diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e8c484ed..097b258d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,6 +10,9 @@ on: # Allows you to run this workflow manually from the Actions tab #workflow_dispatch: +env: + OPENSUT_BASE_IMAGE_ID: ghcr.io/galoisinc/verse-opensut/opensut-base:latest + # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: mps-build: @@ -425,56 +428,128 @@ jobs: run: RUST_LOG=trace MPS_DEBUG=1 python3 src/vm_runner/tests/mps/run_tests.py ardupilot: - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Checkout submodules - run: | - git config --global url."https://galoisactions:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "git@github.com:" - git submodule update --init components/autopilot/ardupilot - - name: Hash inputs - id: hash - run: | - cache_key="$(bash src/pkvm_setup/package.sh cache_key ardupilot)" - echo "Cache key: $cache_key" - echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT - echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV - - name: Cache results - id: cache - uses: actions/cache@v3 - with: - key: ${{ env.CACHE_KEY }} - path: packages/${{ env.CACHE_KEY }}.tar.gz - - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - name: Install dependencies - run: | - sudo apt-get update - BUILD_ONLY=1 bash components/autopilot/ardupilot_install_deps.sh - - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - name: Fetch additional submodules for build - run: | - bash components/autopilot/ardupilot_init_submodules.sh - - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - name: Build ArduPilot - run: | - bash src/pkvm_setup/package.sh full_build ardupilot - outputs: - CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} + runs-on: ubuntu-22.04 + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Checkout submodules + run: | + git config --global url."https://galoisactions:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "git@github.com:" + git submodule update --init components/autopilot/ardupilot + - name: Hash inputs + id: hash + run: | + cache_key="$(bash src/pkvm_setup/package.sh cache_key ardupilot)" + echo "Cache key: $cache_key" + echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT + echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV + - name: Cache results + id: cache + uses: actions/cache@v3 + with: + key: ${{ env.CACHE_KEY }} + path: packages/${{ env.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Install dependencies + run: | + sudo apt-get update + BUILD_ONLY=1 bash components/autopilot/ardupilot_install_deps.sh + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Fetch additional submodules for build + run: | + bash components/autopilot/ardupilot_init_submodules.sh + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: Build ArduPilot + run: | + bash src/pkvm_setup/package.sh full_build ardupilot + outputs: + CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }} jsbsim_proxy: - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - # jsbsim_proxy is trivial to build, so we don't bother packaging or - # caching it. - - name: Install dependencies - run: | - sudo apt-get update - sudo apt install build-essential - - name: Build jsbsim_proxy - run: | - cd src/jsbsim_proxy - make - [ -f jsbsim_proxy ] + runs-on: ubuntu-22.04 + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # jsbsim_proxy is trivial to build, so we don't bother packaging or + # caching it. + - name: Install dependencies + run: | + sudo apt-get update + sudo apt install build-essential + - name: Build jsbsim_proxy + run: | + cd src/jsbsim_proxy + make + [ -f jsbsim_proxy ] + + opensut-base: + runs-on: ubuntu-latest + needs: + - mps-build + - vm_images + - vm_runner + - vhost_device + - ardupilot + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Cache results + id: cache + uses: actions/cache@v3 + with: + key: ${{ env.CACHE_KEY }} + path: packages/${{ env.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: "Cache restore: vm_runner" + uses: actions/cache/restore@v3 + with: + key: ${{ needs.vm_runner.outputs.CACHE_KEY }} + path: packages/${{ needs.vm_runner.outputs.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: "Cache restore: vhost_device" + uses: actions/cache/restore@v3 + with: + key: ${{ needs.vhost_device.outputs.CACHE_KEY }} + path: packages/${{ needs.vhost_device.outputs.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: "Cache restore: pkvm" + uses: actions/cache/restore@v3 + with: + key: ${{ needs.pkvm.outputs.CACHE_KEY }} + path: packages/${{ needs.pkvm.outputs.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: "Cache restore: qemu" + uses: actions/cache/restore@v3 + with: + key: ${{ needs.qemu.outputs.CACHE_KEY }} + path: packages/${{ needs.qemu.outputs.CACHE_KEY }}.tar.gz + - if: ${{ steps.cache.outputs.cache-hit != 'true' }} + name: "Cache restore: vm_image_base" + uses: actions/cache/restore@v3 + with: + key: ${{ needs.vm_image_base.outputs.CACHE_KEY }} + path: packages/${{ needs.vm_image_base.outputs.CACHE_KEY }}.tar.gz + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.VERSE_OPENSUT_ACCESS_TOKEN }} + - name: Build the Docker image + run: | + echo "Building ${{env.OPENSUT_BASE_IMAGE_ID}}" + docker build . --file Dockerfile --tag ${{env.OPENSUT_BASE_IMAGE_ID}} + - name: Push the Docker image + run: docker push ${{env.OPENSUT_BASE_IMAGE_ID}} + # - name: Set up QEMU + # uses: docker/setup-qemu-action@v3 + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 + # - name: Build and push + # uses: docker/build-push-action@v6 + # with: + # platforms: linux/amd64 + # tags: ${{env.OPENSUT_BASE_IMAGE_ID}} + # file: Dockerfile + # github-token: ${{ secrets.VERSE_OPENSUT_ACCESS_TOKEN }} + # push: true diff --git a/.gitmodules b/.gitmodules index 457ad462..3d9f0d7a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -10,13 +10,13 @@ shallow = true [submodule "components/autopilot/ardupilot"] path = components/autopilot/ardupilot - url = git@github.com:GaloisInc/verse-ardupilot.git + url = https://github.com/GaloisInc/verse-ardupilot.git [submodule "components/message_bus/czmq"] path = components/message_bus/czmq url = https://github.com/zeromq/czmq.git [submodule "src/pkvm_setup/vhost-device"] path = src/pkvm_setup/vhost-device - url = git@github.com:GaloisInc/verse-vhost-device.git + url = https://github.com/GaloisInc/verse-vhost-device.git [submodule "src/pkvm_setup/libgpiod"] path = src/pkvm_setup/libgpiod url = https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git @@ -25,7 +25,7 @@ url = https://github.com/rems-project/cerberus.git [submodule "src/pkvm_setup/qemu"] path = src/pkvm_setup/qemu - url = git@github.com:GaloisInc/verse-debian-qemu.git + url = https://github.com/GaloisInc/verse-debian-qemu.git [submodule "components/autopilot/jsbsim"] path = components/autopilot/jsbsim url = https://github.com/JSBSim-Team/jsbsim diff --git a/Dockerfile b/Dockerfile index aa70da31..f8d90645 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,8 @@ +# syntax=docker/dockerfile:1.7-labs + # Top Level VERSE OpenSUT Dockerfile -FROM --platform=linux/amd64 ubuntu:22.04 +# NOTE: migrating to a newer OS to support MPS test job +FROM --platform=linux/amd64 ubuntu:24.04 # Labels added as described in # https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#labelling-container-images @@ -7,21 +10,31 @@ LABEL org.opencontainers.image.source=https://github.com/GaloisInc/VERSE-OpenSUT LABEL org.opencontainers.image.description="VERSE-OpenSUT Base Platform Image" LABEL org.opencontainers.image.licenses=BSD3 +# Upgrade to the latest version of all packages RUN apt-get clean \ && apt-get update \ - && apt-get upgrade -y + && apt-get upgrade -y \ + && apt-get install -y curl git -# Install dependencies +# Install system packages for all stages +# This step is *before* we add the OpenSUT repo +# to maximize caching +# +# MPS RUN apt-get update \ - && echo "Install general dependencies" \ - && apt-get install -y curl git pkg-config m4 \ - && echo "Install jsbsim proxy and libgpiod / vhost-device dependencies" \ - && apt-get install -y build-essential autoconf automake autoconf-archive libtool \ - && echo "Install trusted boot dependencies" \ - && apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu \ - && echo "Install missing protection system (MPS) dependencies" \ - && apt-get install -y verilator python3-pip clang + && apt-get install -y verilator \ + && apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu \ + && apt-get install -y python3-pip + +# Trusted boot +# (identical to the previous stage) +#RUN apt-get update \ +# && apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu +# VM Runner +# (identical to the previous stage) +#RUN apt-get update \ +# && apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu # Install rustup & pin to 1.74 WORKDIR /tmp RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs -o rustup.rs \ @@ -31,6 +44,76 @@ ENV PATH="/root/.cargo/bin:$PATH" RUN rustup toolchain install 1.74 RUN rustup default 1.74-x86_64-unknown-linux-gnu RUN rustup target add aarch64-unknown-linux-gnu +ENV RUSTUP_TOOLCHAIN=1.74 + +## DEPENDENCY INSTALL ## +# libgpiod +RUN apt-get update \ + && apt-get install -y \ + build-essential autoconf automake autoconf-archive \ + gcc-aarch64-linux-gnu + +# vhost_device +# (identical to the previous stage) +# RUN apt-get update \ +# && apt-get install -y \ +# build-essential autoconf automake autoconf-archive \ + +# pkvm +# (will be downloaded from artifactory) + +# qemu +# (will be downloaded from artifactory) + +# vm_image_base +# (will be downloaded from artifactory) + +# vm_images +RUN apt-get update \ + && apt-get install -y qemu-system-arm qemu-utils + +# mps-test-vm +RUN apt-get update \ + && apt-get install -y qemu-system-arm + +# ardupilot +# The deps are handled by the install scripts below + +# jsbsim_proxy +# (identical to the previous stage) +# RUN apt-get update \ +# && apt-get install -y build-essential +## DEPENDENCY INSTALL ## + +COPY . /opt/OpenSUT +WORKDIR /opt/OpenSUT + +## BUILD ## + +# ardupilot + + +# jsbsim_proxy +RUN cd src/jsbsim_proxy \ + && make \ + && [ -f jsbsim_proxy ] +## BUILD ## + +# # ardupilot +# RUN git submodule update --init components/autopilot/ardupilot + +# # Install dependencies +# RUN apt-get update \ +# && echo "Install general dependencies" \ +# && apt-get install -y curl git pkg-config m4 \ +# && echo "Install jsbsim proxy and libgpiod / vhost-device dependencies" \ +# && apt-get install -y build-essential autoconf automake autoconf-archive libtool \ +# && echo "Install trusted boot dependencies" \ +# && apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu \ +# && echo "Install missing protection system (MPS) dependencies" \ +# && apt-get install -y verilator python3-pip clang + + # # Prepare deb-src # RUN touch /etc/apt/sources.list \