Merge pull request #35 from encointer/ab/merge-multi-parnetchain-upst… #47

Workflow file for this run

.github/workflows/build_and_test.yml at 6a8f9bd

	name: Build, Test, Clippy

	on:
	workflow_dispatch:
	push:
	branches:
	- master
	- 'sdk-v[0-9]+.[0-9]+.[0-9]+-*'
	tags:
	- 'v[0-9]+.[0-9]+.[0-9]+*'
	pull_request:
	branches:
	- master
	- 'sdk-v[0-9]+.[0-9]+.[0-9]+-*'

	env:
	CARGO_TERM_COLOR: always
	LOG_DIR: logs
	BUILD_CONTAINER_NAME: integritee_worker_enclave_test

	jobs:
	cancel_previous_runs:
	name: Cancel Previous Runs
	runs-on: ubuntu-latest
	steps:
	- uses: styfle/cancel-workflow-action@0.11.0
	with:
	access_token: ${{ secrets.GITHUB_TOKEN }}

	build-test:
	runs-on: ${{ matrix.host }}
	strategy:
	fail-fast: false
	matrix:
	include:
	- flavor_id: offchain-worker
	mode: offchain-worker
	host: integritee-builder-sgx
	sgx_mode: HW
	additional_features: dcap
	- flavor_id: teeracle
	mode: teeracle
	host: integritee-builder-sgx
	sgx_mode: HW
	additional_features: dcap

	steps:
	- uses: actions/checkout@v3

	- name: Set env
	run: \|
	fingerprint=$RANDOM
	echo "FINGERPRINT=$fingerprint" >> $GITHUB_ENV
	if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
	echo "DOCKER_DEVICES=--device=/dev/sgx/enclave --device=/dev/sgx/provision" >> $GITHUB_ENV
	echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd --volume /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" >> $GITHUB_ENV
	else
	echo "DOCKER_DEVICES=" >> $GITHUB_ENV
	echo "DOCKER_VOLUMES=" >> $GITHUB_ENV
	fi

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	with:
	buildkitd-flags: --debug
	driver: docker-container

	- name: Build Worker & Run Cargo Test
	env:
	DOCKER_BUILDKIT: 1
	run: >
	docker build -t integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}
	--target deployed-worker
	--build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg FINGERPRINT=${FINGERPRINT} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }} --build-arg SGX_MODE=${{ matrix.sgx_mode }}
	-f build.Dockerfile .

	- name: Build CLI client
	env:
	DOCKER_BUILDKIT: 1
	run: >
	docker build -t integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}
	--target deployed-client
	--build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg FINGERPRINT=${FINGERPRINT} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }}
	-f build.Dockerfile .

	- run: docker images --all

	- name: Test Enclave # cargo test is not supported in the enclave, see: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/232
	run: docker run ${{ env.DOCKER_DEVICES }} ${{ env.DOCKER_VOLUMES }} integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} test --all

	- name: Export worker image(s)
	run: \|
	docker image save integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} \| gzip > integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
	docker image save integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} \| gzip > integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz

	- name: Upload worker image
	uses: actions/upload-artifact@v3
	with:
	name: integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
	path: integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz

	- name: Upload CLI client image
	uses: actions/upload-artifact@v3
	with:
	name: integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
	path: integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz

	- name: Delete images
	run: \|
	if [[ "$(docker images -q integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} 2> /dev/null)" != "" ]]; then
	docker image rmi --force integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} 2>/dev/null
	fi
	if [[ "$(docker images -q integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} 2> /dev/null)" != "" ]]; then
	docker image rmi --force integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} 2>/dev/null
	fi
	docker images --all

	clippy:
	runs-on: ubuntu-latest
	container: "integritee/integritee-dev:0.2.2"
	steps:
	- uses: actions/checkout@v3
	- name: init rust
	# enclave is not in the same workspace
	run: rustup show && cd enclave-runtime && rustup show

	- name: Clippy default features
	run: cargo clippy -- -D warnings -A clippy::redundant-closure-call
	- name: Enclave # Enclave is separate as it's not in the workspace
	run: cd enclave-runtime && cargo clippy -- -D warnings -A clippy::redundant-closure-call

	- name: Clippy with Teeracle feature
	run: \|
	cargo clippy --features teeracle -- -D warnings -A clippy::redundant-closure-call
	cd enclave-runtime && cargo clippy --features teeracle -- -D warnings -A clippy::redundant-closure-call

	- name: Clippy with Offchain-worker feature
	run: \|
	cargo clippy --features offchain-worker -- -D warnings -A clippy::redundant-closure-call
	cd enclave-runtime && cargo clippy --features offchain-worker -- -D warnings -A clippy::redundant-closure-call

	- name: Fail-fast; cancel other jobs
	if: failure()
	uses: andymckay/cancel-action@0.3

	fmt:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- name: init rust
	run: rustup show

	- name: Worker & Client
	run: cargo fmt --all -- --check
	- name: Enclave # Enclave is separate as it's not in the workspace
	run: cd enclave-runtime && cargo fmt --all -- --check

	- name: Install taplo
	run: cargo install taplo-cli --locked
	- name: Cargo.toml fmt
	run: taplo fmt --check

	- name: Fail-fast; cancel other jobs
	if: failure()
	uses: andymckay/cancel-action@0.3

	release-build:
	runs-on: integritee-builder-sgx
	name: Release Build of teeracle
	if: startsWith(github.ref, 'refs/tags/')
	needs: [build-test]

	strategy:
	fail-fast: false
	matrix:
	include:
	- flavor_id: teeracle
	mode: teeracle
	sgx_mode: HW
	additional_features: dcap

	steps:
	- uses: actions/checkout@v3

	- name: Add masks
	run: \|
	echo "::add-mask::$VAULT_TOKEN"
	echo "::add-mask::$PRIVKEY_B64"
	echo "::add-mask::$PRIVKEY_PASS"

	- name: Set env
	run: \|
	fingerprint=$RANDOM
	echo "FINGERPRINT=$fingerprint" >> $GITHUB_ENV
	if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
	echo "DOCKER_DEVICES=--device=/dev/sgx/enclave --device=/dev/sgx/provision" >> $GITHUB_ENV
	echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd --volume /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" >> $GITHUB_ENV
	else
	echo "DOCKER_DEVICES=" >> $GITHUB_ENV
	echo "DOCKER_VOLUMES=" >> $GITHUB_ENV
	fi
	echo "VAULT_TOKEN=$VAULT_TOKEN" >> "$GITHUB_ENV"

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	with:
	buildkitd-flags: --debug
	driver: docker-container

	- name: Import secrets
	uses: hashicorp/vault-action@v2
	id: import-secrets
	with:
	url: ${{ secrets.VAULT_URL }}
	tlsSkipVerify: false
	token: ${{ env.VAULT_TOKEN }}
	exportEnv: false
	secrets: \|
	${{ secrets.VAULT_PATH }} intel_sgx_pem_base64 \| PRIVKEY_B64 ;
	${{ secrets.VAULT_PATH }} password \| PRIVKEY_PASS

	- name: Get secrets
	env:
	PRIVKEY_B64: ${{ steps.import-secrets.outputs.PRIVKEY_B64 }}
	PRIVKEY_PASS: ${{ steps.import-secrets.outputs.PRIVKEY_PASS }}
	run: \|
	echo $PRIVKEY_B64 \| base64 --ignore-garbage --decode > enclave-runtime/intel_sgx.pem
	echo $PRIVKEY_PASS > enclave-runtime/passfile.txt

	- name: Build Worker & Run Cargo Test
	env:
	DOCKER_BUILDKIT: 1
	run: >
	docker build -t integritee/${{ matrix.flavor_id }}:${{ github.ref_name }}
	--target deployed-worker
	--build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg SGX_COMMERCIAL_KEY=enclave-runtime/intel_sgx.pem --build-arg SGX_PASSFILE=enclave-runtime/passfile.txt --build-arg SGX_PRODUCTION=1 --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }} --build-arg SGX_MODE=${{ matrix.sgx_mode }}
	-f build.Dockerfile .

	- name: Save released teeracle
	run: \|
	docker image save integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} \| gzip > integritee-worker-${{ matrix.flavor_id }}-${{ github.ref_name }}.tar.gz
	docker images --all

	- name: Upload teeracle image
	uses: actions/upload-artifact@v3
	with:
	name: integritee-worker-${{ matrix.flavor_id }}-${{ github.ref_name }}.tar.gz
	path: integritee-worker-${{ matrix.flavor_id }}-${{ github.ref_name }}.tar.gz

	- name: Delete images
	run: \|
	if [[ "$(docker images -q integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} 2> /dev/null)" != "" ]]; then
	docker image rmi --force integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} 2>/dev/null
	fi
	docker images --all

	release:
	runs-on: ubuntu-latest
	name: Draft Release
	if: startsWith(github.ref, 'refs/tags/')
	needs: [build-test, release-build]
	outputs:
	release_url: ${{ steps.create-release.outputs.html_url }}
	asset_upload_url: ${{ steps.create-release.outputs.upload_url }}
	steps:
	- uses: actions/checkout@v3

	- name: Download Worker Image
	uses: actions/download-artifact@v3
	with:
	name: integritee-worker-teeracle-${{ github.ref_name }}.tar.gz
	path: .

	#
	# Temporary comment out until we decide what to release
	#
	# - name: Download Integritee Service
	# uses: actions/download-artifact@v3
	# with:
	# name: integritee-worker-sidechain-${{ github.sha }}
	# path: integritee-worker-tmp

	# - name: Download Integritee Client
	# uses: actions/download-artifact@v3
	# with:
	# name: integritee-client-sidechain-${{ github.sha }}
	# path: integritee-client-tmp

	# - name: Download Enclave Signed
	# uses: actions/download-artifact@v3
	# with:
	# name: enclave-signed-sidechain-${{ github.sha }}
	# path: enclave-signed-tmp

	# - name: Move service binaries
	# run: mv integritee-worker-tmp/integritee-service ./integritee-demo-validateer

	# - name: Move service client binaries
	# run: mv integritee-client-tmp/integritee-cli ./integritee-client

	# - name: Move service client binaries
	# run: mv enclave-signed-tmp/enclave.signed.so ./enclave.signed.so

	- name: Changelog
	uses: scottbrenner/generate-changelog-action@master
	id: Changelog

	- name: Display structure of downloaded files
	run: ls -R
	working-directory: .

	- name: Release
	id: create-release
	uses: softprops/action-gh-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	body: \|
	${{ steps.Changelog.outputs.changelog }}
	draft: true
	name: Docker ${{ github.ref_name }}
	files: \|
	integritee-worker-teeracle-${{ github.ref_name }}.tar.gz
	integritee-client
	integritee-demo-validateer
	enclave.signed.so

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #35 from encointer/ab/merge-multi-parnetchain-upst… #47

Workflow file

Merge pull request #35 from encointer/ab/merge-multi-parnetchain-upst… #47

Jobs

Run details

Workflow file for this run