From 03f2a7a3b21999b9532e5a3f9fe88f27f21a176f Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Fri, 23 Aug 2024 15:45:44 -0400 Subject: [PATCH 1/5] Build Focal, Jammy, and Noble images in GitHub CI Signed-off-by: Spencer Wilson --- .github/workflows/ci.yml | 44 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..da4d79c --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,44 @@ +name: Build and push Docker images + +on: + push: + +jobs: + ubuntu-arm64: + strategy: + matrix: + distro: + - focal + - jammy + - latest + runs-on: oqs-arm64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Build arm64 tag + uses: docker/build-push-action@v6 + with: + # push: true + build-args: ARCH=arm64 + tags: openquantumsafe/ci-ubuntu-${{ matrix.distro }}:latest-arm64 + context: ubuntu-${{ matrix.distro }} + + ubuntu-x86_64: + needs: ubuntu-arm64 + strategy: + matrix: + distro: + - focal + - jammy + - latest + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Build and push x86_64 tag + uses: docker/build-push-action@v6 + with: + # push: true + build-args: ARCH=x86_64 + tags: openquantumsafe/ci-ubuntu-${{ matrix.distro }}:latest-x86_64 + context: ubuntu-${{ matrix.distro }} From 2f1dd1be362a748715c02d068b48d41b991f3c61 Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Fri, 23 Aug 2024 16:07:52 -0400 Subject: [PATCH 2/5] Stop using multiarch Dockerfile Signed-off-by: Spencer Wilson --- ubuntu-focal/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ubuntu-focal/Dockerfile b/ubuntu-focal/Dockerfile index 6a3e440..c9124ac 100644 --- a/ubuntu-focal/Dockerfile +++ b/ubuntu-focal/Dockerfile @@ -1,6 +1,6 @@ ARG ARCH -FROM multiarch/ubuntu-core:${ARCH}-focal -LABEL version="4" +FROM ubuntu:focal +LABEL version="5" ARG ARCH RUN DEBIAN_FRONTEND=noninteractive TZ=Europe/Zurich && \ From bf32d361227644e97abfa4ca11effa8ab4fc2624 Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Fri, 23 Aug 2024 16:11:47 -0400 Subject: [PATCH 3/5] Remove CircleCI config Signed-off-by: Spencer Wilson --- .circleci/config.yml | 170 ------------------------------------------- 1 file changed, 170 deletions(-) delete mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 3ea4f30..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,170 +0,0 @@ -version: 2.1 - -# CircleCI doesn't handle large file sets properly for local builds -# https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051 -localCheckout: &localCheckout - run: |- - git config --global --add safe.directory /tmp/_circleci_local_build_repo - PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd) - mkdir -p ${PROJECT_PATH} - cd /tmp/_circleci_local_build_repo - git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH} - cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH} - -.linux_job: &linuxjob - docker: - - image: ${IMAGE} - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Ubuntu-Focal - command: docker build --build-arg ARCH=x86_64 -t ci-ubuntu-focal . - working_directory: ubuntu-focal - # Debian used for ARM x-building - - run: - name: Debian Buster (10) - command: cd debian-buster && docker build --build-arg ARCH=amd64 -t ci-debian-buster . - - run: - name: Debian Bullseye (11) - command: cd debian-bullseye && docker build --build-arg ARCH=amd64 -t ci-debian-bullseye . - # Centos discontinued; disable until real need appears - #- run: - # name: Centos8 - # command: cd centos-8 && docker build --build-arg ARCH=amd64 -t ci-centos8 . - #- run: - # name: Centos7 - # command: cd centos-7 && docker build --build-arg ARCH=amd64 -t ci-centos7 . - - run: - name: Alpine - command: cd alpine && docker build --build-arg ARCH=amd64 -t ci-alpine . - - when: - condition: - equal: [ main, << pipeline.git.branch >> ] - steps: - - run: - name: docker login - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN --password-stdin - - run: - name: Tag and push images - command: | - docker tag ci-alpine $TARGETNAME/ci-alpine-amd64 && docker push $TARGETNAME/ci-alpine-amd64 && docker tag ci-ubuntu-focal $TARGETNAME/ci-ubuntu-focal-x86_64 && docker push $TARGETNAME/ci-ubuntu-focal-x86_64 && docker tag ci-debian-buster $TARGETNAME/ci-debian-buster-amd64 && docker push $TARGETNAME/ci-debian-buster-amd64 && docker tag ci-debian-bullseye $TARGETNAME/ci-debian-bullseye-amd64 && docker push $TARGETNAME/ci-debian-bullseye-amd64 - -jobs: - ubuntu-focal-x86_64: - <<: *linuxjob - environment: - IMAGE: openquantumsafe/ci-ubuntu-focal-x86_64:latest - ubuntu-bionic-i386: - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Ubuntu-Bionic-i386 - command: docker build --build-arg ARCH=i386 -t ci-ubuntu-bionic . - working_directory: ubuntu-bionic - - when: - condition: - equal: [ main, << pipeline.git.branch >> ] - steps: - - run: - name: docker login - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN --password-stdin - - run: - name: Tag and push image - command: | - docker tag ci-ubuntu-bionic $TARGETNAME/ci-ubuntu-bionic-i386 && docker push $TARGETNAME/ci-ubuntu-bionic-i386 - - ubuntu-jammy: - docker: - - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Ubuntu-Jammy - command: docker build -t ci-ubuntu-jammy . - working_directory: ubuntu-jammy - - when: - condition: - equal: [ main, << pipeline.git.branch >> ] - steps: - - run: - name: docker login - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN --password-stdin - - run: - name: Tag and push image - command: docker tag ci-ubuntu-jammy $TARGETNAME/ci-ubuntu-jammy && docker push $TARGETNAME/ci-ubuntu-jammy - - ubuntu-latest: - docker: - - image: cimg/base:2024.05 - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - setup_remote_docker - - run: - name: Ubuntu-latest - command: docker build -t ci-ubuntu-latest . - working_directory: ubuntu-latest - - when: - condition: - equal: [ main, << pipeline.git.branch >> ] - steps: - - run: - name: docker login - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN --password-stdin - - run: - name: Tag and push image - command: docker tag ci-ubuntu-latest $TARGETNAME/ci-ubuntu-latest && docker push $TARGETNAME/ci-ubuntu-latest - - arm64: - description: Building and pushing ARM64 CI image - machine: - image: ubuntu-2004:current - resource_class: arm.medium - steps: - - run: - name: Check versions - command: | - docker info - docker version - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - run: - name: Build CI image - command: | - # The CircleCI executor offers 35 cores, but using - # all of them might exhaust memory - # explicitly tag platform - docker version - docker build --build-arg MAKE_DEFINES="-j 18" --build-arg ARCH=arm64 -t ci-ubuntu-focal-arm64 . - working_directory: ubuntu-focal - - when: - condition: - equal: [ main, << pipeline.git.branch >> ] - steps: - - run: - name: Authenticate to Docker - command: echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN --password-stdin - - run: - name: Tag and push image - command: | - docker tag ci-ubuntu-focal-arm64 $TARGETNAME/ci-ubuntu-focal-arm64 - docker push $TARGETNAME/ci-ubuntu-focal-arm64 - -workflows: - version: 2 - build: - jobs: - - ubuntu-focal-x86_64: - context: openquantumsafe - - ubuntu-bionic-i386: - context: openquantumsafe - - ubuntu-jammy: - context: openquantumsafe - - ubuntu-latest: - context: openquantumsafe - - arm64: - context: openquantumsafe - From ec2caa4dd783e66d65fda993a2b3b145d561ed74 Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Fri, 23 Aug 2024 16:37:58 -0400 Subject: [PATCH 4/5] Refactor matrix; add push jobs to run on main only Signed-off-by: Spencer Wilson --- .github/workflows/build.yml | 34 ++++++++++++++++++++++++++ .github/workflows/{ci.yml => push.yml} | 24 +++++++++++++++--- 2 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/build.yml rename .github/workflows/{ci.yml => push.yml} (51%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..93cf608 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,34 @@ +name: Build Docker images + +on: + pull_request: + push: + branches-ignore: 'main' + +jobs: + ubuntu: + strategy: + matrix: + arch: + - arm64 + - x86_64 + distro: + - focal + - jammy + - latest + include: + - arch: arm64 + runner: oqs-arm64 + - arch: x86_64 + runner: ubuntu-latest + runs-on: ${{ matrix.runner }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Build image + uses: docker/build-push-action@v6 + with: + push: false + build-args: ARCH=${{ matrix.arch }} + tags: openquantumsafe/ci-ubuntu-${{ matrix.distro }}:latest-${{ matrix.arch }} + context: ubuntu-${{ matrix.distro }} diff --git a/.github/workflows/ci.yml b/.github/workflows/push.yml similarity index 51% rename from .github/workflows/ci.yml rename to .github/workflows/push.yml index da4d79c..fb0fc40 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/push.yml @@ -2,6 +2,7 @@ name: Build and push Docker images on: push: + branches: 'main' jobs: ubuntu-arm64: @@ -15,10 +16,15 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - - name: Build arm64 tag + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Build and push arm64 tag uses: docker/build-push-action@v6 with: - # push: true + push: true build-args: ARCH=arm64 tags: openquantumsafe/ci-ubuntu-${{ matrix.distro }}:latest-arm64 context: ubuntu-${{ matrix.distro }} @@ -35,10 +41,22 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + - name: Login to Docker Hub + if: github.ref_name == 'main' + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push x86_64 tag uses: docker/build-push-action@v6 with: - # push: true + push: true build-args: ARCH=x86_64 tags: openquantumsafe/ci-ubuntu-${{ matrix.distro }}:latest-x86_64 context: ubuntu-${{ matrix.distro }} + - name: Create multiarch image + run: | + docker manifest create openquantumsafe/ci-ubuntu-${{ matrix.distro }}:latest \ + --amend openquantumsafe/ci-ubuntu-${{ matrix.distro }}:latest-x86_64 \ + --amend openquantumsafe/ci-ubuntu-${{ matrix.distro }}:latest-arm64 \ + && docker manifest push openquantumsafe/ci-ubuntu-${{ matrix.distro }}:latest From cab34a741bf4adfff9a70eff4a524d3685b2797d Mon Sep 17 00:00:00 2001 From: Spencer Wilson Date: Wed, 28 Aug 2024 17:52:58 -0400 Subject: [PATCH 5/5] Install additional dependencies Signed-off-by: Spencer Wilson --- ubuntu-latest/Dockerfile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/ubuntu-latest/Dockerfile b/ubuntu-latest/Dockerfile index 2713f1b..878fc09 100644 --- a/ubuntu-latest/Dockerfile +++ b/ubuntu-latest/Dockerfile @@ -1,6 +1,5 @@ FROM ubuntu:latest -LABEL version="1" -ARG ARCH +LABEL version="2" RUN DEBIAN_FRONTEND=noninteractive TZ=Europe/Zurich && \ ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && \ @@ -25,8 +24,11 @@ RUN DEBIAN_FRONTEND=noninteractive TZ=Europe/Zurich && \ libunwind-dev \ make \ ninja-build \ + npm \ + opam \ pkg-config \ python3 \ + python3-git \ python3-nose \ python3-rednose \ python3-pytest \ @@ -48,8 +50,11 @@ RUN DEBIAN_FRONTEND=noninteractive TZ=Europe/Zurich && \ doxygen \ yamllint -# Why activate such old Java version? Disabling for now -#ENV JAVA_HOME="/usr/lib/jvm/java-1.11.0-openjdk-${ARCH}" +# set up jasmin compiler for libjade +RUN opam init --yes --auto-setup && opam install --confirm-level=unsafe-yes --destdir=/usr/local jasmin.2023.06.3 + +# install ajv for CBOM validation +RUN npm -g install ajv ajv-cli # Activate if we want to test specific OpenSSL3 versions: # RUN cd /root && git clone --depth 1 --branch openssl-3.0.7 https://github.com/openssl/openssl.git && cd openssl && LDFLAGS="-Wl,-rpath -Wl,/usr/local/openssl3/lib64" ./config --prefix=/usr/local/openssl3 && make -j && make install