Skip to content

Commit

Permalink
Merge openenclave#4287
Browse files Browse the repository at this point in the history 
4287: Build and test OE base image r=CyanDevs a=CyanDevs

* Changes Linux Jenkins Dockerfile to declarative pipeline syntax
* Removes dependency on devkit as it is not relevant
* Fixes Ansible install with pip3 and Python 3.6
* OE samples test can use either cmake or make
* Build and test OE base image

Test build: https://oe-jenkins-dev.westeurope.cloudapp.azure.com/job/CI-CD_Infrastructure/job/DS%20Linux%20Container%20Build/53/

Testing library changes with Azure Linux pipeline: https://oe-jenkins-dev.westeurope.cloudapp.azure.com/blue/organizations/jenkins/pipelines%2FAzure-Linux/detail/Azure-Linux/3431/pipeline

Co-authored-by: Chris Yan <[email protected]>
  • Loading branch information
@oeciteam @CyanDevs
oeciteam and CyanDevs committed Oct 27, 2021
2 parents 228d7c1 + 97256fd commit 2340d90
Show file tree
Hide file tree
Showing 3 changed files with 161 additions and 57 deletions.
167 changes: 127 additions & 40 deletions .jenkins/infrastructure/docker/build_linux_docker_images.Jenkinsfile
View file
Original file line number Diff line number Diff line change
@@ -1,61 +1,148 @@
// Copyright (c) Open Enclave SDK contributors.
// Licensed under the MIT License.

OECI_LIB_VERSION = env.OECI_LIB_VERSION ?: "master"
oe = library("OpenEnclaveCommon@${OECI_LIB_VERSION}").jenkins.common.Openenclave.new()
library "OpenEnclaveJenkinsLibrary@${params.OECI_LIB_VERSION}"

AGENTS_LABEL = params.AGENTS_LABEL
TIMEOUT_MINUTES = params.TIMEOUT_MINUTES ?: 240

INTERNAL_REPO = params.INTERNAL_REPO ?: "https://oejenkinscidockerregistry.azurecr.io"
INTERNAL_REPO_CREDS = params.INTERNAL_REPO_CREDS ?: "oejenkinscidockerregistry"
DOCKERHUB_REPO_CREDS = params.DOCKERHUB_REPO_CREDS ?: "oeciteamdockerhub"
LINUX_DOCKERFILE = ".jenkins/infrastructure/docker/dockerfiles/linux/Dockerfile"

def buildLinuxDockerContainers() {
node(AGENTS_LABEL) {
timeout(TIMEOUT_MINUTES) {
stage("Checkout") {
pipeline {
agent {
label globalvars.AGENTS_LABELS["acc-ubuntu-18.04"]
}
options {
timeout(time: 240, unit: 'MINUTES')
}
parameters {
string(name: "SGX_VERSION", description: "Intel SGX version to install (Ex: 2.15.100). For versions see: https://download.01.org/intel-sgx/sgx_repo/ubuntu/apt_preference_files/")
string(name: "REPOSITORY_NAME", defaultValue: "openenclave/openenclave", description: "GitHub repository to checkout")
string(name: "BRANCH_NAME", defaultValue: "master", description: "The branch used to checkout the repository")
string(name: "DOCKER_TAG", defaultValue: "standalone-linux-build", description: "The tag for the new Docker images")
string(name: "INTERNAL_REPO", defaultValue: "https://oejenkinscidockerregistry.azurecr.io", description: "Url for internal Docker repository")
string(name: "OECI_LIB_VERSION", defaultValue: 'master', description: 'Version of OE Libraries to use')
booleanParam(name: "PUBLISH_DOCKER_HUB", defaultValue: false, description: "Publish container to OECITeam Docker Hub?")
booleanParam(name: "TAG_LATEST", defaultValue: false, description: "Update the latest tag to the currently built DOCKER_TAG")
}
environment {
INTERNAL_REPO_CREDS = 'oejenkinscidockerregistry'
DOCKERHUB_REPO_CREDS = 'oeciteamdockerhub'
BASE_DOCKERFILE_DIR = ".jenkins/infrastructure/docker/dockerfiles/linux/base/"
LINUX_DOCKERFILE = ".jenkins/infrastructure/docker/dockerfiles/linux/Dockerfile"
}
stages {
stage("Checkout") {
steps {
cleanWs()
checkout scm
checkout([$class: 'GitSCM',
branches: [[name: BRANCH_NAME]],
extensions: [],
userRemoteConfigs: [[url: "https://github.com/${params.REPOSITORY_NAME}"]]])
}
}
stage("Base Image") {
stages {
stage('Build Base') {
steps {
dir(env.BASE_DOCKERFILE_DIR) {
sh """
chmod +x ./build.sh
mkdir build
cd build
../build.sh -v "${params.SGX_VERSION}" -u "18.04" -t "${params.DOCKER_TAG}"
../build.sh -v "${params.SGX_VERSION}" -u "20.04" -t "${params.DOCKER_TAG}"
"""
}
}
}
stage('Test Base') {
parallel {
stage("Test Base - 18.04") {
steps {
script {
def image = docker.image("openenclave-bionic:${params.DOCKER_TAG}")
image.inside("--user root:root --cap-add=SYS_PTRACE --device /dev/sgx:/dev/sgx --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket") {
sh """
apt update
apt install -y build-essential open-enclave libssl-dev
"""
helpers.TestSamplesCommand(false, "open-enclave")
}
}
}
}
stage("Test Base - 20.04") {
steps {
script {
def image = docker.image("openenclave-focal:${params.DOCKER_TAG}")
image.inside("--user root:root --cap-add=SYS_PTRACE --device /dev/sgx:/dev/sgx --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket") {
sh """
apt update
apt install -y build-essential open-enclave libssl-dev
"""
helpers.TestSamplesCommand(false, "open-enclave")
}
}
}
}
}
}
}
String buildArgs = oe.dockerBuildArgs("UID=\$(id -u)", "UNAME=\$(id -un)",
"GID=\$(id -g)", "GNAME=\$(id -gn)")
parallel "Build Ubuntu 18.04 Docker Image": {
}
stage("Full CI/CD Image") {
parallel {
stage("Build Ubuntu 18.04 Docker Image") {
oe1804 = oe.dockerImage("oetools-18.04:${DOCKER_TAG}", LINUX_DOCKERFILE, "${buildArgs} --build-arg ubuntu_version=18.04 --build-arg devkits_uri=${DEVKITS_URI}")
puboe1804 = oe.dockerImage("oeciteam/oetools-18.04:${DOCKER_TAG}", LINUX_DOCKERFILE, "${buildArgs} --build-arg ubuntu_version=18.04 --build-arg devkits_uri=${DEVKITS_URI}")
steps {
script {
oe1804 = common.dockerImage("oetools-18.04:${DOCKER_TAG}", LINUX_DOCKERFILE, "--build-arg ubuntu_version=18.04")
puboe1804 = common.dockerImage("oeciteam/oetools-18.04:${DOCKER_TAG}", LINUX_DOCKERFILE, "--build-arg ubuntu_version=18.04")
}
}
}
}, "Build Ubuntu 20.04 Docker Image": {
stage("Build Ubuntu 20.04 Docker Image") {
oe2004 = oe.dockerImage("oetools-20.04:${DOCKER_TAG}",LINUX_DOCKERFILE, "${buildArgs} --build-arg ubuntu_version=20.04 --build-arg devkits_uri=${DEVKITS_URI}")
puboe2004 = oe.dockerImage("oeciteam/oetools-20.04:${DOCKER_TAG}", LINUX_DOCKERFILE, "${buildArgs} --build-arg ubuntu_version=20.04 --build-arg devkits_uri=${DEVKITS_URI}")
steps {
script {
oe2004 = common.dockerImage("oetools-20.04:${DOCKER_TAG}",LINUX_DOCKERFILE, "--build-arg ubuntu_version=20.04")
puboe2004 = common.dockerImage("oeciteam/oetools-20.04:${DOCKER_TAG}", LINUX_DOCKERFILE, "--build-arg ubuntu_version=20.04")
}
}
}
}
stage("Push to OE Docker Registry") {
docker.withRegistry(INTERNAL_REPO, INTERNAL_REPO_CREDS) {
oe.exec_with_retry { oe1804.push() }
oe.exec_with_retry { oe2004.push() }
if(TAG_LATEST == "true") {
oe.exec_with_retry { oe1804.push('latest') }
oe.exec_with_retry { oe2004.push('latest') }
}
stage("Push to OE Docker Registry") {
steps {
script {
docker.withRegistry(params.INTERNAL_REPO, env.INTERNAL_REPO_CREDS) {
common.exec_with_retry { oe1804.push() }
common.exec_with_retry { oe2004.push() }
if(params.TAG_LATEST == "true") {
common.exec_with_retry { oe1804.push('latest') }
common.exec_with_retry { oe2004.push('latest') }
}
}
}
}
stage("Push to OE Docker Hub Registry") {
docker.withRegistry('', DOCKERHUB_REPO_CREDS) {
if(PUBLISH_DOCKER_HUB == "true") {
oe.exec_with_retry { puboe1804.push() }
oe.exec_with_retry { puboe2004.push() }
if(TAG_LATEST == "true") {
oe.exec_with_retry { puboe1804.push('latest') }
oe.exec_with_retry { puboe2004.push('latest') }
}
stage("Push to OE Docker Hub Registry") {
steps {
script {
docker.withRegistry('', DOCKERHUB_REPO_CREDS) {
if(PUBLISH_DOCKER_HUB == "true") {
common.exec_with_retry { puboe1804.push() }
common.exec_with_retry { puboe2004.push() }
if(TAG_LATEST == "true") {
common.exec_with_retry { puboe1804.push('latest') }
common.exec_with_retry { puboe2004.push('latest') }
}
}
}
}
}
}
}
post {
always {
emailext(
subject: "Jenkins: ${env.JOB_NAME} [#${env.BUILD_NUMBER}] status is ${currentBuild.currentResult}",
body: "See build log for details: ${env.BUILD_URL}",
recipientProviders: [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']]
)
}
}
}

buildLinuxDockerContainers()
13 changes: 4 additions & 9 deletions .jenkins/infrastructure/docker/dockerfiles/linux/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,12 @@
#
# Once installed, build a docker image from .jenkins folder and
# it will use this Dockerfile by default:
# openenclave$ sudo docker build --no-cache=true --build-arg ubuntu_version=<ubuntu_version> --build-arg devkits_uri=<devkits_uri> -t oetools-<ubuntu_version>:<version> -f .jenkins/Dockerfile.full .
# openenclave$ sudo docker build --no-cache=true --build-arg ubuntu_version=<ubuntu_version> -t oetools-<ubuntu_version>:<version> -f .jenkins/Dockerfile.full .
#
# For example, for version 1.x with Ubuntu 18.04 :
# openenclave$ sudo docker build \
# --no-cache=true \
# --build-arg ubuntu_version=18.04 \
# --build-arg devkits_uri=https://tcpsbuild.blob.core.windows.net/tcsp-build/OE-CI-devkits-dd4c992d.tar.gz \
# -t oetools-18.04:1.x \
# -f .jenkins/infrastructure/docker/dockerfiles/linux/Dockerfile \
# .
Expand Down Expand Up @@ -58,9 +57,9 @@ ARG GNAME=jenkins
ARG UID=1000
ARG GID=1000

ARG devkits_uri
# Check to make sure devkits_uri is defined as build arg
RUN test ! -z ${devkits_uri+x}
# Workaround for https://githubmemory.com/repo/pypa/pip/issues/10219
ENV LANG=C.UTF-8
ENV LC_ALL=C.UTF-8

# Install essential packages
RUN apt-get update && \
Expand Down Expand Up @@ -105,9 +104,5 @@ RUN groupadd --gid ${GID} ${GNAME}
RUN useradd --create-home --uid ${UID} --gid ${GID} --shell /bin/bash ${UNAME}
RUN echo "${UNAME} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

# Setup devkit
RUN curl ${devkits_uri} | tar xvz --no-same-permissions --no-same-owner
RUN echo ${devkits_uri##*/} > /devkits/TARBALL

# Set up out-of-proc attestation
ENV SGX_AESM_ADDR=1
38 changes: 30 additions & 8 deletions .jenkins/library/vars/helpers.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,15 +105,37 @@ def testSamplesLinux(boolean lvi_mitigation, String oe_package) {
cp -r /opt/openenclave/share/openenclave/samples ~/
cd ~/samples
. /opt/openenclave/share/openenclave/openenclaverc
if hash cmake 2> /dev/null; then
echo "INFO: Using cmake to build"
export BUILD_SYSTEM=CMAKE
elif hash make 2> /dev/null; then
echo "INFO: Using make to build"
export BUILD_SYSTEM=MAKE
fi
if [[ -z \${BUILD_SYSTEM+x} ]]; then
echo "Error: cmake and make not found. Please install either one to proceed"
exit 1
fi
for i in *; do
if [[ -d \${i} ]] && [[ -f \${i}/CMakeLists.txt ]]; then
cd \${i}
mkdir build
cd build
cmake .. ${lvi_args}
make
make run
cd ~/samples
if [[ \${BUILD_SYSTEM} == "CMAKE" ]]; then
if [[ -d \${i} ]] && [[ -f \${i}/CMakeLists.txt ]]; then
cd \${i}
mkdir build
cd build
cmake .. ${lvi_args}
make
make run
cd ~/samples
fi
elif [[ \${BUILD_SYSTEM} == "MAKE" ]]; then
if [[ -d \${i} ]] && [[ -f \${i}/Makefile ]]; then
cd \${i}
make build
make run
fi
else
echo "Error: unrecognized build system. Either cmake or make must be installed."
exit 1
fi
done
cd ~
Expand Down

0 comments on commit 2340d90

Please sign in to comment.