general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a5cdcc8045
occlum/.github/workflows/hw_mode_test.yml
Shaowei Song 8803969f16 [ci] Cancel previous running jobs on Push/PR
2022-07-25 18:47:25 +08:00

989 lines
36 KiB
YAML
Raw Blame History

name: SGX Hardware Mode Test
# Triggers the workflow on push and pull request labeled "SGX-hardware-test-required".
on:
push:
pull_request_target:
types: labeled
schedule:
# Schedule to run everyday at 6PM UTC (2AM CST)
- cron: '0 18 * * *'
env:
nap_time: 60
repeat_times: 500 # Stress test repeat times
# Cancel previous running jobs on push or pull request
concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.event.pull_request.number }}
cancel-in-progress: true
jobs:
Make-test-on-ubuntu:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
# This step is only needed when the pull request is labeled.
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
# For pull request, we need to merge the commit from fork to the base
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: Integration test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum; OCCLUM_LOG_LEVEL=trace make test"
- name: Integration test with Glibc
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum; OCCLUM_LOG_LEVEL=trace make test-glibc"
- name: Clean the environment
if: ${{ always() }}
run: docker stop ${{ env.CONTAINER_NAME }}
C_cpp_rust_golang_embedded_mode_support_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: C test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/hello_c && make;
occlum new occlum_instance;
cp hello_world occlum_instance/image/bin;
cd occlum_instance && occlum build;
occlum run /bin/hello_world"
- name: C with encrypted image test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/hello_c && make;
rm -rf occlum_instance && occlum new occlum_instance;
occlum gen-image-key occlum_instance/image_key;
cp hello_world occlum_instance/image/bin;
cd occlum_instance && occlum build --image-key ./image_key --buildin-image-key;
occlum run /bin/hello_world"
- name: C++ test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/hello_cc && make;
occlum new occlum_instance;
cp hello_world occlum_instance/image/bin;
cd occlum_instance && occlum build;
occlum run /bin/hello_world"
- name: Rust test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/rust && ./run_rust_demo_on_occlum.sh"
- name: Embedded mode test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/embedded_mode && make;
make test"
- name: Run Golang sqlite test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "export GO111MODULE=on;
cd /root/occlum/demos/golang/go_sqlite/ && ./run_go_sqlite_demo.sh"
- name: Go server set up and run
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "export GO111MODULE=on;
cd /root/occlum/demos/golang/web_server && occlum-go mod init web_server && occlum-go get -u -v github.com/gin-gonic/gin;
occlum-go build -o web_server ./web_server.go;
./run_golang_on_occlum.sh" &
- name: Set up Golang grpc pingpong test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "export GO111MODULE=on;
cd /root/occlum/demos/golang/grpc_pingpong && ./prepare_ping_pong.sh"
- name: Start Golang grpc pingpong server
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/golang/grpc_pingpong && ./run_pong_on_occlum.sh" &
- name: Run Golang grpc ping test
run: |
sleep ${{ env.nap_time }};
docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/golang/grpc_pingpong && ./run_ping_on_occlum.sh"
# Sleeps longer to make sure the server is up.
- name: Curl test
run: |
sleep ${{ env.nap_time }};
docker exec ${{ env.CONTAINER_NAME }} bash -c "curl http://127.0.0.1:8090/ping"
- name: Clean the environment
if: ${{ always() }}
run: docker stop ${{ env.CONTAINER_NAME }}
Java_support_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: Compile Java
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/java && occlum-javac ./hello_world/Main.java"
- name: Run hello world
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/java && ./run_java_on_occlum.sh hello"
- name: Compile processBuilder demo
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/java && occlum-javac ./processBuilder/processBuilder.java"
- name: Run processBuilder
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/java && ./run_java_on_occlum.sh processBuilder"
- name: Clean the environment
if: ${{ always() }}
run: docker stop ${{ env.CONTAINER_NAME }}
Bazel_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: Install bazel
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/hello_bazel && wget https://github.com/bazelbuild/bazel/releases/download/3.2.0/bazel-3.2.0-installer-linux-x86_64.sh;
chmod +x bazel-3.2.0-installer-linux-x86_64.sh;
./bazel-3.2.0-installer-linux-x86_64.sh"
- name: Build bazel dependencies
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/hello_bazel && ./build_bazel_sample.sh"
- name: Test bazel
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/hello_bazel && occlum new occlum_instance;
cp examples/cpp-tutorial/stage3/bazel-bin/main/hello-world occlum_instance/image/bin;
cd occlum_instance && occlum build;
occlum run /bin/hello-world"
- name: Clean the environment
if: ${{ always() }}
run: docker stop ${{ env.CONTAINER_NAME }}
Fish_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: Build Fish dependencies
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/fish && ./download_and_build.sh"
- name: Run Fish test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/fish && ./run_fish_test.sh"
- name: Run Fish process rlimit test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/fish && ./run_per_process_config_test.sh"
- name: Clean the environment
if: ${{ always() }}
run: docker stop ${{ env.CONTAINER_NAME }}
Xgboost_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: Build xgboost dependencies
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/xgboost && ./download_and_build_xgboost.sh"
- name: Run xgboost test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/xgboost && make test"
- name: Run xgboost cluster test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/xgboost && make test-local-cluster"
- name: Clean the environment
if: ${{ always() }}
run: docker stop ${{ env.CONTAINER_NAME }}
Sqlite_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: Build sqlite dependencies
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/sqlite && ./download_and_build_sqlite.sh"
- name: Run sqlite test
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/sqlite && ./run_sqlite_on_occlum.sh"
- name: Clean the environment
if: ${{ always() }}
run: docker stop ${{ env.CONTAINER_NAME }}
Python_musl_support_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- name: Create container
run: |
docker pull occlumbackup/occlum:latest-ubuntu20.04-python
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
python_musl_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-python);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
python_musl_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-python);
else
echo "Unsupported Hardware"
fi;
echo "python_musl_support_test=$python_musl_support_test" >> $GITHUB_ENV
- uses: ./.github/workflows/composite_action/prebuild
with:
container-name: $python_musl_support_test
# - name: Configure dependency source
# run: |
# docker exec $python_musl_support_test bash -c "cat <<- EOF >/root/.cargo/config
# [source.crates-io]
# registry = \"https://github.com/rust-lang/crates.io-index\"
# replace-with = 'tuna'
# [source.tuna]
# registry = \"https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git\"
# EOF"
- name: Build dependencies
run: docker exec $python_musl_support_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Make install
run: docker exec $python_musl_support_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: Run python musl support test
run: docker exec $python_musl_support_test bash -c "cd /root/occlum/demos/python/python_musl; ./run_python_on_occlum.sh"
- name: Check result
run: docker exec $python_musl_support_test bash -c "cd /root/occlum/demos/python/python_musl/occlum_instance; cat smvlight.dat"
- name: Clean the environment
if: ${{ always() }}
run: docker stop $python_musl_support_test
Openvino_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- name: Create container
run: |
docker pull occlumbackup/occlum:latest-ubuntu20.04-openvino
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
openvino_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-openvino);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
openvino_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-openvino);
else
echo "Unsupported Hardware"
fi;
echo "openvino_test=$openvino_test" >> $GITHUB_ENV
- uses: ./.github/workflows/composite_action/prebuild
with:
container-name: $openvino_test
# - name: Configure dependency source
# run: |
# docker exec $openvino_test bash -c "cat <<- EOF >/root/.cargo/config
# [source.crates-io]
# registry = \"https://github.com/rust-lang/crates.io-index\"
# replace-with = 'ustc'
# [source.ustc]
# registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
# EOF"
- name: Build dependencies
run: docker exec $openvino_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Make install
run: docker exec $openvino_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: Run openVINO benchmark
run: docker exec $openvino_test bash -c "cd /root/demos/openvino && ./run_benchmark_on_occlum.sh"
- name: Clean the environment
if: ${{ always() }}
run: docker stop $openvino_test
Grpc_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- name: Create container
run: |
docker pull occlumbackup/occlum:latest-ubuntu20.04-grpc
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
grpc_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-grpc);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
grpc_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-grpc);
else
echo "Unsupported Hardware"
fi;
echo "grpc_test=$grpc_test" >> $GITHUB_ENV
- uses: ./.github/workflows/composite_action/prebuild
with:
container-name: $grpc_test
# - name: Change download source of crates.io
# run: |
# docker exec $grpc_test bash -c "cat <<- EOF >/root/.cargo/config
# [source.crates-io]
# registry = \"https://github.com/rust-lang/crates.io-index\"
# replace-with = 'ustc'
# [source.ustc]
# registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
# EOF"
- name: Build dependencies
run: docker exec $grpc_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Make install
run: docker exec $grpc_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=y make install"
- name: Prepare grpc musl sample project
run: docker exec $grpc_test bash -c "cd /root/demos/grpc/grpc_musl && ./prepare_client_server.sh"
- name: Run grpc musl server
run: docker exec $grpc_test bash -c "cd /root/demos/grpc/grpc_musl && ./run_server_on_occlum.sh" &
- name: Run grpc musl client
run: |
sleep ${{ env.nap_time }};
docker exec $grpc_test bash -c "cd /root/demos/grpc/grpc_musl && ./run_client_on_occlum.sh"
- name: Prepare grpc glibc sample project
run: docker exec $grpc_test bash -c "cd /root/demos/grpc/grpc_glibc && ./prepare_client_server_glibc.sh"
- name: Run grpc glibc server
run: docker exec $grpc_test bash -c "cd /root/demos/grpc/grpc_glibc && ./run_server_on_occlum_glibc.sh" &
- name: Run grpc glibc client
run: |
sleep ${{ env.nap_time }};
docker exec $grpc_test bash -c "cd /root/demos/grpc/grpc_glibc && ./run_client_on_occlum_glibc.sh"
- name: Run grpc stress test
run: docker exec $grpc_test bash -c "cd /root/demos/grpc/grpc_glibc && ./run_stress_test.sh"
- name: Clean the environment
if: ${{ always() }}
run: docker stop $grpc_test
Gvisor_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- name: Create container
run: |
docker pull occlumbackup/occlum:latest-ubuntu20.04-gvisor_test
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
gvisor_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-gvisor_test);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
gvisor_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-gvisor_test);
else
echo "Unsupported Hardware"
fi;
echo "gvisor_test=$gvisor_test" >> $GITHUB_ENV
- uses: ./.github/workflows/composite_action/prebuild
with:
container-name: $gvisor_test
# - name: Change download source of crates.io
# run: |
# docker exec $gvisor_test bash -c "cat <<- EOF >/root/.cargo/config
# [source.crates-io]
# registry = \"https://github.com/rust-lang/crates.io-index\"
# replace-with = 'ustc'
# [source.ustc]
# registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
# EOF"
- name: Build dependencies
run: docker exec $gvisor_test bash -c "cargo uninstall sccache || true; cd /root/occlum; make submodule"
- name: Make install
run: docker exec $gvisor_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=y make install"
- name: Clone gvisor code
run: docker exec $gvisor_test bash -c "git clone https://github.com/occlum/gvisor.git"
- name: Run gvisor syscall test
run: docker exec $gvisor_test bash -c "cd /root/gvisor/occlum; ./run_occlum_passed_tests.sh"
- name: Clean the environment
if: ${{ always() }}
run: docker stop $gvisor_test
# Test_rpm_deploy:
# if: github.event_name == 'push'
# runs-on: ${{ matrix.self_runner }}
# strategy:
# matrix:
# self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
# steps:
# - name: Clean before running
# run: |
# sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
# - name: Checkout code
# if: github.event_name == 'push'
# uses: actions/checkout@v2
# with:
# submodules: false
# - name: Test deployment
# run: |
# cd demos/deployment
# if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
# ./deploy_image_test.sh centos8.2
# elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
# DEVICE_OPTION="-v /dev/sgx:/dev/sgx" ./deploy_image_test.sh centos8.2
# else
# echo "Unsupported Hardware"
# exit 1
# fi;
# - name: Clean the environment
# if: ${{ always() }}
# run: |
# docker stop centos8.2_deploy_test
# docker rm -f centos8.2_deploy_test
Test_deb_deploy:
timeout-minutes: 180
if: github.event_name == 'push'
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: false
- name: Test deployment
run: |
cd demos/deployment
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
./deploy_image_test.sh ubuntu20.04
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
DEVICE_OPTION="-v /dev/sgx:/dev/sgx" ./deploy_image_test.sh ubuntu20.04
else
echo "Unsupported Hardware"
exit 1
fi;
- name: Clean the environment
if: ${{ always() }}
run: |
docker stop ubuntu20.04_deploy_test
docker rm -f ubuntu20.04_deploy_test
# Tensorflow_serving requires binary tensorflow_serving PIC, here we compile tensorflow_model_server before workflow
Tensorflow_serving_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
# Tensorflow serving test requires AVX512 instruction support. Only the SGX2-HW machine has support for that.
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- name: Create container
run: |
docker pull occlumbackup/occlum:latest-ubuntu20.04-tf_serving
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
tf_serving_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-tf_serving);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
tf_serving_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu20.04-tf_serving);
else
echo "Unsupported Hardware"
fi;
echo "tf_serving_test=$tf_serving_test" >> $GITHUB_ENV
- uses: ./.github/workflows/composite_action/prebuild
with:
container-name: $tf_serving_test
# - name: Change download source of crates.io
# run: |
# docker exec $tf_serving_test bash -c "cat <<- EOF >/root/.cargo/config
# [source.crates-io]
# registry = \"https://github.com/rust-lang/crates.io-index\"
# replace-with = 'ustc'
# [source.ustc]
# registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
# EOF"
- name: Build dependencies
run: docker exec $tf_serving_test bash -c "cd /root/occlum; make submodule"
- name: Make install
run: docker exec $tf_serving_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: Move dependencies to current demo
run: docker exec $tf_serving_test bash -c "mv /root/tensorflow_model_server /root/occlum/demos/tensorflow/tensorflow_serving; mv /root/resnet50-v15-fp32 /root/occlum/demos/tensorflow/tensorflow_serving"
- name: Generate SSL
run: docker exec $tf_serving_test bash -c "cd /root/occlum/demos/tensorflow/tensorflow_serving; ./generate_ssl_config.sh localhost"
- name: Run tf_serving server
run: docker exec $tf_serving_test bash -c "cd /root/occlum/demos/tensorflow/tensorflow_serving; ./run_occlum_tf_serving.sh"
- name: Run tf_serving client
run: |
sleep 120;
docker exec $tf_serving_test bash -c "cd /root/occlum/demos/tensorflow/tensorflow_serving/client; ./benchmark.sh python3 localhost:8500 ../ssl_configure/server.crt"
- name: Clean the environment
if: ${{ always() }}
run: docker stop $tf_serving_test
Remote_attestation_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: Build and run remote attestation demo
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/dcap; ./run_dcap_quote_on_occlum.sh"
- name: Clean the environment
if: ${{ always() }}
run: docker stop ${{ env.CONTAINER_NAME }}
Init_RA_test:
timeout-minutes: 180
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: Install dependencies
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "apt update && apt install -y netcat"
- name: Build the init-ra all content
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum/demos/remote_attestation/init_ra_flow; ./build_content.sh"
- name: Run init-ra server and client(flask-tls) on backgroud tiil ready
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/init_ra_flow; ./run_till_ready.sh"
- name: Test PUT data with certificate
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/init_ra_flow;
curl --cacert flask.crt -X PUT https://localhost:4996/customer/1 -d "data=Tom""
- name: Test GET data with certificate
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum/demos/remote_attestation/init_ra_flow;
curl --cacert flask.crt -X GET https://localhost:4996/customer/1"
- name: Clean the environment
if: ${{ always() }}
run: docker stop ${{ env.CONTAINER_NAME }}
Stress_test_with_musl:
timeout-minutes: 360
if: github.event_name == 'schedule'
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
uses: actions/checkout@v2
with:
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: Stress test with musl
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum; make test times=${{ env.repeat_times }}"
- name: Show failed cases and clean the environment
if: ${{ always() }}
run: |
docker exec ${{ env.CONTAINER_NAME }} bash -c "cat /root/occlum/build/test/.fail"
docker stop ${{ env.CONTAINER_NAME }}
Stress_test_with_glibc:
timeout-minutes: 360
if: github.event_name == 'schedule'
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
uses: actions/checkout@v2
with:
submodules: true
- uses: ./.github/workflows/composite_action/hw
with:
container-name: ${{ github.job }}
build-envs: 'OCCLUM_RELEASE_BUILD=1'
- name: Stress test with Glibc
run: docker exec ${{ env.CONTAINER_NAME }} bash -c "cd /root/occlum; make test-glibc times=${{ env.repeat_times }}"
- name: Show failed cases and clean the environment
if: ${{ always() }}
run: |
docker exec ${{ env.CONTAINER_NAME }} bash -c "cat /root/occlum/build/test/.fail"
docker stop ${{ env.CONTAINER_NAME }}
Reference in New Issue View Git Blame Copy Permalink