Skip to content

Commit

Permalink
Merge pull request #45 from mobilecoinofficial/jgreat/arm64
Browse files Browse the repository at this point in the history
Add arm64 builds
jgreat authored Nov 13, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
2 parents 70a1a22 + 78c9575 commit 674308e
Showing 9 changed files with 357 additions and 206 deletions.
7 changes: 7 additions & 0 deletions .github/actionlint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
self-hosted-runner:
# Labels of self-hosted runner in array of string
labels:
- mco-dev-large-x64
- mco-dev-large-arm64
- mco-dev-small-x64
- mco-dev-small-arm64
194 changes: 145 additions & 49 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -8,76 +8,172 @@ on:
- 'v*.*.*'

env:
BASE_DOCKER_REPO: mobilecoin/rust-sgx-base
BUILDER_DOCKER_REPO: mobilecoin/builder-install
PUSH: ${{ github.event_name == 'pull_request' && 'false' || 'true' }}
PUSH_LATEST: ${{ github.event_name == 'pull_request' && 'false' || 'true' }}

concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true

jobs:
docker:
lint-actions:
runs-on: mco-dev-small-x64
steps:
- name: Lint GitHub Actions
uses: mobilecoinofficial/gh-actions/lint-actions@v0

lint-docker:
runs-on: mco-dev-small-x64
steps:
- name: Lint Dockerfiles with Hadolint
uses: mobilecoinofficial/gh-actions/lint-docker@v0

docker-rust-base:
needs:
- lint-actions
- lint-docker
strategy:
matrix:
runner:
- mco-dev-small-x64
- mco-dev-small-arm64
runs-on: ${{ matrix.runner }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: mobilecoinofficial/gh-actions/checkout@v0

- name: Docker meta for rust-sgx-base
id: base_meta
uses: docker/metadata-action@v3
- name: Docker rust-base
id: build
uses: mobilecoinofficial/gh-actions/docker@v0
with:
flavor: latest=true
images: ${{ env.BASE_DOCKER_REPO }}
dockerfile: Dockerfile.rust-base
images: mobilecoin/rust-base
outputs: type=image,name=mobilecoin/rust-base,push-by-digest=true,name-canonical=true,push=true
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
save_digest: true

docker-rust-base-merge:
runs-on: mco-dev-small-x64
needs:
- docker-rust-base
steps:
- name: Merge and Tag Digests
uses: mobilecoinofficial/gh-actions/docker-merge-digests@v0
with:
images: mobilecoin/rust-base
flavor: latest=${{ env.PUSH_LATEST }}
tags: |
type=ref,event=branch
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
type=sha
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

docker-rust-sgx:
needs:
- docker-rust-base-merge
runs-on: mco-dev-small-x64
steps:
- name: Checkout
uses: mobilecoinofficial/gh-actions/checkout@v0

- name: Short Sha
id: short_sha
uses: mobilecoinofficial/gh-actions/short-sha@v0

- name: Docker meta for builder-install
id: builder_meta
uses: docker/metadata-action@v3
- name: Docker rust-sgx
uses: mobilecoinofficial/gh-actions/docker@v0
with:
flavor: latest=true
images: ${{ env.BUILDER_DOCKER_REPO }}
dockerfile: Dockerfile.rust-sgx
flavor: latest=${{ env.PUSH_LATEST }}
images: mobilecoin/rust-sgx
tags: |
type=ref,event=branch
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
type=sha
build_args: |
BASE_IMAGE_TAG=${{ steps.short_sha.outputs.short_sha }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
docker-fat-sgx-builder:
needs:
- docker-rust-sgx
runs-on: mco-dev-small-x64
steps:
- name: Checkout
uses: mobilecoinofficial/gh-actions/checkout@v0

- name: Short Sha
id: short_sha
uses: mobilecoinofficial/gh-actions/short-sha@v0

- name: Login to DockerHub
uses: docker/login-action@v2
- name: Docker fat-sgx-builder
uses: mobilecoinofficial/gh-actions/docker@v0
with:
dockerfile: Dockerfile.fat-builder
flavor: latest=${{ env.PUSH_LATEST }}
images: mobilecoin/fat-sgx-builder
build_args: |
BASE_IMAGE=rust-sgx
BASE_IMAGE_TAG=${{ steps.short_sha.outputs.short_sha }}
tags: |
type=semver,pattern=v{{version}}
type=sha
push: true
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and maybe push rust-sgx-base
uses: docker/build-push-action@v3
with:
context: .
target: rust-sgx-base
cache-from: type=registry,ref=${{ env.BASE_DOCKER_REPO }}:buildcache
cache-to: type=registry,ref=${{ env.BASE_DOCKER_REPO }}:buildcache
labels: ${{ steps.base_meta.outputs.labels }}
tags: ${{ steps.base_meta.outputs.tags }}
push: ${{ env.PUSH }}

- name: Build and maybe push builder-install
uses: docker/build-push-action@v3
docker-fat-builder:
needs:
- docker-rust-base-merge
strategy:
matrix:
runner:
- mco-dev-small-x64
- mco-dev-small-arm64
runs-on: ${{ matrix.runner }}
steps:
- name: Checkout
uses: mobilecoinofficial/gh-actions/checkout@v0

- name: Short Sha
id: short_sha
uses: mobilecoinofficial/gh-actions/short-sha@v0

- name: Docker fat-builder
id: build
uses: mobilecoinofficial/gh-actions/docker@v0
with:
context: .
target: builder-install
cache-from: type=registry,ref=${{ env.BUILDER_DOCKER_REPO }}:buildcache
cache-to: type=registry,ref=${{ env.BUILDER_DOCKER_REPO }}:buildcache
labels: ${{ steps.builder_meta.outputs.labels }}
tags: ${{ steps.builder_meta.outputs.tags }}
push: ${{ env.PUSH }}
dockerfile: Dockerfile.fat-builder
images: mobilecoin/fat-builder
build_args: |
BASE_IMAGE=rust-base
BASE_IMAGE_TAG=${{ steps.short_sha.outputs.short_sha }}
outputs: type=image,name=mobilecoin/fat-builder,push-by-digest=true,name-canonical=true,push=true
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
save_digest: true

docker-fat-builder-merge:
runs-on: mco-dev-small-x64
needs:
- docker-fat-builder
steps:
- name: Merge and Tag Digests
uses: mobilecoinofficial/gh-actions/docker-merge-digests@v0
with:
images: mobilecoin/fat-builder
flavor: latest=${{ env.PUSH_LATEST }}
tags: |
type=semver,pattern=v{{version}}
type=sha
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

# via https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-only-cancel-in-progress-jobs-or-runs-for-the-current-workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
success:
needs:
- docker-fat-builder-merge
- docker-fat-sgx-builder
runs-on: mco-dev-small-x64
steps:
- name: Success
run: echo "All Builds Success"
16 changes: 4 additions & 12 deletions .github/workflows/tag.yaml
Original file line number Diff line number Diff line change
@@ -4,22 +4,14 @@ name: tag
on:
push:
branches:
- main
- main

jobs:
tag:
runs-on: mco-dev-small-x64
steps:
# We need to use an external PAT here because GHA will not run downstream events if we use the built in token.
- name: Checkout
uses: actions/checkout@v3
- name: bump tag
uses: mobilecoinofficial/gh-actions/tag@v0
with:
token: ${{ secrets.ACTIONS_TOKEN }}

- name: Bump GitHub tag
id: bump
uses: anothrNick/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
WITH_V: 'true'
DEFAULT_BUMP: patch
github_token: ${{ secrets.ACTIONS_TOKEN }}
132 changes: 0 additions & 132 deletions Dockerfile

This file was deleted.

46 changes: 46 additions & 0 deletions Dockerfile.fat-builder
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Copyright (c) 2022 to 2024 MobileCoin Inc.
# hadolint global ignore=DL3008, DL3015, DL3007

# Fat builder image for building and local testing of MobileCoin services.

# Set BASE_IMAGE the rust-base or rust-sgx image and Name/Tag the image
# "FROM mobilecoin/rust-base:latest" as mobilecoin/rust-builder:latest
# "FROM mobilecoin/rust-sgx:latest" as mobilecoin/rust-sgx-builder:latest

ARG BASE_IMAGE=rust-base
ARG BASE_IMAGE_TAG=latest
FROM mobilecoin/${BASE_IMAGE}:${BASE_IMAGE_TAG}
ARG TARGETARCH

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

RUN apt-get update \
&& apt-get install -y \
nginx \
postgresql \
postgresql-client \
python3 \
python3-pip \
psmisc \
sudo \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/*

ARG GO_PKG="go1.22.2.linux-${TARGETARCH}.tar.gz"

RUN curl -sSfL -o go.tgz "https://golang.org/dl/${GO_PKG}" \
&& tar -C /usr/local -xzf go.tgz \
&& rm -rf go.tgz

ENV GOPATH=/opt/go/
ENV PATH="/usr/local/go/bin:${GOPATH}/bin:${PATH}"
RUN mkdir -p "${GOPATH}"

RUN curl -sSLf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash \
&& cargo binstall cargo-nextest@0.9.82 --no-confirm \
&& cargo binstall cbindgen@0.24.2 --no-confirm \
&& cargo binstall sccache@0.3.0 --no-confirm

COPY entrypoint-builder-install.sh /usr/local/bin/entrypoint.sh

ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
65 changes: 65 additions & 0 deletions Dockerfile.rust-base
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
# Copyright (c) 2022 to 2024 MobileCoin Inc.
# hadolint global ignore=DL3008, DL3015

FROM ubuntu:focal-20241011
ARG TARGETARCH

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# Utilities:
# build-essential, cmake, curl, git, jq
#
# Build Requirements:
# libclang-dev, libprotobuf-dev, libpq-dev, libssl1.1,
# libssl-dev, llvm, llvm-dev, pkg-config
#
# Needed for GHA cache actions:
# zstd
#
# Needed for building ledger-mob and full service:
# libdbus-1-dev
#
RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime \
&& apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
build-essential \
clang \
cmake \
curl \
git \
jq \
libclang-dev \
libdbus-1-dev \
libhidapi-dev \
libprotobuf-dev \
libpq-dev \
libssl1.1 \
libssl-dev \
libudev-dev \
libusb-1.0-0-dev \
llvm \
llvm-dev \
pkg-config \
unzip \
wget \
zstd \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/*

# Install a newer version of the protobuf compiler, that's not available in apt
COPY install_protoc.sh /tmp/install_protoc.sh
RUN /tmp/install_protoc.sh \
&& rm /tmp/install_protoc.sh

# Github actions overwrites the runtime home directory, so we need to install in a global directory.
ENV RUSTUP_HOME=/opt/rustup
ENV CARGO_HOME=/opt/cargo
RUN mkdir -p "${RUSTUP_HOME}" \
&& mkdir -p "${CARGO_HOME}/bin"

# Install rustup
RUN curl -sSLf https://sh.rustup.rs | \
sh -s -- -y --default-toolchain nightly-2023-10-01

ENV PATH=/opt/cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
35 changes: 35 additions & 0 deletions Dockerfile.rust-sgx
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Copyright (c) 2022 to 2024 MobileCoin Inc.
# hadolint global ignore=DL3008, DL3015, DL3007

# Rust with SGX libraries
# Note: only works for x86_64/amd64 and is intended to be built immediately after the rust-base image.
ARG BASE_IMAGE_TAG=latest
FROM mobilecoin/rust-base:${BASE_IMAGE_TAG}

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# Install SGX SDK
ARG SGX_URL=https://download.01.org/intel-sgx/sgx-linux/2.23/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.23.100.2.bin
RUN curl -sSfL -o sgx.bin "${SGX_URL}" \
&& chmod +x ./sgx.bin \
&& ./sgx.bin --prefix=/opt/intel \
&& rm ./sgx.bin

# Install DCAP libraries
ARG DCAP_VERSION=1.20.100.2-focal1
RUN mkdir -p /etc/apt/keyrings \
&& curl -sSfL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | gpg --dearmor -o /etc/apt/keyrings/intel-sgx.gpg \
&& echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" | tee /etc/apt/sources.list.d/intel-sgx.list \
&& apt-get update \
&& apt-get install -y \
libsgx-dcap-ql=${DCAP_VERSION} \
libsgx-dcap-ql-dev=${DCAP_VERSION} \
libsgx-dcap-quote-verify=${DCAP_VERSION} \
libsgx-dcap-quote-verify-dev=${DCAP_VERSION} \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/*

ENV SGX_SDK=/opt/intel/sgxsdk
ENV PATH=${PATH}:/opt/intel/sgxsdk/bin:/opt/intel/sgxsdk/bin/x64
ENV PKG_CONFIG_PATH=/opt/intel/sgxsdk/pkgconfig
ENV LD_LIBRARY_PATH=/opt/intel/sgxsdk/sdk_libs
46 changes: 33 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
@@ -5,24 +5,44 @@ For use in downstream builds to provide a consistent and verifiable Rust build e

We recommend referencing the image by the hash instead of a tag to verify a consistent build environment.

# Build
# Builds

The following command will build and tag `rust-sgx-base:latest`. (But not push it to dockerhub, the tag will be local to your machine.)
### mobilecoin/rust-base (arm64/amd64)

`rust-base` can be used by CI/CD for building and testing mobilecoin rust projects.

To build locally.
```
docker build -t mobilecoin/rust-sgx-base .
docker build -f ./Dockerfile.rust-base -t mobilecoin/rust-base:latest .
```

This variation will build and tag `builder-install:latest`.
### mobilecoin/rust-sgx (amd64)

```
docker build -t mobilecoin/builder-install .
```
`rust-sgx` can be used by CI/CD for building and testing mobilecoin rust projects that require SGX libraries. This image is only available as a amd64(X64) image.

To help iterate on a `builder-install` image, you can test it by opening a prompt
using the [`mob prompt` tool in `mobilecoin`](https://github.com/mobilecoinfoundation/mobilecoin/blob/master/mob).
Then you can try to build rust code, or go code, or really whatever your heart desires.
1. Build `rust-base` image with the `latest` tag.
2. Build `rust-sgx` image using `rust-base` as the `FROM` image.
```
docker build -f ./Dockerfile.rust-sgx -t mobilecoin/rust-sgx:latest .
```
```
./mob prompt --tag latest --no-pull
```
### mobilecoin/fat-builder (arm64/amd64)
`fat-builder` includes some handy tools used for local development. Build this image off the `fat-builder` docker file using `rust-base` as the `FROM` image. This image does not include SGX libraries or tools.
1. Build `rust-base` image with the `latest` tag.
2. Build `fat-builder` image
```
docker build -f ./Dockerfile.fat-builder -t mobilecoin/fat-builder:latest .
```
### mobilecoin/fat-sgx-builder (amd64)
`fat-sgx-builder` includes some handy tools used for local development along with the SGX libraries. This image is only available for amd64(X64). Build this image off the `fat-builder` docker file using `rust-sgx` as the `FROM` image. This image includes SGX libraries or tools.
1. Build `rust-base` image with the `latest` tag.
2. Build `rust-sgx` image with the `latest` tag.
2. Build `fat-sgx-builder` image
```
docker build --build-arg BASE_IMAGE=rust-sgx -f ./Dockerfile.fat-builder -t mobilecoin/fat-sgx-builder:latest .
```
22 changes: 22 additions & 0 deletions install_protoc.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/bin/bash

set -e -o pipefail

case ${TARGETARCH:?} in
amd64)
PROTOC=protoc-25.2-linux-x86_64.zip
;;
arm64)
PROTOC=protoc-25.2-linux-aarch_64.zip
;;
*)
echo "Unsupported architecture: ${TARGETARCH}"
exit 1
;;
esac

curl -sSL -o protoc.zip "https://github.com/protocolbuffers/protobuf/releases/download/v25.2/${PROTOC}"
unzip protoc.zip -d protoc
cp protoc/bin/protoc /usr/bin/protoc
cp -r protoc/include/google /usr/include/google
rm -rf protoc protoc.zip

0 comments on commit 674308e

Please sign in to comment.