From 077f2b87d5019ea08b24c20fdbd9d453a6dc6656 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Jul 2023 10:10:00 +0000 Subject: [PATCH 1/5] Fix container job release for 3.x --- .github/workflows/containers.yml | 4 ++-- docker/app_dev | 2 +- docker/app_run | 2 +- getting_started/setup_vm/app-dev.yml | 15 +++++++++++++-- getting_started/setup_vm/app-run.yml | 12 ++++++++++++ 5 files changed, 29 insertions(+), 6 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 4c6c295af021..fa1ede5a6d21 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -37,8 +37,8 @@ jobs: echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT id: tref - - name: Build ${{ matrix.type }} container for ${{ matrix.platform }}${{ matrix.run_js && ', (JS)' || '' }} - run: docker build -f docker/app_${{ matrix.type }} . --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }} ${{ matrix.run_js && 'run_js=true' || '' }}" -t $ACR_REGISTRY/public/ccf/app/${{ matrix.type }}${{ matrix.run_js && '-js' || '' }}:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} + - name: Build ${{ matrix.type }} container for ${{ matrix.platform }}${{ matrix.run_js && ', (JS)' || '' }} using clang ${{ matrix.clang_version }} + run: docker build -f docker/app_${{ matrix.type }} . --build-arg="clang_version=${{ matrix.clang_version }}" --build-arg="platform=${{ matrix.platform }}" --build-arg="ansible_vars=ccf_ver=${{ steps.tref.outputs.tag }} ${{ matrix.run_js && 'run_js=true' || '' }}" -t $ACR_REGISTRY/public/ccf/app/${{ matrix.type }}${{ matrix.run_js && '-js' || '' }}:${{ steps.tref.outputs.tag }}-${{ matrix.platform }} - name: Log in run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY diff --git a/docker/app_dev b/docker/app_dev index 8ebd976a1d6b..f26b992a11a3 100644 --- a/docker/app_dev +++ b/docker/app_dev @@ -29,7 +29,7 @@ COPY getting_started/setup_vm/ /tmp/setup_vm/ RUN apt update \ && apt install -y ansible software-properties-common bsdmainutils dnsutils \ && cd /tmp/setup_vm \ - && ansible-playbook app-dev.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" \ + && ansible-playbook app-dev.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" --extra-vars "clang_version=${clang_version}" \ && rm -rf /tmp/* \ && apt remove -y ansible software-properties-common \ && apt -y autoremove \ diff --git a/docker/app_run b/docker/app_run index 143c15f9f667..387ef63602b7 100644 --- a/docker/app_run +++ b/docker/app_run @@ -29,7 +29,7 @@ COPY getting_started/setup_vm/ /tmp/setup_vm/ RUN apt update \ && apt install -y ansible software-properties-common curl bsdmainutils dnsutils \ && cd /tmp/setup_vm \ - && ansible-playbook app-run.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" \ + && ansible-playbook app-run.yml --extra-vars "$ansible_vars" --extra-vars "platform=${platform}" --extra-vars "clang_version=${clang_version}" \ && rm -rf /tmp/* \ && apt remove -y ansible software-properties-common curl \ && apt -y autoremove \ diff --git a/getting_started/setup_vm/app-dev.yml b/getting_started/setup_vm/app-dev.yml index 7190ee77c8ce..3ee1d5a1ca50 100644 --- a/getting_started/setup_vm/app-dev.yml +++ b/getting_started/setup_vm/app-dev.yml @@ -4,6 +4,10 @@ platform: "sgx" clang_version: "11" tasks: + - import_role: + name: llvm_repo + tasks_from: install.yml + when: clang_version == "15" - import_role: name: intel tasks_from: sgx-psw.yml @@ -15,14 +19,21 @@ - import_role: name: az_dcap tasks_from: install.yml + + # If OE is already installed, we don't want to install hostverify as they are mutually + # exclusive. Non-SGX CCF builds can use either of them. + - name: Gather the package facts + ansible.builtin.package_facts: + manager: auto - import_role: name: openenclave tasks_from: binary_install.yml - when: platform == "sgx" + when: (platform == "sgx") or ("open-enclave" in ansible_facts.packages) - import_role: name: openenclave tasks_from: install_host_verify.yml - when: platform != "sgx" + when: (platform != "sgx") and ("open-enclave" not in ansible_facts.packages) + - import_role: name: ccf_build tasks_from: install.yml diff --git a/getting_started/setup_vm/app-run.yml b/getting_started/setup_vm/app-run.yml index a99a806292f5..5a6a20ff6cde 100644 --- a/getting_started/setup_vm/app-run.yml +++ b/getting_started/setup_vm/app-run.yml @@ -4,6 +4,10 @@ platform: "sgx" clang_version: "11" tasks: + - import_role: + name: llvm_repo + tasks_from: install.yml + when: clang_version == "15" - import_role: name: intel tasks_from: sgx-psw.yml @@ -15,6 +19,14 @@ - import_role: name: az_dcap tasks_from: install.yml + - import_role: + name: openenclave + tasks_from: binary_install.yml + when: platform == "sgx" + - import_role: + name: openenclave + tasks_from: install_host_verify.yml + when: platform != "sgx" - import_role: name: ccf_install tasks_from: deb_install.yml From b1266409a15bacbec6375de5a2a6c64ac5d4674c Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Jul 2023 10:11:53 +0000 Subject: [PATCH 2/5] Hardcode tag --- .github/workflows/containers.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index fa1ede5a6d21..a33ebecee407 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -34,7 +34,8 @@ jobs: - name: Get image tag from git tag (release) or latest (branch) run: | - echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT + # echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT + echo "tag=3.0.13" >> $GITHUB_OUTPUT id: tref - name: Build ${{ matrix.type }} container for ${{ matrix.platform }}${{ matrix.run_js && ', (JS)' || '' }} using clang ${{ matrix.clang_version }} From de1601d8355431cbfcc9c333f1d15016b8d308e2 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Tue, 25 Jul 2023 10:14:29 +0000 Subject: [PATCH 3/5] Trigger --- .github/workflows/containers.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index a33ebecee407..d68e71ac81ab 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -3,6 +3,9 @@ name: "Build and Publish Release Containers to MCR" on: release: types: [published] + push: + branches: + - "release/3.x_fix_container_job" env: ACR_REGISTRY: ccfmsrc.azurecr.io From e859d58096b16a3d7615e2e521080dcb790e7712 Mon Sep 17 00:00:00 2001 From: Julien Maffre <42961061+jumaffre@users.noreply.github.com> Date: Tue, 25 Jul 2023 16:09:02 +0100 Subject: [PATCH 4/5] Update .github/workflows/containers.yml --- .github/workflows/containers.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index d68e71ac81ab..a33ebecee407 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -3,9 +3,6 @@ name: "Build and Publish Release Containers to MCR" on: release: types: [published] - push: - branches: - - "release/3.x_fix_container_job" env: ACR_REGISTRY: ccfmsrc.azurecr.io From ea93051678d7b704c05bc09e731d8ec690d46390 Mon Sep 17 00:00:00 2001 From: Julien Maffre <42961061+jumaffre@users.noreply.github.com> Date: Tue, 25 Jul 2023 16:09:19 +0100 Subject: [PATCH 5/5] Update .github/workflows/containers.yml --- .github/workflows/containers.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index a33ebecee407..fa1ede5a6d21 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -34,8 +34,7 @@ jobs: - name: Get image tag from git tag (release) or latest (branch) run: | - # echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT - echo "tag=3.0.13" >> $GITHUB_OUTPUT + echo "tag=${GITHUB_REF#refs/tags/ccf-}" >> $GITHUB_OUTPUT id: tref - name: Build ${{ matrix.type }} container for ${{ matrix.platform }}${{ matrix.run_js && ', (JS)' || '' }} using clang ${{ matrix.clang_version }}