diff --git a/.github/workflows/release-test.yml b/.github/workflows/release-test.yml new file mode 100644 index 00000000000..93dadc3ba8e --- /dev/null +++ b/.github/workflows/release-test.yml @@ -0,0 +1,361 @@ +name: Release (test) + +on: + pull_request: + types: + - labeled + - synchronize + - opened + - reopened + workflow_dispatch: + +permissions: + contents: write + actions: read + checks: write + +jobs: + make_sbom: + name: SBOM Generation + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + - name: "Install SBOM tool" + run: | + set -ex + curl -Lo sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64 > sbom-tool + chmod +x sbom-tool + shell: bash + - name: "Produce SBOM" + run: | + set -ex + CCF_VERSION=${{ github.ref_name }} + CCF_VERSION=${CCF_VERSION#ccf-} + ./sbom-tool generate -b . -bc . -pn CCF -ps Microsoft -nsb https://sbom.microsoft -pv $CCF_VERSION -V Error + shell: bash + # - name: "Upload SBOM" + # uses: actions/upload-artifact@v4 + # with: + # name: sbom + # path: _manifest/spdx_2.2/* + + # release_notes: + # name: Release Notes + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@v4 + # with: + # fetch-depth: 1 + # - name: "Check Release Notes" + # run: | + # set -ex + # python scripts/extract-release-notes.py --target-git-version + # shell: bash + # - name: "Produce Release Notes" + # run: | + # set -ex + # set -o pipefail + # python ./scripts/extract-release-notes.py --target-git-version --describe-path-changes "./samples/constitution" | tee rel-notes.md + # - name: "Upload .deb Package" + # uses: actions/upload-artifact@v4 + # with: + # name: relnotes + # path: rel-notes.md + + build_release: + name: Build Release + # needs: release_notes + if: ${{ contains(github.event.pull_request.labels.*.name, 'release-test') || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} + strategy: + matrix: + platform: + - name: virtual + os: ubuntu + image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025 + package_version: DEB + # - name: snp + # os: ubuntu + # image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025 + - name: virtual + os: azure-linux + image: mcr.microsoft.com/azurelinux/base/core:3.0 + package_version: RPM + # - name: snp + # os: azure-linux + # image: mcr.microsoft.com/azurelinux/base/core:3.0 + + runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] + container: + image: ${{ matrix.platform.image }} + options: "--user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro" + + steps: + - name: "Install dependencies" + if: ${{ matrix.platform.os == 'azure-linux' }} + shell: bash + run: | + set -ex + gpg --import /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY + tdnf -y update + # Source control + tdnf -y install ca-certificates git + # Build tools + tdnf -y install build-essential clang cmake ninja-build which + # libc++ + tdnf -y install libcxx-devel llvm-libunwind-devel llvm-libunwind-static + # Dependencies + tdnf -y install openssl-devel libuv-devel nghttp2-devel curl-devel + # Test dependencies + tdnf -y install libarrow-devel parquet-libs-devel lldb npm jq expect + # Install CDDL via rubygems + tdnf -y install rubygems + gem install cddl + + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: "Build Release ${{ matrix.platform.name }}" + shell: bash + run: | + set -ex + git config --global --add safe.directory /__w/CCF/CCF + mkdir build + cd build + CC=`which clang` CXX=`which clang++` cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} -DCLIENT_PROTOCOLS_TEST=ON -DPACKAGE_VERSION=${{ matrix.platform.package_version }} .. + ninja -v | tee build.log + + - name: "Check Mitigation Flags" + run: | + cd build + python3 ../scripts/build-check.py < build.log SNPCC + shell: bash + if: ${{ matrix.platform.name == 'snp' && matrix.platform.os == 'ubuntu' }} + + - name: "Install Extended Testing Tools" + run: | + set -ex + sudo apt-get -y update + sudo apt install ansible -y + cd getting_started/setup_vm + ansible-playbook ccf-extended-testing.yml + shell: bash + if: ${{ matrix.platform.name != 'snp' && matrix.platform.os == 'ubuntu' }} + + # TODO client_protocols + lts + + # - name: "Test ${{ matrix.platform.name }}" + # run: | + # set -ex + # cd build + # rm -rf /github/home/.cache + # mkdir -p /github/home/.cache + # export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15) + # # Unit tests + # ./tests.sh --output-on-failure -L unit -j$(nproc --all) + # ./tests.sh --timeout 360 --output-on-failure -LE "benchmark|unit" + # shell: bash + # if: "${{ matrix.platform.name != 'snp' }}" + + # - name: "Upload logs for ${{ matrix.platform.name }}" + # uses: actions/upload-artifact@v4 + # with: + # name: logs-${{ matrix.platform.name }} + # path: | + # build/workspace/*/*.config.json + # build/workspace/*/out + # build/workspace/*/err + # build/workspace/*.ledger/* + # if-no-files-found: ignore + # if: success() || failure() + + - name: "Make .deb Package" + id: make_deb + run: | + set -ex + set -o pipefail + cd build + cmake -L .. 2>/dev/null | grep CMAKE_INSTALL_PREFIX: | cut -d = -f 2 > /tmp/install_prefix + cpack -V -G DEB + INITIAL_PKG=`ls *.deb` + CCF_GITHUB_PKG=${INITIAL_PKG//\~/_} + if [[ "$INITIAL_PKG" != "$CCF_GITHUB_PKG" ]]; then + mv $INITIAL_PKG $CCF_GITHUB_PKG + fi + echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT + shell: bash + if: "${{ matrix.platform.os == 'ubuntu' }}" + + - name: "Make .rpm Package" + id: make_rpm + run: | + set -ex + set -o pipefail + cd build + cmake -L .. 2>/dev/null | grep CMAKE_INSTALL_PREFIX: | cut -d = -f 2 > /tmp/install_prefix + cpack -V -G RPM + INITIAL_PKG=`ls *.deb` + CCF_GITHUB_PKG=${INITIAL_PKG//\~/_} + if [[ "$INITIAL_PKG" != "$CCF_GITHUB_PKG" ]]; then + mv $INITIAL_PKG $CCF_GITHUB_PKG + fi + echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT + shell: bash + if: "${{ matrix.platform.os == 'ubuntu' }}" + + - name: "Install CCF Debian package" + run: | + set -ex + cd build + sudo apt -y install ./${{ steps.make_deb.outputs.name }} + shell: bash + if: "${{ matrix.platform.os == 'ubuntu' }}" + + - name: "Install CCF RPM package" + run: | + set -ex + cd build + tdnf -y install ./${{ steps.make_rpm.outputs.name }} + shell: bash + if: "${{ matrix.platform.os == 'azure-linux' }}" + + - name: "Test Installed CCF" + run: | + set -ex + set -o pipefail + cd build + cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./test_install.sh {}" + shell: bash + if: "${{ matrix.platform.name != 'snp' }}" + + - name: "Recovery Benchmark for Installed CCF" + run: | + set -ex + set -o pipefail + cd build + cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./recovery_benchmark.sh {}" + shell: bash + if: "${{ matrix.platform.name != 'snp' }}" + + - name: "Test Building a Sample Against Installed CCF" + run: | + set -ex + ./tests/test_install_build.sh -DCOMPILE_TARGET=${{ matrix.platform.name }} + shell: bash + + + # - name: "Upload .deb Package" + # uses: actions/upload-artifact@v4 + # with: + # name: pkg-${{ matrix.platform.name }} + # path: build/${{ steps.make_deb.outputs.name }} + + # - name: "Upload Compatibility Report" + # uses: actions/upload-artifact@v4 + # with: + # name: compatibility + # path: build/compatibility_report.json + # if: "${{ matrix.platform.name == 'virtual' }}" + + # - name: "Upload TLS Report" + # uses: actions/upload-artifact@v4 + # with: + # name: tls + # path: build/tls_report.html + # if: "${{ matrix.platform.name == 'virtual' }}" + + - name: "Build Python Wheel" + id: build_wheel + run: | + set -ex + cd python + python3 -m venv env + source ./env/bin/activate + pip install wheel build + python -m build --wheel + WHL=`ls dist/*.whl` + echo "name=$WHL" >> $GITHUB_OUTPUT + shell: bash + if: "${{ matrix.platform.name == 'virtual' }}" + + # - name: "Upload Python Wheel" + # uses: actions/upload-artifact@v4 + # with: + # name: wheel + # path: python/${{ steps.build_wheel.outputs.name }} + # if: "${{ matrix.platform.name == 'virtual' }}" + + - name: "Build TS Package" + id: build_tstgz + run: | + set -ex + cd js/ccf-app + CCF_VERSION=$(<../../build/VERSION_LONG) + CCF_VERSION=${CCF_VERSION#ccf-} + echo "Setting npm package version to ${CCF_VERSION}" + npm version $CCF_VERSION + npm pack + PKG=`ls *.tgz` + echo "name=$PKG" >> $GITHUB_OUTPUT + shell: bash + if: "${{ matrix.platform.name == 'virtual' }}" + + # - name: "Upload TS Package" + # uses: actions/upload-artifact@v4 + # with: + # name: tstgz + # path: js/ccf-app/${{ steps.build_tstgz.outputs.name }} + # if: "${{ matrix.platform.name == 'virtual' }}" + + + # create_release: + # needs: + # - build_release + # - make_sbom + # name: Create Release + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@v4 + # with: + # fetch-depth: 1 + # - name: Download Packages + # uses: actions/download-artifact@v4 + # with: + # path: pkg + # pattern: pkg-* + # merge-multiple: true + # - name: Download Release Notes + # uses: actions/download-artifact@v4 + # with: + # name: relnotes + # - name: Download Compatibility Report + # uses: actions/download-artifact@v4 + # with: + # name: compatibility + # - name: Download TLS Report + # uses: actions/download-artifact@v4 + # with: + # name: tls + # - name: Download Python Wheel + # uses: actions/download-artifact@v4 + # with: + # path: wheel + # name: wheel + # - name: Download TS Package + # uses: actions/download-artifact@v4 + # with: + # path: tstgz + # name: tstgz + # - name: Download SBOM + # uses: actions/download-artifact@v4 + # with: + # path: sbom + # name: sbom + # - run: | + # echo "Creating release will be done here" + # shell: bash + # env: + # GH_TOKEN: ${{ github.token }} + diff --git a/CMakeLists.txt b/CMakeLists.txt index 438b7ffd8fc..bd30e9163e8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -36,7 +36,11 @@ if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) ) endif() -include(${CCF_DIR}/cmake/cpack_settings.cmake) +if(PACKAGE_TYPE STREQUAL "deb") + include(${CCF_DIR}/cmake/cpack_deb.cmake) +elseif(PACKAGE_TYPE STREQUAL "rpm") + include(${CCF_DIR}/cmake/cpack_rpm.cmake) +endif() message(STATUS "CMAKE_INSTALL_PREFIX is '${CMAKE_INSTALL_PREFIX}'") diff --git a/cmake/cpack_settings.cmake b/cmake/cpack_deb.cmake similarity index 100% rename from cmake/cpack_settings.cmake rename to cmake/cpack_deb.cmake diff --git a/cmake/cpack_rpm.cmake b/cmake/cpack_rpm.cmake new file mode 100644 index 00000000000..0ce74df9923 --- /dev/null +++ b/cmake/cpack_rpm.cmake @@ -0,0 +1,31 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the Apache 2.0 License. + +set(CPACK_PACKAGE_NAME "${CCF_PROJECT}") +set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "Confidential Consortium Framework") +set(CPACK_PACKAGE_CONTACT "https://github.com/Microsoft/CCF") +set(CPACK_RESOURCE_FILE_LICENSE "${CCF_DIR}/LICENSE") +set(CPACK_PACKAGE_VERSION ${CCF_RELEASE_VERSION}) +set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) + +set(CPACK_RPM_PACKAGE_VERSION "${CCF_RELEASE_VERSION}") + +if(CCF_VERSION_SUFFIX) + set(CPACK_RPM_PACKAGE_VERSION + "${CPACK_RPM_PACKAGE_VERSION}~${CCF_VERSION_SUFFIX}" + ) +endif() + +message(STATUS "RPM package version: ${CPACK_RPM_PACKAGE_VERSION}") + +set(CCF_RPM_DEPENDENCIES + "libuv >= 1.34.2, openssl >= 3.3.0, nghttp2 >= 1.40.0, curl >= 7.68.0, libcxxabi >= 18.1.2" +) + +message(STATUS "RPM package dependencies: ${CCF_RPM_DEPENDENCIES}") + +set (CPACK_RPM_PACKAGE_REQUIRES "${CCF_RPM_DEPENDENCIES}") + +set(CPACK_RPM_FILE_NAME RPM-DEFAULT) + +include(CPack) diff --git a/tests/test_install_build.sh b/tests/test_install_build.sh index 4252b16accb..b69c7d3e1d4 100755 --- a/tests/test_install_build.sh +++ b/tests/test_install_build.sh @@ -6,13 +6,6 @@ set -ex mkdir -p build_against_install cd build_against_install -CC=$(command -v clang-15 || true) -CXX=$(command -v clang++-15 || true) - -if [ "$CC" = "" ] || [ "$CXX" = "" ]; then - CC=$(command -v clang-11) - CXX=$(command -v clang++-11) -fi +cmake -GNinja "$@" ../samples/apps/logging/ -CC=$CC CXX=$CXX cmake -GNinja "$@" ../samples/apps/logging/ ninja \ No newline at end of file