feat: add release pipeline (#37)

lablup · Aug 29, 2023 · 5f4ac30 · 5f4ac30
1 parent 37c619b
commit 5f4ac30
Show file tree

Hide file tree

Showing 10 changed files with 138 additions and 15 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,37 @@
+name: default
+
+on: [push, pull_request]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+      - name: Run rustfmt
+        uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+          args: --check
+  deploy-to-pypi:
+    needs: [lint]
+    if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build jail
+        run: |
+          scripts/build-binaries.sh ubuntu18.04
+          scripts/build-binaries.sh ubuntu20.04
+          scripts/build-binaries.sh ubuntu22.04
+          scripts/build-binaries.sh alpine3.17
+          scripts/build-binaries.sh alpine3.18
+      - name: Release to GitHub
+        uses: softprops/action-gh-release@v1
+        with:
+          generate_release_notes: true
+          files: |
+            dist/*.bin
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 /target
-/out
+/out
+/dist
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,3 +23,4 @@ fern = { version = "0.6", features = ["colored"] }
 chrono = "0.4"
 libloading = "0.7"
 which = "4.3.0"
+
diff --git a/dockerfiles/Dockerfile.builder-alpine3.8 b/dockerfiles/Dockerfile.builder-alpine3.8
@@ -4,4 +4,4 @@ RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 ENV PATH="$PATH:/root/.cargo/bin"
 ENV RUSTFLAGS="-C target-feature=-crt-static"
 
-CMD ["cargo", "build", "--release"]
+CMD ["cargo", "build", "--release"]
diff --git a/dockerfiles/Dockerfile.builder-ubuntu22.04 b/dockerfiles/Dockerfile.builder-ubuntu22.04
@@ -3,4 +3,4 @@ RUN apt update && apt install -y gcc g++ libseccomp-dev curl && rm -rf /var/lib/
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 ENV PATH="$PATH:/root/.cargo/bin"
 
-CMD ["cargo", "build", "--release"]
+CMD ["cargo", "build", "--release"]
diff --git a/scripts/build-binaries.sh b/scripts/build-binaries.sh
@@ -0,0 +1,51 @@
+#! /bin/bash
+if [ $(uname) = "Darwin" ]; then
+    readlink="greadlink"
+    dirname="gdirname"
+else
+    readlink="readlink"
+    dirname="dirname"
+fi
+
+PROJECT_ROOT=$($dirname $($dirname "$($readlink -f "$0")"))
+PLATFORM=$1
+
+mkdir -p dist
+
+case "$PLATFORM" in
+"alpine3.17") DOCKER_TAG="3.17"; VARIANT="alpine";;
+"alpine3.18") DOCKER_TAG="3.18"; VARIANT="alpine";;
+"ubuntu18.04") DOCKER_TAG="buster"; VARIANT="debian";;
+"ubuntu20.04") DOCKER_TAG="bullseye"; VARIANT="debian";;
+"ubuntu22.04") DOCKER_TAG="bookworm"; VARIANT="debian";;
+"buster") DOCKER_TAG="buster"; VARIANT="debian";;
+"bullseye") DOCKER_TAG="bullseye"; VARIANT="debian";;
+"bookworm") DOCKER_TAG="bookworm"; VARIANT="debian";;
+*) echo "Unsupported Platform $1"; exit 1;;
+esac
+
+if [ $VARIANT = "alpine" ]; then
+    DOCKERFILE=$(cat <<EOF
+FROM alpine:$DOCKER_TAG
+RUN apk update && apk add build-base libseccomp libseccomp-dev musl-dev curl
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+ENV PATH="$PATH:/root/.cargo/bin"
+ENV RUSTFLAGS="-C target-feature=-crt-static"
+CMD ["/io/scripts/build.sh"]
+EOF
+    )
+elif [ $VARIANT = "debian" ]; then
+    DOCKERFILE=$(cat <<EOF
+FROM rust:$DOCKER_TAG
+RUN apt update && apt install -y libseccomp-dev
+CMD ["/io/scripts/build.sh"]
+EOF
+    )
+fi
+
+echo "$DOCKERFILE" > jail-builder.dockerfile
+
+docker build -t jail-builder -f jail-builder.dockerfile .
+docker run --rm -e FILEUSER="$(id -u):$(id -g)" -e PLATFORM=$PLATFORM -v $PROJECT_ROOT:/io jail-builder
+rm jail-builder.dockerfile
+ls dist/
diff --git a/scripts/build.sh b/scripts/build.sh
@@ -0,0 +1,12 @@
+#! /bin/sh
+
+ARCHITECTURE=$(uname -m)
+if [ $ARCHITECTURE = "arm64" ]; then
+    ARCHITECTURE="aarch64"
+fi
+
+cd /io
+cargo build --release
+cp /io/target/release/backendai-jail /io/dist/backendai-jail.$PLATFORM.$ARCHITECTURE.bin
+chown $FILEUSER /io/dist/backendai-jail.$PLATFORM.$ARCHITECTURE.bin
+rm -r /io/target/release
diff --git a/src/arch/aarch64.rs b/src/arch/aarch64.rs
@@ -4,23 +4,33 @@ use nix::errno::Errno;
 use nix::unistd::Pid;
 
 macro_rules! syscall_name {
-    ($x:expr) => ($x.regs[8]);
+    ($x:expr) => {
+        $x.regs[8]
+    };
 }
 
 macro_rules! syscall_arg1 {
-    ($x:expr) => ($x.regs[0]);
+    ($x:expr) => {
+        $x.regs[0]
+    };
 }
 
 macro_rules! syscall_arg2 {
-    ($x:expr) => ($x.regs[1]);
+    ($x:expr) => {
+        $x.regs[1]
+    };
 }
 
 macro_rules! syscall_arg3 {
-    ($x:expr) => ($x.regs[2]);
+    ($x:expr) => {
+        $x.regs[2]
+    };
 }
 
 macro_rules! syscall_ret {
-    ($x:expr) => ($x.regs[0]);
+    ($x:expr) => {
+        $x.regs[0]
+    };
 }
 
 pub fn getregs(pid: Pid) -> Result<user_regs_struct, Errno> {

diff --git a/src/arch/x86_64.rs b/src/arch/x86_64.rs
@@ -4,23 +4,33 @@ use nix::sys::ptrace;
 use nix::unistd::Pid;
 
 macro_rules! syscall_name {
-    ($x:expr) => ($x.orig_rax);
+    ($x:expr) => {
+        $x.orig_rax
+    };
 }
 
 macro_rules! syscall_arg1 {
-    ($x:expr) => ($x.rdi);
+    ($x:expr) => {
+        $x.rdi
+    };
 }
 
 macro_rules! syscall_arg2 {
-    ($x:expr) => ($x.rsi);
+    ($x:expr) => {
+        $x.rsi
+    };
 }
 
 macro_rules! syscall_arg3 {
-    ($x:expr) => ($x.rdx);
+    ($x:expr) => {
+        $x.rdx
+    };
 }
 
 macro_rules! syscall_ret {
-    ($x:expr) => ($x.rax);
+    ($x:expr) => {
+        $x.rax
+    };
 }
 
 pub fn getregs(pid: Pid) -> Result<user_regs_struct, Errno> {

diff --git a/src/jail.rs b/src/jail.rs
@@ -572,7 +572,8 @@ impl Jail {
                                         1 => {}
                                         0 if allow => allow = false,
                                         err => {
-                                            let errno: Errno = unsafe { std::mem::transmute(err * -1) };
+                                            let errno: Errno =
+                                                unsafe { std::mem::transmute(err * -1) };
                                             warn!("Error while executing hook: {}", errno);
                                         }
                                     }
@@ -620,7 +621,7 @@ impl Jail {
                                             target,
                                             &regs,
                                         ) {
-                                            0 => {},
+                                            0 => {}
                                             err => {
                                                 let errno: Errno =
                                                     unsafe { std::mem::transmute(err * -1) };