Skip to content

Commit

Permalink
ci: reintroduce docker image caching
Browse files Browse the repository at this point in the history
  • Loading branch information
istepic committed Aug 30, 2023
1 parent fa03239 commit 4a891a2
Show file tree
Hide file tree
Showing 14 changed files with 918 additions and 87 deletions.
10 changes: 6 additions & 4 deletions .github/actions/build-docker/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,13 @@ inputs:
runs:
using: "composite"
steps:
- name: "Load Docker cache"
uses: satackey/[email protected]
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v2

- name: "Build Docker image"
shell: bash
run: |
docker build -t ${{ inputs.docker_tag }} ${{ inputs.docker_folder_path }}
docker buildx create --use --driver=docker-container
docker buildx build -t ${{ inputs.docker_tag }} \
--cache-to="type=gha,mode=max" --cache-from="type=gha" \
${{ inputs.docker_folder_path }} --load
11 changes: 0 additions & 11 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,6 @@ env:
DOCKER_TAG: buildenv
DOCKER_FOLDER_PATH: ./dockerfiles/base

# This buildenv contains libp11/softhsm and libdilithium
DOCKER_WITH_FEATURE_TAG: buildenv_with_features
DOCKER_WITH_FEATURE_FOLDER_PATH: ./dockerfiles/feature-support

TOKEN_LABEL1: token-label
TOKEN_LABEL2: token-label2
USER_PIN: 1234
Expand Down Expand Up @@ -82,13 +78,6 @@ jobs:
docker_tag: ${{ env.DOCKER_TAG }}
docker_folder_path: ${{ env.DOCKER_FOLDER_PATH }}

- name: "Build Docker Image With HSM"
if: ${{ matrix.hsm_flag == 'MOCOCRW_HSM_ENABLED=ON' || matrix.dilithium_flag == 'MOCOCRW_DILITHIUM_ENABLED=ON' }}
uses: ./.github/actions/build-docker
with:
docker_tag: ${{ env.DOCKER_WITH_FEATURE_TAG }}
docker_folder_path: ${{ env.DOCKER_WITH_FEATURE_FOLDER_PATH }}

- name: "Build MoCOCrW"
run: |
mkdir build
Expand Down
83 changes: 80 additions & 3 deletions dockerfiles/base/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ubuntu:focal
FROM ubuntu:focal as base

# Install MoCOCrW dependencies (except OpenSSL)
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
Expand All @@ -18,5 +18,82 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-rec
make \
ninja-build \
pkg-config \
wget \
&& rm -rf /var/lib/apt/lists/*
wget

FROM base as hsm

ARG LIBP11_URL=https://github.com/OpenSC/libp11/releases/download/libp11-0.4.12/libp11-0.4.12.tar.gz
COPY hsm-patches/0001-Introduce-generic-keypair-generation-interface-and-e.patch \
dilithium-patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch \
dilithium-patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch \
dilithium-patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch \
dilithium-patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch \
dilithium-patches/0005-CMakeLists.txt-Add-cmake-install-target.patch \
dilithium-patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch \
dilithium-patches/0007-CMakeLists.txt-Change-target_compile_definition.patch \
dilithium-patches/0008-Add-function-for-pub-key-extraction.patch \
/tmp/patches/

# Install:
# * MoCOCrW dependencies (except OpenSSL)
# * libp11
# * libdilithium
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
# for pkcs11-tool which we use to create keys in token
opensc \
# p11-kit-modules allows loading of libp11 engine without having to edit openssl.cnf
p11-kit-modules \
# softhsm2: includes both softhsm2-util and libsofthsm2
softhsm2 \
# libp11 needs this
libtool && \
rm -rf /var/lib/apt/lists/*

# Build libp11
RUN mkdir -p /tmp/libp11 && \
cd /tmp/libp11 && \
wget "${LIBP11_URL}" && \
tar xf libp11-0.4.12.tar.gz && \
cd libp11-0.4.12 && \
git apply /tmp/patches/0001-Introduce-generic-keypair-generation-interface-and-e.patch && \
echo "Successfully patched libp11" && \
autoreconf --verbose --install --force && \
./configure --enable-strict && \
make -j"$(nproc)" && \
make check && \
make install && \
rm -rf /tmp/libp11

FROM base as dilithium
RUN mkdir /tmp/patches
COPY dilithium-patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch \
dilithium-patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch \
dilithium-patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch \
dilithium-patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch \
dilithium-patches/0005-CMakeLists.txt-Add-cmake-install-target.patch \
dilithium-patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch \
dilithium-patches/0007-CMakeLists.txt-Change-target_compile_definition.patch \
dilithium-patches/0008-Add-function-for-pub-key-extraction.patch \
/tmp/patches/
RUN mkdir /tmp/libdilithium && \
cd /tmp/libdilithium && \
git clone https://github.com/pq-crystals/dilithium && \
cd dilithium && \
git checkout 3e9b9f1412f6c7435dbeb4e10692ea58f181ee51 && \
git apply /tmp/patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch && \
git apply /tmp/patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch && \
git apply /tmp/patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch && \
git apply /tmp/patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch && \
git apply /tmp/patches/0005-CMakeLists.txt-Add-cmake-install-target.patch && \
git apply /tmp/patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch && \
git apply /tmp/patches/0007-CMakeLists.txt-Change-target_compile_definition.patch && \
git apply /tmp/patches/0008-Add-function-for-pub-key-extraction.patch && \
mkdir build && \
cd build && \
cmake -GNinja .. -DBUILD_TESTING=ON&& \
ninja && \
ctest -j"$(nproc)" && \
ninja install && \
cd / && \
rm -rf /tmp/libdilithium && \
rm -rf /tmp/patches
Loading

0 comments on commit 4a891a2

Please sign in to comment.