Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] main from oasisprotocol:main #178

Merged
merged 11 commits into from
Jan 10, 2025
Merged

[pull] main from oasisprotocol:main #178

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
7715998
Add rofl-containers generic ROFL app runtime for containers
kostko Dec 12, 2024
f9849a2
runtime-sdk/modules/rofl: Support encrypted calls in client
kostko Dec 19, 2024
b3f1d94
runtime-sdk/modules/rofl: Add simple key derivation for ROFL apps
kostko Jan 7, 2025
9017a78
Add rofl-appd REST API server
kostko Dec 18, 2024
70d8c58
ci: Fix feature incompatibilities during lint
kostko Jan 9, 2025
a5abfbf
ci: Fix used clang version
kostko Jan 9, 2025
0dcfe5d
ci: Only test build select crates for SGX
kostko Jan 9, 2025
44465bd
ci: Disable AppArmor on latest Ubuntu
kostko Jan 9, 2025
32ebd3c
runtime-sdk/modules/rofl: Add metadata and encrypted secrets
kostko Jan 10, 2025
a9a712c
ci: Add rofl-containers release workflow
kostko Jan 10, 2025
4d23a00
Merge pull request #2108 from oasisprotocol/kostko/feature/rofl-tdx-c…
kostko Jan 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .github/actions/lint-rust/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ inputs:
features:
description: Features to enable, separated by comma
required: false
exclude:
description: Packages to exclude, separated by comma
required: false
runs:
using: composite
steps:
Expand All @@ -19,15 +22,26 @@ runs:
env:
MANIFEST_PATH: ${{ inputs.manifest_path }}
FEATURES: ${{ inputs.features }}
EXCLUDE: ${{ inputs.exclude }}
run: |
if [[ -z "$FEATURES" ]]; then
FEATURES_ARG=("--all-features")
else
FEATURES_ARG=("--features" "$FEATURES")
fi

if [[ -z "$EXCLUDE" ]]; then
EXCLUDE_ARG=("")
else
EXCLUDE_ARG=("--workspace")
for PKG in ${EXCLUDE//,/ }; do
EXCLUDE_ARG+=("--exclude" "$PKG")
done
fi

cargo clippy \
${FEATURES_ARG[@]} \
${EXCLUDE_ARG[@]} \
--locked \
--manifest-path "$MANIFEST_PATH" \
-- \
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/ci-lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,16 @@ jobs:
run: rustup show

- name: Lint Rust code
uses: ./.github/actions/lint-rust
with:
features: debug-logging,test,unsafe-allow-debug
token: ${{ secrets.GITHUB_TOKEN }}

- name: Lint Rust code (mock TEE)
uses: ./.github/actions/lint-rust
with:
features: debug-logging,debug-mock-sgx,test,unsafe-allow-debug
exclude: rofl-containers,rofl-appd
token: ${{ secrets.GITHUB_TOKEN }}

- name: Lint Rust code (TDX)
Expand Down
30 changes: 26 additions & 4 deletions .github/workflows/ci-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,16 +61,20 @@ jobs:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install gcc-multilib clang-11
sudo apt-get install gcc-multilib clang-18

- name: Set up Rust
run: rustup show

- name: Build for SGX
run: cargo build --target x86_64-fortanix-unknown-sgx
- name: Build select crates for SGX
run: |
cargo build --target x86_64-fortanix-unknown-sgx \
--package oasis-runtime-sdk \
--package oasis-runtime-sdk-contracts \
--package oasis-runtime-sdk-evm
env:
CFLAGS_x86_64_fortanix_unknown_sgx: -isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening
CC_x86_64_fortanix_unknown_sgx: clang-11
CC_x86_64_fortanix_unknown_sgx: clang-18

check-core-versions:
# NOTE: This name appears in GitHub's Checks API.
Expand Down Expand Up @@ -304,6 +308,12 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- name: Disable AppArmor
run: |
sudo systemctl stop apparmor.service
sudo systemctl disable apparmor.service
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

- name: Set up Node.js LTS
uses: actions/setup-node@v4
with:
Expand Down Expand Up @@ -383,6 +393,12 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- name: Disable AppArmor
run: |
sudo systemctl stop apparmor.service
sudo systemctl disable apparmor.service
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

- name: Set up Rust
run: rustup show

Expand Down Expand Up @@ -493,6 +509,12 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- name: Disable AppArmor
run: |
sudo systemctl stop apparmor.service
sudo systemctl disable apparmor.service
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

- name: Set up Rust
run: rustup show

Expand Down
31 changes: 31 additions & 0 deletions .github/workflows/release-rofl-containers.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
name: release-rofl-containers

on:
push:
tags:
- 'rofl-containers/v[0-9]+.[0-9]+*'

permissions:
contents: write

jobs:
release-rofl-containers:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Build rofl-containers
id: build
uses: oasisprotocol/oasis-sdk/.github/actions/hash-rust@main
with:
image: ghcr.io/oasisprotocol/runtime-builder:main
pkg-dirs: rofl-containers
binaries: rofl-containers
clean: no

- name: Publish the release
uses: ncipollo/release-action@v1
with:
artifacts: ${{ github.workspace }}/${{ steps.build.outputs.build-path }}/rofl-containers
token: ${{ secrets.GITHUB_TOKEN }}
Loading
Loading