From 0157e7ed1ed51803791010cf4e4c44c3e4860097 Mon Sep 17 00:00:00 2001 From: Mic Bowman Date: Thu, 3 Oct 2024 16:45:55 -0600 Subject: [PATCH 1/2] Change the way we compute the version so that github workflows can use this Version information is kept in the file VERSION. The file contains lines for each version from the most recent to the most distant. Each tab separated line contains a version (of the form v?[0-9]+.[0-9]+.[0-9]+) and the hash of a git commit that represents that version. Each line may also have a short description separated by a tab. When a new version is committed, only the VERSION file should be modified and the commit should be tagged (annotated tag) with the version number. This also required some changes to the github workflow to pull the full history of the repository (otherwise the patch level of the version cannot be computed). Signed-off-by: Mic Bowman Apply suggestions from code review Co-authored-by: Michael Steiner Signed-off-by: Mic Bowman --- .github/workflows/ci.yaml | 13 +++- VERSION | 3 + bin/get_version | 69 +++++++++++--------- bin/set_version | 100 +++++++++++++++++++++++++++++ build/cmake/ProjectVariables.cmake | 8 ++- 5 files changed, 158 insertions(+), 35 deletions(-) create mode 100644 VERSION create mode 100755 bin/set_version diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e82c31e3..c6faf01f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,7 +8,7 @@ jobs: pdo_ci: if: "!contains(github.event.commits[0].message, '[skip ci]')" name: PDO CI Job - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 strategy: matrix: @@ -17,7 +17,16 @@ jobs: steps: - name: Check out repo - uses: actions/checkout@v2 + uses: actions/checkout@v4 + with: + submodules: recursive + fetch-depth: 0 + fetch-tags: true + + - name: Display branch name + run: | + echo "Building branch $GITHUB_HEAD_REF" + echo PDO VERSION is $(bin/get_version) - name: Build and run tests if: "!contains(github.event.commits[0].message, '[debug]')" diff --git a/VERSION b/VERSION new file mode 100644 index 00000000..7972eadf --- /dev/null +++ b/VERSION @@ -0,0 +1,3 @@ +0.3.0 5fa37a13fac2749b1a6a43039ed2bee16d6cc70e +0.2.0 90884c67bf6c1445f96e068c5c06904a89de2411 +0.1.0 cd993a69cd5955ebfe5a9e74b37e26c1b479ddce diff --git a/bin/get_version b/bin/get_version index bfca2dd9..d78cf4dc 100755 --- a/bin/get_version +++ b/bin/get_version @@ -14,35 +14,42 @@ # See the License for the specific language governing permissions and # limitations under the License. +import argparse +import os +import pathlib import subprocess -import sys -import warnings - -count = 0 -commit = '' -dirty = '' - -try : - output = subprocess.check_output(['git', 'describe', '--dirty']) - (version, *rest) = output.decode('utf-8').strip().split('-') - (major, minor, patch) = version.strip('v').split('.') - - # first case: this is a dirty tagged release, only dirty flag - if len(rest) == 1 : - assert rest[0] == 'dirty' - dirty = 'dirty' - # second case: this is a committed post tag release - elif len(rest) == 2 : - count = rest[0] - commit = rest[1] - # third case: this is a dirty, committed post tag release - elif len(rest) == 3 : - assert rest[2] == 'dirty' - count = rest[0] - commit = rest[1] - dirty = rest[2] - - print('{}.{}.{}'.format(major, minor, count)) -except Exception as e : - warnings.warn('failed to compute version, using default') - print('0.0.0') + +pdo_source_root=pathlib.Path(__file__).parent.parent +version_file = pdo_source_root / 'VERSION' + +parser = argparse.ArgumentParser() + +parser.add_argument( + '--version-file', '-f', + help=f'File where version information is stored (default: {version_file})', + type=str) + +options = parser.parse_args() + +if options.version_file : + version_file = pathlib.Path(options.version_file) + pdo_source_root = version_file.parent + +# the version file is a tab separated list of version numbers and git commit hashes in reverse +# order (newest is at the top of the file) +with open(version_file, 'r') as vf : + (version, commit, *rest) = vf.readline().strip().split('\t') + +# the version is of the form x.y.z, there may be an optional 'v' at the beginning of the version +# string +(major, minor, patch) = version.strip('v').split('.') + +# compute the number of commits since the tagged version was +# committed to the repository +command = ['git', 'rev-list', commit + '...HEAD', '--count'] +output = subprocess.run(command, cwd=pdo_source_root, capture_output=True, text=True) +count = output.stdout.strip() + +# the actual patch version number is the recorded patch number added to the number of commits +# since the version was committed +print('{}.{}.{}'.format(major, minor, int(patch) + int(count))) diff --git a/bin/set_version b/bin/set_version new file mode 100755 index 00000000..d83d4efb --- /dev/null +++ b/bin/set_version @@ -0,0 +1,100 @@ +#!/usr/bin/env python3 + +# Copyright 2018 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Add a new version to the version file. The version file is a tab separated list of version numbers +# and git commit hashes in reverse order (newest is at the top of the file). The version may contain +# a short description as well. + +import argparse +import datetime +import os +import pathlib +import subprocess + +pdo_source_root=pathlib.Path(__file__).parent.parent +version_file = pdo_source_root / 'VERSION' + +parser = argparse.ArgumentParser() + +parser.add_argument( + '--version-file', '-f', + help=f'File where version information is stored (default: {version_file})', + type=str) + +parser.add_argument( + '--version', '-v', + help='Version to commit, form .. (default: increment minor version by one and reset patch level)', + type=str) + +parser.add_argument( + '--description', '-d', + help='Optional description to add to the version', + type=str) + +parser.add_argument( + '--commit', '-c', + help='Hash of the git commit to associate with the version (default: commit at HEAD)', + type=str) + +options = parser.parse_args() + +# Get the VERSION file and current source path +if options.version_file : + version_file = pathlib.Path(options.version_file) + pdo_source_root = version_file.parent + +# Compute the new version, by default the version will increment the minor version of the most +# recent version and reset the patch level. the version is of the form x.y.z, there may be an +# optional 'v' at the beginning of the version string +if options.version : + version = options.version + (major, minor, patch) = version.strip('v').split('.') + + major = int(major) + minor = int(minor) + patch = int(patch) + +else : + # get the current version information from the version file + with open(version_file, 'r') as vf : + (version, commit, *rest) = vf.readline().strip().split('\t') + + (major, minor, patch) = version.strip('v').split('.') + + major = int(major) + minor = int(minor) + 1 + patch = 0 + +# Compute the commit to associate with the new version +if options.commit : + command = ['git', 'rev-parse', options.commit] +else : + command = ['git', 'rev-parse', 'HEAD'] + +output = subprocess.run(command, cwd=pdo_source_root, capture_output=True, text=True) +output.check_returncode() +commit = output.stdout.strip() + +description = str(datetime.date.today()) +if options.description : + description += f' {options.description}' + +# Finally write the new version out to the VERSION file +version_entry = f'{major}.{minor}.{patch}\t{commit}\t{description}' +with open(version_file, 'r+') as vf : + content = vf.read() + vf.seek(0,0) + vf.write(version_entry + '\n' + content) diff --git a/build/cmake/ProjectVariables.cmake b/build/cmake/ProjectVariables.cmake index b12f5ef1..88a6974b 100644 --- a/build/cmake/ProjectVariables.cmake +++ b/build/cmake/ProjectVariables.cmake @@ -85,9 +85,13 @@ ENDIF() # the version if something goes wrong (like running # without any annotated version tags) EXECUTE_PROCESS( - COMMAND ./get_version - WORKING_DIRECTORY ${PDO_SOURCE_ROOT}/bin + COMMAND ${PDO_SOURCE_ROOT}/bin/get_version + WORKING_DIRECTORY ${PDO_SOURCE_ROOT} OUTPUT_VARIABLE PDO_VERSION ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE ) + +IF (NOT PDO_VERSION) + MESSAGE(FATAL_ERROR "Unable to compute PDO_VERSION") +ENDIF() From c4841eea87a6b4be659f31af2aa9b1740a1f8621 Mon Sep 17 00:00:00 2001 From: Mic Bowman Date: Thu, 3 Oct 2024 17:22:52 -0600 Subject: [PATCH 2/2] Clean up the docker configuration files based on trivy feedback Note that trivy notes errors about missing USER declarations. The final images that are built, pdo_ccf, pdo_services, and pdo_client all have users defined. Signed-off-by: Mic Bowman --- docker/pdo_base.dockerfile | 2 +- docker/pdo_ccf_base.dockerfile | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docker/pdo_base.dockerfile b/docker/pdo_base.dockerfile index 5be86fa7..52af201a 100644 --- a/docker/pdo_base.dockerfile +++ b/docker/pdo_base.dockerfile @@ -27,7 +27,7 @@ ARG ADD_APT_PKGS= ENV DEBIAN_FRONTEND "noninteractive" RUN apt-get update \ - && apt-get install -y -q \ + && apt-get install -y -q --no-install-recommends \ autoconf \ automake \ build-essential \ diff --git a/docker/pdo_ccf_base.dockerfile b/docker/pdo_ccf_base.dockerfile index e163d9bb..66d50f07 100644 --- a/docker/pdo_ccf_base.dockerfile +++ b/docker/pdo_ccf_base.dockerfile @@ -31,7 +31,7 @@ ARG ADD_APT_PKGS= ENV DEBIAN_FRONTEND "noninteractive" RUN apt-get update \ - && apt-get install -y -q \ + && apt-get install -y -q --no-install-recommends \ libsecp256k1-dev \ lsof \ python \ @@ -46,8 +46,9 @@ RUN apt-get update \ RUN echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu ${UBUNTU_NAME} main" >> /etc/apt/sources.list RUN curl https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - + RUN apt-get update \ - && apt-get install -y \ + && apt-get install -y --no-install-recommends \ sgx-aesm-service \ libsgx-dcap-ql \ libsgx-urts \