From d24242a0fce9c1391c9cb3d6715d8423538e9fdd Mon Sep 17 00:00:00 2001 From: Anjo Vahldiek-Oberwagner Date: Wed, 30 Sep 2020 03:49:59 -0700 Subject: [PATCH] Continuous Deployment via Github action to build public Graphene Docker image. Add Github action that logs into Docker Hub via Github Secrets, builds the Graphene base Docker image (currently only for AKS), and pushes the resulting image to Docker Hub. Signed-off-by: Anjo Vahldiek-Oberwagner --- .ci/gsc.jenkinsfile | 13 +++++++ .github/workflows/graphene-base-image.yaml | 29 +++++++++++++++ Tools/gsc/Makefile | 33 +++++++++++++++-- .../gsc/images/graphene_aks.latest.dockerfile | 36 ------------------- 4 files changed, 72 insertions(+), 39 deletions(-) create mode 100644 .github/workflows/graphene-base-image.yaml delete mode 100644 Tools/gsc/images/graphene_aks.latest.dockerfile diff --git a/.ci/gsc.jenkinsfile b/.ci/gsc.jenkinsfile index ffe3e01068..d3a2ba939a 100644 --- a/.ci/gsc.jenkinsfile +++ b/.ci/gsc.jenkinsfile @@ -17,6 +17,19 @@ pipeline { ''' } } + stage('Test_CD') { + steps { + sh ''' + # Test the build of Graphene base images which are automatically + # pushed to Docker Hub after a merge. This does not test the actual + # continuous deployment Github action, instead only tests the + # underlying script. + cd Tools/gsc + make build-images + make distclean + ''' + } + } stage('Test') { steps { sh ''' diff --git a/.github/workflows/graphene-base-image.yaml b/.github/workflows/graphene-base-image.yaml new file mode 100644 index 0000000000..eeab1708d5 --- /dev/null +++ b/.github/workflows/graphene-base-image.yaml @@ -0,0 +1,29 @@ +name: Graphene Docker Image CD + +on: + push: + branches: [ master ] + +jobs: + + build: + if: ${{ github.repository == 'oscarlab/graphene' }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.8 + uses: actions/setup-python@v2 + with: + python-version: 3.8 + - name: Install Python dependencies + run: | + pip install jinja2 pyyaml docker + - name: Build the Graphene Docker image + env: # Set Docker Hub account information to environment variables + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + run: | + echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + cd Tools/gsc + make build-images + make push-images diff --git a/Tools/gsc/Makefile b/Tools/gsc/Makefile index 6f822298e0..69cd23a8a3 100644 --- a/Tools/gsc/Makefile +++ b/Tools/gsc/Makefile @@ -5,10 +5,13 @@ # templates/Dockerfile.*.compile.template changes), these automatically generated files need to be # updated. Generally, changes to Graphene do not require rebuilding these Docker files. -IMAGES=graphene_aks +IMAGES=aks VERSIONS=latest +# Official Docker Hub organization name. In case of a name change in Docker Hub, this name must be +# changed. +DOCKERHUB_ORGANIZATION=graphenelibos -all: $(addsuffix .dockerfile, $(addprefix $(addprefix images/, ${IMAGES}), .${VERSIONS})) +all: generate-dockerfiles build-images config.aks.%.yaml: printf \ @@ -20,10 +23,30 @@ config.aks.%.yaml: Repository: \"https://github.com/intel/SGXDataCenterAttestationPrimitives.git\"\n\ Branch: \"DCAP_1.7 && cp -r driver/linux/* .\"\n" > $@ -images/graphene_aks.latest.dockerfile: config.aks.master.yaml +images: + mkdir -p images + +images/graphene_aks.latest.dockerfile: config.aks.master.yaml images ./gsc build-graphene -f -c $< graphene-aks mv build/gsc-graphene-aks/Dockerfile.compile $@ +.PHONY: generate-dockerfiles +generate-dockerfiles: $(addsuffix .dockerfile, $(addprefix $(addprefix images/, graphene_${IMAGES}), .${VERSIONS})) + +.PHONY: build-images +build-images: $(addprefix $(addprefix build-, $(IMAGES))-, $(VERSIONS)) + +.PHONY: build-aks-% +build-aks-%: images/graphene_aks.%.dockerfile + docker build --rm --no-cache -t $(DOCKERHUB_ORGANIZATION)/aks:$* -f images/graphene_aks.$*.dockerfile images/ + +.PHONY: push-images +push-images: $(addprefix $(addprefix push-, $(IMAGES))-, $(VERSIONS)) + +.PHONY: push-aks-% +push-aks-%: + docker push $(DOCKERHUB_ORGANIZATION)/aks:$* + .PHONY: distclean distclean: clean $(RM) images/* @@ -32,3 +55,7 @@ distclean: clean .PHONY: clean clean: $(RM) config.aks.*.yaml + +.PHONY: clean-images +clean-images: + docker rmi -f $(addprefix $(addprefix $(DOCKERHUB_ORGANIZATION)/, $(IMAGES)):, $(VERSIONS)) diff --git a/Tools/gsc/images/graphene_aks.latest.dockerfile b/Tools/gsc/images/graphene_aks.latest.dockerfile deleted file mode 100644 index 8b02c27b25..0000000000 --- a/Tools/gsc/images/graphene_aks.latest.dockerfile +++ /dev/null @@ -1,36 +0,0 @@ -FROM ubuntu:18.04 AS graphene - -RUN env DEBIAN_FRONTEND=noninteractive apt-get update \ - && env DEBIAN_FRONTEND=noninteractive apt-get install -y \ - autoconf \ - bison \ - build-essential \ - coreutils \ - gawk \ - git \ - libcurl4-openssl-dev \ - libprotobuf-c-dev \ - protobuf-c-compiler \ - python3-protobuf \ - wget \ - && python3 -B -m pip install toml>=0.10 - -RUN git clone https://github.com/oscarlab/graphene.git /graphene - -RUN cd /graphene \ - && git fetch origin master \ - && git checkout master - -RUN cd /graphene/Pal/src/host/Linux-SGX \ - && git clone https://github.com/intel/SGXDataCenterAttestationPrimitives.git linux-sgx-driver \ - && cd linux-sgx-driver \ - && git checkout DCAP_1.7 && cp -r driver/linux/* . - -RUN cd /graphene \ - && ISGX_DRIVER_PATH=/graphene/Pal/src/host/Linux-SGX/linux-sgx-driver \ - make -s -j WERROR=1 SGX=1 - - - -# Translate runtime symlinks to files -RUN for f in $(find /graphene/Runtime -type l); do cp --remove-destination $(realpath $f) $f; done