From c517444ae23196bb9f2f420f0bfe5c7ffed24da2 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 28 Jun 2024 15:10:20 +0000 Subject: [PATCH 01/36] Create file --- .github/workflows/release.yml | 65 +++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000000..589a8b7e7603 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,65 @@ +name: Release + +on: + push: + branches: + - main + - gha_release + workflow_dispatch: + +permissions: + contents: read + actions: read + checks: write + +jobs: + check_release_notes: + name: "Check Release Notes" + runs-on: ubuntu-latest + container: ghcr.io/microsoft/ccf/ci/default:build-26-06-2024 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + - name: "Check Release Notes" + run: | + set -ex + python3.8 scripts/extract-release-notes.py --target-git-version + shell: bash + + build_release: + needs: check_release_notes + name: Release + strategy: + matrix: + platform: + - name: virtual + image: default + nodes: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] + options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro + - name: snp + image: default + nodes: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] + options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro + - name: sgx + image: sgx + nodes: [self-hosted, 1ES.Pool=gha-sgx-ccf-sub] + options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro + runs-on: ${{ matrix.platform.nodes }} + container: + image: ghcr.io/microsoft/ccf/ci/${{ matrix.platform.image }}:build-26-06-2024 + options: ${{ matrix.platform.options }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: "Build Release ${{ matrix.platform.name }}" + run: | + set -ex + git config --global --add safe.directory /__w/CCF/CCF + mkdir build + cd build + cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} .. + ninja + shell: bash From d85e85a0637e871b4098ad5578ffaa541cba9531 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 28 Jun 2024 15:12:04 +0000 Subject: [PATCH 02/36] Don't need container --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 589a8b7e7603..d40d5b716e69 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,6 @@ jobs: check_release_notes: name: "Check Release Notes" runs-on: ubuntu-latest - container: ghcr.io/microsoft/ccf/ci/default:build-26-06-2024 steps: - uses: actions/checkout@v4 with: From f200c43bd324c2c7276d2fcb7daaf989918e8a5f Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 28 Jun 2024 15:17:59 +0000 Subject: [PATCH 03/36] On tags --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d40d5b716e69..82cebf542cc3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,8 @@ on: branches: - main - gha_release + tags: + - "ccf-0.*" workflow_dispatch: permissions: From d3d4d69c2ade6ce9b20468757fa74f93f02167b6 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 28 Jun 2024 15:21:40 +0000 Subject: [PATCH 04/36] python --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 82cebf542cc3..33ad9559e436 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: - name: "Check Release Notes" run: | set -ex - python3.8 scripts/extract-release-notes.py --target-git-version + python scripts/extract-release-notes.py --target-git-version shell: bash build_release: From 910527c2002308a43e6900884c396f5efa86d001 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Fri, 28 Jun 2024 15:26:13 +0000 Subject: [PATCH 05/36] 0.0.2 --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd2157218cde..c56277debb91 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [0.0.2] + +[0.0.2]: https://github.com/microsoft/CCF/releases/tag/ccf-0.0.2 + ## [5.0.0-rc0] [5.0.0-rc0]: https://github.com/microsoft/CCF/releases/tag/ccf-5.0.0-rc0 From c1fa83c0a4e0893ece90aedab4cefb734468ac4f Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 1 Jul 2024 10:48:08 +0000 Subject: [PATCH 06/36] Upload artifacts --- .github/workflows/release.yml | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 33ad9559e436..4be336f014b1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: - name: "Check Release Notes" run: | set -ex - python scripts/extract-release-notes.py --target-git-version + # python scripts/extract-release-notes.py --target-git-version shell: bash build_release: @@ -61,6 +61,27 @@ jobs: git config --global --add safe.directory /__w/CCF/CCF mkdir build cd build - cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} .. + cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} -DCLIENT_PROTOCOLS_TEST=ON .. ninja shell: bash + + - name: "Make .deb Package" + id: make_deb + run: | + set -ex + set -o pipefail + cmake -L .. 2>/dev/null | grep CMAKE_INSTALL_PREFIX: | cut -d = -f 2 > /tmp/install_prefix + cpack -V -G DEB + INITIAL_PKG=`ls *.deb` + CCF_GITHUB_PKG=${INITIAL_PKG//\~/_} + if [[ "$INITIAL_PKG" != "$CCF_GITHUB_PKG" ]]; then + mv $INITIAL_PKG $CCF_GITHUB_PKG + fi + echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT + shell: bash + + - name: "Upload .deb Package" + uses: actions/upload-artifact@v4 + with: + name: pkg-${{ matrix.platform.name }} + path: ${{ steps.make_deb.outputs.name }} \ No newline at end of file From 8f2f08484b9d57937e597f8a224ed95244ba2a29 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 1 Jul 2024 11:45:46 +0000 Subject: [PATCH 07/36] In Build --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4be336f014b1..c93c084910f1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -70,6 +70,7 @@ jobs: run: | set -ex set -o pipefail + cd build cmake -L .. 2>/dev/null | grep CMAKE_INSTALL_PREFIX: | cut -d = -f 2 > /tmp/install_prefix cpack -V -G DEB INITIAL_PKG=`ls *.deb` From 6278e37ccf82fb04af39a814e0502e3f6ded8b02 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 1 Jul 2024 12:03:05 +0000 Subject: [PATCH 08/36] In Build --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c93c084910f1..db31ecc1c747 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -85,4 +85,4 @@ jobs: uses: actions/upload-artifact@v4 with: name: pkg-${{ matrix.platform.name }} - path: ${{ steps.make_deb.outputs.name }} \ No newline at end of file + path: build/${{ steps.make_deb.outputs.name }} \ No newline at end of file From 86951b9ed198b36d3ba1a73518a5d135ed2f2170 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 1 Jul 2024 12:53:47 +0000 Subject: [PATCH 09/36] Download --- .github/workflows/release.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index db31ecc1c747..7e86c7a0e300 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -85,4 +85,16 @@ jobs: uses: actions/upload-artifact@v4 with: name: pkg-${{ matrix.platform.name }} - path: build/${{ steps.make_deb.outputs.name }} \ No newline at end of file + path: build/${{ steps.make_deb.outputs.name }} + + download: + needs: build_release + runs-on: ubuntu-latest + steps: + - name: Download All Artifacts + uses: actions/download-artifact@v4 + with: + path: pkg + pattern: pkg-* + merge-multiple: true + - run: ls -R pkg \ No newline at end of file From 01a4211bc5ad94beedc43f024e8da958530faacf Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 1 Jul 2024 15:31:17 +0000 Subject: [PATCH 10/36] relnotes --- .github/workflows/release.yml | 28 ++++++++++++++++++++++------ CHANGELOG.md | 4 ++-- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7e86c7a0e300..05155d3ed8df 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,8 +15,8 @@ permissions: checks: write jobs: - check_release_notes: - name: "Check Release Notes" + release_notes: + name: "Release Notes" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -25,11 +25,21 @@ jobs: - name: "Check Release Notes" run: | set -ex - # python scripts/extract-release-notes.py --target-git-version + python scripts/extract-release-notes.py --target-git-version shell: bash + - name: "Produce Release Notes" + run: | + set -ex + set -o pipefail + python3.8 ./scripts/extract-release-notes.py --target-git-version --append-mcr-images --describe-path-changes "./samples/constitution" | tee rel-notes.md + - name: "Upload .deb Package" + uses: actions/upload-artifact@v4 + with: + name: relnotes + path: rel-notes.md build_release: - needs: check_release_notes + needs: release_notes name: Release strategy: matrix: @@ -91,10 +101,16 @@ jobs: needs: build_release runs-on: ubuntu-latest steps: - - name: Download All Artifacts + - name: Download Packages uses: actions/download-artifact@v4 with: path: pkg pattern: pkg-* merge-multiple: true - - run: ls -R pkg \ No newline at end of file + - name: Download Release notes + uses: actions/download-artifact@v4 + with: + name: relnotes + - run: | + ls + ls -R pkg \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index c56277debb91..128b7cd6a1c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,9 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## [0.0.2] +## [0.0.7] -[0.0.2]: https://github.com/microsoft/CCF/releases/tag/ccf-0.0.2 +[0.0.7]: https://github.com/microsoft/CCF/releases/tag/ccf-0.0.7 ## [5.0.0-rc0] From 35fbd50c5a7090e4f0a5486d19e2b89794de68f2 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 1 Jul 2024 15:36:54 +0000 Subject: [PATCH 11/36] Unversion --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 05155d3ed8df..2dff3ce61533 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,7 +31,7 @@ jobs: run: | set -ex set -o pipefail - python3.8 ./scripts/extract-release-notes.py --target-git-version --append-mcr-images --describe-path-changes "./samples/constitution" | tee rel-notes.md + python ./scripts/extract-release-notes.py --target-git-version --append-mcr-images --describe-path-changes "./samples/constitution" | tee rel-notes.md - name: "Upload .deb Package" uses: actions/upload-artifact@v4 with: From 2fee9e404d5854aaf3275f38e181b1fb78606f61 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 1 Jul 2024 16:02:50 +0000 Subject: [PATCH 12/36] Test --- .github/workflows/release.yml | 12 ++++++++---- CHANGELOG.md | 8 ++++++-- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2dff3ce61533..582857cddc06 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ permissions: jobs: release_notes: - name: "Release Notes" + name: Release Notes runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -40,7 +40,7 @@ jobs: build_release: needs: release_notes - name: Release + name: Build Release strategy: matrix: platform: @@ -97,8 +97,9 @@ jobs: name: pkg-${{ matrix.platform.name }} path: build/${{ steps.make_deb.outputs.name }} - download: + create_release: needs: build_release + name: Create Release runs-on: ubuntu-latest steps: - name: Download Packages @@ -113,4 +114,7 @@ jobs: name: relnotes - run: | ls - ls -R pkg \ No newline at end of file + ls -R pkg + - run: | + gh release create --title "CCF ${{ github.ref }}" --draft --notes-file rel-notes.md pkg/* + shell: bash \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 128b7cd6a1c3..1dbfb7cfe33c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## [0.0.7] +## [0.0.8] -[0.0.7]: https://github.com/microsoft/CCF/releases/tag/ccf-0.0.7 +[0.0.8]: https://github.com/microsoft/CCF/releases/tag/ccf-0.0.8 + +### Test + +This is a test release. ## [5.0.0-rc0] From c991caebb746c6f643434c2e11d3f6d1ea856ca5 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 1 Jul 2024 16:37:49 +0000 Subject: [PATCH 13/36] token --- .github/workflows/release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 582857cddc06..938123618c6a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,7 +10,7 @@ on: workflow_dispatch: permissions: - contents: read + contents: write actions: read checks: write @@ -117,4 +117,6 @@ jobs: ls -R pkg - run: | gh release create --title "CCF ${{ github.ref }}" --draft --notes-file rel-notes.md pkg/* - shell: bash \ No newline at end of file + shell: bash + env: + GH_TOKEN: ${{ github.token }} \ No newline at end of file From cac280dfb7bb19a2ba2b9de7ccfcd76dd2f6c880 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Mon, 1 Jul 2024 18:57:55 +0000 Subject: [PATCH 14/36] git --- .github/workflows/release.yml | 3 +++ CHANGELOG.md | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 938123618c6a..beb8c991aecd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -102,6 +102,9 @@ jobs: name: Create Release runs-on: ubuntu-latest steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 1 - name: Download Packages uses: actions/download-artifact@v4 with: diff --git a/CHANGELOG.md b/CHANGELOG.md index 1dbfb7cfe33c..723499510d65 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,9 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## [0.0.8] +## [0.0.9] -[0.0.8]: https://github.com/microsoft/CCF/releases/tag/ccf-0.0.8 +[0.0.9]: https://github.com/microsoft/CCF/releases/tag/ccf-0.0.9 ### Test From 8e49960ab1099616208884f438932cf797242e7d Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 08:28:56 +0000 Subject: [PATCH 15/36] LVI migitations on SGX --- .github/workflows/release.yml | 48 ++++++++++++++++------------------- 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index beb8c991aecd..fa2c87aa8d7c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -47,19 +47,18 @@ jobs: - name: virtual image: default nodes: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] - options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - name: snp image: default nodes: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] - options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro - name: sgx image: sgx nodes: [self-hosted, 1ES.Pool=gha-sgx-ccf-sub] - options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro + container_options: --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx + cmake_options: -DLVI_MITIGATIONS=ON runs-on: ${{ matrix.platform.nodes }} container: image: ghcr.io/microsoft/ccf/ci/${{ matrix.platform.image }}:build-26-06-2024 - options: ${{ matrix.platform.options }} + options: "--user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro ${{ matrix.platform.container_options }}" steps: - uses: actions/checkout@v4 with: @@ -71,7 +70,7 @@ jobs: git config --global --add safe.directory /__w/CCF/CCF mkdir build cd build - cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} -DCLIENT_PROTOCOLS_TEST=ON .. + cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} ${{ matrix.platform.cmake_options }} -DCLIENT_PROTOCOLS_TEST=ON .. ninja shell: bash @@ -102,24 +101,21 @@ jobs: name: Create Release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - name: Download Packages - uses: actions/download-artifact@v4 - with: - path: pkg - pattern: pkg-* - merge-multiple: true - - name: Download Release notes - uses: actions/download-artifact@v4 - with: - name: relnotes - - run: | - ls - ls -R pkg - - run: | - gh release create --title "CCF ${{ github.ref }}" --draft --notes-file rel-notes.md pkg/* - shell: bash - env: - GH_TOKEN: ${{ github.token }} \ No newline at end of file + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + - name: Download Packages + uses: actions/download-artifact@v4 + with: + path: pkg + pattern: pkg-* + merge-multiple: true + - name: Download Release notes + uses: actions/download-artifact@v4 + with: + name: relnotes + - run: | + gh release create --title "CCF ${{ github.ref }}" --draft --notes-file rel-notes.md pkg/* + shell: bash + env: + GH_TOKEN: ${{ github.token }} From a54d1519229b79c0b5c707465fd1e729a02ea650 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 15:59:33 +0000 Subject: [PATCH 16/36] Post install tests --- .github/workflows/release.yml | 62 ++++++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fa2c87aa8d7c..0016f36c4405 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -71,9 +71,39 @@ jobs: mkdir build cd build cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} ${{ matrix.platform.cmake_options }} -DCLIENT_PROTOCOLS_TEST=ON .. - ninja + ninja -v | build.log shell: bash + - name: "Check Mitigation Flags" + run: | + cd build + python3 ../scripts/build-check.py < build.log SNPCC + shell: bash + if: ${{ matrix.platform.name == 'snp' }} + + - name: "Install Extended Testing Tools" + run: | + set -ex + sudo apt-get -y update + sudo apt install ansible -y + cd getting_started/setup_vm + ansible-playbook ccf-extended-testing.yml + shell: bash + if: ${{ matrix.platform.name != 'snp' }} + + - name: "Test ${{ matrix.platform.name }}" + run: | + set -ex + cd build + rm -rf /github/home/.cache + mkdir -p /github/home/.cache + export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15) + # Unit tests + ./tests.sh --output-on-failure -L unit -j$(nproc --all) + ./tests.sh --timeout 360 --output-on-failure -LE "benchmark|perf|unit" + shell: bash + if: "${{ matrix.platform.name != 'snp' }}" + - name: "Make .deb Package" id: make_deb run: | @@ -90,6 +120,36 @@ jobs: echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT shell: bash + - name: "Install CCF Debian package" + run: | + set -ex + sudo apt -y install ${{ steps.make_deb.outputs.name }} + shell: bash + + - name: "Test Installed CCF" + run: | + set -ex + set -o pipefail + cd build + cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./test_install.sh {}" + shell: bash + if: "${{ matrix.platform.name != 'snp' }}" + + - name: "Recovery Benchmark for Installed CCF" + run: | + set -ex + set -o pipefail + cd build + cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./recovery_benchmark.sh {}" + shell: bash + if: "${{ matrix.platform.name != 'snp' }}" + + - name: "Test Building a Sample Against Installed CCF" + run: | + set -ex + ./tests/test_install_build.sh -DCOMPILE_TARGET=${{ matrix.platform.name }} + shell: bash + - name: "Upload .deb Package" uses: actions/upload-artifact@v4 with: From 392812476807129a2f269a410e6042f0ac9f761e Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 16:00:32 +0000 Subject: [PATCH 17/36] No images --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0016f36c4405..dc38763cf4c1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,7 +31,7 @@ jobs: run: | set -ex set -o pipefail - python ./scripts/extract-release-notes.py --target-git-version --append-mcr-images --describe-path-changes "./samples/constitution" | tee rel-notes.md + python ./scripts/extract-release-notes.py --target-git-version --describe-path-changes "./samples/constitution" | tee rel-notes.md - name: "Upload .deb Package" uses: actions/upload-artifact@v4 with: From 426727ddfc6c7e78e7de06fc7cd25aa6be830044 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 16:12:06 +0000 Subject: [PATCH 18/36] tee --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dc38763cf4c1..498b2fd06da2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -71,7 +71,7 @@ jobs: mkdir build cd build cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} ${{ matrix.platform.cmake_options }} -DCLIENT_PROTOCOLS_TEST=ON .. - ninja -v | build.log + ninja -v | tee build.log shell: bash - name: "Check Mitigation Flags" From 342963315b73c75c2178c3180d05eb09d77b2834 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 16:35:22 +0000 Subject: [PATCH 19/36] build --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 498b2fd06da2..560a325275c7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -123,6 +123,7 @@ jobs: - name: "Install CCF Debian package" run: | set -ex + cd build sudo apt -y install ${{ steps.make_deb.outputs.name }} shell: bash From 07155803f555d37405fb3bdccff31c59555c25e3 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 16:53:32 +0000 Subject: [PATCH 20/36] version --- .github/workflows/release.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 560a325275c7..c7640d2dc4b1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -176,7 +176,9 @@ jobs: with: name: relnotes - run: | - gh release create --title "CCF ${{ github.ref }}" --draft --notes-file rel-notes.md pkg/* + set -ex + CCF_VERSION=${${{ github.ref_name }}#ccf-} + gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md pkg/* shell: bash env: GH_TOKEN: ${{ github.token }} From eeb915c0ab7e829512c822682d75c549e34a6bcf Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 17:08:33 +0000 Subject: [PATCH 21/36] reports --- .github/workflows/release.yml | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c7640d2dc4b1..0ebf80fa80f3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -157,6 +157,20 @@ jobs: name: pkg-${{ matrix.platform.name }} path: build/${{ steps.make_deb.outputs.name }} + - name: "Upload Compatibility Report" + uses: actions/upload-artifact@v4 + with: + name: compatibility + path: build/compatibility_report.json + if: "${{ matrix.platform.name == 'sgx' }}" + + - name: "Upload TLS Report" + uses: actions/upload-artifact@v4 + with: + name: tls + path: build/tls_report.html + if: "${{ matrix.platform.name == 'sgx' }}" + create_release: needs: build_release name: Create Release @@ -171,10 +185,22 @@ jobs: path: pkg pattern: pkg-* merge-multiple: true - - name: Download Release notes + - name: Download Release Notes uses: actions/download-artifact@v4 with: name: relnotes + - name: Download Compatibility Report + uses: actions/download-artifact@v4 + with: + name: compatibility + path: pkg + merge-multiple: true + - name: Download TLS Report + uses: actions/download-artifact@v4 + with: + name: tls + path: pkg + merge-multiple: true - run: | set -ex CCF_VERSION=${${{ github.ref_name }}#ccf-} From 8dffa4e6de91052383e3462091b455efe55063e5 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 17:18:33 +0000 Subject: [PATCH 22/36] ./ --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0ebf80fa80f3..50e8311dcef5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -124,7 +124,7 @@ jobs: run: | set -ex cd build - sudo apt -y install ${{ steps.make_deb.outputs.name }} + sudo apt -y install ./${{ steps.make_deb.outputs.name }} shell: bash - name: "Test Installed CCF" From 538e1cd10d3a5c103440fcd13c815e84edc052ca Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 20:06:01 +0000 Subject: [PATCH 23/36] +60 --- tests/recovery_benchmark.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/recovery_benchmark.sh b/tests/recovery_benchmark.sh index 573a223ee231..d89c572b9d4e 100755 --- a/tests/recovery_benchmark.sh +++ b/tests/recovery_benchmark.sh @@ -88,7 +88,7 @@ echo "** Start original service" "${ccf_install_path}"/bin/sandbox.sh --sig-tx-interval "${signature_tx_interval}" & sandbox_pid=$! -network_live_time=60 +network_live_time=120 if poll_for_service_open ${network_live_time} ${sandbox_pid}; then echo "Error: Timeout waiting ${network_live_time}s for service to open" kill "$(jobs -p)" From df269535b1ad074b009fa3180bfb5f903d7ba070 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 21:05:31 +0000 Subject: [PATCH 24/36] release --- .github/workflows/release.yml | 3 ++- CHANGELOG.md | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 50e8311dcef5..59451a0b6b45 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -203,7 +203,8 @@ jobs: merge-multiple: true - run: | set -ex - CCF_VERSION=${${{ github.ref_name }}#ccf-} + CCF_VERSION=${{ github.ref_name }} + CCF_VERSION=${CCF_VERSION#ccf-} gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md pkg/* shell: bash env: diff --git a/CHANGELOG.md b/CHANGELOG.md index c072db0f6101..d24ea72c3841 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,9 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## [0.0.9] +## [0.0.10] -[0.0.9]: https://github.com/microsoft/CCF/releases/tag/ccf-0.0.9 +[0.0.10]: https://github.com/microsoft/CCF/releases/tag/ccf-0.0.10 ### Test From f5db290ea2944b7751105de2d247bac20edd5e54 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Tue, 2 Jul 2024 21:11:58 +0000 Subject: [PATCH 25/36] release --- .github/workflows/release.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 59451a0b6b45..6aac2c55a6ca 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,9 +2,6 @@ name: Release on: push: - branches: - - main - - gha_release tags: - "ccf-0.*" workflow_dispatch: From f0c6e7b07818a4c52f3f9f4dddd8b91b12a2164d Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 06:04:00 +0000 Subject: [PATCH 26/36] scripts --- .github/workflows/release.yml | 56 ++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6aac2c55a6ca..ed69b3f68839 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -168,6 +168,51 @@ jobs: path: build/tls_report.html if: "${{ matrix.platform.name == 'sgx' }}" + - name: "Build Python Wheel" + id: build_wheel + run: | + set -ex + cd python + python3.8 -m venv env + source ./env/bin/activate + pip install -r requirements.txt + pip install wheel + python setup.py bdist_wheel + WHL=`ls dist/*.whl` + echo "name=$WHL" >> $GITHUB_OUTPUT + shell: bash + if: "${{ matrix.platform.name == 'sgx' }}" + + - name: "Upload Python Wheel" + uses: actions/upload-artifact@v4 + with: + name: wheel + path: python/${{ steps.build_wheel.outputs.name }} + if: "${{ matrix.platform.name == 'sgx' }}" + + - name: "Build TS Package" + id: build_tstgz + run: | + set -ex + cd js/ccf-app + CCF_VERSION=$(<../../build/VERSION_LONG) + CCF_VERSION=${CCF_VERSION#ccf-} + echo "Setting npm package version to ${CCF_VERSION}" + npm version $CCF_VERSION + npm pack + PKG=`ls *.tgz` + echo "name=$WHL" >> $GITHUB_OUTPUT + shell: bash + if: "${{ matrix.platform.name == 'sgx' }}" + + - name: "Upload TS Package" + uses: actions/upload-artifact@v4 + with: + name: tstgz + path: js/ccf-app/${{ steps.build_tstgz.outputs.name }} + if: "${{ matrix.platform.name == 'sgx' }} + + create_release: needs: build_release name: Create Release @@ -198,11 +243,20 @@ jobs: name: tls path: pkg merge-multiple: true + - name: Download Python Wheel + uses: actions/download-artifact@v4 + with: + name: wheel + - name: Download TS Package + uses: actions/download-artifact@v4 + with: + name: tstgz - run: | set -ex CCF_VERSION=${{ github.ref_name }} CCF_VERSION=${CCF_VERSION#ccf-} - gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md pkg/* + ls pkg + gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md pkg/* python/* js/ccf-app/dist/* shell: bash env: GH_TOKEN: ${{ github.token }} From e31131c78e931a686bbce0dfbdcf7c92d87a1b92 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 07:38:42 +0000 Subject: [PATCH 27/36] yaml --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ed69b3f68839..ae80daae308e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -210,7 +210,7 @@ jobs: with: name: tstgz path: js/ccf-app/${{ steps.build_tstgz.outputs.name }} - if: "${{ matrix.platform.name == 'sgx' }} + if: "${{ matrix.platform.name == 'sgx' }}" create_release: From 642b5327cfd228afdd1451811755ab0001beec96 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 08:47:30 +0000 Subject: [PATCH 28/36] sigh --- .github/workflows/release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ae80daae308e..4c349ff13a6c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -212,7 +212,6 @@ jobs: path: js/ccf-app/${{ steps.build_tstgz.outputs.name }} if: "${{ matrix.platform.name == 'sgx' }}" - create_release: needs: build_release name: Create Release @@ -256,7 +255,9 @@ jobs: CCF_VERSION=${{ github.ref_name }} CCF_VERSION=${CCF_VERSION#ccf-} ls pkg - gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md pkg/* python/* js/ccf-app/dist/* + ls wheel + ls tstgz + gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md pkg/* wheel/* tstgz/* shell: bash env: GH_TOKEN: ${{ github.token }} From 9ea6830c4500ef005330af62a2b5ee28389fd913 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 10:06:56 +0000 Subject: [PATCH 29/36] Tweak the download paths --- .github/workflows/release.yml | 127 +++++++++++++++++----------------- 1 file changed, 65 insertions(+), 62 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4c349ff13a6c..567ca452e382 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -78,28 +78,28 @@ jobs: shell: bash if: ${{ matrix.platform.name == 'snp' }} - - name: "Install Extended Testing Tools" - run: | - set -ex - sudo apt-get -y update - sudo apt install ansible -y - cd getting_started/setup_vm - ansible-playbook ccf-extended-testing.yml - shell: bash - if: ${{ matrix.platform.name != 'snp' }} + # - name: "Install Extended Testing Tools" + # run: | + # set -ex + # sudo apt-get -y update + # sudo apt install ansible -y + # cd getting_started/setup_vm + # ansible-playbook ccf-extended-testing.yml + # shell: bash + # if: ${{ matrix.platform.name != 'snp' }} - - name: "Test ${{ matrix.platform.name }}" - run: | - set -ex - cd build - rm -rf /github/home/.cache - mkdir -p /github/home/.cache - export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15) - # Unit tests - ./tests.sh --output-on-failure -L unit -j$(nproc --all) - ./tests.sh --timeout 360 --output-on-failure -LE "benchmark|perf|unit" - shell: bash - if: "${{ matrix.platform.name != 'snp' }}" + # - name: "Test ${{ matrix.platform.name }}" + # run: | + # set -ex + # cd build + # rm -rf /github/home/.cache + # mkdir -p /github/home/.cache + # export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15) + # # Unit tests + # ./tests.sh --output-on-failure -L unit -j$(nproc --all) + # ./tests.sh --timeout 360 --output-on-failure -LE "benchmark|perf|unit" + # shell: bash + # if: "${{ matrix.platform.name != 'snp' }}" - name: "Make .deb Package" id: make_deb @@ -117,36 +117,36 @@ jobs: echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT shell: bash - - name: "Install CCF Debian package" - run: | - set -ex - cd build - sudo apt -y install ./${{ steps.make_deb.outputs.name }} - shell: bash + # - name: "Install CCF Debian package" + # run: | + # set -ex + # cd build + # sudo apt -y install ./${{ steps.make_deb.outputs.name }} + # shell: bash - - name: "Test Installed CCF" - run: | - set -ex - set -o pipefail - cd build - cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./test_install.sh {}" - shell: bash - if: "${{ matrix.platform.name != 'snp' }}" + # - name: "Test Installed CCF" + # run: | + # set -ex + # set -o pipefail + # cd build + # cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./test_install.sh {}" + # shell: bash + # if: "${{ matrix.platform.name != 'snp' }}" - - name: "Recovery Benchmark for Installed CCF" - run: | - set -ex - set -o pipefail - cd build - cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./recovery_benchmark.sh {}" - shell: bash - if: "${{ matrix.platform.name != 'snp' }}" + # - name: "Recovery Benchmark for Installed CCF" + # run: | + # set -ex + # set -o pipefail + # cd build + # cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./recovery_benchmark.sh {}" + # shell: bash + # if: "${{ matrix.platform.name != 'snp' }}" - - name: "Test Building a Sample Against Installed CCF" - run: | - set -ex - ./tests/test_install_build.sh -DCOMPILE_TARGET=${{ matrix.platform.name }} - shell: bash + # - name: "Test Building a Sample Against Installed CCF" + # run: | + # set -ex + # ./tests/test_install_build.sh -DCOMPILE_TARGET=${{ matrix.platform.name }} + # shell: bash - name: "Upload .deb Package" uses: actions/upload-artifact@v4 @@ -201,7 +201,7 @@ jobs: npm version $CCF_VERSION npm pack PKG=`ls *.tgz` - echo "name=$WHL" >> $GITHUB_OUTPUT + echo "name=$PKG" >> $GITHUB_OUTPUT shell: bash if: "${{ matrix.platform.name == 'sgx' }}" @@ -230,34 +230,37 @@ jobs: uses: actions/download-artifact@v4 with: name: relnotes - - name: Download Compatibility Report - uses: actions/download-artifact@v4 - with: - name: compatibility - path: pkg - merge-multiple: true - - name: Download TLS Report - uses: actions/download-artifact@v4 - with: - name: tls - path: pkg - merge-multiple: true + # - name: Download Compatibility Report + # uses: actions/download-artifact@v4 + # with: + # name: compatibility + # path: compatibility + # merge-multiple: true + # - name: Download TLS Report + # uses: actions/download-artifact@v4 + # with: + # name: tls + # path: tls + # merge-multiple: true - name: Download Python Wheel uses: actions/download-artifact@v4 with: + path: wheel name: wheel - name: Download TS Package uses: actions/download-artifact@v4 with: + path: tstgz name: tstgz - run: | set -ex CCF_VERSION=${{ github.ref_name }} CCF_VERSION=${CCF_VERSION#ccf-} + ls ls pkg ls wheel ls tstgz - gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md pkg/* wheel/* tstgz/* + gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md pkg/* wheel/*.whl tstgz/*.tgz shell: bash env: GH_TOKEN: ${{ github.token }} From 06438e17f586db95cee2ad413998b6c997f94fc2 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 10:20:29 +0000 Subject: [PATCH 30/36] Enable post-install tests --- .github/workflows/release.yml | 54 +++++++++++++++++------------------ 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 567ca452e382..2539e59123bb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -117,36 +117,36 @@ jobs: echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT shell: bash - # - name: "Install CCF Debian package" - # run: | - # set -ex - # cd build - # sudo apt -y install ./${{ steps.make_deb.outputs.name }} - # shell: bash + - name: "Install CCF Debian package" + run: | + set -ex + cd build + sudo apt -y install ./${{ steps.make_deb.outputs.name }} + shell: bash - # - name: "Test Installed CCF" - # run: | - # set -ex - # set -o pipefail - # cd build - # cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./test_install.sh {}" - # shell: bash - # if: "${{ matrix.platform.name != 'snp' }}" + - name: "Test Installed CCF" + run: | + set -ex + set -o pipefail + cd build + cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./test_install.sh {}" + shell: bash + if: "${{ matrix.platform.name != 'snp' }}" - # - name: "Recovery Benchmark for Installed CCF" - # run: | - # set -ex - # set -o pipefail - # cd build - # cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./recovery_benchmark.sh {}" - # shell: bash - # if: "${{ matrix.platform.name != 'snp' }}" + - name: "Recovery Benchmark for Installed CCF" + run: | + set -ex + set -o pipefail + cd build + cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./recovery_benchmark.sh {}" + shell: bash + if: "${{ matrix.platform.name != 'snp' }}" - # - name: "Test Building a Sample Against Installed CCF" - # run: | - # set -ex - # ./tests/test_install_build.sh -DCOMPILE_TARGET=${{ matrix.platform.name }} - # shell: bash + - name: "Test Building a Sample Against Installed CCF" + run: | + set -ex + ./tests/test_install_build.sh -DCOMPILE_TARGET=${{ matrix.platform.name }} + shell: bash - name: "Upload .deb Package" uses: actions/upload-artifact@v4 From 8a62880b468a089aebfcbb96d3b97d189e8a01f3 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 12:12:52 +0000 Subject: [PATCH 31/36] Enable tests again --- .github/workflows/release.yml | 64 +++++++++++++++++------------------ 1 file changed, 31 insertions(+), 33 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2539e59123bb..4d5d68e4f4a1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -78,28 +78,28 @@ jobs: shell: bash if: ${{ matrix.platform.name == 'snp' }} - # - name: "Install Extended Testing Tools" - # run: | - # set -ex - # sudo apt-get -y update - # sudo apt install ansible -y - # cd getting_started/setup_vm - # ansible-playbook ccf-extended-testing.yml - # shell: bash - # if: ${{ matrix.platform.name != 'snp' }} + - name: "Install Extended Testing Tools" + run: | + set -ex + sudo apt-get -y update + sudo apt install ansible -y + cd getting_started/setup_vm + ansible-playbook ccf-extended-testing.yml + shell: bash + if: ${{ matrix.platform.name != 'snp' }} - # - name: "Test ${{ matrix.platform.name }}" - # run: | - # set -ex - # cd build - # rm -rf /github/home/.cache - # mkdir -p /github/home/.cache - # export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15) - # # Unit tests - # ./tests.sh --output-on-failure -L unit -j$(nproc --all) - # ./tests.sh --timeout 360 --output-on-failure -LE "benchmark|perf|unit" - # shell: bash - # if: "${{ matrix.platform.name != 'snp' }}" + - name: "Test ${{ matrix.platform.name }}" + run: | + set -ex + cd build + rm -rf /github/home/.cache + mkdir -p /github/home/.cache + export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15) + # Unit tests + ./tests.sh --output-on-failure -L unit -j$(nproc --all) + ./tests.sh --timeout 360 --output-on-failure -LE "benchmark|perf|unit" + shell: bash + if: "${{ matrix.platform.name != 'snp' }}" - name: "Make .deb Package" id: make_deb @@ -230,18 +230,16 @@ jobs: uses: actions/download-artifact@v4 with: name: relnotes - # - name: Download Compatibility Report - # uses: actions/download-artifact@v4 - # with: - # name: compatibility - # path: compatibility - # merge-multiple: true - # - name: Download TLS Report - # uses: actions/download-artifact@v4 - # with: - # name: tls - # path: tls - # merge-multiple: true + - name: Download Compatibility Report + uses: actions/download-artifact@v4 + with: + name: compatibility + path: compatibility + - name: Download TLS Report + uses: actions/download-artifact@v4 + with: + name: tls + path: tls - name: Download Python Wheel uses: actions/download-artifact@v4 with: From 6ef07e95d79a8f19b70f1563393db603be77fd2e Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 14:15:16 +0000 Subject: [PATCH 32/36] tag --- .github/workflows/release.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4d5d68e4f4a1..a5710bb6cc65 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -234,12 +234,10 @@ jobs: uses: actions/download-artifact@v4 with: name: compatibility - path: compatibility - name: Download TLS Report uses: actions/download-artifact@v4 with: name: tls - path: tls - name: Download Python Wheel uses: actions/download-artifact@v4 with: @@ -254,11 +252,7 @@ jobs: set -ex CCF_VERSION=${{ github.ref_name }} CCF_VERSION=${CCF_VERSION#ccf-} - ls - ls pkg - ls wheel - ls tstgz - gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md pkg/* wheel/*.whl tstgz/*.tgz + gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md ${{ github.ref_name }} pkg/* wheel/*.whl tstgz/*.tgz tls_report.html compatibility_report.json shell: bash env: GH_TOKEN: ${{ github.token }} From 75080b9fe0105a08695bd294530647b9e4801b68 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 15:35:24 +0000 Subject: [PATCH 33/36] sbom --- .github/workflows/release.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a5710bb6cc65..32161cf3473c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,6 +12,32 @@ permissions: checks: write jobs: + make_sbom: + name: SBOM Generation + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + - name: "Install SBOM tool" + run: | + set -ex + curl -Lo sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64 > sbom-tool + chmod +x sbom-tool + shell: bash + - name: "Produce SBOM" + run: | + set -ex + CCF_VERSION=${{ github.ref_name }} + CCF_VERSION=${CCF_VERSION#ccf-} + ./sbom-tool generate -b . -bc . -pn CCF -ps Microsoft -nsb https://sbom.microsoft -pv $CCF_VERSION + shell: bash + - name: "Upload SBOM" + uses: actions/upload-artifact@v4 + with: + name: manifest + path: _manifest/spdx_2.2/* + release_notes: name: Release Notes runs-on: ubuntu-latest From cb7b140b613bc65e1c4b4679ce5d1eb90626e8ec Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 15:48:31 +0000 Subject: [PATCH 34/36] Publish SBOM --- .github/workflows/release.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 32161cf3473c..90c92dd458a5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,12 +30,12 @@ jobs: set -ex CCF_VERSION=${{ github.ref_name }} CCF_VERSION=${CCF_VERSION#ccf-} - ./sbom-tool generate -b . -bc . -pn CCF -ps Microsoft -nsb https://sbom.microsoft -pv $CCF_VERSION + ./sbom-tool generate -b . -bc . -pn CCF -ps Microsoft -nsb https://sbom.microsoft -pv $CCF_VERSION -V Error shell: bash - name: "Upload SBOM" uses: actions/upload-artifact@v4 with: - name: manifest + name: sbom path: _manifest/spdx_2.2/* release_notes: @@ -239,7 +239,9 @@ jobs: if: "${{ matrix.platform.name == 'sgx' }}" create_release: - needs: build_release + needs: + - build_release + - make_sbom name: Create Release runs-on: ubuntu-latest steps: @@ -274,11 +276,16 @@ jobs: with: path: tstgz name: tstgz + - name: Download SBOM + uses: actions/download-artifact@v4 + with: + path: sbom + name: sbom - run: | set -ex CCF_VERSION=${{ github.ref_name }} CCF_VERSION=${CCF_VERSION#ccf-} - gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md ${{ github.ref_name }} pkg/* wheel/*.whl tstgz/*.tgz tls_report.html compatibility_report.json + gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md ${{ github.ref_name }} pkg/* wheel/*.whl tstgz/*.tgz sbom/* tls_report.html compatibility_report.json shell: bash env: GH_TOKEN: ${{ github.token }} From bc6d14640c6d8a77b6fea627d1f924b070e47f8b Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 15:52:54 +0000 Subject: [PATCH 35/36] 5.x --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 90c92dd458a5..203097e13088 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,7 +3,7 @@ name: Release on: push: tags: - - "ccf-0.*" + - "ccf-5.*" workflow_dispatch: permissions: From a15c8fe83a765e49cc4c0f49cdbff32eb205ae2a Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 3 Jul 2024 15:56:37 +0000 Subject: [PATCH 36/36] Remove test changelog entry --- CHANGELOG.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d24ea72c3841..77cff1fd9b2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,14 +5,6 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## [0.0.10] - -[0.0.10]: https://github.com/microsoft/CCF/releases/tag/ccf-0.0.10 - -### Test - -This is a test release. - ## [5.0.0-rc0] [5.0.0-rc0]: https://github.com/microsoft/CCF/releases/tag/ccf-5.0.0-rc0