Skip to content

Commit

Permalink
ci: Push AS, RVPS, KBS and KBS Client for arm64
Browse files Browse the repository at this point in the history
Support cross-compiled build for as, rvps, kbs and kbs client
on arm64 architecture

Signed-off-by: Seunguk Shin <[email protected]>
Reviewed-by: Nick Connolly <[email protected]>
  • Loading branch information
Seunguk Shin committed Dec 20, 2024
1 parent 8d13807 commit 36e52c6
Show file tree
Hide file tree
Showing 8 changed files with 86 additions and 33 deletions.
28 changes: 19 additions & 9 deletions .github/workflows/build-as-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,10 @@ jobs:
strategy:
fail-fast: false
matrix:
instance:
- ubuntu-latest
target_arch:
- x86_64
- s390x
- aarch64
name:
- RESTful CoCo-AS
- gRPC CoCo-AS
Expand All @@ -31,11 +32,19 @@ jobs:
- name: RVPS
docker_file: rvps/docker/Dockerfile
tag: rvps
# add verifier flag to arch
- instance: ubuntu-latest
# add instance and verifier flag to target
- target_arch: x86_64
target_platform: linux/amd64
instance: ubuntu-latest
verifier: all-verifier
- instance: s390x
- target_arch: s390x
target_platform: linux/s390x
instance: s390x
verifier: se-verifier
- target_arch: aarch64
target_platform: linux/arm64
instance: ubuntu-latest
verifier: cca-verifier
runs-on: ${{ matrix.instance }}

steps:
Expand All @@ -55,8 +64,9 @@ jobs:
- name: Build ${{ matrix.name }} Container Image
run: |
commit_sha=${{ github.sha }}
arch=$(uname -m)
DOCKER_BUILDKIT=1 docker build -f "${{ matrix.docker_file }}" ${{ inputs.build_option }} --build-arg ARCH="${arch}" \
docker buildx build --platform "${{ matrix.target_platform }}" \
-f "${{ matrix.docker_file }}" ${{ inputs.build_option }} \
--build-arg ARCH="${{ matrix.target_arch }}" \
--build-arg VERIFIER="${{ matrix.verifier }}" \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${arch}" \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${arch}" .
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${{ matrix.target_arch }}" \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${{ matrix.target_arch }}" .
34 changes: 25 additions & 9 deletions .github/workflows/build-kbs-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,20 +13,26 @@ jobs:
strategy:
fail-fast: false
matrix:
instance:
- ubuntu-latest
target_arch:
- x86_64
- s390x
- aarch64
tag:
- kbs
- kbs-grpc-as
- kbs-ita-as
- rhel-ubi
exclude:
- instance: s390x
- target_arch: s390x
tag: kbs-ita-as
- instance: s390x
- target_arch: s390x
tag: rhel-ubi
- target_arch: aarch64
tag: kbs-ita-as
- target_arch: aarch64
tag: rhel-ubi
include:
# add docker_file + name to each tag
- tag: kbs
docker_file: kbs/docker/Dockerfile
name: build-in AS
Expand All @@ -39,6 +45,16 @@ jobs:
- tag: rhel-ubi
docker_file: kbs/docker/rhel-ubi/Dockerfile
name: RHEL UBI AS
# add instance flag to target
- target_arch: x86_64
target_platform: linux/amd64
instance: ubuntu-latest
- target_arch: s390x
target_platform: linux/s390x
instance: s390x
- target_arch: aarch64
target_platform: linux/arm64
instance: ubuntu-latest

runs-on: ${{ matrix.instance }}

Expand All @@ -59,8 +75,8 @@ jobs:
- name: Build Container Image KBS (${{ matrix.name }})
run: |
commit_sha=${{ github.sha }}
arch=$(uname -m)
DOCKER_BUILDKIT=1 docker build -f "${{ matrix.docker_file }}" ${{ inputs.build_option }} \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${arch}" \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${arch}" \
--build-arg ARCH="${arch}" .
docker buildx build --platform "${{ matrix.target_platform }}" \
-f "${{ matrix.docker_file }}" ${{ inputs.build_option }} \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${{ matrix.target_arch }}" \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${{ matrix.target_arch }}" \
--build-arg ARCH="${{ matrix.target_arch }}" .
2 changes: 2 additions & 0 deletions .github/workflows/push-as-image-to-ghcr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,11 @@ jobs:
commit_sha=${{ github.sha }}
docker manifest create "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-s390x" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-aarch64" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-x86_64"
docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}"
docker manifest create "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-s390x" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-aarch64" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-x86_64"
docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest"
27 changes: 15 additions & 12 deletions .github/workflows/push-kbs-client-to-ghcr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,15 @@ jobs:
arch:
- x86_64
- s390x
env:
RUSTC_VERSION: 1.76.0
runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-22.04' || 's390x' }}
- aarch64
include:
- arch: x86_64
platform: linux/amd64
- arch: s390x
platform: linux/s390x
- arch: aarch64
platform: linux/arm64
runs-on: ${{ matrix.arch == 's390x' && 's390x' || 'ubuntu-22.04' }}
permissions:
contents: read
packages: write
Expand All @@ -24,11 +30,8 @@ jobs:
- name: Check out code
uses: actions/checkout@v4

- name: Install Rust toolchain (${{ env.RUSTC_VERSION }})
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ env.RUSTC_VERSION }}
components: rustfmt, clippy
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log in to ghcr.io
uses: docker/login-action@v3
Expand All @@ -38,17 +41,17 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build a statically linked kbs-client for ${{ matrix.arch }} linux
working-directory: kbs
run: |
make cli-static-linux
docker buildx build --platform "${{ matrix.platform }}" \
-f kbs/docker/kbs-client/Dockerfile \
--build-arg ARCH="${{ matrix.arch }}" --output ./ .
- name: Push to ghcr.io
working-directory: target/${{ matrix.arch }}-unknown-linux-gnu/release
run: |
commit_sha=${{ github.sha }}
oras push \
ghcr.io/confidential-containers/staged-images/kbs-client:sample_only-${{ matrix.arch }}-linux-gnu-${commit_sha},latest-${{ matrix.arch }} \
kbs-client
if [ "$(uname -m)" = "x86_64" ]; then
if [ "${{ matrix.arch }}" = "x86_64" ]; then
oras push ghcr.io/confidential-containers/staged-images/kbs-client:latest kbs-client
fi
4 changes: 3 additions & 1 deletion .github/workflows/push-kbs-image-to-ghcr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,11 @@ jobs:
commit_sha=${{ github.sha }}
docker manifest create "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:${commit_sha}" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:${commit_sha}-x86_64" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:${commit_sha}-aarch64" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:${commit_sha}-s390x"
docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:${commit_sha}"
docker manifest create "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest-x86_64" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest-aarch64" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest-s390x"
docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest"
docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest"
7 changes: 6 additions & 1 deletion kbs/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ openssl = "0.10.55"
az-cvm-vtpm = { version = "0.7.0", default-features = false, optional = true }
derivative = "2.2.0"

[target.'cfg(not(target_arch = "s390x"))'.dependencies]
[target.'cfg(not(any(target_arch = "s390x", target_arch = "aarch64")))'.dependencies]
attestation-service = { path = "../attestation-service", default-features = false, features = [
"all-verifier",
], optional = true }
Expand All @@ -82,6 +82,11 @@ attestation-service = { path = "../attestation-service", default-features = fals
"se-verifier",
], optional = true }

[target.'cfg(target_arch = "aarch64")'.dependencies]
attestation-service = { path = "../attestation-service", default-features = false, features = [
"cca-verifier",
], optional = true }


[dev-dependencies]
tempfile.workspace = true
Expand Down
2 changes: 1 addition & 1 deletion kbs/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ ALIYUN ?= false

ARCH := $(shell uname -m)
# Check if ARCH is supported, otehrwise return error
ifeq ($(filter $(ARCH),x86_64 s390x),)
ifeq ($(filter $(ARCH),x86_64 s390x aarch64),)
$(error "Unsupported architecture: $(ARCH)")
endif

Expand Down
15 changes: 15 additions & 0 deletions kbs/docker/kbs-client/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
FROM rust:1.76.0 AS builder
ARG ARCH=x86_64

WORKDIR /usr/src/kbs
COPY . .

RUN apt-get update && apt install -y pkg-config libssl-dev git sudo

# Build KBS Client
RUN cd kbs && make ARCH=${ARCH} cli-static-linux && \
cp ../target/${ARCH}-unknown-linux-gnu/release/kbs-client /

# Export view.txt
FROM scratch AS export
COPY --from=builder /kbs-client .

0 comments on commit 36e52c6

Please sign in to comment.