Add a OpenSUT startup script

.github/workflows/main.yml

@@ -10,6 +10,9 @@ on:
   # Allows you to run this workflow manually from the Actions tab
   #workflow_dispatch:
 
+env:
+  OPENSUT_BASE_IMAGE_ID: ghcr.io/galoisinc/verse-opensut/opensut-base:latest
+
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   mps-build:
@@ -425,56 +428,128 @@ jobs:
       run: RUST_LOG=trace MPS_DEBUG=1 python3 src/vm_runner/tests/mps/run_tests.py
 
   ardupilot:
-      runs-on: ubuntu-22.04
-      steps:
-        - name: Checkout repository
-          uses: actions/checkout@v4
-        - name: Checkout submodules
-          run: |
-              git config --global url."https://galoisactions:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "[email protected]:"
-              git submodule update --init components/autopilot/ardupilot
-        - name: Hash inputs
-          id: hash
-          run: |
-              cache_key="$(bash src/pkvm_setup/package.sh cache_key ardupilot)"
-              echo "Cache key: $cache_key"
-              echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT
-              echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV
-        - name: Cache results
-          id: cache
-          uses: actions/cache@v3
-          with:
-              key: ${{ env.CACHE_KEY }}
-              path: packages/${{ env.CACHE_KEY }}.tar.gz
-        - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-          name: Install dependencies
-          run: |
-            sudo apt-get update
-            BUILD_ONLY=1 bash components/autopilot/ardupilot_install_deps.sh
-        - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-          name: Fetch additional submodules for build
-          run: |
-            bash components/autopilot/ardupilot_init_submodules.sh
-        - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-          name: Build ArduPilot
-          run: |
-              bash src/pkvm_setup/package.sh full_build ardupilot
-      outputs:
-          CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }}
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Checkout submodules
+        run: |
+            git config --global url."https://galoisactions:${{ secrets.VERSE_VHOST_DEVICE_ACCESS_TOKEN }}@github.com/".insteadOf "[email protected]:"
+            git submodule update --init components/autopilot/ardupilot
+      - name: Hash inputs
+        id: hash
+        run: |
+            cache_key="$(bash src/pkvm_setup/package.sh cache_key ardupilot)"
+            echo "Cache key: $cache_key"
+            echo "CACHE_KEY=$cache_key" >>$GITHUB_OUTPUT
+            echo "CACHE_KEY=$cache_key" >>$GITHUB_ENV
+      - name: Cache results
+        id: cache
+        uses: actions/cache@v3
+        with:
+            key: ${{ env.CACHE_KEY }}
+            path: packages/${{ env.CACHE_KEY }}.tar.gz
+      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+        name: Install dependencies
+        run: |
+          sudo apt-get update
+          BUILD_ONLY=1 bash components/autopilot/ardupilot_install_deps.sh
+      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+        name: Fetch additional submodules for build
+        run: |
+          bash components/autopilot/ardupilot_init_submodules.sh
+      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+        name: Build ArduPilot
+        run: |
+            bash src/pkvm_setup/package.sh full_build ardupilot
+    outputs:
+        CACHE_KEY: ${{ steps.hash.outputs.CACHE_KEY }}
 
   jsbsim_proxy:
-      runs-on: ubuntu-22.04
-      steps:
-        - name: Checkout repository
-          uses: actions/checkout@v4
-        # jsbsim_proxy is trivial to build, so we don't bother packaging or
-        # caching it.
-        - name: Install dependencies
-          run: |
-            sudo apt-get update
-            sudo apt install build-essential
-        - name: Build jsbsim_proxy
-          run: |
-              cd src/jsbsim_proxy
-              make
-              [ -f jsbsim_proxy ]
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # jsbsim_proxy is trivial to build, so we don't bother packaging or
+      # caching it.
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt install build-essential
+      - name: Build jsbsim_proxy
+        run: |
+            cd src/jsbsim_proxy
+            make
+            [ -f jsbsim_proxy ]
+
+  opensut-base:
+    runs-on: ubuntu-latest
+    needs:
+    - mps-build
+    - vm_images
+    - vm_runner
+    - vhost_device
+    - ardupilot
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Cache results
+      id: cache
+      uses: actions/cache@v3
+      with:
+        key: ${{ env.CACHE_KEY }}
+        path: packages/${{ env.CACHE_KEY }}.tar.gz
+    - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+      name: "Cache restore: vm_runner"
+      uses: actions/cache/restore@v3
+      with:
+        key: ${{ needs.vm_runner.outputs.CACHE_KEY }}
+        path: packages/${{ needs.vm_runner.outputs.CACHE_KEY }}.tar.gz
+    - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+      name: "Cache restore: vhost_device"
+      uses: actions/cache/restore@v3
+      with:
+        key: ${{ needs.vhost_device.outputs.CACHE_KEY }}
+        path: packages/${{ needs.vhost_device.outputs.CACHE_KEY }}.tar.gz
+    - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+      name: "Cache restore: pkvm"
+      uses: actions/cache/restore@v3
+      with:
+        key: ${{ needs.pkvm.outputs.CACHE_KEY }}
+        path: packages/${{ needs.pkvm.outputs.CACHE_KEY }}.tar.gz
+    - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+      name: "Cache restore: qemu"
+      uses: actions/cache/restore@v3
+      with:
+        key: ${{ needs.qemu.outputs.CACHE_KEY }}
+        path: packages/${{ needs.qemu.outputs.CACHE_KEY }}.tar.gz
+    - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+      name: "Cache restore: vm_image_base"
+      uses: actions/cache/restore@v3
+      with:
+        key: ${{ needs.vm_image_base.outputs.CACHE_KEY }}
+        path: packages/${{ needs.vm_image_base.outputs.CACHE_KEY }}.tar.gz
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.VERSE_OPENSUT_ACCESS_TOKEN }}
+    - name: Build the Docker image
+      run: |
+        echo "Building ${{env.OPENSUT_BASE_IMAGE_ID}}"
+        docker build . --file Dockerfile --tag ${{env.OPENSUT_BASE_IMAGE_ID}}
+    - name: Push the Docker image
+      run: docker push ${{env.OPENSUT_BASE_IMAGE_ID}}
+    # - name: Set up QEMU
+    #   uses: docker/setup-qemu-action@v3
+    # - name: Set up Docker Buildx
+    #   uses: docker/setup-buildx-action@v3
+    # - name: Build and push
+    #   uses: docker/build-push-action@v6
+    #   with:
+    #     platforms: linux/amd64
+    #     tags: ${{env.OPENSUT_BASE_IMAGE_ID}}
+    #     file: Dockerfile
+    #     github-token: ${{ secrets.VERSE_OPENSUT_ACCESS_TOKEN }}
+    #     push: true

.gitmodules

@@ -10,13 +10,13 @@
 	shallow = true
 [submodule "components/autopilot/ardupilot"]
 	path = components/autopilot/ardupilot
-	url = git@github.com:GaloisInc/verse-ardupilot.git
+	url = https://github.com/GaloisInc/verse-ardupilot.git
 [submodule "components/message_bus/czmq"]
 	path = components/message_bus/czmq
 	url = https://github.com/zeromq/czmq.git
 [submodule "src/pkvm_setup/vhost-device"]
 	path = src/pkvm_setup/vhost-device
-	url = git@github.com:GaloisInc/verse-vhost-device.git
+	url = https://github.com/GaloisInc/verse-vhost-device.git
 [submodule "src/pkvm_setup/libgpiod"]
 	path = src/pkvm_setup/libgpiod
 	url = https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git
@@ -25,7 +25,7 @@
 	url = https://github.com/rems-project/cerberus.git
 [submodule "src/pkvm_setup/qemu"]
 	path = src/pkvm_setup/qemu
-	url = git@github.com:GaloisInc/verse-debian-qemu.git
+	url = https://github.com/GaloisInc/verse-debian-qemu.git
 [submodule "components/autopilot/jsbsim"]
 	path = components/autopilot/jsbsim
 	url = https://github.com/JSBSim-Team/jsbsim

Dockerfile

@@ -1,27 +1,40 @@
+# syntax=docker/dockerfile:1.7-labs
+
 # Top Level VERSE OpenSUT Dockerfile
-FROM --platform=linux/amd64 ubuntu:22.04
+# NOTE: migrating to a newer OS to support MPS test job
+FROM --platform=linux/amd64 ubuntu:24.04
 
 # Labels added as described in
 # https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#labelling-container-images
 LABEL org.opencontainers.image.source=https://github.com/GaloisInc/VERSE-OpenSUT
 LABEL org.opencontainers.image.description="VERSE-OpenSUT Base Platform Image"
 LABEL org.opencontainers.image.licenses=BSD3
 
+# Upgrade to the latest version of all packages
 RUN apt-get clean \
   && apt-get update \
-  && apt-get upgrade -y
+  && apt-get upgrade -y \
+  && apt-get install -y curl git
 
-# Install dependencies
+# Install system packages for all stages
+# This step is *before* we add the OpenSUT repo
+# to maximize caching
+#
+# MPS
 RUN apt-get update \
-  && echo "Install general dependencies" \
-  && apt-get install -y curl git pkg-config m4 \
-  && echo "Install jsbsim proxy and libgpiod / vhost-device dependencies" \
-  && apt-get install -y build-essential autoconf automake autoconf-archive libtool \
-  && echo "Install trusted boot dependencies" \
-  && apt-get install -y  gcc-aarch64-linux-gnu g++-aarch64-linux-gnu \
-  && echo "Install missing protection system (MPS) dependencies" \
-  && apt-get install -y verilator python3-pip clang
+  && apt-get install -y verilator \
+  && apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu \
+  && apt-get install -y python3-pip
+
+# Trusted boot
+# (identical to the previous stage)
+#RUN apt-get update \
+#  && apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
 
+# VM Runner
+# (identical to the previous stage)
+#RUN apt-get update \
+#  && apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
 # Install rustup & pin to 1.74
 WORKDIR /tmp
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs -o rustup.rs \
@@ -31,6 +44,76 @@ ENV PATH="/root/.cargo/bin:$PATH"
 RUN rustup toolchain install 1.74
 RUN rustup default 1.74-x86_64-unknown-linux-gnu
 RUN rustup target add aarch64-unknown-linux-gnu
+ENV RUSTUP_TOOLCHAIN=1.74
+
+## DEPENDENCY INSTALL ##
+# libgpiod
+RUN apt-get update \
+  && apt-get install -y \
+  build-essential autoconf automake autoconf-archive \
+  gcc-aarch64-linux-gnu
+
+# vhost_device
+# (identical to the previous stage)
+# RUN apt-get update \
+#   && apt-get install -y \
+#   build-essential autoconf automake autoconf-archive \
+
+# pkvm
+# (will be downloaded from artifactory)
+
+# qemu
+# (will be downloaded from artifactory)
+
+# vm_image_base
+# (will be downloaded from artifactory)
+
+# vm_images
+RUN apt-get update \
+  && apt-get install -y qemu-system-arm qemu-utils
+
+# mps-test-vm
+RUN apt-get update \
+  && apt-get install -y qemu-system-arm
+
+# ardupilot
+# The deps are handled by the install scripts below
+
+# jsbsim_proxy
+# (identical to the previous stage)
+# RUN apt-get update \
+#   && apt-get install -y build-essential
+## DEPENDENCY INSTALL ##
+
+COPY . /opt/OpenSUT
+WORKDIR /opt/OpenSUT
+
+## BUILD ##
+
+# ardupilot
+
+
+# jsbsim_proxy
+RUN cd src/jsbsim_proxy \
+  && make \
+  && [ -f jsbsim_proxy ]
+## BUILD ##
+
+# # ardupilot
+# RUN git submodule update --init components/autopilot/ardupilot
+
+# # Install dependencies
+# RUN apt-get update \
+#   && echo "Install general dependencies" \
+#   && apt-get install -y curl git pkg-config m4 \
+#   && echo "Install jsbsim proxy and libgpiod / vhost-device dependencies" \
+#   && apt-get install -y build-essential autoconf automake autoconf-archive libtool \
+#   && echo "Install trusted boot dependencies" \
+#   && apt-get install -y  gcc-aarch64-linux-gnu g++-aarch64-linux-gnu \
+#   && echo "Install missing protection system (MPS) dependencies" \
+#   && apt-get install -y verilator python3-pip clang
+
+
 
 # # Prepare deb-src
 # RUN touch /etc/apt/sources.list \