Skip to content

Commit

Permalink
release mrenclave artifact (#1686)
Browse files Browse the repository at this point in the history 
* release MRENCLAVE files too

* try to fix mrenclave extraction from production build

* fix yml
  • Loading branch information
@brenzi
brenzi authored Feb 5, 2025
1 parent 739dce1 commit 868880a
Show file tree
Hide file tree
Showing 6 changed files with 42 additions and 24 deletions.
54 changes: 36 additions & 18 deletions .github/workflows/build_and_test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,9 @@ jobs:
run: |
fingerprint=$RANDOM
echo "FINGERPRINT=$fingerprint" >> $GITHUB_ENV
SGX_MODE_LOWERCASE=$(echo "${${{ matrix.sgx_mode }},,}")
SGX_MODE_LOWERCASE=$(echo "${matrix.sgx_mode}" | tr '[:upper:]' '[:lower:]')
echo "IMAGE_SUFFIX=$SGX_MODE_LOWERCASE-${{ matrix.flavor_id }}-${{ github.sha }}" >> $GITHUB_ENV
echo ${{ env.IMAGE_SUFFIX }}
if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
echo "DOCKER_DEVICES=--device=/dev/sgx/enclave --device=/dev/sgx/provision" >> $GITHUB_ENV
echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd --volume /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" >> $GITHUB_ENV
Expand Down Expand Up @@ -101,17 +102,6 @@ jobs:
name: integritee-worker-${{ env.IMAGE_SUFFIX }}.tar.gz
path: integritee-worker-${{ env.IMAGE_SUFFIX }}.tar.gz

- name: Create Enclave Digest File
run: |
mrenclave_hex=$(docker run integritee-worker-${{ env.IMAGE_SUFFIX }} mrenclave | grep -oP ':\s*\K[a-fA-F0-9]+')
echo "$mrenclave_hex" > mrenclave-${{ env.IMAGE_SUFFIX }}.hex
- name: Upload Enclave Digest File
uses: actions/upload-artifact@v4
with:
name: mrenclave-${{ env.IMAGE_SUFFIX }}.hex
path: mrenclave-${{ env.IMAGE_SUFFIX }}.hex

- name: Delete images
run: |
if [[ "$(docker images -q integritee-worker-${{ env.IMAGE_SUFFIX }} 2> /dev/null)" != "" ]]; then
Expand Down Expand Up @@ -153,8 +143,9 @@ jobs:
run: |
fingerprint=$RANDOM
echo "FINGERPRINT=$fingerprint" >> $GITHUB_ENV
SGX_MODE_LOWERCASE=$(echo "${${{ matrix.sgx_mode }},,}")
SGX_MODE_LOWERCASE=$(echo "${matrix.sgx_mode}" | tr '[:upper:]' '[:lower:]')
echo "IMAGE_SUFFIX=$SGX_MODE_LOWERCASE-${{ matrix.flavor_id }}-${{ github.sha }}" >> $GITHUB_ENV
echo ${{ env.IMAGE_SUFFIX }}
if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
echo "DOCKER_DEVICES=--device=/dev/sgx/enclave --device=/dev/sgx/provision" >> $GITHUB_ENV
echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd --volume /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" >> $GITHUB_ENV
Expand Down Expand Up @@ -317,8 +308,9 @@ jobs:
- name: Set env
run: |
version=$RANDOM
SGX_MODE_LOWERCASE=$(echo "${${{ matrix.sgx_mode }},,}")
SGX_MODE_LOWERCASE=$(echo "${matrix.sgx_mode}" | tr '[:upper:]' '[:lower:]')
echo "IMAGE_SUFFIX=$SGX_MODE_LOWERCASE-${{ matrix.flavor_id }}-${{ github.sha }}" >> $GITHUB_ENV
echo ${{ env.IMAGE_SUFFIX }}
echo "FLAVOR_ID=${{ matrix.flavor_id }}" >> $GITHUB_ENV
echo "PROJECT=${{ matrix.flavor_id }}-${{ matrix.demo_name }}" >> $GITHUB_ENV
echo "VERSION=dev.$version" >> $GITHUB_ENV
Expand Down Expand Up @@ -430,9 +422,9 @@ jobs:
fi
docker images --all
release-build:
release-production-build:
runs-on: integritee-builder-sgx
name: Release Build of teeracle
name: Release Builds in SGX Production Mode
if: startsWith(github.ref, 'refs/tags/')
needs: [ build-test, integration-tests ]

Expand Down Expand Up @@ -462,8 +454,9 @@ jobs:
run: |
fingerprint=$RANDOM
echo "FINGERPRINT=$fingerprint" >> $GITHUB_ENV
SGX_MODE_LOWERCASE=$(echo "${${{ matrix.sgx_mode }},,}")
SGX_MODE_LOWERCASE=$(echo "${matrix.sgx_mode}" | tr '[:upper:]' '[:lower:]')
echo "IMAGE_SUFFIX=$SGX_MODE_LOWERCASE-${{ matrix.flavor_id }}-${{ github.sha }}" >> $GITHUB_ENV
echo ${{ env.IMAGE_SUFFIX }}
if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
echo "DOCKER_DEVICES=--device=/dev/sgx/enclave --device=/dev/sgx/provision" >> $GITHUB_ENV
echo "DOCKER_VOLUMES=--volume /var/run/aesmd:/var/run/aesmd --volume /etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" >> $GITHUB_ENV
Expand Down Expand Up @@ -517,6 +510,17 @@ jobs:
--build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }}
-f build.Dockerfile .
- name: Create Enclave Digest File
run: |
mrenclave_hex=$(docker run integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} mrenclave | grep -oP ':\s*\K[a-fA-F0-9]+')
echo "$mrenclave_hex" > mrenclave-${{ matrix.flavor_id }}-${{ github.ref_name }}.hex
- name: Upload Enclave Digest File
uses: actions/upload-artifact@v4
with:
name: mrenclave-${{ matrix.flavor_id }}-${{ github.ref_name }}.hex
path: mrenclave-${{ matrix.flavor_id }}-${{ github.ref_name }}.hex

- name: Save worker docker image
run: |
docker image save integritee/${{ matrix.flavor_id }}:${{ github.ref_name }} | gzip > integritee-worker-${{ matrix.flavor_id }}-${{ github.ref_name }}.tar.gz
Expand Down Expand Up @@ -553,7 +557,7 @@ jobs:
runs-on: ubuntu-latest
name: Draft Release
if: startsWith(github.ref, 'refs/tags/')
needs: [ build-test, integration-tests, release-build ]
needs: [ build-test, integration-tests, release-production-build ]
outputs:
release_url: ${{ steps.create-release.outputs.html_url }}
asset_upload_url: ${{ steps.create-release.outputs.upload_url }}
Expand Down Expand Up @@ -584,6 +588,18 @@ jobs:
name: teeracle-cli-${{ github.ref_name }}.tar.gz
path: .

- name: Download Teeracle MRENCLAVE
uses: actions/download-artifact@v4
with:
name: mrenclave-teeracle-${{ github.ref_name }}.hex
path: .

- name: Download sidechain MRENCLAVE
uses: actions/download-artifact@v4
with:
name: mrenclave-sidechain-${{ github.ref_name }}.hex
path: .

#
# Temporary comment out until we decide what to release
#
Expand Down Expand Up @@ -634,3 +650,5 @@ jobs:
integritee-client
integritee-demo-validateer
enclave.signed.so
mrenclave-teeracle-${{ github.ref_name }}.hex
mrenclave-sidechain-${{ github.ref_name }}.hex
4 changes: 2 additions & 2 deletions Cargo.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2568,7 +2568,7 @@ dependencies = [

[[package]]
name = "integritee-cli"
version = "0.15.11"
version = "0.15.12"
dependencies = [
"array-bytes 6.1.0",
"base58",
Expand Down Expand Up @@ -2624,7 +2624,7 @@ dependencies = [

[[package]]
name = "integritee-service"
version = "0.15.11"
version = "0.15.12"
dependencies = [
"anyhow",
"async-trait",
Expand Down
2 changes: 1 addition & 1 deletion cli/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "integritee-cli"
version = "0.15.11"
version = "0.15.12"
authors = ["Integritee AG <hello@integritee.network>"]
edition = "2021"

Expand Down
2 changes: 1 addition & 1 deletion enclave-runtime/Cargo.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -771,7 +771,7 @@ dependencies = [

[[package]]
name = "enclave-runtime"
version = "0.15.11"
version = "0.15.12"
dependencies = [
"array-bytes 6.2.2",
"cid",
Expand Down
2 changes: 1 addition & 1 deletion enclave-runtime/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "enclave-runtime"
version = "0.15.11"
version = "0.15.12"
authors = ["Integritee AG <hello@integritee.network>"]
edition = "2021"

Expand Down
2 changes: 1 addition & 1 deletion service/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "integritee-service"
version = "0.15.11"
version = "0.15.12"
authors = ["Integritee AG <hello@integritee.network>"]
build = "build.rs"
edition = "2021"
Expand Down

0 comments on commit 868880a

Please sign in to comment.