Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GitHub Actions release pipeline #6325

Merged
merged 40 commits into from
Jul 4, 2024
Merged

GitHub Actions release pipeline #6325

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
c517444
Create file
achamayou Jun 28, 2024
d85e85a
Don't need container
achamayou Jun 28, 2024
f200c43
On tags
achamayou Jun 28, 2024
d3d4d69
python
achamayou Jun 28, 2024
910527c
0.0.2
achamayou Jun 28, 2024
854cc13
Merge branch 'main' into gha_release
achamayou Jul 1, 2024
c1fa83c
Upload artifacts
achamayou Jul 1, 2024
8f2f084
In Build
achamayou Jul 1, 2024
6278e37
In Build
achamayou Jul 1, 2024
86951b9
Download
achamayou Jul 1, 2024
01a4211
relnotes
achamayou Jul 1, 2024
35fbd50
Unversion
achamayou Jul 1, 2024
2fee9e4
Test
achamayou Jul 1, 2024
c991cae
token
achamayou Jul 1, 2024
cac280d
git
achamayou Jul 1, 2024
8e49960
LVI migitations on SGX
achamayou Jul 2, 2024
a54d151
Post install tests
achamayou Jul 2, 2024
3928124
No images
achamayou Jul 2, 2024
426727d
tee
achamayou Jul 2, 2024
3429633
build
achamayou Jul 2, 2024
0715580
version
achamayou Jul 2, 2024
eeb915c
reports
achamayou Jul 2, 2024
8dffa4e
./
achamayou Jul 2, 2024
c097b4b
Merge branch 'main' into gha_release
achamayou Jul 2, 2024
538e1cd
+60
achamayou Jul 2, 2024
df26953
release
achamayou Jul 2, 2024
f5db290
release
achamayou Jul 2, 2024
f0c6e7b
scripts
achamayou Jul 3, 2024
e31131c
yaml
achamayou Jul 3, 2024
642b532
sigh
achamayou Jul 3, 2024
9ea6830
Tweak the download paths
achamayou Jul 3, 2024
06438e1
Enable post-install tests
achamayou Jul 3, 2024
8a62880
Enable tests again
achamayou Jul 3, 2024
6ef07e9
tag
achamayou Jul 3, 2024
75080b9
sbom
achamayou Jul 3, 2024
cb7b140
Publish SBOM
achamayou Jul 3, 2024
bc6d146
5.x
achamayou Jul 3, 2024
a15c8fe
Remove test changelog entry
achamayou Jul 3, 2024
37a963c
Merge branch 'main' into gha_release
achamayou Jul 3, 2024
c112bec
Merge branch 'main' into gha_release
eddyashton Jul 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
291 changes: 291 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,291 @@
name: Release

on:
push:
tags:
- "ccf-5.*"
workflow_dispatch:

permissions:
contents: write
actions: read
checks: write

jobs:
make_sbom:
name: SBOM Generation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: "Install SBOM tool"
run: |
set -ex
curl -Lo sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64 > sbom-tool
chmod +x sbom-tool
shell: bash
- name: "Produce SBOM"
run: |
set -ex
CCF_VERSION=${{ github.ref_name }}
CCF_VERSION=${CCF_VERSION#ccf-}
./sbom-tool generate -b . -bc . -pn CCF -ps Microsoft -nsb https://sbom.microsoft -pv $CCF_VERSION -V Error
shell: bash
- name: "Upload SBOM"
uses: actions/upload-artifact@v4
with:
name: sbom
path: _manifest/spdx_2.2/*

release_notes:
name: Release Notes
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: "Check Release Notes"
run: |
set -ex
python scripts/extract-release-notes.py --target-git-version
shell: bash
- name: "Produce Release Notes"
run: |
set -ex
set -o pipefail
python ./scripts/extract-release-notes.py --target-git-version --describe-path-changes "./samples/constitution" | tee rel-notes.md
- name: "Upload .deb Package"
uses: actions/upload-artifact@v4
with:
name: relnotes
path: rel-notes.md

build_release:
needs: release_notes
name: Build Release
strategy:
matrix:
platform:
- name: virtual
image: default
nodes: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
- name: snp
image: default
nodes: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
- name: sgx
image: sgx
nodes: [self-hosted, 1ES.Pool=gha-sgx-ccf-sub]
container_options: --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx
cmake_options: -DLVI_MITIGATIONS=ON
runs-on: ${{ matrix.platform.nodes }}
container:
image: ghcr.io/microsoft/ccf/ci/${{ matrix.platform.image }}:build-26-06-2024
options: "--user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro ${{ matrix.platform.container_options }}"
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- name: "Build Release ${{ matrix.platform.name }}"
run: |
set -ex
git config --global --add safe.directory /__w/CCF/CCF
mkdir build
cd build
cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} ${{ matrix.platform.cmake_options }} -DCLIENT_PROTOCOLS_TEST=ON ..
ninja -v | tee build.log
shell: bash

- name: "Check Mitigation Flags"
run: |
cd build
python3 ../scripts/build-check.py < build.log SNPCC
shell: bash
if: ${{ matrix.platform.name == 'snp' }}

- name: "Install Extended Testing Tools"
run: |
set -ex
sudo apt-get -y update
sudo apt install ansible -y
cd getting_started/setup_vm
ansible-playbook ccf-extended-testing.yml
shell: bash
if: ${{ matrix.platform.name != 'snp' }}

- name: "Test ${{ matrix.platform.name }}"
run: |
set -ex
cd build
rm -rf /github/home/.cache
mkdir -p /github/home/.cache
export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15)
# Unit tests
./tests.sh --output-on-failure -L unit -j$(nproc --all)
./tests.sh --timeout 360 --output-on-failure -LE "benchmark|perf|unit"
shell: bash
if: "${{ matrix.platform.name != 'snp' }}"

- name: "Make .deb Package"
id: make_deb
run: |
set -ex
set -o pipefail
cd build
cmake -L .. 2>/dev/null | grep CMAKE_INSTALL_PREFIX: | cut -d = -f 2 > /tmp/install_prefix
cpack -V -G DEB
INITIAL_PKG=`ls *.deb`
CCF_GITHUB_PKG=${INITIAL_PKG//\~/_}
if [[ "$INITIAL_PKG" != "$CCF_GITHUB_PKG" ]]; then
mv $INITIAL_PKG $CCF_GITHUB_PKG
fi
echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT
shell: bash

- name: "Install CCF Debian package"
run: |
set -ex
cd build
sudo apt -y install ./${{ steps.make_deb.outputs.name }}
shell: bash

- name: "Test Installed CCF"
run: |
set -ex
set -o pipefail
cd build
cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./test_install.sh {}"
shell: bash
if: "${{ matrix.platform.name != 'snp' }}"

- name: "Recovery Benchmark for Installed CCF"
run: |
set -ex
set -o pipefail
cd build
cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./recovery_benchmark.sh {}"
shell: bash
if: "${{ matrix.platform.name != 'snp' }}"

- name: "Test Building a Sample Against Installed CCF"
run: |
set -ex
./tests/test_install_build.sh -DCOMPILE_TARGET=${{ matrix.platform.name }}
shell: bash

- name: "Upload .deb Package"
uses: actions/upload-artifact@v4
with:
name: pkg-${{ matrix.platform.name }}
path: build/${{ steps.make_deb.outputs.name }}

- name: "Upload Compatibility Report"
uses: actions/upload-artifact@v4
with:
name: compatibility
path: build/compatibility_report.json
if: "${{ matrix.platform.name == 'sgx' }}"

- name: "Upload TLS Report"
uses: actions/upload-artifact@v4
with:
name: tls
path: build/tls_report.html
if: "${{ matrix.platform.name == 'sgx' }}"

- name: "Build Python Wheel"
id: build_wheel
run: |
set -ex
cd python
python3.8 -m venv env
source ./env/bin/activate
pip install -r requirements.txt
pip install wheel
python setup.py bdist_wheel
WHL=`ls dist/*.whl`
echo "name=$WHL" >> $GITHUB_OUTPUT
shell: bash
if: "${{ matrix.platform.name == 'sgx' }}"

- name: "Upload Python Wheel"
uses: actions/upload-artifact@v4
with:
name: wheel
path: python/${{ steps.build_wheel.outputs.name }}
if: "${{ matrix.platform.name == 'sgx' }}"

- name: "Build TS Package"
id: build_tstgz
run: |
set -ex
cd js/ccf-app
CCF_VERSION=$(<../../build/VERSION_LONG)
CCF_VERSION=${CCF_VERSION#ccf-}
echo "Setting npm package version to ${CCF_VERSION}"
npm version $CCF_VERSION
npm pack
PKG=`ls *.tgz`
echo "name=$PKG" >> $GITHUB_OUTPUT
shell: bash
if: "${{ matrix.platform.name == 'sgx' }}"

- name: "Upload TS Package"
uses: actions/upload-artifact@v4
with:
name: tstgz
path: js/ccf-app/${{ steps.build_tstgz.outputs.name }}
if: "${{ matrix.platform.name == 'sgx' }}"

create_release:
needs:
- build_release
- make_sbom
name: Create Release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Download Packages
uses: actions/download-artifact@v4
with:
path: pkg
pattern: pkg-*
merge-multiple: true
- name: Download Release Notes
uses: actions/download-artifact@v4
with:
name: relnotes
- name: Download Compatibility Report
uses: actions/download-artifact@v4
with:
name: compatibility
- name: Download TLS Report
uses: actions/download-artifact@v4
with:
name: tls
- name: Download Python Wheel
uses: actions/download-artifact@v4
with:
path: wheel
name: wheel
- name: Download TS Package
uses: actions/download-artifact@v4
with:
path: tstgz
name: tstgz
- name: Download SBOM
uses: actions/download-artifact@v4
with:
path: sbom
name: sbom
- run: |
set -ex
CCF_VERSION=${{ github.ref_name }}
CCF_VERSION=${CCF_VERSION#ccf-}
gh release create --title $CCF_VERSION --draft --notes-file rel-notes.md ${{ github.ref_name }} pkg/* wheel/*.whl tstgz/*.tgz sbom/* tls_report.html compatibility_report.json
shell: bash
env:
GH_TOKEN: ${{ github.token }}
2 changes: 1 addition & 1 deletion tests/recovery_benchmark.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ echo "** Start original service"
"${ccf_install_path}"/bin/sandbox.sh --sig-tx-interval "${signature_tx_interval}" &
sandbox_pid=$!

network_live_time=60
network_live_time=120
if poll_for_service_open ${network_live_time} ${sandbox_pid}; then
echo "Error: Timeout waiting ${network_live_time}s for service to open"
kill "$(jobs -p)"
Expand Down
Loading