From 753ad295112f105cc7ac0df42bc6c10990794931 Mon Sep 17 00:00:00 2001 From: Anjo Vahldiek-Oberwagner Date: Wed, 30 Sep 2020 03:49:59 -0700 Subject: [PATCH] Continuous Deployment via Github action to build public Graphene Docker image. The action logs into Docker Hub via Github Secrets, builds the Graphene base Docker image (currently only for AKS), and pushes the resulting image to Docker Hub. --- .github/workflows/graphene-base-image.yaml | 29 ++++++++++++++ Jenkinsfiles/Linux-SGX-gsc | 13 +++++++ Tools/gsc/Makefile | 37 +++++++++++++++--- .../gsc/images/graphene_aks.latest.dockerfile | 39 ------------------- 4 files changed, 74 insertions(+), 44 deletions(-) create mode 100644 .github/workflows/graphene-base-image.yaml delete mode 100644 Tools/gsc/images/graphene_aks.latest.dockerfile diff --git a/.github/workflows/graphene-base-image.yaml b/.github/workflows/graphene-base-image.yaml new file mode 100644 index 0000000000..eeab1708d5 --- /dev/null +++ b/.github/workflows/graphene-base-image.yaml @@ -0,0 +1,29 @@ +name: Graphene Docker Image CD + +on: + push: + branches: [ master ] + +jobs: + + build: + if: ${{ github.repository == 'oscarlab/graphene' }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.8 + uses: actions/setup-python@v2 + with: + python-version: 3.8 + - name: Install Python dependencies + run: | + pip install jinja2 pyyaml docker + - name: Build the Graphene Docker image + env: # Set Docker Hub account information to environment variables + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + run: | + echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + cd Tools/gsc + make build-images + make push-images diff --git a/Jenkinsfiles/Linux-SGX-gsc b/Jenkinsfiles/Linux-SGX-gsc index d8d62b49f7..2db82ef9d5 100644 --- a/Jenkinsfiles/Linux-SGX-gsc +++ b/Jenkinsfiles/Linux-SGX-gsc @@ -17,6 +17,19 @@ pipeline { ''' } } + stage('Test_CD') { + steps { + sh ''' + # Test the build of Graphene base images which are automatically + # pushed to Docker Hub after a merge. This does not test the actual + # continuous deployment Github action, instead only tests the + # underlying script. + cd Tools/gsc + make build-images + make distclean + ''' + } + } stage('Test') { steps { sh ''' diff --git a/Tools/gsc/Makefile b/Tools/gsc/Makefile index 224b137376..c6eec620e6 100644 --- a/Tools/gsc/Makefile +++ b/Tools/gsc/Makefile @@ -5,10 +5,13 @@ # template/Dockerfile.*.compile.template changes), these automatically generated files need to be # updated. Generally, changes to Graphene do not require rebuilding these Docker files. -IMAGES=graphene_aks +IMAGES=aks VERSIONS=latest +# Official Docker Hub organization name. In case of a name change in Docker Hub, this name must be +# changed. +DOCKERHUB_ORGANIZATION=graphenelibos -all: $(addsuffix .dockerfile, $(addprefix $(addprefix images/, ${IMAGES}), .${VERSIONS})) +all: generate-dockerfiles build-images config.aks.%.yaml: printf \ @@ -20,15 +23,39 @@ config.aks.%.yaml: Repository: \"https://github.com/intel/SGXDataCenterAttestationPrimitives.git\"\n\ Branch: \"DCAP_1.7 && cp -r driver/linux/* .\"\n" > $@ -images/graphene_aks.latest.dockerfile: config.aks.master.yaml +images: + mkdir -p images + +images/graphene_aks.latest.dockerfile: config.aks.master.yaml images ./gsc build-graphene -f -c $< graphene-aks mv graphene-aks/Dockerfile.compile $@ $(RM) -r graphene-aks +.PHONY: generate-dockerfiles +generate-dockerfiles: $(addsuffix .dockerfile, $(addprefix $(addprefix images/, graphene_${IMAGES}), .${VERSIONS})) + +.PHONY: build-images +build-images: $(addprefix $(addprefix build-, $(IMAGES))-, $(VERSIONS)) + +.PHONY: build-aks-% +build-aks-%: images/graphene_aks.%.dockerfile + docker build --rm --no-cache -t $(DOCKERHUB_ORGANIZATION)/aks:$* -f images/graphene_aks.$*.dockerfile images/ + +.PHONY: push-images +push-images: $(addprefix $(addprefix push-, $(IMAGES))-, $(VERSIONS)) + +.PHONY: push-aks-% +push-aks-%: + docker push $(DOCKERHUB_ORGANIZATION)/aks:$* + .PHONY: distclean -distclean: clean - $(RM) images/* +distclean: clean clean-images + $(RM) -r images/ .PHONY: clean clean: $(RM) config.aks.*.yaml + +.PHONY: clean-images +clean-images: + docker rmi -f $(addprefix $(addprefix $(DOCKERHUB_ORGANIZATION)/, $(IMAGES)):, $(VERSIONS)) diff --git a/Tools/gsc/images/graphene_aks.latest.dockerfile b/Tools/gsc/images/graphene_aks.latest.dockerfile deleted file mode 100644 index 96903623d7..0000000000 --- a/Tools/gsc/images/graphene_aks.latest.dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM ubuntu:18.04 AS graphene - -# Add steps here to set up dependencies -RUN env DEBIAN_FRONTEND=noninteractive apt-get update \ - && env DEBIAN_FRONTEND=noninteractive apt-get install -y \ - autoconf \ - bison \ - build-essential \ - coreutils \ - gawk \ - git \ - libcurl4-openssl-dev \ - libprotobuf-c-dev \ - protobuf-c-compiler \ - python3-protobuf \ - wget - -# Clone Graphene -RUN git clone https://github.com/oscarlab/graphene.git /graphene - -# Init submodules -RUN cd /graphene \ - && git fetch origin master \ - && git checkout master \ - && git submodule update --init -- Pal/src/host/Linux-SGX/sgx-driver/ - -# Create SGX driver for header files -RUN cd /graphene/Pal/src/host/Linux-SGX/sgx-driver \ - && git clone https://github.com/intel/SGXDataCenterAttestationPrimitives.git linux-sgx-driver \ - && cd linux-sgx-driver \ - && git checkout DCAP_1.7 && cp -r driver/linux/* . - -# Build Graphene-SGX -RUN cd /graphene && ISGX_DRIVER_PATH=/graphene/Pal/src/host/Linux-SGX/sgx-driver/linux-sgx-driver \ - make -s -j4 SGX=1 WERROR=1 \ - && true - -# Translate runtime symlinks to files -RUN for f in $(find /graphene/Runtime -type l); do cp --remove-destination $(realpath $f) $f; done