Skip to content

Commit

Permalink
ready for merge
Browse files Browse the repository at this point in the history
  • Loading branch information
genjuro214 committed May 31, 2024
1 parent cdece49 commit 1d351ce
Show file tree
Hide file tree
Showing 8 changed files with 59 additions and 212 deletions.
100 changes: 0 additions & 100 deletions .github/workflows/as-build-and-push-cross-compilation.yaml

This file was deleted.

69 changes: 7 additions & 62 deletions .github/workflows/as-build-and-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
push:
branches:
- main
workflow_dispatch:

jobs:
build_and_push:
Expand All @@ -14,7 +15,8 @@ jobs:
matrix:
instance:
- ubuntu-latest
- s390x
platforms:
- linux/amd64,linux/s390x
tag:
- coco-as-grpc
- coco-as-restful
Expand All @@ -32,14 +34,6 @@ jobs:
runs-on: ${{ matrix.instance }}

steps:
- name: Take a pre-action for self-hosted runner
run: |
# NOTE: Use file checking instead triggering a step based on a runner type
# to avoid updating the step for each new self-hosted runner.
if [ -f "${HOME}/script/pre_action.sh" ]; then
"${HOME}/script/pre_action.sh" cc-trustee
fi
- name: Checkout code
uses: actions/checkout@v4

Expand All @@ -57,56 +51,7 @@ jobs:
run: |
commit_sha=${{ github.sha }}
arch=$(uname -m)
DOCKER_BUILDKIT=1 docker build -f ${{ matrix.docker_file }} --push --build-arg ARCH=${arch} \
-t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${arch} \
-t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${arch} .
- name: Take a post-action for self-hosted runner
if: always()
run: |
# Please check out the note in the pre-action step for the reason of using file checking
if [ -f "${HOME}/script/post_action.sh" ]; then
"${HOME}/script/post_action.sh" cc-trustee
fi
publish_multi_arch_image:
needs: build_and_push
permissions:
packages: write
strategy:
fail-fast: false
matrix:
tag:
- coco-as-grpc
- coco-as-restful
- rvps
include:
- tag: coco-as-grpc
name: gRPC CoCo-AS
- tag: coco-as-restful
name: RESTful CoCo-AS
- tag: rvps
name: RVPS
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to GHCR Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Publish Multi-arch Image for ${{ matrix.name }}
run: |
commit_sha=${{ github.sha }}
docker manifest create ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha} \
--amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-s390x \
--amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-x86_64
docker manifest push ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}
docker manifest create ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest \
--amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-s390x \
--amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-x86_64
docker manifest push ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest
docker buildx build -f ${{ matrix.docker_file }} --push --build-arg ARCH=${arch} \
--platform ${{ matrix.platforms }} \
-t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha} \
-t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest .
37 changes: 11 additions & 26 deletions .github/workflows/kbs-build-and-push.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
name: Build and Push kbs Image

on:
push:
branches:
- main
workflow_dispatch:

jobs:
Expand All @@ -12,9 +15,8 @@ jobs:
matrix:
instance:
- ubuntu-latest
platform:
- linux/amd64
- linux/s390x
platforms:
- linux/amd64,linux/s390x
tag:
- kbs
- kbs-grpc-as
Expand All @@ -30,14 +32,6 @@ jobs:
runs-on: ${{ matrix.instance }}

steps:
- name: Take a pre-action for self-hosted runner
run: |
# NOTE: Use file checking instead triggering a step based on a runner type
# to avoid updating the step for each new self-hosted runner.
if [ -f "${HOME}/script/pre_action.sh" ]; then
"${HOME}/script/pre_action.sh" cc-trustee
fi
- name: Checkout code
uses: actions/checkout@v4

Expand All @@ -54,18 +48,9 @@ jobs:
- name: Build Container Image KBS (${{ matrix.name }})
run: |
commit_sha=${{ github.sha }}
https_crypto=openssl
docker buildx build -f ${{ matrix.docker_file }} --load \
-t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${arch} \
-t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${arch} \
--platform ${{ matrix.platform }} --build-arg HTTPS_CRYPTO=${https_crypto} .
- name: Take a post-action for self-hosted runner
if: always()
run: |
# Please check out the note in the pre-action step for the reason of using file checking
if [ -f "${HOME}/script/post_action.sh" ]; then
"${HOME}/script/post_action.sh" cc-trustee
fi
https_crypto=${{ matrix.https_crypto }}
docker buildx build -f ${{ matrix.docker_file }} --push \
--platform ${{ matrix.platforms }} \
-t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha} \
-t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest \
--build-arg HTTPS_CRYPTO=${https_crypto} .
18 changes: 11 additions & 7 deletions attestation-service/Dockerfile.as-grpc
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
# SPDX-License-Identifier: Apache-2.0

FROM --platform=${BUILDPLATFORM} rust:latest as builder
# predefined variables supported by BuildKit
ARG TARGETARCH
ARG BUILDARCH

Expand All @@ -23,7 +24,7 @@ RUN if [ "${TARGETARCH}" = "amd64" ]; then curl -L https://download.01.org/intel
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
apt-get update && apt-get install -y libtdx-attest-dev libsgx-dcap-quote-verify-dev; fi

# To support cross-compiling
# To support cross-compilation
RUN if [ "${BUILDARCH}" != "${TARGETARCH}" ]; then apt-get install -y --no-install-recommends \
gcc-"${TARGETARCH}"-linux-gnu \
libc6-dev-"${TARGETARCH}"-cross && \
Expand All @@ -33,16 +34,16 @@ RUN if [ "${BUILDARCH}" != "${TARGETARCH}" ]; then apt-get install -y --no-inst
# Build and Install gRPC attestation-service
RUN if [ "${BUILDARCH}" != "${TARGETARCH}" ]; then \
RUSTFLAGS=" -C linker=${TARGETARCH}-linux-gnu-gcc" CGO_ENABLED=1 GOARCH="${TARGETARCH}" \
cargo install --path attestation-service/attestation-service --bin grpc-as --features grpc-bin --locked --target "${TARGETARCH}-unknown-linux-gnu"; \
cargo install --path attestation-service/attestation-service --bin grpc-as --features grpc-bin --locked \
--target "${TARGETARCH}-unknown-linux-gnu"; \
else \
cargo install --path attestation-service/attestation-service --bin grpc-as --features grpc-bin --locked; \
cargo install --path attestation-service/attestation-service --bin grpc-as --features grpc-bin --locked; \
fi

RUN ls -l /usr/lib/

FROM --platform=${TARGETPLATFORM} ubuntu:22.04
ARG ARCH
ARG ARCH=x86_64
ARG TARGETARCH
ARG BUILDARCH

LABEL org.opencontainers.image.source="https://github.com/confidential-containers/attestation-service"

Expand All @@ -56,6 +57,9 @@ RUN if [ "${TARGETARCH}" = "amd64" ]; then curl -L https://download.01.org/intel
apt-get install -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify && \
rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*; fi

# Install TPM Dependencies for cross-complication
RUN if [ "${BUILDARCH}" != "${TARGETARCH}" ]; then apt-get install -y --no-install-recommends libtss2-dev; fi

# Copy TPM Runtime Dependencies
COPY --from=builder /usr/lib/${ARCH}-linux-gnu/libtss* /usr/lib/${ARCH}-linux-gnu

Expand All @@ -65,4 +69,4 @@ VOLUME /opt/confidential-containers/attestation-service

CMD ["grpc-as", "--socket", "0.0.0.0:50004"]

EXPOSE 50004
EXPOSE 50004
14 changes: 10 additions & 4 deletions attestation-service/Dockerfile.as-restful
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ RUN if [ "${TARGETARCH}" = "amd64" ]; then curl -L https://download.01.org/intel
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
apt-get update && apt-get install -y libtdx-attest-dev libsgx-dcap-quote-verify-dev; fi

# to support cross-compiling
# To support cross-compilation
RUN if [ "${BUILDARCH}" != "${TARGETARCH}" ]; then apt-get install -y --no-install-recommends \
gcc-"${TARGETARCH}"-linux-gnu \
libc6-dev-"${TARGETARCH}"-cross && \
Expand All @@ -34,13 +34,16 @@ RUN if [ "${BUILDARCH}" != "${TARGETARCH}" ]; then apt-get install -y --no-inst
# Build and Install RESTful attestation-service
RUN if [ "${BUILDARCH}" != "${TARGETARCH}" ]; then \
RUSTFLAGS=" -C linker=${TARGETARCH}-linux-gnu-gcc" CGO_ENABLED=1 GOARCH="${TARGETARCH}" \
cargo install --path attestation-service/attestation-service --bin restful-as --features restful-bin --locked --target "${TARGETARCH}-unknown-linux-gnu"; \
cargo install --path attestation-service/attestation-service --bin restful-as --features restful-bin --locked \
--target "${TARGETARCH}-unknown-linux-gnu"; \
else \
cargo install --path attestation-service/attestation-service --bin restful-as --features restful-bin --locked; \
cargo install --path attestation-service/attestation-service --bin restful-as --features restful-bin --locked; \
fi

FROM --platform=${TARGETPLATFORM} ubuntu:22.04
ARG ARCH=x86_64
ARG TARGETARCH
ARG BUILDARCH

LABEL org.opencontainers.image.source="https://github.com/confidential-containers/attestation-service"

Expand All @@ -54,6 +57,9 @@ RUN if [ "${TARGETARCH}" = "amd64" ]; then curl -L https://download.01.org/intel
apt-get install -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify && \
rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*; fi

# Install TPM Dependencies for cross-complication
RUN if [ "${BUILDARCH}" != "${TARGETARCH}" ]; then apt-get install -y --no-install-recommends libtss2-dev; fi

# Copy TPM Runtime Dependencies
COPY --from=builder /usr/lib/${ARCH}-linux-gnu/libtss* /usr/lib/${ARCH}-linux-gnu

Expand All @@ -65,4 +71,4 @@ VOLUME /opt/confidential-containers/attestation-service

CMD ["restful-as", "--socket", "0.0.0.0:8080", "--config-file", "/etc/config.json"]

EXPOSE 8080
EXPOSE 8080
9 changes: 5 additions & 4 deletions attestation-service/rvps/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,18 @@ COPY . .

RUN apt-get update && apt-get install protobuf-compiler -y

# to support cross-compiling
# To support cross-compilation
RUN if [ "${BUILDARCH}" != "${TARGETARCH}" ]; then apt-get install -y --no-install-recommends \
gcc-"${TARGETARCH}"-linux-gnu \
libc6-dev-"${TARGETARCH}"-cross && \
rustup target add "${TARGETARCH}-unknown-linux-gnu"; fi

RUN if [ "${BUILDARCH}" != "${TARGETARCH}" ]; then \
RUSTFLAGS=" -C linker=${TARGETARCH}-linux-gnu-gcc" \
cargo install --bin rvps --path attestation-service/rvps --target "${TARGETARCH}-unknown-linux-gnu"; \
cargo install --bin rvps --path attestation-service/rvps \
--target "${TARGETARCH}-unknown-linux-gnu"; \
else \
cargo install --bin rvps --path attestation-service/rvps; \
cargo install --bin rvps --path attestation-service/rvps; \
fi

FROM --platform=${TARGETPLATFORM} debian
Expand All @@ -36,4 +37,4 @@ CMD ["rvps"]

VOLUME /opt/confidential-containers/attestation-service/reference_values/

EXPOSE 50003
EXPOSE 50003
Loading

0 comments on commit 1d351ce

Please sign in to comment.