gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2025-03-12 17:05:38 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity
6f04f115ab
wasm-micro-runtime/.github/workflows/compilation_on_sgx.yml
Jämes Ménétrey dfd16f8e4f
linux-sgx: Implement SGX IPFS as POSIX backend for file interaction (#1489) 
This PR integrates an Intel SGX feature called Intel Protection File System Library (IPFS)
into the runtime to create, operate and delete files inside the enclave, while guaranteeing
the confidentiality and integrity of the data persisted. IPFS can be referred to here:
https://www.intel.com/content/www/us/en/developer/articles/technical/overview-of-intel-protected-file-system-library-using-software-guard-extensions.html

Introduce a cmake variable `WAMR_BUILD_SGX_IPFS`, when enabled, the files interaction
API of WASI will leverage IPFS, instead of the regular POSIX OCALLs. The implementation
has been written with light changes to sgx platform layer, so all the security aspects
WAMR relies on are conserved.

In addition to this integration, the following changes have been made:
 - The CI workflow has been adapted to test the compilation of the runtime and sample
    with the flag `WAMR_BUILD_SGX_IPFS` set to true
 - Introduction of a new sample that demonstrates the interaction of the files (called `file`),
 - Documentation of this new feature
2022-09-28 13:09:58 +08:00

467 lines
17 KiB
YAML
Raw Blame History

# Copyright (C) 2019 Intel Corporation. All rights reserved.
# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
name: compilation on SGX
on:
# will be triggered on PR events
pull_request:
paths-ignore:
- "assembly-script/**"
- "ci/**"
- "doc/**"
- "test-tools/**"
- ".github/workflows/compilation_on_sgx.yml"
# will be triggered on push events
push:
paths-ignore:
- "assembly-script/**"
- "ci/**"
- "doc/**"
- "test-tools/**"
- ".github/workflows/compilation_on_sgx.yml"
# allow to be triggered manually
workflow_dispatch:
# Cancel any in-flight jobs for the same PR/branch so there's only one active
# at a time
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
AOT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=0 -DWAMR_BUILD_LAZY_JIT=0"
CLASSIC_INTERP_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=0 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=1 -DWAMR_BUILD_JIT=0 -DWAMR_BUILD_LAZY_JIT=0"
FAST_INTERP_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=0 -DWAMR_BUILD_FAST_INTERP=1 -DWAMR_BUILD_INTERP=1 -DWAMR_BUILD_JIT=0 -DWAMR_BUILD_LAZY_JIT=0"
LAZY_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=1"
MC_JIT_BUILD_OPTIONS: "-DWAMR_BUILD_AOT=1 -DWAMR_BUILD_FAST_INTERP=0 -DWAMR_BUILD_INTERP=0 -DWAMR_BUILD_JIT=1 -DWAMR_BUILD_LAZY_JIT=0"
LLVM_CACHE_SUFFIX: "build-llvm_libraries_ex"
jobs:
# Cancel any in-flight jobs for the same PR/branch so there's only one active
# at a time
cancel_previous:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04]
steps:
- name: Cancel Workflow Action
uses: styfle/cancel-workflow-action@0.9.1
with:
access_token: ${{ github.token }}
# set different traffic lights based on the current repo and the running OS.
# according to light colors, the workflow will run different jobs
check_repo:
needs: cancel_previous
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04]
outputs:
traffic_light_on_ubuntu_2004: ${{ steps.do_check_on_ubuntu_2004.outputs.light }}
steps:
- name: do_check_on_ubuntu_2004
id: do_check_on_ubuntu_2004
if: ${{ matrix.os == 'ubuntu-20.04' }}
run: |
if [[ ${{ github.repository }} == */wasm-micro-runtime ]]; then
echo "::set-output name=light::green"
else
echo "::set-output name=light::green"
fi
build_llvm_libraries:
needs: check_repo
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04]
include:
- os: ubuntu-20.04
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
steps:
- name: light status
run: echo "matrix.os=${{ matrix.os }}, light=${{ matrix.light }}"
- name: checkout
if: ${{ matrix.light == 'green' }}
uses: actions/checkout@v3
- name: Cache LLVM libraries
id: cache_llvm
if: ${{ matrix.light == 'green' }}
uses: actions/cache@v3
with:
path: |
./core/deps/llvm/build/bin
./core/deps/llvm/build/include
./core/deps/llvm/build/lib
./core/deps/llvm/build/libexec
./core/deps/llvm/build/share
key: ${{ matrix.os }}-${{ env.LLVM_CACHE_SUFFIX }}
- name: Build llvm and clang from source
id: build_llvm
if: ${{ matrix.light == 'green' && steps.cache_llvm.outputs.cache-hit != 'true' }}
run: /usr/bin/env python3 ./build_llvm.py --arch X86 WebAssembly --project clang lldb
working-directory: build-scripts
build_iwasm:
needs: [check_repo]
runs-on: ${{ matrix.os }}
strategy:
matrix:
make_options_run_mode: [
# Running mode
$AOT_BUILD_OPTIONS,
$CLASSIC_INTERP_BUILD_OPTIONS,
$FAST_INTERP_BUILD_OPTIONS,
# doesn't support
# $LAZY_JIT_BUILD_OPTIONS,
# $MC_JIT_BUILD_OPTIONS,
]
make_options_feature: [
# Features
"-DWAMR_BUILD_CUSTOM_NAME_SECTION=1",
# doesn't support
# "-DWAMR_BUILD_DEBUG_AOT=1",
# "-DWAMR_BUILD_DEBUG_INTERP=1",
"-DWAMR_BUILD_DUMP_CALL_STACK=1",
"-DWAMR_BUILD_LIB_PTHREAD=1",
"-DWAMR_BUILD_LOAD_CUSTOM_SECTION=1",
"-DWAMR_BUILD_MINI_LOADER=1",
"-DWAMR_BUILD_MEMORY_PROFILING=1",
"-DWAMR_BUILD_MULTI_MODULE=1",
"-DWAMR_BUILD_PERF_PROFILING=1",
"-DWAMR_BUILD_REF_TYPES=1",
# doesn't support
# "-DWAMR_BUILD_SIMD=1",
"-DWAMR_BUILD_TAIL_CALL=1",
"-DWAMR_DISABLE_HW_BOUND_CHECK=1",
"-DWAMR_BUILD_SGX_IPFS=1",
]
os: [ubuntu-20.04]
platform: [linux-sgx]
exclude:
# uncompatiable mode and feature
# MULTI_MODULE only on INTERP mode
- make_options_run_mode: $AOT_BUILD_OPTIONS
make_options_feature: "-DWAMR_BUILD_MULTI_MODULE=1"
# MINI_LOADER only on INTERP mode
- make_options_run_mode: $AOT_BUILD_OPTIONS
make_options_feature: "-DWAMR_BUILD_MINI_LOADER=1"
include:
- os: ubuntu-20.04
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
steps:
- name: light status
run: echo "matrix.os=${{ matrix.os }}, light=${{ matrix.light }}"
- name: install SGX SDK and necessary libraries
if: ${{ matrix.light == 'green' }}
run: |
mkdir -p /opt/intel
cd /opt/intel
wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
chmod +x sgx_linux_x64_sdk_2.15.100.3.bin
echo 'yes' | ./sgx_linux_x64_sdk_2.15.100.3.bin
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt update
sudo apt install -y libsgx-launch libsgx-urts
source /opt/intel/sgxsdk/environment
- name: checkout
if: ${{ matrix.light == 'green' }}
uses: actions/checkout@v3
- name: Build iwasm
if: ${{ matrix.light == 'green' }}
run: |
mkdir build && cd build
cmake .. ${{ matrix.make_options_run_mode }} ${{ matrix.make_options_feature }}
cmake --build . --config Release --parallel 4
working-directory: product-mini/platforms/${{ matrix.platform }}
build_wamrc:
needs: [build_llvm_libraries, check_repo]
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04]
include:
- os: ubuntu-20.04
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
steps:
- name: light status
run: echo "matrix.os=${{ matrix.os }}, light=${{ matrix.light }}"
- name: install SGX SDK and necessary libraries
if: ${{ matrix.light == 'green' }}
run: |
mkdir -p /opt/intel
cd /opt/intel
wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
chmod +x sgx_linux_x64_sdk_2.15.100.3.bin
echo 'yes' | ./sgx_linux_x64_sdk_2.15.100.3.bin
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt update
sudo apt install -y libsgx-launch libsgx-urts
source /opt/intel/sgxsdk/environment
- name: checkout
if: ${{ matrix.light == 'green' }}
uses: actions/checkout@v3
- name: Get LLVM libraries
id: cache_llvm
if: ${{ matrix.light == 'green' }}
uses: actions/cache@v3
with:
path: |
./core/deps/llvm/build/bin
./core/deps/llvm/build/include
./core/deps/llvm/build/lib
./core/deps/llvm/build/libexec
./core/deps/llvm/build/share
key: ${{ matrix.os }}-${{ env.LLVM_CACHE_SUFFIX }}
- name: Quit if cache miss
if: ${{ matrix.light == 'green' && steps.cache_llvm.outputs.cache-hit != 'true' }}
run: echo "::error::can not get prebuilt llvm libraries" && exit 1
- name: Build wamrc
if: ${{ matrix.light == 'green' }}
run: |
mkdir build && cd build
cmake ..
cmake --build . --config Release --parallel 4
working-directory: wamr-compiler
build_samples_wasm_c_api:
needs: [build_iwasm, check_repo]
runs-on: ${{ matrix.os }}
strategy:
matrix:
make_options: [
# Running mode
$CLASSIC_INTERP_BUILD_OPTIONS,
$FAST_INTERP_BUILD_OPTIONS,
# doesn't support
#$LAZY_JIT_BUILD_OPTIONS,
#$MC_JIT_BUILD_OPTIONS,
#$AOT_BUILD_OPTIONS,
]
os: [ubuntu-20.04]
include:
- os: ubuntu-20.04
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
wasi_sdk_release: https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-12/wasi-sdk-12.0-linux.tar.gz
wabt_release: https://github.com/WebAssembly/wabt/releases/download/1.0.24/wabt-1.0.24-ubuntu.tar.gz
steps:
- name: light status
run: echo "matrix.os=${{ matrix.os }}, light=${{ matrix.light }}"
- name: checkout
if: ${{ matrix.light == 'green' }}
uses: actions/checkout@v3
- name: download and install wabt
if: ${{ matrix.light == 'green' }}
run: |
cd /opt
sudo wget ${{ matrix.wabt_release }}
sudo tar -xzf wabt-1.0.24-*.tar.gz
sudo mv wabt-1.0.24 wabt
- name: install SGX SDK and necessary libraries
if: ${{ matrix.light == 'green' }}
run: |
mkdir -p /opt/intel
cd /opt/intel
wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
chmod +x sgx_linux_x64_sdk_2.15.100.3.bin
echo 'yes' | ./sgx_linux_x64_sdk_2.15.100.3.bin
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt update
sudo apt install -y libsgx-launch libsgx-urts
source /opt/intel/sgxsdk/environment
- name: Build Sample [wasm-c-api]
if: ${{ matrix.light == 'green' }}
run: |
mkdir build && cd build
cmake .. ${{ matrix.make_options }}
cmake --build . --config Release --parallel 4
./callback
./callback_chain
./empty_imports
./global
./hello
./hostref
./memory
./reflect
./table
./trap
working-directory: samples/wasm-c-api
build_samples_others:
needs: [build_iwasm, check_repo]
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- os: ubuntu-20.04
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
wasi_sdk_release: https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-12/wasi-sdk-12.0-linux.tar.gz
wabt_release: https://github.com/WebAssembly/wabt/releases/download/1.0.24/wabt-1.0.24-ubuntu.tar.gz
steps:
- name: light status
run: echo "matrix.os=${{ matrix.os }}, light=${{ matrix.light }}"
- name: checkout
if: ${{ matrix.light == 'green' }}
uses: actions/checkout@v3
- name: download and install wasi-sdk
if: ${{ matrix.light == 'green' }}
run: |
cd /opt
sudo wget ${{ matrix.wasi_sdk_release }}
sudo tar -xzf wasi-sdk-12.0-*.tar.gz
sudo mv wasi-sdk-12.0 wasi-sdk
- name: download and install wabt
if: ${{ matrix.light == 'green' }}
run: |
cd /opt
sudo wget ${{ matrix.wabt_release }}
sudo tar -xzf wabt-1.0.24-*.tar.gz
sudo mv wabt-1.0.24 wabt
- name: install SGX SDK and necessary libraries
if: ${{ matrix.light == 'green' }}
run: |
mkdir -p /opt/intel
cd /opt/intel
wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
chmod +x sgx_linux_x64_sdk_2.15.100.3.bin
echo 'yes' | ./sgx_linux_x64_sdk_2.15.100.3.bin
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt update
sudo apt install -y libsgx-launch libsgx-urts
source /opt/intel/sgxsdk/environment
- name: Build Sample [basic]
if: ${{ matrix.light == 'green' }}
run: |
cd samples/basic
./build.sh
./run.sh
- name: Build Sample [file]
if: ${{ matrix.light == 'green' }}
run: |
cd samples/file
mkdir build && cd build
cmake ..
cmake --build . --config Release --parallel 4
./src/iwasm -f wasm-app/file.wasm -d .
- name: Build Sample [multi-thread]
if: ${{ matrix.light == 'green' }}
run: |
cd samples/multi-thread
mkdir build && cd build
cmake ..
cmake --build . --config Release --parallel 4
./iwasm wasm-apps/test.wasm
- name: Build Sample [multi-module]
if: ${{ matrix.light == 'green' }}
run: |
cd samples/multi-module
mkdir build && cd build
cmake ..
cmake --build . --config Release --parallel 4
./multi_module
- name: Build Sample [spawn-thread]
if: ${{ matrix.light == 'green' }}
run: |
cd samples/spawn-thread
mkdir build && cd build
cmake ..
cmake --build . --config Release --parallel 4
./spawn_thread
- name: Build Sample [ref-types]
if: ${{ matrix.light == 'green' }}
run: |
cd samples/ref-types
mkdir build && cd build
cmake ..
cmake --build . --config Release --parallel 4
./hello
spec_test_default:
needs: [build_iwasm, build_llvm_libraries, build_wamrc, check_repo]
runs-on: ubuntu-20.04
strategy:
matrix:
running_mode: ["classic-interp", "fast-interp", "aot"]
test_option: ["-x -p -s spec -P", "-x -p -s spec -S -P"]
include:
- os: ubuntu-20.04
light: ${{ needs.check_repo.outputs.traffic_light_on_ubuntu_2004 }}
steps:
- name: checkout
if: ${{ matrix.light == 'green' }}
uses: actions/checkout@v3
- name: Get LLVM libraries
if: ${{ matrix.light == 'green' }}
id: cache_llvm
uses: actions/cache@v3
with:
path: |
./core/deps/llvm/build/bin
./core/deps/llvm/build/include
./core/deps/llvm/build/lib
./core/deps/llvm/build/libexec
./core/deps/llvm/build/share
key: ubuntu-20.04-${{ env.LLVM_CACHE_SUFFIX }}
- name: Quit if cache miss
if: ${{ matrix.light == 'green' && steps.cache_llvm.outputs.cache-hit != 'true' }}
run: echo "::error::can not get prebuilt llvm libraries" && exit 1
- name: install Ninja
if: ${{ matrix.light == 'green' }}
run: sudo apt install -y ninja-build
- name: install SGX SDK and necessary libraries
if: ${{ matrix.light == 'green' }}
run: |
mkdir -p /opt/intel
cd /opt/intel
wget https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
chmod +x sgx_linux_x64_sdk_2.15.100.3.bin
echo 'yes' | ./sgx_linux_x64_sdk_2.15.100.3.bin
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt update
sudo apt install -y libsgx-launch libsgx-urts
- name: run spec tests
if: ${{ matrix.light == 'green' }}
run: |
source /opt/intel/sgxsdk/environment
./test_wamr.sh ${{ matrix.test_option }} -t ${{ matrix.running_mode }}
working-directory: ./tests/wamr-test-suites
Reference in New Issue View Git Blame Copy Permalink