Continuous Deployment via Github action to build public Graphene Dock…

…er image.

Add Github action that logs into Docker Hub via Github Secrets, builds the Graphene base Docker image (currently only for AKS), and pushes the resulting image to Docker Hub.

Signed-off-by: Anjo Vahldiek-Oberwagner <[email protected]>

.ci/gsc.jenkinsfile

@@ -17,6 +17,19 @@ pipeline {
                 '''
             }
         }
+        stage('Test_CD') {
+            steps {
+                sh '''
+                    # Test the build of Graphene base images which are automatically
+                    # pushed to Docker Hub after a merge. This does not test the actual
+                    # continuous deployment Github action, instead only tests the
+                    # underlying script.
+                    cd Tools/gsc
+                    make build-images
+                    make distclean
+                '''
+            }
+        }
         stage('Test') {
             steps {
                 sh '''

.github/workflows/graphene-base-image.yaml

@@ -0,0 +1,29 @@
+name: Graphene Docker Image CD
+
+on:
+  push:
+    branches: [ master ]
+
+jobs:
+
+  build:
+    if: ${{ github.repository == 'oscarlab/graphene' }}
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.8
+    - name: Install Python dependencies
+      run: |
+        pip install jinja2 pyyaml docker
+    - name: Build the Graphene Docker image
+      env: # Set Docker Hub account information to environment variables
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      run: |
+        echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+        cd Tools/gsc
+        make build-images
+        make push-images

Tools/gsc/Makefile

@@ -5,10 +5,13 @@
 # templates/Dockerfile.*.compile.template changes), these automatically generated files need to be
 # updated. Generally, changes to Graphene do not require rebuilding these Docker files.
 
-IMAGES=graphene_aks
+IMAGES=aks
 VERSIONS=latest
+# Official Docker Hub organization name. In case of a name change in Docker Hub, this name must be
+# changed.
+DOCKERHUB_ORGANIZATION=graphenelibos
 
-all: $(addsuffix .dockerfile, $(addprefix $(addprefix images/, ${IMAGES}), .${VERSIONS}))
+all: generate-dockerfiles build-images
 
 config.aks.%.yaml:
 	printf \
@@ -20,10 +23,30 @@ config.aks.%.yaml:
 	    Repository: \"https://github.com/intel/SGXDataCenterAttestationPrimitives.git\"\n\
 	    Branch: \"DCAP_1.7 && cp -r driver/linux/* .\"\n" > $@
 
-images/graphene_aks.latest.dockerfile: config.aks.master.yaml
+images:
+	mkdir -p images
+
+images/graphene_aks.latest.dockerfile: config.aks.master.yaml images
 	./gsc build-graphene -f -c $< graphene-aks
 	mv build/gsc-graphene-aks/Dockerfile.compile $@
 
+.PHONY: generate-dockerfiles
+generate-dockerfiles: $(addsuffix .dockerfile, $(addprefix $(addprefix images/, graphene_${IMAGES}), .${VERSIONS}))
+
+.PHONY: build-images
+build-images: $(addprefix $(addprefix build-, $(IMAGES))-, $(VERSIONS))
+
+.PHONY: build-aks-%
+build-aks-%: images/graphene_aks.%.dockerfile
+	docker build --rm --no-cache -t $(DOCKERHUB_ORGANIZATION)/aks:$* -f images/graphene_aks.$*.dockerfile images/
+
+.PHONY: push-images
+push-images: $(addprefix $(addprefix push-, $(IMAGES))-, $(VERSIONS))
+
+.PHONY: push-aks-%
+push-aks-%:
+	docker push $(DOCKERHUB_ORGANIZATION)/aks:$*
+
 .PHONY: distclean
 distclean: clean
 	$(RM) images/*
@@ -32,3 +55,7 @@ distclean: clean
 .PHONY: clean
 clean:
 	$(RM) config.aks.*.yaml
+
+.PHONY: clean-images
+clean-images:
+	docker rmi -f $(addprefix $(addprefix $(DOCKERHUB_ORGANIZATION)/, $(IMAGES)):, $(VERSIONS))