From 5f0e84c256add757e01f177d71b9025c42b7eaa0 Mon Sep 17 00:00:00 2001 From: Igor Trofimov Date: Thu, 25 Jan 2024 10:42:04 +0000 Subject: [PATCH] check with another file --- .github/workflows/create-release-draft.yml | 14 ++- tee-worker/build-release.Dockerfile | 115 +++++++++++++++++++++ 2 files changed, 126 insertions(+), 3 deletions(-) create mode 100644 tee-worker/build-release.Dockerfile diff --git a/.github/workflows/create-release-draft.yml b/.github/workflows/create-release-draft.yml index 2b85dd343b..6a1e8c8249 100644 --- a/.github/workflows/create-release-draft.yml +++ b/.github/workflows/create-release-draft.yml @@ -181,6 +181,14 @@ jobs: WORKER_DOCKER_TAG=$(echo ${{ env.RELEASE_TAG }} | sed 's/.*\(w.*\)/\1/;s/w/v/') echo "WORKER_DOCKER_TAG=$WORKER_DOCKER_TAG" >> $GITHUB_ENV + - name: Free up disk space + if: startsWith(runner.name, 'GitHub Actions') + uses: jlumbroso/free-disk-space@main + with: + tool-cache: true + swap-storage: false + large-packages: false + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: @@ -193,7 +201,7 @@ jobs: uses: docker/build-push-action@v5 with: context: . - file: tee-worker/build.Dockerfile + file: tee-worker/build-release.Dockerfile tags: local-builder:latest target: builder build-args: | @@ -204,7 +212,7 @@ jobs: uses: docker/build-push-action@v5 with: context: . - file: tee-worker/build.Dockerfile + file: tee-worker/build-release.Dockerfile tags: litentry/litentry-worker:${{ env.WORKER_DOCKER_TAG }} target: deployed-worker @@ -212,7 +220,7 @@ jobs: uses: docker/build-push-action@v5 with: context: . - file: tee-worker/build.Dockerfile + file: tee-worker/build-release.Dockerfile tags: litentry/litentry-cli:${{ env.WORKER_DOCKER_TAG }} target: deployed-client diff --git a/tee-worker/build-release.Dockerfile b/tee-worker/build-release.Dockerfile new file mode 100644 index 0000000000..c8e06844d8 --- /dev/null +++ b/tee-worker/build-release.Dockerfile @@ -0,0 +1,115 @@ +# syntax=docker/dockerfile:1 +# Copyright 2021 Integritee AG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This is a multi-stage docker file, where the first stage is used +# for building and the second deploys the built application. + +### Builder Stage +################################################## +FROM litentry/litentry-tee-dev:latest AS builder +LABEL maintainer="Trust Computing GmbH " + +# set environment variables +ENV SGX_SDK /opt/sgxsdk +ENV PATH "$PATH:${SGX_SDK}/bin:${SGX_SDK}/bin/x64:/opt/rust/bin" +ENV PKG_CONFIG_PATH "${PKG_CONFIG_PATH}:${SGX_SDK}/pkgconfig" +ENV LD_LIBRARY_PATH "${LD_LIBRARY_PATH}:${SGX_SDK}/sdk_libs" +ENV CARGO_NET_GIT_FETCH_WITH_CLI true + +ENV SCCACHE_CACHE_SIZE="20G" +ENV SCCACHE_DIR="/opt/rust/sccache" +ENV RUSTC_WRAPPER="/opt/rust/bin/sccache" + +# Default SGX MODE is software mode +ARG SGX_MODE=SW +ENV SGX_MODE=$SGX_MODE + +ARG SGX_PRODUCTION=0 +ENV SGX_PRODUCTION=$SGX_PRODUCTION + +ENV HOME=/home/ubuntu + +ARG WORKER_MODE_ARG +ENV WORKER_MODE=$WORKER_MODE_ARG + +ARG ADDITIONAL_FEATURES_ARG +ENV ADDITIONAL_FEATURES=$ADDITIONAL_FEATURES_ARG + +ARG FINGERPRINT=none + +WORKDIR $HOME/tee-worker +COPY . $HOME + +RUN make +RUN cargo test --release + + +### Base Runner Stage +################################################## +FROM node:18-bookworm-slim AS runner + +RUN apt update && apt install -y libssl-dev iproute2 jq curl +RUN corepack enable && corepack prepare pnpm@8.7.6 --activate && corepack enable pnpm + + +### Deployed CLI client +################################################## +FROM runner AS deployed-client +LABEL maintainer="Trust Computing GmbH " + +ARG SCRIPT_DIR=/usr/local/worker-cli +ARG LOG_DIR=/usr/local/log + +ENV SCRIPT_DIR ${SCRIPT_DIR} +ENV LOG_DIR ${LOG_DIR} + +RUN mv /home/ubuntu/tee-worker/bin/litentry-cli /usr/local/bin +RUN mv /home/ubuntu/tee-worker/cli/*.sh /usr/local/worker-cli/ + +RUN chmod +x /usr/local/bin/litentry-cli ${SCRIPT_DIR}/*.sh +RUN mkdir ${LOG_DIR} + +RUN ldd /usr/local/bin/litentry-cli && /usr/local/bin/litentry-cli --version + +ENTRYPOINT ["/usr/local/bin/litentry-cli"] + + +### Deployed worker service +################################################## +FROM runner AS deployed-worker +LABEL maintainer="Trust Computing GmbH " + +WORKDIR /usr/local/bin + +RUN mv /opt/sgxsdk /opt/sgxsdk +RUN mv /home/ubuntu/tee-worker/bin/* /usr/local/bin +RUN mv /home/ubuntu/tee-worker/cli/*.sh /usr/local/worker-cli/ +RUN mv /lib/x86_64-linux-gnu/libsgx* /lib/x86_64-linux-gnu/ +RUN mv /lib/x86_64-linux-gnu/libdcap* /lib/x86_64-linux-gnu/ + +RUN touch spid.txt key.txt +RUN chmod +x /usr/local/bin/litentry-worker +RUN ls -al /usr/local/bin + +# checks +ENV SGX_SDK /opt/sgxsdk +ENV SGX_ENCLAVE_SIGNER $SGX_SDK/bin/x64/sgx_sign +ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/intel/sgx-aesm-service/aesm:$SGX_SDK/sdk_libs +ENV AESM_PATH=/opt/intel/sgx-aesm-service/aesm + +RUN ldd /usr/local/bin/litentry-worker && /usr/local/bin/litentry-worker --version + +# TODO: use entrypoint and aesm service launch, see P-295 too +ENTRYPOINT ["/usr/local/bin/litentry-worker"] \ No newline at end of file