diff --git a/.github/workflows/build_and_push_ci_image.yml b/.github/workflows/build_and_push_ci_image.yml index 31517084..9764bb1c 100644 --- a/.github/workflows/build_and_push_ci_image.yml +++ b/.github/workflows/build_and_push_ci_image.yml @@ -1,7 +1,7 @@ name: Build Image for CI (Manual Trigger) # For some demos which need a lot of dependencies, building and installing depencies # during every test consumes much time. Thus, build images specific for these demos. -# Now only grpc and openvino need its own test image. The images are stored in +# Now only gRPC OpenVINO and Python need its own test image. The images are stored in # "occlumbackup/occlum" dockerhub repo. @@ -10,7 +10,7 @@ on: workflow_dispatch: inputs: demo_name: - description: 'demo image name (must choose from )' + description: 'demo image name (must choose from )' required: true default: 'grpc' tag: @@ -96,3 +96,42 @@ jobs: build-args: OCCLUM_VERSION=${{ env.OCCLUM_VERSION }} push: true tags: occlumbackup/occlum:${{ github.event.inputs.tag }}-ubuntu18.04-openvino + + + Build_python_image: + runs-on: ubuntu-18.04 + if: github.event.inputs.demo_name == 'python' + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Get occlum version + run: echo ::set-env name=OCCLUM_VERSION::$(grep "Version =" src/pal/include/occlum_version.h | awk '{print $4}') + + # Because "Build and push" step `context` field can't be subdir, + # we need to copy files needed by dockerfile to root dir of the project + - name: Copy context for docker build + run: | + cp -r tools/docker . + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./tools/docker/ci/Dockerfile.python + platforms: linux/amd64 + build-args: OCCLUM_VERSION=${{ env.OCCLUM_VERSION }} + push: true + tags: occlumbackup/occlum:${{ github.event.inputs.tag }}-ubuntu18.04-python diff --git a/.github/workflows/demo_test.yml b/.github/workflows/demo_test.yml index e24d1fdd..910523de 100644 --- a/.github/workflows/demo_test.yml +++ b/.github/workflows/demo_test.yml @@ -8,7 +8,6 @@ env: jobs: - # TODO: Add python test C_cpp_rust_golang_embedded_mode_support_test: runs-on: ubuntu-18.04 steps: @@ -373,3 +372,23 @@ jobs: - name: Run openVINO benchmark run: docker exec openvino_test bash -c "cd /root/demos/openvino && SGX_MODE=SIM ./run_benchmark_on_occlum.sh" + + + # Python test also needs its own image because in Alpine environment, modules are built locally and consumes a lot of time. + Python_support_test: + runs-on: ubuntu-18.04 + steps: + - uses: actions/checkout@v1 + with: + submodules: true + - name: Create container + run: docker run -itd --name=python_support_test -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-python + + - name: Build dependencies + run: docker exec python_support_test bash -c "cd /root/occlum; make submodule" + + - name: Make install + run: docker exec python_support_test bash -c "cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install" + + - name: Run python support test + run: docker exec python_support_test bash -c "cd /root/occlum/demos/python; SGX_MODE=SIM ./run_python_on_occlum.sh" diff --git a/tools/docker/ci/Dockerfile.python b/tools/docker/ci/Dockerfile.python new file mode 100644 index 00000000..91f74a7e --- /dev/null +++ b/tools/docker/ci/Dockerfile.python @@ -0,0 +1,14 @@ +ARG OCCLUM_VERSION + +FROM python:3.7-alpine3.10 as alpine +RUN apk add g++ lapack-dev gfortran && \ + pip3 install numpy pandas scipy==1.3.1 Cython scikit-learn==0.21.1 + + +FROM occlum/occlum:$OCCLUM_VERSION-ubuntu18.04 as base +LABEL maintainer="Chunyang Hui " + +WORKDIR /root/demos/python +COPY --from=alpine / /root/alpine_python + +WORKDIR /root