" step `context` field can't be subdir,
+    # we need to copy files needed by dockerfile to root dir of the project
+    - name: Copy context for docker build
+      run: |
+        cp -r tools/docker .
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v1
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v1
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+
+    - name: Build and push
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        file: ./tools/docker/ci/Dockerfile.gvisor_test
+        platforms: linux/amd64
+        build-args: OCCLUM_VERSION=${{ env.OCCLUM_VERSION }}
+        push: true
+        tags: occlumbackup/occlum:${{ github.event.inputs.tag }}-ubuntu18.04-gvisor_test
+
+
   Build_openvino_image:
     runs-on: ubuntu-18.04
-    if: github.event.inputs.demo_name == 'openvino'
+    if: github.event.inputs.image_name == 'openvino'
 
     steps:
     - name: Checkout code
@@ -100,7 +140,7 @@ jobs:
 
   Build_python_image:
     runs-on: ubuntu-18.04
-    if: github.event.inputs.demo_name == 'python'
+    if: github.event.inputs.image_name == 'python'
 
     steps:
     - name: Checkout code
diff --git a/tools/docker/ci/Dockerfile.gvisor_test b/tools/docker/ci/Dockerfile.gvisor_test
new file mode 100644
index 00000000..000e27df
--- /dev/null
+++ b/tools/docker/ci/Dockerfile.gvisor_test
@@ -0,0 +1,22 @@
+ARG OCCLUM_VERSION
+FROM occlum/occlum:$OCCLUM_VERSION-ubuntu18.04 as base
+LABEL maintainer="He Sun <bochang.sh@antgroup.com>"
+
+# Install bazel
+WORKDIR /root
+RUN apt update && apt install curl gnupg -y && \
+    curl -fsSL https://bazel.build/bazel-release.pub.gpg | gpg --dearmor > bazel.gpg && \
+    mv bazel.gpg /etc/apt/trusted.gpg.d/ && \
+    echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list && \
+    apt update && apt install bazel -y
+
+# Install gvisor syscall test binaries
+WORKDIR /root
+RUN git clone -b occlum-release-20200921.0 https://github.com/occlum/gvisor.git && \
+    cd gvisor/occlum && \
+    ./build_and_install_syscall_tests.sh && \
+    cd /root && \
+    mv gvisor/occlum gvisor_occlum && \
+    rm -rf gvisor
+
+WORKDIR /root