From ac603dc27ce8bf953ec8e928f73ad46febf26907 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 9 May 2022 09:52:12 +0000 Subject: [PATCH 01/10] Update CI job to push to ACR --- .github/workflows/containers.yml | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 608da8df2cc..27ad1f16fa7 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -1,9 +1,13 @@ -name: "Build and Publish Release Containers" +name: "Build and Publish Release Containers to ACR" on: release: types: [published] +env: + ACR_REGISTRY: ccfmsrc.azurecr.io + ACR_TOKEN_NAME: app-push-token + jobs: build: name: "Build Containers" @@ -16,22 +20,22 @@ jobs: id: tref - name: Build App CI container - run: docker build -f docker/app_ci . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t ccfciteam/ccf-app-ci:${{steps.tref.outputs.tag}} -t ccfciteam/ccf-app-ci:latest + run: docker build -f docker/app_ci . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-dev:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-dev:latest - name: Build App Run container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t ccfciteam/ccf-app-run:${{steps.tref.outputs.tag}} -t ccfciteam/ccf-app-run:latest + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-run:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-run:latest - name: Log in - run: docker login -u amchamay -p ${{ secrets.DOCKER_HUB_TOKEN }} + run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - - name: Push App CI container - run: docker push ccfciteam/ccf-app-ci:${{steps.tref.outputs.tag}} + - name: Push App Dev container + run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:${{steps.tref.outputs.tag}} - name: Push App Run container - run: docker push ccfciteam/ccf-app-run:${{steps.tref.outputs.tag}} + run: docker push $ACR_REGISTRY/ccf-sgx-app-run:${{steps.tref.outputs.tag}} - - name: Push App CI latest container - run: docker push ccfciteam/ccf-app-ci:latest + - name: Push App Dev latest container + run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:latest - name: Push App Run latest container - run: docker push ccfciteam/ccf-app-run:latest + run: docker push $ACR_REGISTRY/ccf-sgx-app-run:latest From e06e2c81271654a4e946d35f0ccbe8f74c621d6c Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 9 May 2022 09:53:07 +0000 Subject: [PATCH 02/10] Rename `app_ci` -> `app_dev` --- .github/workflows/containers.yml | 4 ++-- docker/README.md | 4 ++-- docker/{app_ci => app_dev} | 0 3 files changed, 4 insertions(+), 4 deletions(-) rename docker/{app_ci => app_dev} (100%) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index 27ad1f16fa7..f4270d27846 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -19,8 +19,8 @@ jobs: run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/ccf-}" id: tref - - name: Build App CI container - run: docker build -f docker/app_ci . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-dev:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-dev:latest + - name: Build App Dev container + run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-dev:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-dev:latest - name: Build App Run container run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-run:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-run:latest diff --git a/docker/README.md b/docker/README.md index 76bbc18d026..85d43aa5ef8 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,12 +1,12 @@ # Docker images for CCF - `app_run`: Builds the image containing all runtime dependencies for CCF, as well as the latest release of CCF (as per https://github.com/microsoft/CCF/releases/latest). To be used by CCF operators. -- `app_ci`: Builds the image containing all build dependencies for CCF applications. To be used by CCF application developers. +- `app_dev`: Builds the image containing all build dependencies for CCF applications. To be used by CCF application developers. - `ccf_ci`: Builds the image containing all build dependencies for CCF itself. To be used by CCF contributors. It is also used by CCF Continuous Integration pipeline. To build a given image, run: ```bash $ cd CCF/ -$ docker build -t -f docker/ . +$ docker build -t -f docker/ . ``` diff --git a/docker/app_ci b/docker/app_dev similarity index 100% rename from docker/app_ci rename to docker/app_dev From 64e8ad46b83830577b07ef50aaf84dcfbf0faa66 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 9 May 2022 09:56:36 +0000 Subject: [PATCH 03/10] Rename images in doc --- .devcontainer/devcontainer.json | 2 +- doc/contribute/build_setup.rst | 4 ++-- doc/operations/run_setup.rst | 8 ++++---- tests/infra/remote_shim.py | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 62022f253bf..ca8ee5ec046 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,7 +1,7 @@ { "name": "Sample Development Environment for CCF", "context": "..", - "image": "ccfciteam/ccf-app-ci:latest", + "image": "ccfmsrc.azurecr.io/ccf-sgx-app-dev:latest", "runArgs": [], "extensions": ["ms-vscode.cpptools", "ms-python.python"] } diff --git a/doc/contribute/build_setup.rst b/doc/contribute/build_setup.rst index 04e578bfc81..a798ff6e588 100644 --- a/doc/contribute/build_setup.rst +++ b/doc/contribute/build_setup.rst @@ -22,8 +22,8 @@ The quickest way to get started building CCF applications is to use the CCF buil .. code-block:: bash - $ docker pull ccfciteam/ccf-app-ci:latest # Latest CCF release - $ docker pull ccfciteam/ccf-app-ci:X.YZ # Specific CCF release + $ docker pull ccfmsrc.azurecr.io/ccf-sgx-app-dev:latest # Latest CCF release + $ docker pull ccfmsrc.azurecr.io/ccf-sgx-app-dev:X.YZ # Specific CCF release The container contains the latest release of CCF along with a complete build toolchain, and startup scripts. diff --git a/doc/operations/run_setup.rst b/doc/operations/run_setup.rst index 05a1f724d50..5c549627b72 100644 --- a/doc/operations/run_setup.rst +++ b/doc/operations/run_setup.rst @@ -16,14 +16,14 @@ Then, to quickly set up the dependencies necessary to start CCF applications, si Runtime Container ----------------- -The ``ccfciteam/ccf-app-run`` container can be run to setup an environment containing the ``cchost`` binary (as per the `latest release of CCF `_) and the associated dependencies. +The ``ccfmsrc.azurecr.io/ccf-sgx-app-run`` container can be run to setup an environment containing the ``cchost`` binary (as per the `latest release of CCF `_) and the associated dependencies. -The pre-built container can be obtained from `ccfciteam/ccf-app-run `_ on hub.docker.com. +The pre-built container can be obtained from the ``ccfmsrc.azurecr.io/ccf-sgx-app-dev`` image on Azure Container Registry: .. code-block:: bash - $ docker pull ccfciteam/ccf-app-run:latest # Latest CCF release - $ docker pull ccfciteam/ccf-app-run:X.YZ # Specific CCF release + $ docker pull ccfmsrc.azurecr.io/ccf-sgx-app-run:latest # Latest CCF release + $ docker pull ccfmsrc.azurecr.io/ccf-sgx-app-run:X.YZ # Specific CCF release The container does not contain any particular CCF enclave application, and may be helpful when deploying CCF nodes via docker, k8s, etc. It is up to the operator(s) to mount the appropriate CCF enclave application and start and manage the CCF node. diff --git a/tests/infra/remote_shim.py b/tests/infra/remote_shim.py index 47037539450..2c416d143a1 100644 --- a/tests/infra/remote_shim.py +++ b/tests/infra/remote_shim.py @@ -27,7 +27,7 @@ def map_azure_devops_docker_workspace_dir(workspace_dir): # Docker image name prefix -DOCKER_IMAGE_NAME_PREFIX = "ccfciteam/ccf-app-run" +DOCKER_IMAGE_NAME_PREFIX = "ccfmsrc.azurecr.io/ccf-sgx-app-run" # Network name AZURE_DEVOPS_CONTAINER_NETWORK_ENV_VAR = "AGENT_CONTAINERNETWORK" From 6ae2168c500eeb383d81d7fbabba76ededaf0e06 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 9 May 2022 09:57:23 +0000 Subject: [PATCH 04/10] . --- tests/infra/remote_shim.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/infra/remote_shim.py b/tests/infra/remote_shim.py index 2c416d143a1..a832b64c36d 100644 --- a/tests/infra/remote_shim.py +++ b/tests/infra/remote_shim.py @@ -27,7 +27,8 @@ def map_azure_devops_docker_workspace_dir(workspace_dir): # Docker image name prefix -DOCKER_IMAGE_NAME_PREFIX = "ccfmsrc.azurecr.io/ccf-sgx-app-run" +# To update when runtime images are pushed to ACR +DOCKER_IMAGE_NAME_PREFIX = "ccfciteam/ccf-app-run" # Network name AZURE_DEVOPS_CONTAINER_NETWORK_ENV_VAR = "AGENT_CONTAINERNETWORK" From 4e371e4bb37821af700e2d163b2eea76df78c3e1 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 9 May 2022 10:03:08 +0000 Subject: [PATCH 05/10] Changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 07c1dc49777..265349e0a8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Changed - Upgraded Open Enclave to 0.17.7 (#3815). +- CCF Docker images are now available through Azure Container Registry rather than Docker Hub (#3821). + - The `ccfciteam/ccf-app-run` image is now available at `ccfmsrc.azurecr.io/ccf-sgx-app-run`. + - The `ccfciteam/ccf-app-ci` image is now available at `ccfmsrc.azurecr.io/ccf-sgx-app-dev`. ## [2.0.0-rc8] From 3cb29b52e49a64aaa0cc05dd2ca47bd53a936682 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 9 May 2022 13:53:22 +0000 Subject: [PATCH 06/10] . --- .github/workflows/containers.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index f4270d27846..d1920dc4ccd 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -1,8 +1,9 @@ name: "Build and Publish Release Containers to ACR" on: - release: - types: [published] + push + # release: + # types: [published] env: ACR_REGISTRY: ccfmsrc.azurecr.io From 7e40e457aac1c5b99d4a9e349ebb73429bb6c4bc Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 9 May 2022 13:55:41 +0000 Subject: [PATCH 07/10] Now? --- .github/workflows/containers.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index d1920dc4ccd..ecbd116a4c8 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -21,19 +21,19 @@ jobs: id: tref - name: Build App Dev container - run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-dev:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-dev:latest + run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=ccf-2.0.0-rc9" -t $ACR_REGISTRY/ccf-sgx-app-dev:ccf-2.0.0-rc9 -t $ACR_REGISTRY/ccf-sgx-app-dev:latest - name: Build App Run container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-run:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-run:latest + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=ccf-2.0.0-rc9" -t $ACR_REGISTRY/ccf-sgx-app-run:ccf-2.0.0-rc9 -t $ACR_REGISTRY/ccf-sgx-app-run:latest - name: Log in run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - name: Push App Dev container - run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:${{steps.tref.outputs.tag}} + run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:ccf-2.0.0-rc9 - name: Push App Run container - run: docker push $ACR_REGISTRY/ccf-sgx-app-run:${{steps.tref.outputs.tag}} + run: docker push $ACR_REGISTRY/ccf-sgx-app-run:ccf-2.0.0-rc9 - name: Push App Dev latest container run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:latest From 22c978c42d580962d8c5c981f02edb8a353c3068 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 9 May 2022 14:01:48 +0000 Subject: [PATCH 08/10] rc8? --- .github/workflows/containers.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index ecbd116a4c8..af46023b41e 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -21,19 +21,19 @@ jobs: id: tref - name: Build App Dev container - run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=ccf-2.0.0-rc9" -t $ACR_REGISTRY/ccf-sgx-app-dev:ccf-2.0.0-rc9 -t $ACR_REGISTRY/ccf-sgx-app-dev:latest + run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=ccf-2.0.0-rc8" -t $ACR_REGISTRY/ccf-sgx-app-dev:ccf-2.0.0-rc8 -t $ACR_REGISTRY/ccf-sgx-app-dev:latest - name: Build App Run container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=ccf-2.0.0-rc9" -t $ACR_REGISTRY/ccf-sgx-app-run:ccf-2.0.0-rc9 -t $ACR_REGISTRY/ccf-sgx-app-run:latest + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=ccf-2.0.0-rc8" -t $ACR_REGISTRY/ccf-sgx-app-run:ccf-2.0.0-rc8 -t $ACR_REGISTRY/ccf-sgx-app-run:latest - name: Log in run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - name: Push App Dev container - run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:ccf-2.0.0-rc9 + run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:ccf-2.0.0-rc8 - name: Push App Run container - run: docker push $ACR_REGISTRY/ccf-sgx-app-run:ccf-2.0.0-rc9 + run: docker push $ACR_REGISTRY/ccf-sgx-app-run:ccf-2.0.0-rc8 - name: Push App Dev latest container run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:latest From 62334d312bca33d2c76f05d8cf354cef6b71a046 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 9 May 2022 14:06:22 +0000 Subject: [PATCH 09/10] Now! --- .github/workflows/containers.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index af46023b41e..ea6d9e34644 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -21,19 +21,19 @@ jobs: id: tref - name: Build App Dev container - run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=ccf-2.0.0-rc8" -t $ACR_REGISTRY/ccf-sgx-app-dev:ccf-2.0.0-rc8 -t $ACR_REGISTRY/ccf-sgx-app-dev:latest + run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=2.0.0-rc8" -t $ACR_REGISTRY/ccf-sgx-app-dev:2.0.0-rc8 -t $ACR_REGISTRY/ccf-sgx-app-dev:latest - name: Build App Run container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=ccf-2.0.0-rc8" -t $ACR_REGISTRY/ccf-sgx-app-run:ccf-2.0.0-rc8 -t $ACR_REGISTRY/ccf-sgx-app-run:latest + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=2.0.0-rc8" -t $ACR_REGISTRY/ccf-sgx-app-run:2.0.0-rc8 -t $ACR_REGISTRY/ccf-sgx-app-run:latest - name: Log in run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - name: Push App Dev container - run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:ccf-2.0.0-rc8 + run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:2.0.0-rc8 - name: Push App Run container - run: docker push $ACR_REGISTRY/ccf-sgx-app-run:ccf-2.0.0-rc8 + run: docker push $ACR_REGISTRY/ccf-sgx-app-run:2.0.0-rc8 - name: Push App Dev latest container run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:latest From cbe937427eb3810689192db771ef4cf0dc7cfa09 Mon Sep 17 00:00:00 2001 From: Julien Maffre Date: Mon, 9 May 2022 14:34:51 +0000 Subject: [PATCH 10/10] . --- .github/workflows/containers.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index ea6d9e34644..f4270d27846 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -1,9 +1,8 @@ name: "Build and Publish Release Containers to ACR" on: - push - # release: - # types: [published] + release: + types: [published] env: ACR_REGISTRY: ccfmsrc.azurecr.io @@ -21,19 +20,19 @@ jobs: id: tref - name: Build App Dev container - run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=2.0.0-rc8" -t $ACR_REGISTRY/ccf-sgx-app-dev:2.0.0-rc8 -t $ACR_REGISTRY/ccf-sgx-app-dev:latest + run: docker build -f docker/app_dev . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-dev:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-dev:latest - name: Build App Run container - run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=2.0.0-rc8" -t $ACR_REGISTRY/ccf-sgx-app-run:2.0.0-rc8 -t $ACR_REGISTRY/ccf-sgx-app-run:latest + run: docker build -f docker/app_run . --build-arg="extra_vars=--extra-vars ccf_ver=${{steps.tref.outputs.tag}}" -t $ACR_REGISTRY/ccf-sgx-app-run:${{steps.tref.outputs.tag}} -t $ACR_REGISTRY/ccf-sgx-app-run:latest - name: Log in run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_APP_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY - name: Push App Dev container - run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:2.0.0-rc8 + run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:${{steps.tref.outputs.tag}} - name: Push App Run container - run: docker push $ACR_REGISTRY/ccf-sgx-app-run:2.0.0-rc8 + run: docker push $ACR_REGISTRY/ccf-sgx-app-run:${{steps.tref.outputs.tag}} - name: Push App Dev latest container run: docker push $ACR_REGISTRY/ccf-sgx-app-dev:latest