246 lines
12 KiB
YAML
246 lines
12 KiB
YAML
name: Set up Package Repository and Test (Manual Trigger)
|
|
|
|
# This is a manual trigger.
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
update_musl:
|
|
description: 'Need build new musl package? <Y/N>'
|
|
required: true
|
|
default: 'N'
|
|
update_glibc:
|
|
description: 'Need build new glibc package? <Y/N>'
|
|
required: true
|
|
default: 'N'
|
|
update_golang:
|
|
description: 'Need build new golang package? <Y/N>'
|
|
required: true
|
|
default: 'N'
|
|
only_test:
|
|
description: 'Only Test? <Y/N>'
|
|
required: true
|
|
default: 'N'
|
|
test_version:
|
|
description: 'Test Occlum version (Required if only test)'
|
|
required: false
|
|
|
|
jobs:
|
|
Package_repository_setup_and_test:
|
|
runs-on: ubuntu-20.04
|
|
if: github.event.inputs.only_test == 'N'
|
|
env:
|
|
TOKEN: ${{ secrets.PAT_TOKEN }}
|
|
# Map a step output to a job output
|
|
outputs:
|
|
occlum_version: ${{ steps.occlum_version.outputs.version }}
|
|
steps:
|
|
# This step is added to get more free space
|
|
- name: Clean virtual environment
|
|
run: |
|
|
sudo rm -rf /usr/share/dotnet
|
|
sudo rm -rf /opt/ghc
|
|
sudo rm -rf "/usr/local/share/boost"
|
|
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
|
|
|
|
- name: Checkout occlum src code
|
|
uses: actions/checkout@v2
|
|
with:
|
|
path: occlum
|
|
|
|
- name: Checkout target occlum-package-repo
|
|
uses: actions/checkout@v2
|
|
with:
|
|
repository: occlum/occlum-package-repos
|
|
ref: master
|
|
path: occlum-package-repos
|
|
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
|
|
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
|
|
|
|
- name: Get occlum version
|
|
run: |
|
|
cd $GITHUB_WORKSPACE/occlum
|
|
echo "OCCLUM_VERSION=$(grep "Version =" src/pal/include/occlum_version.h | awk '{print $4}')" >> $GITHUB_ENV
|
|
|
|
- name: Set occlum version as output
|
|
id: occlum_version
|
|
run: echo "::set-output name=version::${{ env.OCCLUM_VERSION }}"
|
|
|
|
- name: Create ubuntu container
|
|
run: docker run -itd --name=ubuntu -v $GITHUB_WORKSPACE:/root/workspace occlum/occlum:${{ env.OCCLUM_VERSION }}-ubuntu20.04
|
|
|
|
- name: Build deb packages
|
|
run: docker exec ubuntu bash -c "cd /root/workspace/occlum/tools/installer/deb; make"
|
|
|
|
- name: Build musl toolchain package
|
|
if: github.event.inputs.update_musl == 'Y'
|
|
run: docker exec ubuntu bash -c "cd /root/workspace/occlum/tools/installer/deb; make musl-gcc"
|
|
|
|
- name: Build glibc toolchain package
|
|
if: github.event.inputs.update_glibc == 'Y'
|
|
run: docker exec ubuntu bash -c "cd /root/workspace/occlum/tools/installer/deb; make glibc"
|
|
|
|
- name: Build golang toolchain package
|
|
if: github.event.inputs.update_golang == 'Y'
|
|
run: docker exec ubuntu bash -c "cd /root/workspace/occlum/tools/installer/deb; make golang"
|
|
|
|
- name: Prepare tools and keys # Since aptly still use gpg1 by default, we all use gpg1 as gpg tool.
|
|
run: docker exec ubuntu bash -c 'apt-get update; apt-get install -y tree apt-utils gnupg reprepro rng-tools aptly; rm -rf /root/.gnupg;
|
|
echo "${{ secrets.DEB_PRIVATE_KEY }}" > /root/deb_private_key; gpg1 --allow-secret-key-import --import /root/deb_private_key;
|
|
gpg1 --export -a "deb_gpg_key" > /root/public.key;
|
|
gpg1 --import /root/public.key;
|
|
gpg1 --list-keys;
|
|
apt-key add /root/public.key && apt-key list'
|
|
|
|
- name: Inherit apt repo for Ubuntu 18.04
|
|
run: docker exec ubuntu bash -c 'aptly -architectures="amd64" -keyring=/etc/apt/trusted.gpg mirror create bionic-mirror https://occlum.io/occlum-package-repos/debian/ bionic main;
|
|
aptly -keyring=/etc/apt/trusted.gpg mirror update bionic-mirror;
|
|
aptly snapshot create bionic-main from mirror bionic-mirror;
|
|
aptly publish snapshot -distribution=bionic bionic-main'
|
|
|
|
- name: Update apt repo for Ubuntu 20.04
|
|
run: docker exec ubuntu bash -c 'aptly -architectures="amd64" -keyring=/etc/apt/trusted.gpg mirror create focal-mirror https://occlum.io/occlum-package-repos/debian/ focal main;
|
|
aptly -keyring=/etc/apt/trusted.gpg mirror update focal-mirror;
|
|
aptly snapshot create focal-old from mirror focal-mirror;
|
|
aptly -distribution='focal' -architectures=amd64 repo create deb-focal-new;
|
|
aptly repo add deb-focal-new /root/workspace/occlum/build/debs/*;
|
|
aptly snapshot create focal-new from repo deb-focal-new;
|
|
aptly -no-remove snapshot merge focal-main focal-old focal-new;
|
|
aptly publish snapshot -distribution=focal focal-main && tree /root/.aptly/public'
|
|
|
|
- name: Update Git repo
|
|
run: docker exec ubuntu bash -c 'cd /root/workspace/occlum-package-repos; rm -rf debian; cp -r /root/.aptly/public/ /root/workspace/occlum-package-repos/debian;
|
|
cp /root/public.key /root/workspace/occlum-package-repos/debian'
|
|
|
|
- name: Clean ubuntu container and image
|
|
run: |
|
|
docker rm -f ubuntu
|
|
docker rmi -f occlum/occlum:${{ env.OCCLUM_VERSION }}-ubuntu20.04
|
|
|
|
# - name: Create centos container
|
|
# run: docker run -itd --name=centos -v $GITHUB_WORKSPACE:/root/workspace occlum/occlum:${{ env.OCCLUM_VERSION }}-centos8.2
|
|
|
|
# - name: Build rpm packages
|
|
# run: docker exec centos bash -c "cd /root/workspace/occlum/tools/installer/rpm; make; make musl-gcc"
|
|
|
|
# - name: Configure the centos container
|
|
# run: docker exec centos bash -c 'yum install -y gnupg pinentry createrepo rpm-sign ca-certificates; rm -rf /root/.gnupg;
|
|
# echo "${{ secrets.RPM_PRIVATE_KEY }}" > /root/rpm_private_key; gpg --allow-secret-key-import --import /root/rpm_private_key;
|
|
# echo "${{ secrets.CA_PRIVATE_KEY }}" > /root/ca_private_key; gpg --allow-secret-key-import --import /root/ca_private_key;
|
|
# gpg --list-keys;
|
|
# echo -e "%__gpg /usr/bin/gpg\n%_source_filedigest_algorithm 8\n%_binary_filedigest_algorithm 8\n%_gpg_digest_algo SHA256\n%_gpg_path /root/.gnupg\n%_gpg_name rpm_gpg_key" > /root/.rpmmacros'
|
|
|
|
# - name: Sign the package and update the rpm repo
|
|
# run: docker exec centos bash -c "cp /root/workspace/occlum/build/rpms/* /root/workspace/occlum-package-repos/rpm-repo; cd /root/workspace/occlum-package-repos/rpm-repo; rm -rf repodata RPM-GPG-KEY-*;
|
|
# rpmsign --resign *.rpm; createrepo --update -d -p -o . .; gpg -u rpm_gpg_key --detach-sign -a repodata/repomd.xml; gpg --export -a "rpm_gpg_key" > RPM-GPG-KEY-rpm-sign;
|
|
# gpg --export -a "ca_gpg_key" > RPM-GPG-KEY-rpm-sign-ca; gpg --detach-sign -a -u ca_gpg_key RPM-GPG-KEY-rpm-sign"
|
|
|
|
- name: Commit files
|
|
run: |
|
|
cd occlum-package-repos
|
|
git config --local user.email "action@github.com"
|
|
git config --local user.name "GitHub Action"
|
|
git add -A
|
|
git commit -m "Add packages for new release ${{ env.OCCLUM_VERSION }}"
|
|
|
|
- name: Push changes
|
|
uses: ad-m/github-push-action@master
|
|
with:
|
|
github_token: ${{ secrets.PAT_TOKEN }}
|
|
branch: pre-release
|
|
directory: occlum-package-repos
|
|
repository: occlum/occlum-package-repos
|
|
force: true
|
|
|
|
- name: Wait for package repo to deploy
|
|
run: sleep 600
|
|
|
|
|
|
Test_deb_package:
|
|
if: ${{ always() }}
|
|
needs: Package_repository_setup_and_test
|
|
runs-on: ubuntu-20.04
|
|
|
|
steps:
|
|
- name: Create a clean ubuntu container
|
|
run: docker run -itd --name=ubuntu ubuntu:20.04
|
|
|
|
- name: Get occlum version from user inputs
|
|
run: echo "OCCLUM_VERSION=${{github.event.inputs.test_version}}" >> $GITHUB_ENV
|
|
|
|
- name: Update occlum version from previous job
|
|
if: github.event.inputs.only_test == 'N'
|
|
run: echo "OCCLUM_VERSION=${{needs.Package_repository_setup_and_test.outputs.occlum_version}}" >> $GITHUB_ENV
|
|
|
|
- name: Configure sgx and occlum deb repo
|
|
run: |
|
|
# Set the default timezone to make tzdata work
|
|
docker exec ubuntu bash -c "ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo Asia/Shanghai > /etc/timezone"
|
|
docker exec ubuntu bash -c "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates gnupg2 jq make gdb wget libfuse-dev libtool tzdata;
|
|
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list;
|
|
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -"
|
|
docker exec ubuntu bash -c "echo 'deb [arch=amd64] https://occlum.io/occlum-package-repos/debian focal main' | tee /etc/apt/sources.list.d/occlum.list;
|
|
wget -qO - https://occlum.io/occlum-package-repos/debian/public.key | apt-key add -;"
|
|
|
|
- name: Install sgx dependencies and occlum
|
|
run: docker exec ubuntu bash -c "apt-get update; apt-cache policy occlum | grep -n5 ${{ env.OCCLUM_VERSION }} && apt-get install -y occlum libsgx-uae-service libsgx-dcap-ql"
|
|
|
|
- name: Hello world test
|
|
run: docker exec ubuntu bash -c "source /etc/profile; cd /root; wget https://raw.githubusercontent.com/occlum/occlum/master/demos/hello_c/hello_world.c; occlum-gcc -o hello_world hello_world.c;
|
|
occlum new occlum-instance; cp hello_world /root/occlum-instance/image/bin; cd /root/occlum-instance && SGX_MODE=SIM occlum build; occlum run /bin/hello_world"
|
|
|
|
# If there is no match, it will return 1.
|
|
- name: Check installed version
|
|
run: docker exec ubuntu bash -c "cat /opt/occlum/include/occlum_version.h | grep -n5 ${{ env.OCCLUM_VERSION }}"
|
|
|
|
- name: Install occlum-glibc toolchain
|
|
run: |
|
|
docker exec ubuntu bash -c "apt-get install -y occlum-toolchains-glibc"
|
|
docker exec ubuntu bash -c "apt-get install -y git python python3-pip rsync"
|
|
|
|
- name: Run occlum python glibc test
|
|
run: docker exec ubuntu bash -c "source /etc/profile; cd /root && git clone https://github.com/occlum/occlum.git && cd /root/occlum/demos/python/python_glibc && ./install_python_with_conda.sh && SGX_MODE=SIM ./run_python_on_occlum.sh && cat occlum_instance/smvlight.dat"
|
|
|
|
|
|
# Test_rpm_package:
|
|
# if: ${{ always() }}
|
|
# needs: Package_repository_setup_and_test
|
|
# runs-on: ubuntu-18.04
|
|
|
|
# steps:
|
|
# - name: Create clean centos container
|
|
# run: docker run -itd --name=centos centos:centos8.2.2004
|
|
|
|
# - name: Get occlum version from user inputs
|
|
# run: echo "OCCLUM_VERSION=${{github.event.inputs.test_version}}" >> $GITHUB_ENV
|
|
|
|
# - name: Update occlum version from previous job
|
|
# if: github.event.inputs.only_test == 'N'
|
|
# run: echo "OCCLUM_VERSION=${{needs.Package_repository_setup_and_test.outputs.occlum_version}}" >> $GITHUB_ENV
|
|
|
|
# - name: Install sgx dependencies
|
|
# run: docker exec centos bash -c "yum install -y wget yum-utils make jq gdb; cd /root && wget https://download.01.org/intel-sgx/sgx-linux/2.14/distro/centos8.2-server/sgx_rpm_local_repo.tgz;
|
|
# tar -xvzf sgx_rpm_local_repo.tgz; yum-config-manager --add-repo file:///root/sgx_rpm_local_repo; yum --nogpgcheck install -y libsgx-dcap-ql libsgx-epid libsgx-urts;
|
|
# yum --nogpgcheck install -y libsgx-quote-ex; rpm -i /root/sgx_rpm_local_repo/libsgx-uae-service-*.rpm || true"
|
|
|
|
# - name: Install occlum
|
|
# run: |
|
|
# docker exec centos bash -c "cat << EOF > /etc/yum.repos.d/occlum.repo
|
|
# [occlum]
|
|
# name=occlum
|
|
# enabled=1
|
|
# baseurl=https://occlum.io/occlum-package-repos/rpm-repo/
|
|
# gpgcheck=1
|
|
# repo_gpgcheck=1
|
|
# gpgkey=https://occlum.io/occlum-package-repos/rpm-repo/RPM-GPG-KEY-rpm-sign
|
|
# gpgcakey=https://occlum.io/occlum-package-repos/rpm-repo/RPM-GPG-KEY-rpm-sign-ca
|
|
# EOF"
|
|
# docker exec centos bash -c "yum --showduplicate list -y occlum | grep -n5 ${{ env.OCCLUM_VERSION }} && yum install -y occlum"
|
|
|
|
# - name: Hello world test
|
|
# run: docker exec centos bash -c "source /etc/profile; cd /root; rm -rf hello_world*; wget https://raw.githubusercontent.com/occlum/occlum/master/demos/hello_c/hello_world.c; occlum-gcc -o hello_world hello_world.c;
|
|
# occlum new occlum-instance; cp hello_world /root/occlum-instance/image/bin; cd /root/occlum-instance && SGX_MODE=SIM occlum build; occlum run /bin/hello_world"
|
|
|
|
# # If there is no match, it will return 1.
|
|
# - name: Check installed version
|
|
# run: docker exec centos bash -c "cat /opt/occlum/include/occlum_version.h | grep -n5 ${{ env.OCCLUM_VERSION }}"
|