tkhq · r-n-o · Jun 7, 2024 · Feb 13, 2024 · Feb 13, 2024 · Feb 15, 2024
@@ -0,0 +1,33 @@
+name: "Set up Docker"
+description: "Ensure Docker is installed and configured correctly"
+runs:
+  using: "composite"
+  steps:
+    - name: Setup and configure docker
+      shell: 'script -q -e -c "bash {0}"'
+      run: |
+        [[ $EUID -ne 0 ]] && exec sudo /bin/sh "$0" "$@"
+        for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; \
+          do apt-get remove $pkg; \
+        done
+        apt-get update
+        apt-get install ca-certificates curl
+        install -m 0755 -d /etc/apt/keyrings
+        curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+        chmod a+r /etc/apt/keyrings/docker.asc
+        echo \
+          "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+          $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+          tee /etc/apt/sources.list.d/docker.list > /dev/null
+        apt-get update
+        cat << EOF >/etc/docker/daemon.json
+        {
+          "features": {
+          "containerd-snapshotter": true
+          },
+          "registry-mirrors": ["https://ghcr.io/tkhq"]
+        }
+        EOF
+        apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+        systemctl restart docker
+        docker buildx create --driver docker-container --bootstrap --name build --use
@@ -10,147 +10,30 @@ on:
   workflow_dispatch: # Allows manual invocation
 
 jobs:
-  lfs-to-github-cache:
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-    steps:
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
-        with:
-          aws-region: us-east-1
-          role-to-assume: arn:aws:iam::799078726966:role/github-qos
-      - name: Checkout sources
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-          submodules: true
-
-      - name: Setup LFS
-        uses: ./.github/actions/lfs-setup
-        with:
-          monoSshKey: ${{ secrets.MONO_SSH_KEY }}
-          pullLFSObjects: true
-
-      - name: Download submodules
-        run: GIT_LFS_SKIP_SMUDGE=1 git submodule update --init --recursive
-        shell: bash
-
-      - name: Generate Cache Key
-        id: cache-key
-        run: |
-          cache_filenames=$(make cache-filenames)
-          openssl sha256 $cache_filenames | openssl sha256 | awk '{ print "key="$2 }' >> $GITHUB_OUTPUT
-          printf "filenames<<EOF\n%s\nEOF\n" "$(printf "%s" "$cache_filenames" | tr ' ' '\n')" >> $GITHUB_OUTPUT
-
-      - name: Cache
-        id: cache
-        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
-        with:
-          lookup-only: true
-          key: lfs-${{steps.cache-key.outputs.key}}
-          path: ${{steps.cache-key.outputs.filenames}}
-
-      - name: Setup Checkout
-        if: steps.cache.outputs.cache-hit != 'true'
-        run: |
-          make cache
-
   build:
-    name: Build Toolchain Artifacts
+    name: build artifacts
     runs-on: ubuntu-latest
-    needs:
-      - lfs-to-github-cache
     strategy:
       matrix:
         include:
-          - target: qos_host.oci.x86_64.tar
-          - target: qos_enclave.oci.x86_64.tar
-          - target: qos_client.oci.x86_64.tar
-    timeout-minutes: 50
+          - target: qos_client.tar
+          - target: qos_host.tar
+          - target: qos_enclave.tar
     steps:
       - name: Checkout sources
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-          submodules: true
-
-      - name: Generate Cache Key
-        id: cache-key
-        run: |
-          cache_filenames=$(make cache-filenames)
-          openssl sha256 $cache_filenames | openssl sha256 | awk '{ print "key="$2 }' >> $GITHUB_OUTPUT
-          printf "filenames<<EOF\n%s\nEOF\n" "$(printf "%s" "$cache_filenames" | tr ' ' '\n')" >> $GITHUB_OUTPUT
-
-      - name: Cache
-        id: cache
-        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
-        with:
-          fail-on-cache-miss: true
-          key: lfs-${{steps.cache-key.outputs.key}}
-          path: ${{steps.cache-key.outputs.filenames}}
-
-      - name: Run `make out/${{ matrix.target }}`
+      - name: Setup Docker
+        uses: ./.github/actions/docker-setup
+      - name: Run `make`
         shell: 'script -q -e -c "bash {0}"'
         run: |
-          touch cache/toolchain.tgz
-          make -d toolchain-restore-mtime toolchain out/${{ matrix.target }}
-
+          make out/${{ matrix.target }}
       - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: ${{ matrix.target }}
           path: out/${{ matrix.target }}
           retention-days: 1
 
-  upload_to_ecr:
-    name: Upload toolchain artifacts to ECR
-    runs-on: ubuntu-latest
-    needs:
-      - build
-    permissions:
-      id-token: write
-      contents: read
-    steps:
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
-        with:
-          aws-region: us-east-1
-          role-to-assume: arn:aws:iam::799078726966:role/github-qos
-
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
-
-      - name: Download Artifacts
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
-
-      - name: Upload images to ECR
-        env:
-          images: >-
-            qos_client
-            qos_enclave
-            qos_host
-          tags: >-
-            ${{ github.ref == format('refs/heads/{0}', 'main') && 'latest' || '' }}
-            ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || '' }}
-            ${{ github.event_name == 'push' && github.ref_name || '' }}
-        run: |
-          skopeo login \
-            --username "${{ steps.login-ecr.outputs.docker_username_799078726966_dkr_ecr_us_east_1_amazonaws_com }}" \
-            --password "${{ steps.login-ecr.outputs.docker_password_799078726966_dkr_ecr_us_east_1_amazonaws_com }}" \
-            ${{ steps.login-ecr.outputs.registry }}
-          for image in ${images}; do
-            skopeo copy --all \
-              "oci-archive:./${image}.oci.x86_64.tar/${image}.oci.x86_64.tar" \
-              "docker://${{ steps.login-ecr.outputs.registry }}/tkhq/${image}:sha-${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}"
-            for tag in ${tags}; do
-              skopeo copy --all \
-                "docker://${{ steps.login-ecr.outputs.registry }}/tkhq/${image}:sha-${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}" \
-                "docker://${{ steps.login-ecr.outputs.registry }}/tkhq/${image}:${tag}"
-            done
-          done
-
   upload_to_ghcr:
     name: Upload toolchain artifacts to GHCR
     runs-on: ubuntu-latest
@@ -162,6 +45,8 @@ jobs:
     steps:
       - name: Download Artifacts
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - name: Display structure of downloaded files
+        run: ls -R /home/runner/work/qos/qos
       - name: Upload images to GHCR
         env:
           images: >-
@@ -178,8 +63,8 @@ jobs:
             --password "${{ secrets.GITHUB_TOKEN }}" \
             ghcr.io
           for image in ${images}; do
-            skopeo copy --all \
-              "oci-archive:./${image}.oci.x86_64.tar/${image}.oci.x86_64.tar" \
+            skopeo copy --all --dest-decompress \
+              "oci-archive:/home/runner/work/qos/qos/${image}.tar/${image}.tar" \
               "docker://ghcr.io/tkhq/${image}:sha-${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}"
             for tag in ${tags}; do
               skopeo copy --all \