mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-01 07:47:15 +00:00
ci: guest-components wihout sudo
Build guest-components without sudo docker this is not needed. This is part 2 of N Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
This commit is contained in:
Zvonko Kaiser
parent
a7931115a0
commit
1e4cbc4fcd
@ -8,8 +8,15 @@ ARG RUST_TOOLCHAIN
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
ENV RUSTUP_HOME="/opt/rustup"
|
||||
ENV CARGO_HOME="/opt/cargo"
|
||||
ENV PATH="/opt/cargo/bin/:${PATH}"
|
||||
|
||||
# Note - the TDX lib is only available on x86, so there is an arch check in the package install
|
||||
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
||||
|
||||
RUN mkdir ${RUSTUP_HOME} ${CARGO_HOME} && chmod -R a+rwX ${RUSTUP_HOME} ${CARGO_HOME}
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get --no-install-recommends install -y \
|
||||
ca-certificates \
|
||||
@ -36,5 +43,18 @@ RUN apt-get update && \
|
||||
apt-get clean && rm -rf /var/lib/apt/lists/ && \
|
||||
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN}
|
||||
|
||||
ENV LIBC="gnu"
|
||||
RUN ARCH=$(uname -m); \
|
||||
rust_arch=""; \
|
||||
case "${ARCH}" in \
|
||||
"aarch64") rust_arch="${ARCH}" ;; \
|
||||
"ppc64le") rust_arch="powerpc64le" ;; \
|
||||
"x86_64") rust_arch="${ARCH}" ;; \
|
||||
"s390x") rust_arch="${ARCH}" ;; \
|
||||
*) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \
|
||||
esac; \
|
||||
echo "RUST_ARCH=${rust_arch}" > /etc/profile.d/rust.sh; \
|
||||
rustup target add "${rust_arch}-unknown-linux-${LIBC}"
|
||||
|
||||
# aarch64 requires this name -- link for all
|
||||
RUN ln -s /usr/bin/musl-gcc "/usr/bin/$(uname -m)-linux-musl-gcc"
|
||||
|
||||
@ -17,45 +17,21 @@ source "${script_dir}/../../scripts/lib.sh"
|
||||
|
||||
[ -d "guest-components" ] && rm -rf guest-components
|
||||
|
||||
init_env() {
|
||||
source "$HOME/.cargo/env"
|
||||
|
||||
export LIBC=gnu
|
||||
|
||||
ARCH=$(uname -m)
|
||||
rust_arch=""
|
||||
case ${ARCH} in
|
||||
"aarch64")
|
||||
rust_arch=${ARCH}
|
||||
;;
|
||||
"ppc64le")
|
||||
rust_arch="powerpc64le"
|
||||
;;
|
||||
"x86_64")
|
||||
rust_arch=${ARCH}
|
||||
;;
|
||||
"s390x")
|
||||
rust_arch=${ARCH}
|
||||
;;
|
||||
esac
|
||||
rustup target add ${rust_arch}-unknown-linux-${LIBC}
|
||||
}
|
||||
|
||||
build_coco_guest_components_from_source() {
|
||||
echo "build coco-guest-components from source"
|
||||
|
||||
init_env
|
||||
. /etc/profile.d/rust.sh
|
||||
|
||||
git clone --depth 1 ${coco_guest_components_repo} guest-components
|
||||
git clone --depth 1 "${coco_guest_components_repo}" guest-components
|
||||
pushd guest-components
|
||||
|
||||
git fetch --depth=1 origin "${coco_guest_components_version}"
|
||||
git checkout FETCH_HEAD
|
||||
|
||||
DESTDIR="${DESTDIR}/usr/local/bin" TEE_PLATFORM=${TEE_PLATFORM} make build
|
||||
strip target/${rust_arch}-unknown-linux-${LIBC}/release/confidential-data-hub
|
||||
strip target/${rust_arch}-unknown-linux-${LIBC}/release/attestation-agent
|
||||
strip target/${rust_arch}-unknown-linux-${LIBC}/release/api-server-rest
|
||||
strip "target/${RUST_ARCH}-unknown-linux-${LIBC}/release/confidential-data-hub"
|
||||
strip "target/${RUST_ARCH}-unknown-linux-${LIBC}/release/attestation-agent"
|
||||
strip "target/${RUST_ARCH}-unknown-linux-${LIBC}/release/api-server-rest"
|
||||
DESTDIR="${DESTDIR}/usr/local/bin" TEE_PLATFORM=${TEE_PLATFORM} make install
|
||||
popd
|
||||
}
|
||||
|
||||
@ -31,8 +31,8 @@ package_output_dir="${package_output_dir:-}"
|
||||
container_image="${COCO_GUEST_COMPONENTS_CONTAINER_BUILDER:-$(get_coco_guest_components_image_name)}"
|
||||
[ "${CROSS_BUILD}" == "true" ] && container_image="${container_image}-cross-build"
|
||||
|
||||
sudo docker pull ${container_image} || \
|
||||
(sudo docker $BUILDX build $PLATFORM \
|
||||
docker pull ${container_image} || \
|
||||
(docker $BUILDX build $PLATFORM \
|
||||
--build-arg RUST_TOOLCHAIN="${coco_guest_components_toolchain}" \
|
||||
-t "${container_image}" "${script_dir}" && \
|
||||
# No-op unless PUSH_TO_REGISTRY is exported as "yes"
|
||||
@ -45,7 +45,7 @@ ATTESTER="none"
|
||||
# snp-attester and tdx-attester crates require packages only available on x86
|
||||
[ "$(uname -m)" == "x86_64" ] && ATTESTER="snp-attester,tdx-attester"
|
||||
|
||||
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
|
||||
docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
|
||||
-w "${PWD}" \
|
||||
--env DESTDIR="${DESTDIR}" \
|
||||
--env TEE_PLATFORM=${TEE_PLATFORM:+"all"} \
|
||||
@ -53,5 +53,6 @@ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
|
||||
--env ATTESTER=${ATTESTER:-} \
|
||||
--env coco_guest_components_repo="${coco_guest_components_repo}" \
|
||||
--env coco_guest_components_version="${coco_guest_components_version}" \
|
||||
--user "$(id -u)":"$(id -g)" \
|
||||
"${container_image}" \
|
||||
bash -c "${coco_guest_components_builder}"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user