Skip to content

Move the enclaves into the same build directory #7062

Move the enclaves into the same build directory

Move the enclaves into the same build directory #7062

Workflow file for this run

name: CI
on:
pull_request:
paths-ignore:
- '**.md'
push:
branches:
- master
- main
- develop
paths-ignore:
- '**.md'
workflow_dispatch:
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
MC_TELEMETRY: 0
permissions:
checks: write
jobs:
build-dev:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: Cargo build (SW)
uses: actions-rs/cargo@v1
with:
command: build
# This build dies with linker OOM, so limit the number of concurrent jobs.
args: --locked -j 4
- name: Check dirty git
uses: ./.github/actions/check-dirty-git
build-prod:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: Cargo build (HW)
env:
SGX_MODE: HW
uses: actions-rs/cargo@v1
with:
command: build
# This build dies with linker OOM, so limit the number of concurrent jobs.
args: --locked -j 4
- name: Check dirty git
uses: ./.github/actions/check-dirty-git
build-and-test-wasm:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
steps:
- name: Check out code
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 18
- name: Install wasm-pack
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
- name: Build and test the wasm-test crate
env:
SGX_MODE: HW
run: wasm-pack test --node wasm-test
lint-rust:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/setup-rust
with:
components: rustfmt, clippy
- name: Run lint script
run: ./tools/lint.sh --check
- name: Check dirty git
uses: ./.github/actions/check-dirty-git
build-and-test-go:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
cache-dependency-path: go-grpc-gateway/go.sum
go-version-file: go-grpc-gateway/go.mod
- name: Build go
working-directory: go-grpc-gateway
run: ./install_tools.sh && ./build.sh
- name: Check dirty git
uses: ./.github/actions/check-dirty-git
- name: Lint Go code
working-directory: go-grpc-gateway
run: ./lint.sh
- name: Check dirty git
uses: ./.github/actions/check-dirty-git
- name: Build rust testing stub
working-directory: go-grpc-gateway/testing
env:
SGX_MODE: SW
run: cargo build --locked
- name: Run curl test
working-directory: go-grpc-gateway
run: ./test.sh
- name: Check dirty git
uses: ./.github/actions/check-dirty-git
docs:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: Generate docs
run: cargo doc --no-deps && tar -C target -czvf /tmp/doc.tgz doc/
- name: Store docs
uses: actions/upload-artifact@v3
with:
name: doc.tgz
path: /tmp/doc.tgz
- name: Check dirty git
uses: ./.github/actions/check-dirty-git
mc-tests:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
strategy:
matrix:
num_runners: [2]
runner_index: [1, 2]
# Run each shard to completion.
fail-fast: false
env:
NUM_RUNNERS: ${{ matrix.num_runners }}
RUNNER_INDEX: ${{ matrix.runner_index }}
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: List packages to test
run: |
cargo metadata --no-deps --format-version=1 | jq -r '.packages[].name' | \
grep -v -e mc-fog -e mc-consensus | \
awk "{ print \"-p \" \$1 }" | \
sort > /tmp/test-packages
split -n "l/$RUNNER_INDEX/$NUM_RUNNERS" /tmp/test-packages | \
tee /tmp/mc-test-packages
# Hack: mc-util-sample-ledger needs mc-util-keyfile bins.
# TODO: Replace with artifact deps when that does not require
# additional cargo flags.
if grep -q generate-sample-ledger /tmp/mc-test-packages
then
echo '-p mc-util-keyfile' >> /tmp/mc-test-packages
fi
- name: Run tests
uses: ./.github/actions/run-mc-tests
with:
args: $(cat /tmp/mc-test-packages)
junit_xml_filename: junit-mc-tests-${{matrix.runner_index}}.xml
consensus-tests:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
strategy:
matrix:
num_runners: [2]
runner_index: [1, 2]
# Run each shard to completion.
fail-fast: false
env:
NUM_RUNNERS: ${{ matrix.num_runners }}
RUNNER_INDEX: ${{ matrix.runner_index }}
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: List packages to test
run: |
cargo metadata --no-deps --format-version=1 | jq -r '.packages[].name' | \
awk "/mc-consensus/ { print \"-p \" \$1 }" | \
sort > /tmp/test-packages
split -n "l/$RUNNER_INDEX/$NUM_RUNNERS" /tmp/test-packages | \
tee /tmp/consensus-test-packages
- name: Run tests
uses: ./.github/actions/run-mc-tests
with:
args: $(cat /tmp/consensus-test-packages)
junit_xml_filename: junit-consensus-tests-${{matrix.runner_index}}.xml
fog-tests:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
strategy:
matrix:
num_runners: [2]
runner_index: [1, 2]
# Run each shard to completion.
fail-fast: false
env:
NUM_RUNNERS: ${{ matrix.num_runners }}
RUNNER_INDEX: ${{ matrix.runner_index }}
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: List packages to test
run: |
cargo metadata --no-deps --format-version=1 | jq -r '.packages[].name' | \
awk "/mc-fog/ { print \"-p \" \$1 }" | \
grep -v mc-fog-ingest | \
sort > /tmp/test-packages
split -n "l/$RUNNER_INDEX/$NUM_RUNNERS" /tmp/test-packages | \
tee /tmp/fog-test-packages
# Hack: mc-fog-distribution needs bins from
# mc-util-{keyfile,generate-sample-ledger}.
# TODO: Replace with artifact deps when that does not require
# additional cargo flags.
if grep -q fog-distribution /tmp/fog-test-packages
then
echo '-p mc-util-keyfile -p mc-util-generate-sample-ledger' >> /tmp/fog-test-packages
fi
- name: Start postgres
run: service postgresql start
- name: Run tests
uses: ./.github/actions/run-mc-tests
with:
# The fog-overseer tests are large and sometimes fail to build;
# limiting the number of build-jobs helps with that.
args: $(cat /tmp/fog-test-packages) --build-jobs 4
junit_xml_filename: junit-fog-tests-${{matrix.runner_index}}.xml
env:
# TEST_DATABASE_URL points at the server, as Fog recovery DB tests
# create and drop PG databases.
TEST_DATABASE_URL: postgres://localhost
fog-ingest-tests:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: Start postgres
run: service postgresql start
- name: Run tests
uses: ./.github/actions/run-mc-tests
with:
# These tests time out without release mode.
args: -p 'mc-fog-ingest-*' --release
junit_xml_filename: junit-fog-ingest-tests.xml
env:
# TEST_DATABASE_URL points at the server, as Fog recovery DB tests
# create and drop PG databases.
TEST_DATABASE_URL: postgres://localhost
fog-conformance-tests:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
# FIXME: This fails with Python 3.10: "AttributeError: module
# 'importlib' has no attribute 'abc'. Did you mean: '_abc'?"
python-version: '3.9'
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: Set up environment
working-directory: tools/fog-local-network
run: |
python3 -m venv env
. ./env/bin/activate
pip install --upgrade pip
pip install -r requirements.txt
./build.sh
service postgresql start
- name: fog_conformance_tests.py
working-directory: tools/fog-local-network
env:
# TEST_DATABASE_URL points at the server, as Fog recovery DB tests
# create and drop PG databases.
TEST_DATABASE_URL: postgres://localhost
run: |
. ./env/bin/activate
python3 fog_conformance_tests.py --release
- name: Upload core dumps
uses: ./.github/actions/upload-core-dumps
- name: Check dirty git
uses: ./.github/actions/check-dirty-git
fog-local-network-tests:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3'
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: Build and generate sample data
run: |
# Generate enclave signing key
openssl genrsa -out Enclave_private.pem -3 3072
export CONSENSUS_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem"
export INGEST_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem"
export LEDGER_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem"
export VIEW_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem"
export MC_LOG=debug
# Build binaries
cargo build \
-p mc-admin-http-gateway \
-p mc-consensus-mint-client \
-p mc-consensus-service \
-p mc-consensus-tool \
-p mc-crypto-x509-test-vectors \
-p mc-fog-distribution \
-p mc-fog-ingest-client \
-p mc-fog-ingest-server \
-p mc-fog-ledger-server \
-p mc-fog-report-server \
-p mc-fog-sql-recovery-db \
-p mc-fog-test-client \
-p mc-fog-view-server \
-p mc-ledger-distribution \
-p mc-mobilecoind \
-p mc-mobilecoind-dev-faucet \
-p mc-util-generate-sample-ledger \
-p mc-util-grpc-admin-tool \
-p mc-util-keyfile \
-p mc-util-seeded-ed25519-key-gen \
--release
BIN_DIR="$PWD/target/release"
# Run in temp dir to appease check-dirty-git.
mkdir -p /tmp/fog-local-network
cd /tmp/fog-local-network
# Generate sample keys and ledger.
FOG_AUTHORITY_ROOT=$("$BIN_DIR/mc-crypto-x509-test-vectors" --type=chain --test-name=ok_rsa_head)
"$BIN_DIR/sample-keys" --num 10 --seed=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
"$BIN_DIR/generate-sample-ledger" --txs 100
# Generate sample Fog keys.
"$BIN_DIR/sample-keys" --num 4 --output-dir fog_keys --fog-report-url 'insecure-fog://localhost:6200' --fog-authority-root "$FOG_AUTHORITY_ROOT"
service postgresql start
- name: Run local network
env:
# TEST_DATABASE_URL points at the server, as Fog recovery DB tests
# create and drop PG databases.
TEST_DATABASE_URL: postgres://localhost
run: |
BIN_DIR="$PWD/target/release"
SCRIPT_DIR="$PWD/tools/fog-local-network"
export MC_CHAIN_ID="local"
export MC_LOG=info
# This is needed since we want to capture the output of mc-consensus-tool, and we can't have the
# logs getting in the way.
export MC_LOG_STDERR=1
cd /tmp/fog-local-network
export LEDGER_BASE="$PWD/ledger"
# Run local network in background.
MC_LOG="info,rustls=warn,hyper=warn,tokio_reactor=warn,mio=warn,want=warn,rusoto_core=error,h2=error,reqwest=error,rocket=error,<unknown>=error" \
python3 "$SCRIPT_DIR/fog_local_network.py" --network-type dense5 --skip-build &
# Give it time to spin up
for PORT in 3200 3201 3202 3203 3204 4444; do
for _unused in $(seq 0 60); do
if ss -l | grep -q ":$PORT"; then break; else sleep 1; fi;
done
done
# Save some typing
export MC_PEER="insecure-mc://localhost:3200/,insecure-mc://localhost:3201/,insecure-mc://localhost:3202/,insecure-mc://localhost:3203/,insecure-mc://localhost:3204/"
# Run fog-distribution client to exercise Fog
echo "Running fog distro"
"$BIN_DIR/fog-distribution" \
--sample-data-dir . \
--max-threads 1 \
--num-tx-to-send 10
# Give it time to quiet down
"$BIN_DIR/mc-consensus-tool" wait-for-quiet
# Run test-client
echo "Running test client"
"$BIN_DIR/test_client" \
--consensus insecure-mc://localhost:3200/ \
--consensus insecure-mc://localhost:3201/ \
--consensus insecure-mc://localhost:3202/ \
--consensus insecure-mc://localhost:3203/ \
--consensus insecure-mc://localhost:3204/ \
--num-clients 4 \
--num-transactions 40 \
--consensus-wait 300 \
--transfer-amount 20 \
--fog-view insecure-fog-view://localhost:8200 \
--fog-ledger insecure-fog-ledger://localhost:8200 \
--key-dir "$PWD/fog_keys"
PRE_AUTH_BLOCK_INDEX=$("$BIN_DIR/mc-consensus-tool" wait-for-quiet)
# Authorize minters
echo "Authorizing minters"
python3 "$SCRIPT_DIR/../local-network/authorize-minters.py"
PRE_MINT_BLOCK_INDEX=$("$BIN_DIR/mc-consensus-tool" wait-for-quiet --beyond-block="$PRE_AUTH_BLOCK_INDEX")
echo "Done waiting, PRE_MINT_BLOCK_INDEX=${PRE_MINT_BLOCK_INDEX}"
# Mint 1 million token1's to the first 4 fog accounts
echo "Minting"
for ACCOUNT_NUM in $(seq 0 3); do
"$BIN_DIR/mc-consensus-mint-client" \
"generate-and-submit-mint-tx" \
--node insecure-mc://localhost:3200/ \
--signing-key "$BIN_DIR/mc-local-network/minting-keys/minter1" \
--recipient "$(cat "fog_keys/account_keys_${ACCOUNT_NUM}.b58pub")" \
--fog-ingest-enclave-css "$BIN_DIR/ingest-enclave.css" \
--token-id 1 \
--amount 1000000
done
"$BIN_DIR/mc-consensus-tool" wait-for-quiet --beyond-block="$PRE_MINT_BLOCK_INDEX"
# Run test-client
echo "Running test client (tokens 0 and 1)"
"$BIN_DIR/test_client" \
--consensus insecure-mc://localhost:3200/ \
--consensus insecure-mc://localhost:3201/ \
--consensus insecure-mc://localhost:3202/ \
--consensus insecure-mc://localhost:3203/ \
--consensus insecure-mc://localhost:3204/ \
--num-clients 4 \
--num-transactions 40 \
--consensus-wait 300 \
--transfer-amount 20 \
--token-ids 0,1 \
--fog-view insecure-fog-view://localhost:8200 \
--fog-ledger insecure-fog-ledger://localhost:8200 \
--key-dir "$PWD/fog_keys"
# Run mobilecoind-dev-faucet
MC_LOG="info" \
"$BIN_DIR"/mobilecoind-dev-faucet \
--keyfile "$PWD/keys/account_keys_0.json" --activate --target-queue-depth 500 &
# Give it time to spin up
for _unused in $(seq 0 60); do
if ss -l | grep -q ":9090"; then break; else sleep 1; fi;
done
# Try hitting the faucet
curl -s localhost:9090/status
curl -s localhost:9090/ -d '{"b58_address": "5KBMnd8cs5zPsytGgZrjmQ8z9VJYThuh1B39pKzDERTfzm3sVGQxnZPC8JEWP69togpSPRz3e6pBsLzwnMjrXTbDqoRTQ8VF98sQu7LqjL5"}' -X POST
curl -s localhost:9090/ -d '{"b58_address": "5KBMnd8cs5zPsytGgZrjmQ8z9VJYThuh1B39pKzDERTfzm3sVGQxnZPC8JEWP69togpSPRz3e6pBsLzwnMjrXTbDqoRTQ8VF98sQu7LqjL5"}' -X POST
# Try triggering small slam twice and see that it doesn't get stuck
curl -s localhost:9090/slam -d '{"target_num_tx":500}' -X POST
"$BIN_DIR/mc-consensus-tool" wait-for-quiet
curl -s localhost:9090/slam -d '{"target_num_tx":500}' -X POST
- name: Upload core dumps
uses: ./.github/actions/upload-core-dumps
- name: Check dirty git
uses: ./.github/actions/check-dirty-git
minting-and-burning-tests:
runs-on: [self-hosted, Linux, large]
container: mobilecoin/builder-install:v0.0.32
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3'
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: Build and generate sample data
run: |
# Generate enclave signing key
openssl genrsa -out Enclave_private.pem -3 3072
export CONSENSUS_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem"
export INGEST_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem"
export LEDGER_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem"
export VIEW_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem"
export MC_LOG=debug
# Build binaries
cargo build \
-p mc-admin-http-gateway \
-p mc-consensus-mint-client \
-p mc-consensus-service \
-p mc-consensus-tool \
-p mc-crypto-x509-test-vectors \
-p mc-fog-distribution \
-p mc-fog-ingest-client \
-p mc-fog-ingest-server \
-p mc-fog-ledger-server \
-p mc-fog-report-server \
-p mc-fog-sql-recovery-db \
-p mc-fog-test-client \
-p mc-fog-view-server \
-p mc-ledger-distribution \
-p mc-mobilecoind \
-p mc-mobilecoind-dev-faucet \
-p mc-util-generate-sample-ledger \
-p mc-util-grpc-admin-tool \
-p mc-util-keyfile \
-p mc-util-seeded-ed25519-key-gen \
--release
BIN_DIR="$PWD/target/release"
# Run in temp dir to appease check-dirty-git.
mkdir -p /tmp/fog-local-network
cd /tmp/fog-local-network || exit 1
# Generate sample keys and ledger.
FOG_AUTHORITY_ROOT=$("$BIN_DIR/mc-crypto-x509-test-vectors" --type=chain --test-name=ok_rsa_head)
"$BIN_DIR/sample-keys" --num 10 --seed=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
"$BIN_DIR/generate-sample-ledger" --txs 100
# Generate sample Fog keys.
"$BIN_DIR/sample-keys" --num 4 --output-dir fog_keys --fog-report-url 'insecure-fog://localhost:6200' --fog-authority-root "$FOG_AUTHORITY_ROOT"
service postgresql start
- name: Run local network
env:
# TEST_DATABASE_URL points at the server, as Fog recovery DB tests
# create and drop PG databases.
TEST_DATABASE_URL: postgres://localhost
run: |
BIN_DIR="$PWD/target/release"
SCRIPT_DIR="$PWD/tools/fog-local-network"
STRATEGIES_DIR="$PWD/mobilecoind/strategies"
export MC_CHAIN_ID="local"
export MC_LOG=info
# This is needed since we want to capture the output of mc-consensus-tool, and we can't have the
# logs getting in the way.
export MC_LOG_STDERR=1
# Used by mc-consensus-tool
export MC_PEER="insecure-mc://localhost:3200/,insecure-mc://localhost:3201/,insecure-mc://localhost:3202/,insecure-mc://localhost:3203/,insecure-mc://localhost:3204/"
cd /tmp/fog-local-network
export LEDGER_BASE="$PWD/ledger"
# Run local network in background.
MC_LOG="info,rustls=warn,hyper=warn,tokio_reactor=warn,mio=warn,want=warn,rusoto_core=error,h2=error,reqwest=error,rocket=error,<unknown>=error" \
python3 "$SCRIPT_DIR/fog_local_network.py" --network-type dense5 --skip-build &
# Give it time to spin up
for PORT in 3200 3201 3202 3203 3204 4444; do
for _unused in $(seq 0 60); do
if ss -l | grep -q ":$PORT"; then break; else sleep 1; fi;
done
done
PRE_AUTH_BLOCK_INDEX=$("$BIN_DIR/mc-consensus-tool" wait-for-quiet)
# Authorize minters
echo "Authorizing minters"
python3 "$SCRIPT_DIR/../local-network/authorize-minters.py"
echo "Waiting for quiet after authorizing minters..."
PRE_MINT_BLOCK_INDEX=$("$BIN_DIR/mc-consensus-tool" wait-for-quiet --beyond-block="$PRE_AUTH_BLOCK_INDEX")
echo "Done waiting, PRE_MINT_BLOCK_INDEX=${PRE_MINT_BLOCK_INDEX}"
# Mint 1 million token1's to the first 4 accounts
echo "Minting"
for ACCOUNT_NUM in $(seq 0 4); do
"$BIN_DIR/mc-consensus-mint-client" \
generate-and-submit-mint-tx \
--node insecure-mc://localhost:3200/ \
--signing-key "$BIN_DIR/mc-local-network/minting-keys/minter1" \
--recipient "$(cat "keys/account_keys_${ACCOUNT_NUM}.b58pub")" \
--token-id 1 \
--amount 1000000
done
echo "Waiting for quiet after minting"
POST_MINT_BLOCK_INDEX=$("$BIN_DIR/mc-consensus-tool" wait-for-quiet --beyond-block "$PRE_MINT_BLOCK_INDEX")
echo "Done waiting, POST_MINT_BLOCK_INDEX = ${POST_MINT_BLOCK_INDEX}"
# Use burn.py to burn some token1
cd "$STRATEGIES_DIR" || exit 1
./compile_proto.sh
python3 burn.py \
--mobilecoind-host localhost \
--mobilecoind-port 4444 \
--key "$LEDGER_BASE/../keys/account_keys_2.json" \
--value 550000 \
--token-id 1 \
--fee 10000 \
--burn-redemption-memo "0xf43f5e8C04519efE0f54d7eBAEab20E86b235114"
- name: Upload core dumps
uses: ./.github/actions/upload-core-dumps
- name: Check dirty git
uses: ./.github/actions/check-dirty-git
publish-test-results:
runs-on: [self-hosted, Linux, small]
if: success() || failure()
needs:
- mc-tests
- consensus-tests
- fog-tests
- fog-ingest-tests
steps:
- name: Download XML reports
if: success() || failure()
uses: actions/download-artifact@v3
with:
name: junit-xml
- name: Publish Test Report
if: success() || failure()
uses: mikepenz/action-junit-report@v4
with:
check_name: Test Report
report_paths: '**/*.xml'
# via https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-only-cancel-in-progress-jobs-or-runs-for-the-current-workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true