From dc8f7710933dfd499c4f085ee7749a3bc17a21e6 Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Wed, 13 Nov 2024 10:58:31 -0600 Subject: [PATCH] add rust-sgx --- .github/workflows/ci.yaml | 98 ++++++++++++++------------------------- Dockerfile.fat-builder | 3 +- Dockerfile.rust-sgx | 3 +- 3 files changed, 39 insertions(+), 65 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 65f9b16..e53d5ca 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -7,8 +7,8 @@ on: tags: - 'v*.*.*' -# env: -# PUSH: ${{ github.event_name == 'pull_request' && 'false' || 'true' }} +env: + PULL_REQUEST: ${{ github.event_name == 'pull_request' && 'false' || 'true' }} concurrency: group: ${{ github.workflow }} @@ -28,6 +28,9 @@ jobs: uses: mobilecoinofficial/gh-actions/lint-docker@v0 docker-rust-base: + needs: + - lint-actions + - lint-docker strategy: matrix: runner: @@ -40,7 +43,7 @@ jobs: - name: Docker rust-base id: build - uses: mobilecoinofficial/gh-actions/docker@4e8da3b222fe4dcf5a8d7ad04dd37b1c43c8c7a5 + uses: mobilecoinofficial/gh-actions/docker@ce66543a382e20624b6db7f5ffc1226227114871 with: dockerfile: Dockerfile.rust-base images: mobilecoin/rust-base @@ -55,7 +58,7 @@ jobs: touch "/tmp/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v4 + uses: mobilecoinofficial/gh-actions/upload-artifact@v0 with: name: digests-rust-base-${{ runner.arch }} path: /tmp/digests/* @@ -68,7 +71,7 @@ jobs: - docker-rust-base steps: - name: Merge and Tag Digests - uses: mobilecoinofficial/gh-actions/docker-merge-digests@8ed6075d8f78f3c63f6836526448c36a20c137d0 + uses: mobilecoinofficial/gh-actions/docker-merge-digests@ce66543a382e20624b6db7f5ffc1226227114871 with: digest_artifact_prefix: digests-rust-base images: mobilecoin/rust-base @@ -79,65 +82,34 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - # - name: Download digests - # uses: actions/download-artifact@v4 - # with: - # path: /tmp/digests - # pattern: digests-rust-base* - # merge-multiple: true - - # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@v3 - - # - name: Docker meta - # id: meta - # uses: docker/metadata-action@v5 - # with: - # images: mobilecoin/rust-base - # tags: | - # type=semver,pattern=v{{version}} - # type=sha - - # - name: Login to Docker Hub - # uses: docker/login-action@v3 - # with: - # username: ${{ secrets.DOCKERHUB_USERNAME }} - # password: ${{ secrets.DOCKERHUB_TOKEN }} - - # - name: Create manifest list and push - # shell: bash - # working-directory: /tmp/digests - # run: | - # # Grab the tags from metadata-action ENV with jq - # # Gather all the digests for the images pushed (names of empty files stored as artifacts) - # # Push a manifest (tag) with all the digests to dockerhub - # docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - # $(printf 'mobilecoin/rust-base@sha256:%s ' *) - - - # docker-rust-sgx: - # needs: - # - docker-rust-base - # runs-on: mco-dev-small-x64 - # steps: - # - name: Checkout - # uses: mobilecoinofficial/gh-actions/checkout@v0 + docker-rust-sgx: + needs: + - docker-rust-base-merge + runs-on: mco-dev-small-x64 + steps: + - name: Checkout + uses: mobilecoinofficial/gh-actions/checkout@v0 + + - name: Short Sha + id: short_sha + uses: mobilecoinofficial/gh-actions/short-sha@ce66543a382e20624b6db7f5ffc1226227114871 + + - name: Docker rust-sgx + id: build + uses: mobilecoinofficial/gh-actions/docker@ce66543a382e20624b6db7f5ffc1226227114871 + with: + dockerfile: Dockerfile.rust-sgx + flavor: latest=true + images: mobilecoin/rust-sgx + tags: | + type=semver,pattern=v{{version}} + type=sha + build_args: | + BASE_IMAGE_TAG=${{ steps.short_sha.outputs.short_sha }} + push: true + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - # - name: Docker rust-sgx - # uses: mobilecoinofficial/gh-actions/docker@v0 - # with: - # flavor: latest=true - # dockerfile: Dockerfile.rust-sgx - # images: mobilecoin/rust-sgx - # tags: | - # type=ref,event=branch - # type=semver,pattern=v{{version}} - # type=semver,pattern=v{{major}}.{{minor}} - # type=semver,pattern=v{{major}} - # type=sha - # push: true - # username: ${{ secrets.DOCKERHUB_USERNAME }} - # password: ${{ secrets.DOCKERHUB_TOKEN }} # docker-fat-builder: # needs: diff --git a/Dockerfile.fat-builder b/Dockerfile.fat-builder index c377ae3..8fb109d 100644 --- a/Dockerfile.fat-builder +++ b/Dockerfile.fat-builder @@ -8,7 +8,8 @@ # "FROM mobilecoin/rust-sgx:latest" as mobilecoin/rust-sgx-builder:latest ARG BASE_IMAGE=rust-base -FROM mobilecoin/${BASE_IMAGE}:latest +ARG BASE_IMAGE_TAG=latest +FROM mobilecoin/${BASE_IMAGE}:${BASE_IMAGE_TAG} ARG TARGETARCH SHELL ["/bin/bash", "-o", "pipefail", "-c"] diff --git a/Dockerfile.rust-sgx b/Dockerfile.rust-sgx index 1a85ece..c05f6a0 100644 --- a/Dockerfile.rust-sgx +++ b/Dockerfile.rust-sgx @@ -3,7 +3,8 @@ # Rust with SGX libraries # Note: only works for x86_64/amd64 and is intended to be built immediately after the rust-base image. -FROM mobilecoin/rust-base:latest +ARG BASE_IMAGE_TAG=latest +FROM mobilecoin/rust-base:${BASE_IMAGE_TAG} SHELL ["/bin/bash", "-o", "pipefail", "-c"]