name: Build Image for CI (Manual Trigger) # For some demos which need a lot of dependencies, building and installing # depencies during every test consumes much time. Thus, build images specific # for these demos. Now only gRPC OpenVINO and Python need its own test image. # GVisor syscall test also compiles slow. It needs its own image. The images # are stored in "occlumbackup/occlum" dockerhub repo. # This is a manual trigger. on: workflow_dispatch: inputs: image_name: description: 'image name (must choose from )' required: true default: 'grpc' tag: description: 'image tag' required: true default: 'latest' jobs: Build_grpc_image: runs-on: ubuntu-20.04 if: github.event.inputs.image_name == 'grpc' steps: - name: Checkout code uses: actions/checkout@v2 - name: Get occlum version run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; - name: Get branch name # GITHUB_REF=refs/heads/branch-name # ${GITHUB_REF##*/} == branch-name run: echo "OCCLUM_BRANCH=$(echo ${GITHUB_REF##*/})" >> $GITHUB_ENV; # Because "Build and push" step `context` field can't be subdir, # we need to copy files needed by dockerfile to root dir of the project - name: Copy context for docker build run: | cp -r tools/docker . - name: Set up QEMU uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=104857600 - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push uses: docker/build-push-action@v2 with: context: . file: ./tools/docker/ci/Dockerfile.grpc platforms: linux/amd64 build-args: | "OCCLUM_VERSION=${{ env.OCCLUM_VERSION }}" "OCCLUM_BRANCH=${{ env.OCCLUM_BRANCH }}" push: true tags: occlumbackup/occlum:${{ github.event.inputs.tag }}-ubuntu20.04-grpc Build_gvisor_test_image: runs-on: ubuntu-20.04 if: github.event.inputs.image_name == 'gvisor_test' steps: - name: Checkout code uses: actions/checkout@v2 - name: Get occlum version run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; # Because "Build and push" step `context` field can't be subdir, # we need to copy files needed by dockerfile to root dir of the project - name: Copy context for docker build run: | cp -r tools/docker . - name: Set up QEMU uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=104857600 - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push uses: docker/build-push-action@v2 with: context: . file: ./tools/docker/ci/Dockerfile.gvisor_test platforms: linux/amd64 build-args: | "OCCLUM_VERSION=${{ env.OCCLUM_VERSION }}" "OCCLUM_BRANCH=${{ env.OCCLUM_BRANCH }}" push: true tags: occlumbackup/occlum:${{ github.event.inputs.tag }}-ubuntu20.04-gvisor_test Build_openvino_image: runs-on: ubuntu-20.04 if: github.event.inputs.image_name == 'openvino' steps: - name: Checkout code uses: actions/checkout@v2 - name: Get occlum version run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; - name: Get branch name # GITHUB_REF=refs/heads/branch-name # ${GITHUB_REF##*/} == branch-name run: echo "OCCLUM_BRANCH=$(echo ${GITHUB_REF##*/})" >> $GITHUB_ENV; # Because "Build and push" step `context` field can't be subdir, # we need to copy files needed by dockerfile to root dir of the project - name: Copy context for docker build run: | cp -r tools/docker . - name: Set up QEMU uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=104857600 - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push uses: docker/build-push-action@v2 with: context: . file: ./tools/docker/ci/Dockerfile.openvino platforms: linux/amd64 build-args: | "OCCLUM_VERSION=${{ env.OCCLUM_VERSION }}" "OCCLUM_BRANCH=${{ env.OCCLUM_BRANCH }}" push: true tags: occlumbackup/occlum:${{ github.event.inputs.tag }}-ubuntu20.04-openvino Build_python_image: runs-on: ubuntu-20.04 if: github.event.inputs.image_name == 'python' steps: - name: Checkout code uses: actions/checkout@v2 - name: Get occlum version run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; - name: Get branch name # GITHUB_REF=refs/heads/branch-name # ${GITHUB_REF##*/} == branch-name run: echo "OCCLUM_BRANCH=$(echo ${GITHUB_REF##*/})" >> $GITHUB_ENV; # Because "Build and push" step `context` field can't be subdir, # we need to copy files needed by dockerfile to root dir of the project - name: Copy context for docker build run: | cp -r tools/docker . - name: Set up QEMU uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=104857600 - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push uses: docker/build-push-action@v2 with: context: . file: ./tools/docker/ci/Dockerfile.python platforms: linux/amd64 build-args: | "OCCLUM_VERSION=${{ env.OCCLUM_VERSION }}" "OCCLUM_BRANCH=${{ env.OCCLUM_BRANCH }}" push: true tags: occlumbackup/occlum:${{ github.event.inputs.tag }}-ubuntu20.04-python # TODO: Add actions to build tf_serving_base image. # Building TF serving demo image needs a lot of time which exceeds the maximum time limit for a jong of GitHub Actions. # Thus dividing into two jobs. Build_tf_serving_image: # Building TF serving demo image needs a lot of resources which exceeds the limit of GitHub Actions' hosted machine. # Thus, we need to build this image on our host machine. This begins from Occlum 0.29.6 and onwards. runs-on: [self-hosted, SGX2-HW] if: github.event.inputs.image_name == 'tf_serving' steps: - name: Clean before running run: | sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}" - name: Checkout code uses: actions/checkout@v2 - name: Get occlum version run: echo "OCCLUM_VERSION=$(grep 'Version =' src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV; - name: Get branch name # GITHUB_REF=refs/heads/branch-name # ${GITHUB_REF##*/} == branch-name run: echo "OCCLUM_BRANCH=$(echo ${GITHUB_REF##*/})" >> $GITHUB_ENV; # Because "Build and push" step `context` field can't be subdir, # we need to copy files needed by dockerfile to root dir of the project - name: Copy context for docker build run: | cp -r tools/docker . - name: Set up QEMU uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=104857600 - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push uses: docker/build-push-action@v2 with: context: . file: ./tools/docker/ci/Dockerfile.tf_serving_occlum platforms: linux/amd64 build-args: | "OCCLUM_VERSION=${{ env.OCCLUM_VERSION }}" "OCCLUM_BRANCH=${{ env.OCCLUM_BRANCH }}" push: true tags: occlumbackup/occlum:${{ github.event.inputs.tag }}-ubuntu20.04-tf_serving