diff --git a/.dockerignore b/.dockerignore index 3b03512c8..518eba158 100644 --- a/.dockerignore +++ b/.dockerignore @@ -10,8 +10,10 @@ docs third_party/vendor *.bin -cosmwasm-js - +.gitpod.yml +.golangci.yml +azure-pipelines.yml +sn-logo.png README.md .gitignore @@ -19,4 +21,4 @@ README.md .github .git .idea -**/.idea +**/.idea \ No newline at end of file diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4a26b1c20..ff0a27d58 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -53,71 +53,20 @@ jobs: RUSTC_WRAPPER="$HOME/sccache" make enclave-tests make clean-enclave - Build: + Build-Contracts: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v2 - - uses: actions/setup-go@v3 - with: - go-version: 1.19 # The Go version to download (if necessary) and use. - - name: Install Intel's SGX SDK - run: | - mkdir -p "$HOME/.sgxsdk" - cd "$HOME/.sgxsdk" - SDK_BIN=sgx_linux_x64_sdk_2.9.101.2.bin - wget https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/"$SDK_BIN" - chmod +x "$SDK_BIN" - echo yes | ./"$SDK_BIN" - - name: Cache cargo registry - uses: actions/cache@v3 - with: - path: ~/.cargo/registry - key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} - - name: Cache xargo sysroot - uses: actions/cache@v3 - with: - path: ~/.xargo - key: ${{ runner.os }}-xargo-sysroot - - name: Cache build artifacts - uses: actions/cache@v3 - with: - path: ~/.cache/sccache - key: ${{ runner.os }}-sccache - - run: | - rustup component add rust-src clippy - cd cosmwasm/enclaves/execute/ - rustup component add rust-src clippy - - name: Install xargo - run: | - cargo --version - rustc --version - cargo +stable install xargo --version 0.3.25 - xargo --version - name: Download sccache run: | wget https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz tar xf ./sccache-*.tar.gz mv ./sccache*/sccache "$HOME/sccache" - - name: Create fake api keys - run: | - mkdir -p ias_keys/sw_dummy - mkdir -p ias_keys/develop - echo "not_a_key" > ias_keys/sw_dummy/spid.txt - echo "not_a_key" > ias_keys/develop/spid.txt - echo "not_a_key" > ias_keys/sw_dummy/api_key.txt - echo "not_a_key" > ias_keys/develop/api_key.txt - name: Install Requirements run: | rustup target add wasm32-unknown-unknown - go install github.com/jteeuwen/go-bindata/go-bindata@latest - go-bindata -version # check installation chmod +x ./scripts/install-wasm-tools.sh ./scripts/install-wasm-tools.sh - - name: Build Executable - run: | - source "$HOME/.sgxsdk/sgxsdk/environment" - make vendor - SGX_MODE=SW BUILD_PROFILE="minimal" RUSTC_WRAPPER="$HOME/sccache" make build-linux - name: Build Contracts run: | make build-test-contract @@ -126,10 +75,6 @@ jobs: with: name: erc20.wasm path: erc20.wasm - - uses: actions/upload-artifact@v3 - with: - name: secretd - path: secretd - uses: actions/upload-artifact@v3 with: name: contract.wasm @@ -142,14 +87,6 @@ jobs: with: name: ibc.wasm path: cosmwasm/contracts/v1/compute-tests/ibc-test-contract/ibc.wasm - - uses: actions/upload-artifact@v3 - with: - name: enclave - path: ./go-cosmwasm/librust_cosmwasm_enclave.signed.so - - uses: actions/upload-artifact@v3 - with: - name: libgo_cosmwasm - path: ./go-cosmwasm/api/libgo_cosmwasm.so - uses: actions/upload-artifact@v3 with: name: contract_with_floats.wasm @@ -165,7 +102,7 @@ jobs: Go-Tests: runs-on: ubuntu-20.04 - needs: Build + needs: [Build-Contracts, Build-LocalSecret] steps: - uses: actions/checkout@v2 - uses: actions/setup-go@v3 @@ -179,12 +116,18 @@ jobs: wget https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/"$SDK_BIN" chmod +x "$SDK_BIN" echo yes | ./"$SDK_BIN" - - uses: actions/download-artifact@v3 + - name: Download LocalSecret + uses: actions/download-artifact@v3 with: - name: libgo_cosmwasm - - uses: actions/download-artifact@v3 - with: - name: enclave + name: localsecret + path: /tmp + - name: Load images + run: | + docker load --input /tmp/localsecret.tar + docker run -v $PWD:/opt/mount --rm --entrypoint cp ghcr.io/scrtlabs/localsecret:v0.0.0 /usr/bin/secretd /opt/mount/secretd + docker run -v $PWD:/opt/mount --rm --entrypoint cp ghcr.io/scrtlabs/localsecret:v0.0.0 /usr/lib/libgo_cosmwasm.so /opt/mount/libgo_cosmwasm.so + docker run -v $PWD:/opt/mount --rm --entrypoint cp ghcr.io/scrtlabs/localsecret:v0.0.0 /usr/lib/librust_cosmwasm_enclave.signed.so /opt/mount/librust_cosmwasm_enclave.signed.so + - uses: actions/download-artifact@v3 with: name: contract.wasm @@ -296,17 +239,103 @@ jobs: - name: Build MacOS CLI run: make build_macos_arm64_cli + Build-LocalSecret: + runs-on: ubuntu-20.04 + services: + registry: + image: registry:2 + ports: + - 5000:5000 + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + with: + driver-opts: network=host + - uses: actions/checkout@v2 + - name: Build LocalSecret Base + uses: docker/build-push-action@v3 + with: + file: deployment/dockerfiles/base.Dockerfile + context: . + build-args: | + FEATURES=debug-print + SGX_MODE=SW + push: true + secrets: | + API_KEY=00000000000000000000000000000000 + SPID=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + tags: localhost:5000/scrt-enclave-secretd:latest + cache-from: type=gha + cache-to: type=gha,mode=max + - name: Build LocalSecret Release + uses: docker/build-push-action@v3 + with: + file: deployment/dockerfiles/release.Dockerfile + context: . + push: true + tags: localhost:5000/release:latest + build-args: | + SECRET_NODE_TYPE=bootstrap + CHAIN_ID=secretdev-1 + SCRT_BIN_IMAGE=localhost:5000/scrt-enclave-secretd:latest + - name: Build LocalSecret Final Dev Image + uses: docker/build-push-action@v3 + with: + file: deployment/dockerfiles/dev-image.Dockerfile + context: . + load: true + tags: ghcr.io/scrtlabs/localsecret:v0.0.0 + build-args: | + SCRT_BASE_IMAGE=localhost:5000/release:latest + outputs: type=docker,dest=/tmp/localsecret.tar + - name: Upload Image + uses: actions/upload-artifact@v3 + with: + name: localsecret + path: /tmp/localsecret.tar + + Build-Hermes: + runs-on: ubuntu-20.04 + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - uses: actions/checkout@v2 + - name: Build Hermes Image + uses: docker/build-push-action@v3 + with: + file: deployment/dockerfiles/ibc/hermes.Dockerfile + context: deployment/dockerfiles/ibc + load: true + tags: hermes:v0.0.0 + build-args: | + SECRET_NODE_TYPE=bootstrap + CHAIN_ID=secretdev-1 + outputs: type=docker,dest=/tmp/hermes.tar + - name: Upload Image + uses: actions/upload-artifact@v3 + with: + name: hermes + path: /tmp/hermes.tar + Integration-Tests: runs-on: ubuntu-20.04 + needs: [Build-LocalSecret, Build-Hermes] steps: - uses: actions/checkout@v2 - - name: Build LocalSecret - run: | - echo not_a_key | tee {api_key,spid}.txt - DOCKER_TAG=v0.0.0 make build-localsecret - - name: Build Hermes + - name: Download Hermes + uses: actions/download-artifact@v3 + with: + name: hermes + path: /tmp + - name: Download LocalSecret + uses: actions/download-artifact@v3 + with: + name: localsecret + path: /tmp + - name: Load images run: | - DOCKER_TAG=v0.0.0 make build-ibc-hermes + docker load --input /tmp/localsecret.tar + docker load --input /tmp/hermes.tar - name: Run integration tests run: | cd integration-tests diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 074adec44..4f6263903 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -17,8 +17,8 @@ jobs: db_backend: [rocksdb, goleveldb] runs-on: ubuntu-20.04 env: # Or as an environment variable - SPID_TESTNET: ${{ secrets.SPID_TESTNET }} - API_KEY_TESTNET: ${{ secrets.API_KEY_TESTNET }} + SPID: ${{ secrets.SPID_TESTNET }} + API_KEY: ${{ secrets.API_KEY_TESTNET }} steps: - uses: actions/checkout@v3 - name: Declare Commit Variables @@ -27,46 +27,11 @@ jobs: run: | echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - - uses: actions/setup-go@v3 - with: - go-version: 1.19 # The Go version to download (if necessary) and use. - - name: Install Intel's SGX SDK - run: | - mkdir -p "$HOME/.sgxsdk" - cd "$HOME/.sgxsdk" - SDK_BIN=sgx_linux_x64_sdk_2.9.101.2.bin - wget https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/"$SDK_BIN" - chmod +x "$SDK_BIN" - echo yes | ./"$SDK_BIN" - - name: Cache cargo registry - uses: actions/cache@v3 - with: - path: ~/.cargo/registry - key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} - - name: Cache xargo sysroot - uses: actions/cache@v3 - with: - path: ~/.xargo - key: ${{ runner.os }}-xargo-sysroot - name: Cache build artifacts uses: actions/cache@v3 with: path: ~/.cache/sccache key: ${{ runner.os }}-sccache - - run: rustup component add rust-src clippy - - name: Install xargo - run: | - cargo +stable install xargo --version 0.3.25 - xargo --version - - name: Download sccache - run: | - wget https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz - tar xf ./sccache-*.tar.gz - mv ./sccache*/sccache "$HOME/sccache" - - name: Create api keys - run: | - echo $SPID_TESTNET > spid.txt - echo $API_KEY_TESTNET > api_key.txt - name: Get the version id: get_version run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/} @@ -87,8 +52,8 @@ jobs: matrix: db_backend: [goleveldb, rocksdb] env: # Or as an environment variable - SPID_MAINNET: ${{ secrets.SPID_MAINNET }} - API_KEY_MAINNET: ${{ secrets.API_KEY_MAINNET }} + SPID: ${{ secrets.SPID_MAINNET }} + API_KEY: ${{ secrets.API_KEY_MAINNET }} REGISTRY: ghcr.io IMAGE_NAME: scrtlabs/secret-network-node steps: @@ -99,10 +64,6 @@ jobs: - uses: actions/setup-go@v3 with: go-version: 1.19 # The Go version to download (if necessary) and use. - - name: Create api keys - run: | - echo $SPID_MAINNET > spid.txt - echo $API_KEY_MAINNET > api_key.txt - name: Build run: | VERSION=${{ steps.get_version.outputs.VERSION }} DB_BACKEND=${{ matrix.db_backend }} FEATURES=production FEATURES_U=production, make build-mainnet-upgrade @@ -187,7 +148,7 @@ jobs: - name: Build dev docker image shell: bash run: | - DOCKER_TAG=${{ steps.get_version.outputs.VERSION }} make build-localsecret + DOCKER_TAG=${{ steps.get_version.outputs.VERSION }} make localsecret - name: Push docker image run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get_version.outputs.VERSION }} diff --git a/Makefile b/Makefile index d5c5f2e36..578929edd 100644 --- a/Makefile +++ b/Makefile @@ -230,11 +230,20 @@ clean: build-rocksdb-image: docker build --build-arg BUILD_VERSION=${VERSION} -f deployment/dockerfiles/db-compile.Dockerfile -t enigmampc/rocksdb:${VERSION} . -build-localsecret: - docker build --build-arg BUILD_VERSION=${VERSION} --build-arg SGX_MODE=SW --build-arg FEATURES_U="${FEATURES_U}" --build-arg FEATURES="${FEATURES},debug-print" -f deployment/dockerfiles/base.Dockerfile -t rust-go-base-image . +localsecret: _localsecret-compile docker build --build-arg SGX_MODE=SW --build-arg SECRET_NODE_TYPE=BOOTSTRAP --build-arg CHAIN_ID=secretdev-1 -f deployment/dockerfiles/release.Dockerfile -t build-release . docker build --build-arg SGX_MODE=SW --build-arg SECRET_NODE_TYPE=BOOTSTRAP --build-arg CHAIN_ID=secretdev-1 -f deployment/dockerfiles/dev-image.Dockerfile -t ghcr.io/scrtlabs/localsecret:${DOCKER_TAG} . +_localsecret-compile: + docker build \ + --build-arg BUILD_VERSION=${VERSION} \ + --build-arg FEATURES="${FEATURES},debug-print" \ + --build-arg FEATURES_U=${FEATURES_U} \ + --build-arg SGX_MODE=SW \ + -f deployment/dockerfiles/base.Dockerfile \ + -t rust-go-base-image \ + . + build-ibc-hermes: docker build -f deployment/dockerfiles/ibc/hermes.Dockerfile -t hermes:v0.0.0 deployment/dockerfiles/ibc @@ -247,76 +256,50 @@ build-custom-dev-image: # delete the copies created above rm go-cosmwasm/api/libgo_cosmwasm.so.x $(EXECUTE_ENCLAVE_PATH)/librust_cosmwasm_enclave.signed.so.x -build-testnet: docker_base +build-testnet: _docker_base @mkdir build 2>&3 || true - docker build --build-arg BUILD_VERSION=${VERSION} --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=BOOTSTRAP -f deployment/dockerfiles/release.Dockerfile -t enigmampc/secret-network-bootstrap:v$(VERSION)-testnet . + docker build --secret API_KEY=${API_KEY} --secret SPID=${SPID} --build-arg BUILD_VERSION=${VERSION} --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=BOOTSTRAP -f deployment/dockerfiles/release.Dockerfile -t enigmampc/secret-network-bootstrap:v$(VERSION)-testnet . docker build --build-arg BUILD_VERSION=${VERSION} --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=NODE -f deployment/dockerfiles/release.Dockerfile -t enigmampc/secret-network-node:v$(VERSION)-testnet . docker build --build-arg SGX_MODE=HW -f deployment/dockerfiles/build-deb.Dockerfile -t deb_build . docker run -e VERSION=${VERSION} -v $(CUR_DIR)/build:/build deb_build -build-mainnet-upgrade: docker_base +build-mainnet-upgrade: _docker_base @mkdir build 2>&3 || true - docker build --build-arg BUILD_VERSION=${VERSION} -f deployment/dockerfiles/mainnet-upgrade-release.Dockerfile -t build-release:latest . + docker build --secret API_KEY=${API_KEY} --secret SPID=${SPID} --build-arg BUILD_VERSION=${VERSION} -f deployment/dockerfiles/mainnet-upgrade-release.Dockerfile -t build-release:latest . docker build --build-arg BUILD_VERSION=${VERSION} --build-arg SGX_MODE=HW -f deployment/dockerfiles/build-deb-mainnet.Dockerfile -t deb_build . docker run -e VERSION=${VERSION} -v $(CUR_DIR)/build:/build deb_build docker tag build-release ghcr.io/scrtlabs/secret-network-node:$(VERSION) -build-mainnet: docker_base +build-mainnet: _docker_base @mkdir build 2>&3 || true docker build --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=BOOTSTRAP -f deployment/dockerfiles/release.Dockerfile -t enigmampc/secret-network-bootstrap:v$(VERSION)-mainnet . docker build --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=NODE -f deployment/dockerfiles/release.Dockerfile -t enigmampc/secret-network-node:v$(VERSION)-mainnet . docker build --build-arg BUILD_VERSION=${VERSION} --build-arg SGX_MODE=HW -f deployment/dockerfiles/build-deb.Dockerfile -t deb_build . docker run -e VERSION=${VERSION} -v $(CUR_DIR)/build:/build deb_build -docker_base_rocksdb: - docker build \ - --build-arg BUILD_VERSION=${VERSION} \ - --build-arg FEATURES=${FEATURES} \ - --build-arg FEATURES_U=${FEATURES_U} \ - --build-arg SGX_MODE=${SGX_MODE} \ - -f deployment/dockerfiles/base-rocksdb.Dockerfile \ - -t rust-go-base-image \ - . +docker_bootstrap: _docker_base + docker build --build-arg SGX_MODE=${SGX_MODE} --build-arg SECRET_NODE_TYPE=BOOTSTRAP -f deployment/dockerfiles/local-node.Dockerfile -t enigmampc/secret-network-bootstrap-${ext}:${DOCKER_TAG} . -docker_base_goleveldb: docker_base +docker_node: _docker_base + docker build --build-arg SGX_MODE=${SGX_MODE} --build-arg SECRET_NODE_TYPE=NODE -f deployment/dockerfiles/local-node.Dockerfile -t enigmampc/secret-network-node-${ext}:${DOCKER_TAG} . -docker_base_rust: - docker build \ - --build-arg BUILD_VERSION=${VERSION} \ - --build-arg FEATURES=${FEATURES} \ - --build-arg FEATURES_U=${FEATURES_U} \ - --build-arg SGX_MODE=${SGX_MODE} \ - -f deployment/dockerfiles/base-rust.Dockerfile \ - -t rust-base-image \ - . +docker_local_azure_hw: _docker_base + docker build --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=NODE -f deployment/dockerfiles/local-node.Dockerfile -t ci-enigma-sgx-node . + docker build --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=BOOTSTRAP -f deployment/dockerfiles/local-node.Dockerfile -t ci-enigma-sgx-bootstrap . + +docker_enclave_test: + docker build --build-arg FEATURES="test ${FEATURES}" --build-arg SGX_MODE=${SGX_MODE} -f deployment/dockerfiles/enclave-test.Dockerfile -t rust-enclave-test . -docker_base_go: +_docker_base: docker build \ - --build-arg DB_BACKEND=${DB_BACKEND} \ --build-arg BUILD_VERSION=${VERSION} \ --build-arg FEATURES=${FEATURES} \ --build-arg FEATURES_U=${FEATURES_U} \ --build-arg SGX_MODE=${SGX_MODE} \ - --build-arg CGO_LDFLAGS=${DOCKER_CGO_LDFLAGS} \ - -f deployment/dockerfiles/base-go.Dockerfile \ + -f deployment/dockerfiles/base.Dockerfile \ -t rust-go-base-image \ . -docker_base: docker_base_rust docker_base_go - -docker_bootstrap: docker_base - docker build --build-arg SGX_MODE=${SGX_MODE} --build-arg SECRET_NODE_TYPE=BOOTSTRAP -f deployment/dockerfiles/local-node.Dockerfile -t enigmampc/secret-network-bootstrap-${ext}:${DOCKER_TAG} . - -docker_node: docker_base - docker build --build-arg SGX_MODE=${SGX_MODE} --build-arg SECRET_NODE_TYPE=NODE -f deployment/dockerfiles/local-node.Dockerfile -t enigmampc/secret-network-node-${ext}:${DOCKER_TAG} . - -docker_local_azure_hw: docker_base - docker build --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=NODE -f deployment/dockerfiles/local-node.Dockerfile -t ci-enigma-sgx-node . - docker build --build-arg SGX_MODE=HW --build-arg SECRET_NODE_TYPE=BOOTSTRAP -f deployment/dockerfiles/local-node.Dockerfile -t ci-enigma-sgx-bootstrap . - -docker_enclave_test: - docker build --build-arg FEATURES="test ${FEATURES}" --build-arg SGX_MODE=${SGX_MODE} -f deployment/dockerfiles/enclave-test.Dockerfile -t rust-enclave-test . - # while developing: build-enclave: vendor $(MAKE) -C $(EXECUTE_ENCLAVE_PATH) enclave diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 0b963ecd1..a39f3ec74 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -16,36 +16,57 @@ pool: workspace: clean: all # what to clean up before the job runs +variables: + baseImageRepository: 'azcr.io/enigmampc/ci-base-image' + nodeImageRepository: 'azcr.io/enigmampc/ci-node-image' + containerRegistry: 'enigmampcdocker' + dockerfilePath: '$(Build.SourcesDirectory)/deployment/dockerfiles/base.Dockerfile' + tag: '$(Build.BuildId)' + DOCKER_BUILDKIT: 1 + steps: - script: echo $(spid) > spid.txt; echo $(api-key-dev) > api_key.txt displayName: "Save api keys" + - task: Docker@2 - displayName: "Build enclave tests" + displayName: "Build base image" inputs: command: build - repository: rust-enclave-test - tags: latest + repository: '$(baseImageRepository)' + tags: | + $(tag) + latest buildContext: . - arguments: --build-arg SGX_MODE=HW - Dockerfile: deployment/dockerfiles/enclave-test.Dockerfile + arguments: --build-arg BUILDKIT_INLINE_CACHE=1 --secret id=API_KEY,src=api_key.txt --secret id=SPID,src=spid.txt --cache-from $(baseImageRepository) --build-arg SGX_MODE=HW + dockerfile: '$(dockerfilePath)' + + - script: | + cp deployment/ci/bootstrap_init.sh deployment/docker/bootstrap/bootstrap_init.sh + cp deployment/ci/node_init.sh deployment/docker/node/node_init.sh + cp deployment/ci/startup.sh deployment/docker/startup.sh + cp deployment/ci/node_key.json deployment/docker/node_key.json + displayName: Overwrite node scripts + - task: Docker@2 - displayName: "Build base image" + displayName: "Build release image" inputs: command: build - repository: rust-go-base-image + repository: '$(nodeImageRepository)' tags: latest buildContext: . - arguments: --build-arg SGX_MODE=HW - Dockerfile: deployment/dockerfiles/base.Dockerfile + arguments: --build-arg BUILDKIT_INLINE_CACHE=1 --build-arg SCRT_BIN_IMAGE=$(baseImageRepository):$(tag) --cache-from $(nodeImageRepository) --build-arg SGX_MODE=HW + Dockerfile: deployment/dockerfiles/release.Dockerfile + - task: Docker@2 - displayName: "Build release image" + displayName: "Build enclave tests" inputs: command: build - repository: build-release + repository: rust-enclave-test tags: latest buildContext: . arguments: --build-arg SGX_MODE=HW - Dockerfile: deployment/dockerfiles/release.Dockerfile + Dockerfile: deployment/dockerfiles/enclave-test.Dockerfile + - task: Docker@2 displayName: "Build tests image" inputs: @@ -55,24 +76,6 @@ steps: buildContext: . arguments: --build-arg SGX_MODE=HW Dockerfile: deployment/dockerfiles/go-tests.Dockerfile - - task: Docker@2 - displayName: "Build node" - inputs: - command: build - repository: ci-enigma-sgx-node - tags: latest - buildContext: . - arguments: --build-arg SECRET_LOCAL_NODE_TYPE=NODE --build-arg SGX_MODE=HW - Dockerfile: deployment/dockerfiles/local-node.Dockerfile - - task: Docker@2 - displayName: "Build bootstrap" - inputs: - command: build - buildContext: . - repository: ci-enigma-sgx-bootstrap - tags: latest - arguments: --build-arg SECRET_LOCAL_NODE_TYPE=BOOTSTRAP --build-arg SGX_MODE=HW - Dockerfile: deployment/dockerfiles/local-node.Dockerfile - script: export DOCKER_CLIENT_TIMEOUT=120 && export COMPOSE_HTTP_TIMEOUT=120 && docker-compose --compatibility -f deployment/ci/docker-compose.ci.yaml up --exit-code-from base aesm base displayName: "Run system tests" diff --git a/cosmwasm/contracts/v010/hackatom/Cargo.lock b/cosmwasm/contracts/v010/hackatom/Cargo.lock index 0764ab88d..219ddedd8 100644 --- a/cosmwasm/contracts/v010/hackatom/Cargo.lock +++ b/cosmwasm/contracts/v010/hackatom/Cargo.lock @@ -137,26 +137,12 @@ checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e" [[package]] name = "cosmwasm-schema" -version = "1.1.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c742fc698a88cf02ea304cc2b5bc18ef975c5bb9eff93c3e44d2cd565e1d458" +checksum = "2196586ea197eaa21129d09c84a19e2eb80bdce239eec8e6a4f108cb644c295f" dependencies = [ - "cosmwasm-schema-derive", - "schemars 0.8.3", - "serde", + "schemars", "serde_json", - "thiserror", -] - -[[package]] -name = "cosmwasm-schema-derive" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88a7c4c07be11add09dd3af3064c4f4cbc2dc99c6859129bdaf820131730e996" -dependencies = [ - "proc-macro2", - "quote", - "syn", ] [[package]] @@ -172,7 +158,7 @@ dependencies = [ "num_cpus", "parity-wasm", "parking_lot", - "schemars 0.7.6", + "schemars", "secret-cosmwasm-std", "serde", "serde_json", @@ -188,7 +174,7 @@ version = "0.10.0" source = "git+https://github.com/enigmampc/SecretNetwork?tag=v1.0.4-debug-print#004c6bca6f2b7f31a6594abe4f44f2e41b1456b3" dependencies = [ "base64 0.11.0", - "schemars 0.7.6", + "schemars", "serde", "serde-json-wasm", "snafu", @@ -240,12 +226,6 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10" -[[package]] -name = "dyn-clone" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee2626afccd7561a06cf1367e2950c4718ea04565e20fb5029b6c7d8ad09abcf" - [[package]] name = "enclave-ffi-types" version = "0.1.0" @@ -290,7 +270,7 @@ dependencies = [ "cosmwasm-sgx-vm", "cosmwasm-std", "cosmwasm-storage", - "schemars 0.7.6", + "schemars", "serde", "sha2", ] @@ -556,19 +536,7 @@ version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be77ed66abed6954aabf6a3e31a84706bedbf93750d267e92ef4a6d90bbd6a61" dependencies = [ - "schemars_derive 0.7.6", - "serde", - "serde_json", -] - -[[package]] -name = "schemars" -version = "0.8.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc6ab463ae35acccb5cba66c0084c985257b797d288b6050cc2f6ac1b266cb78" -dependencies = [ - "dyn-clone", - "schemars_derive 0.8.3", + "schemars_derive", "serde", "serde_json", ] @@ -585,18 +553,6 @@ dependencies = [ "syn", ] -[[package]] -name = "schemars_derive" -version = "0.8.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "902fdfbcf871ae8f653bddf4b2c05905ddaabc08f69d32a915787e3be0d31356" -dependencies = [ - "proc-macro2", - "quote", - "serde_derive_internals", - "syn", -] - [[package]] name = "scopeguard" version = "1.1.0" @@ -610,7 +566,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f5d4b8fed972d924458d9c3c0e6c9fbf6c4c5e30655571e3d2b78be056d316e9" dependencies = [ "base64 0.11.0", - "schemars 0.7.6", + "schemars", "serde", "serde-json-wasm", "snafu", diff --git a/deployment/ci/docker-compose.ci.yaml b/deployment/ci/docker-compose.ci.yaml index 3b9451dbf..af12b9bde 100644 --- a/deployment/ci/docker-compose.ci.yaml +++ b/deployment/ci/docker-compose.ci.yaml @@ -34,7 +34,7 @@ services: memory: "4g" bootstrap: - image: ci-enigma-sgx-bootstrap + image: azcr.io/enigmampc/ci-node-image:latest container_name: bootstrap depends_on: - aesm @@ -50,12 +50,13 @@ services: environment: - http_proxy - https_proxy + - SECRET_LOCAL_NODE_TYPE=BOOTSTRAP expose: - 26656 - 26657 node: - image: ci-enigma-sgx-node + image: azcr.io/enigmampc/ci-node-image:latest depends_on: - bootstrap devices: @@ -64,12 +65,14 @@ services: volumes: - /tmp/aesmd:/var/run/aesmd - /tmp/secretd:/tmp/.secretd + - ${PWD}/x/compute/internal/keeper/testdata/erc20.wasm:/root/erc20.wasm # - /tmp/secretcli:/root/.secretcli stdin_open: true tty: true environment: - http_proxy - https_proxy + - SECRET_LOCAL_NODE_TYPE=node enclave-test: image: rust-enclave-test diff --git a/deployment/ci/go-tests.sh b/deployment/ci/go-tests.sh index f01bcc25f..d7b6c285b 100644 --- a/deployment/ci/go-tests.sh +++ b/deployment/ci/go-tests.sh @@ -1,4 +1,5 @@ set -euv # Run go system tests for compute module -go test -p 1 -v ./x/compute/internal/... +mkdir -p ./x/compute/internal/keeper/.sgx_secrets +GOMAXPROCS=8 SCRT_SGX_STORAGE='./' go test -failfast -timeout 90m -v ./x/compute/internal/... diff --git a/deployment/ci/node_init.sh b/deployment/ci/node_init.sh index 7d33107ce..bd5cba601 100644 --- a/deployment/ci/node_init.sh +++ b/deployment/ci/node_init.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -set -euvo pipefail +set -uvo pipefail # init the node # rm -rf ~/.secret* @@ -53,4 +53,76 @@ secretd config node tcp://localhost:26657 RUST_BACKTRACE=1 secretd start & -./wasmi-sgx-test.sh +########## RUN INTEGRATION TESTS + +function wait_for_tx () { + until (secretd q tx "$1" &> /dev/null) + do + echo "$2" + sleep 1 + done +} + +until (secretd status 2>&1 | jq -e '(.SyncInfo.latest_block_height | tonumber) > 0' &>/dev/null); do + echo "Waiting for chain to start..." + sleep 1 +done + +sleep 5 + +# store wasm code on-chain so we could later instantiate it +export STORE_TX_HASH=$( + yes | + secretd tx compute store erc20.wasm --from a --gas 1200000 --gas-prices 0.25uscrt --output json | + jq -r .txhash +) + +wait_for_tx "$STORE_TX_HASH" "Waiting for store to finish on-chain..." + +# test storing of wasm code (this doesn't touch sgx yet) +secretd q tx "$STORE_TX_HASH" --output json | + jq -e '.logs[].events[].attributes[] | select(.key == "code_id" and .value == "1")' + +# init the contract (ocall_init + write_db + canonicalize_address) +# a is a tendermint address (will be used in transfer: https://github.com/CosmWasm/cosmwasm-examples/blob/f2f0568ebc90d812bcfaa0ef5eb1da149a951552/erc20/src/contract.rs#L110) +# secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t is just a random address +# balances are set to 108 & 53 at init +INIT_TX_HASH=$( + yes | + secretd tx compute instantiate 1 "{\"decimals\":10,\"initial_balances\":[{\"address\":\"$(secretd keys show a -a)\",\"amount\":\"108\"},{\"address\":\"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t\",\"amount\":\"53\"}],\"name\":\"ReuvenPersonalRustCoin\",\"symbol\":\"RPRC\"}" --label RPRCCoin --output json --gas-prices 0.25uscrt --from a | + jq -r .txhash +) + +wait_for_tx "$INIT_TX_HASH" "Waiting for instantiate to finish on-chain..." + +export CONTRACT_ADDRESS=$( + secretd q tx "$INIT_TX_HASH" --output json | + jq -er '.logs[].events[].attributes[] | select(.key == "contract_address") | .value' | + head -1 +) + +# test balances after init (ocall_query + read_db + canonicalize_address) +secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"$(secretd keys show a -a)\"}}" --output json | + jq -e '.balance == "108"' +secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t\"}}" --output json | + jq -e '.balance == "53"' + +# transfer 10 balance (ocall_handle + read_db + write_db + humanize_address + canonicalize_address) +TRANSFER_TX_HASH=$( + yes | + secretd tx compute execute --from a "$CONTRACT_ADDRESS" '{"transfer":{"amount":"10","recipient":"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t"}}' --gas-prices 0.25uscrt --output json 2> /dev/null | + jq -r .txhash +) + +wait_for_tx "$TRANSFER_TX_HASH" "Waiting for transfer to finish on-chain..." + +# test balances after transfer (ocall_query + read_db) +secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"$(secretd keys show a -a)\"}}" --output json | + jq -e '.balance == "98"' +secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t\"}}" --output json | + jq -e '.balance == "63"' + +(secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"secret1zzzzzzzzzzzzzzzzzz\"}}" --output json || true) 2>&1 | grep -c 'canonicalize_address errored: invalid checksum' + +echo "All is done. Yay!" + diff --git a/deployment/docker/sanity-test.sh b/deployment/docker/sanity-test.sh deleted file mode 100755 index f8c9d5dfd..000000000 --- a/deployment/docker/sanity-test.sh +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/bash - -set -euvx - -function wait_for_tx () { - until (secretd q tx "$1" --output json) - do - echo "$2" - sleep 1 - done -} - -# # init the node -# rm -rf ./.sgx_secrets ~/.sgx_secrets *.der ~/*.der -# mkdir -p ./.sgx_secrets ~/.sgx_secrets - -# rm -rf ~/.secretd - -# #export SECRET_NETWORK_CHAIN_ID=secretdev-1 -# #export SECRET_NETWORK_KEYRING_BACKEND=test - -# secretd init banana --chain-id secretdev-1 -# perl -i -pe 's/"stake"/"uscrt"/g' ~/.secretd/config/genesis.json -# echo "cost member exercise evoke isolate gift cattle move bundle assume spell face balance lesson resemble orange bench surge now unhappy potato dress number acid" | -# secretd keys add a --recover --keyring-backend test -# secretd add-genesis-account "$(secretd keys show -a --keyring-backend test a)" 1000000000000uscrt -# secretd gentx a 1000000uscrt --chain-id secretdev-1 --keyring-backend test -# secretd collect-gentxs -# secretd validate-genesis - -# secretd init-bootstrap node-master-cert.der io-master-cert.der -# secretd validate-genesis - -# RUST_BACKTRACE=1 secretd start --bootstrap & - - -# export SECRETD_PID=$(echo $!) - - -# until (secretd status 2>&1 | jq -e '(.SyncInfo.latest_block_height | tonumber) > 0' &>/dev/null); do -# echo "Waiting for chain to start..." -# sleep 1 -# done - -# # secretd rest-server --laddr tcp://0.0.0.0:1337 & -# export LCD_PID=$(echo $!) -# function cleanup() { -# kill -KILL "$SECRETD_PID" "$LCD_PID" -# } -# trap cleanup EXIT ERR - -# store wasm code on-chain so we could later instansiate it -export STORE_TX_HASH=$( - secretd tx compute store erc20.wasm --from a --gas 10000000 --gas-prices 0.25uscrt --output json -y | - jq -r .txhash -) - -wait_for_tx "$STORE_TX_HASH" "Waiting for store to finish on-chain..." - -# test storing of wasm code (this doesn't touch sgx yet) - secretd q tx "$STORE_TX_HASH" --output json | - jq -e '.logs[].events[].attributes[] | select(.key == "code_id" and .value == "1")' - -# init the contract (ocall_init + write_db + canonicalize_address) -# a is a tendermint address (will be used in transfer: https://github.com/CosmWasm/cosmwasm-examples/blob/f5ea00a85247abae8f8cbcba301f94ef21c66087/erc20/src/contract.rs#L110) -# secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t is just a random address -# balances are set to 108 & 53 at init -export INIT_TX_HASH=$( - secretd tx compute instantiate 1 "{\"decimals\":10,\"initial_balances\":[{\"address\":\"$(secretd keys show a -a)\",\"amount\":\"108\"},{\"address\":\"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t\",\"amount\":\"53\"}],\"name\":\"ReuvenPersonalRustCoin\",\"symbol\":\"RPRC\"}" --label RPRCCoin --from a --output json -y --gas-prices 0.25uscrt | - jq -r .txhash -) - -wait_for_tx "$INIT_TX_HASH" "Waiting for instantiate to finish on-chain..." - -secretd q compute tx "$INIT_TX_HASH" --output json - -export CONTRACT_ADDRESS=$( - secretd q tx "$INIT_TX_HASH" --output json | - jq -er '.logs[].events[].attributes[] | select(.key == "contract_address") | .value' | - head -1 -) - -# test balances after init (ocall_query + read_db + canonicalize_address) -secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"$(secretd keys show a -a)\"}}" | - jq -e '.balance == "108"' -secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t\"}}" | - jq -e '.balance == "53"' - -# transfer 10 balance (ocall_handle + read_db + write_db + humanize_address + canonicalize_address) -secretd tx compute execute "$CONTRACT_ADDRESS" '{"transfer":{"amount":"10","recipient":"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t"}}' --gas-prices 0.25uscrt --from a -b block -y --output json | - jq -r .txhash | - xargs secretd q compute tx - -# test balances after transfer (ocall_query + read_db) -secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"$(secretd keys show a -a)\"}}" | - jq -e '.balance == "98"' -secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t\"}}" | - jq -e '.balance == "63"' - -(secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"secret1zzzzzzzzzzzzzzzzzz\"}}" || true) 2>&1 | grep -c 'canonicalize_address errored: invalid checksum' - -# sleep infinity - -( - cd ./cosmwasm-js - yarn - cd ./packages/sdk - yarn build -) - -node ./cosmwasm/testing/cosmwasm-js-test.js - -echo "All is done. Yay!" diff --git a/deployment/dockerfiles/Dockerfile-sgx-18.04-unsafe b/deployment/dockerfiles/Dockerfile-sgx-18.04-unsafe deleted file mode 100644 index 700668209..000000000 --- a/deployment/dockerfiles/Dockerfile-sgx-18.04-unsafe +++ /dev/null @@ -1,72 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License.. - - -FROM ubuntu:18.04 -MAINTAINER Yu Ding - -ENV DEBIAN_FRONTEND=noninteractive -ENV VERSION 2.9.101.2-bionic1 -ENV rust_toolchain nightly-2020-10-25 -ENV sdk_bin https://download.01.org/intel-sgx/sgx-linux/2.9/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.9.101.2.bin - -RUN apt-get update && \ - apt-get install -y gnupg2 apt-transport-https ca-certificates curl software-properties-common build-essential automake autoconf libtool protobuf-compiler libprotobuf-dev git-core libprotobuf-c0-dev cmake pkg-config expect gdb && \ - curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \ - add-apt-repository "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main" && \ - apt-get update && \ - apt-get install -y \ - libsgx-aesm-launch-plugin=$VERSION \ - libsgx-enclave-common=$VERSION \ - libsgx-enclave-common-dbgsym=$VERSION \ - libsgx-enclave-common-dev=$VERSION \ - libsgx-epid=$VERSION \ - libsgx-epid-dbgsym=$VERSION \ - libsgx-epid-dev=$VERSION \ - libsgx-launch=$VERSION \ - libsgx-launch-dbgsym=$VERSION \ - libsgx-launch-dev=$VERSION \ - libsgx-quote-ex=$VERSION \ - libsgx-quote-ex-dbgsym=$VERSION \ - libsgx-quote-ex-dev=$VERSION \ - libsgx-uae-service=$VERSION \ - libsgx-uae-service-dbgsym=$VERSION \ - libsgx-urts=$VERSION \ - libsgx-urts-dbgsym=$VERSION && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /var/cache/apt/archives/* && \ - mkdir /var/run/aesmd && \ - mkdir /etc/init - -RUN curl 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' --output /root/rustup-init && \ - chmod +x /root/rustup-init && \ - echo '1' | /root/rustup-init --default-toolchain ${rust_toolchain} && \ - echo 'source /root/.cargo/env' >> /root/.bashrc && \ - /root/.cargo/bin/rustup component add rust-src rls rust-analysis clippy rustfmt && \ - /root/.cargo/bin/cargo install xargo && \ - rm /root/rustup-init && rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git - -RUN mkdir /root/sgx && \ - curl --output /root/sgx/sdk.bin ${sdk_bin} && \ - cd /root/sgx && \ - chmod +x /root/sgx/sdk.bin && \ - echo -e 'no\n/opt' | /root/sgx/sdk.bin && \ - echo 'source /opt/sgxsdk/environment' >> /root/.bashrc && \ - echo 'alias start-aesm="LD_LIBRARY_PATH=/opt/intel/sgx-aesm-service/aesm /opt/intel/sgx-aesm-service/aesm/aesm_service"' >> /root/.bashrc && \ - rm -rf /root/sgx* - -WORKDIR /root \ No newline at end of file diff --git a/deployment/dockerfiles/base-go.Dockerfile b/deployment/dockerfiles/base-go.Dockerfile deleted file mode 100644 index aa3b1090a..000000000 --- a/deployment/dockerfiles/base-go.Dockerfile +++ /dev/null @@ -1,76 +0,0 @@ -FROM rust-base-image AS build-env-rust - -FROM enigmampc/rocksdb:v6.24.2 - -ENV GOROOT=/usr/local/go -ENV GOPATH=/go/ -ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin - -ADD https://go.dev/dl/go1.19.linux-amd64.tar.gz go.linux-amd64.tar.gz -RUN tar -C /usr/local -xzf go.linux-amd64.tar.gz -RUN go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version - -# Set working directory for the build -WORKDIR /go/src/github.com/enigmampc/SecretNetwork - -ARG BUILD_VERSION="v0.0.0" -ARG SGX_MODE=SW -ARG FEATURES -ARG FEATURES_U -ARG DB_BACKEND=goleveldb -ARG CGO_LDFLAGS - -ENV VERSION=${BUILD_VERSION} -ENV SGX_MODE=${SGX_MODE} -ENV FEATURES=${FEATURES} -ENV FEATURES_U=${FEATURES_U} -ENV MITIGATION_CVE_2020_0551=LOAD - -# Add source files -COPY go-cosmwasm go-cosmwasm -# This is due to some esoteric docker bug with the underlying filesystem, so until I figure out a better way, this should be a workaround -RUN true -COPY x x -RUN true -COPY types types -RUN true -COPY app app -COPY go.mod . -COPY go.sum . -COPY cmd cmd -COPY Makefile . -RUN true -COPY client client - -RUN ln -s /usr/lib/x86_64-linux-gnu/liblz4.so /usr/local/lib/liblz4.so && ln -s /usr/lib/x86_64-linux-gnu/libzstd.so /usr/local/lib/libzstd.so - -RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/ - -COPY --from=build-env-rust /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so -COPY --from=build-env-rust /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so -#COPY --from=build-env-rust /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so - -COPY api_key.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/ -COPY spid.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/ -COPY api_key.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/ -COPY spid.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/ -COPY api_key.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/ -COPY spid.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/ - -RUN . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} MITIGATION_CVE_2020_0551=LOAD VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust -RUN . /opt/sgxsdk/environment && env && MITIGATION_CVE_2020_0551=LOAD VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli - -# workaround because paths seem kind of messed up -# RUN cp /opt/sgxsdk/lib64/libsgx_urts_sim.so /usr/lib/libsgx_urts_sim.so -# RUN cp /opt/sgxsdk/lib64/libsgx_uae_service_sim.so /usr/lib/libsgx_uae_service_sim.so -# RUN cp /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so /usr/lib/libgo_cosmwasm.so -# RUN cp /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /usr/lib/librust_cosmwasm_enclave.signed.so -# RUN cp /go/src/github.com/enigmampc/SecretNetwork/cosmwasm/packages/wasmi-runtime/librust_cosmwasm_enclave.signed.so x/compute/internal/keeper -# RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/x/compute/internal/keeper/.sgx_secrets - -#COPY deployment/ci/go-tests.sh . -# -#RUN chmod +x go-tests.sh - -# ENTRYPOINT ["/bin/bash", "go-tests.sh"] -ENTRYPOINT ["/bin/bash"] \ No newline at end of file diff --git a/deployment/dockerfiles/base-rocksdb.Dockerfile b/deployment/dockerfiles/base-rocksdb.Dockerfile deleted file mode 100644 index f037a29ab..000000000 --- a/deployment/dockerfiles/base-rocksdb.Dockerfile +++ /dev/null @@ -1,101 +0,0 @@ -# Simple usage with a mounted data directory: -# > docker build -t enigma . -# > docker run -it -p 26657:26657 -p 26656:26656 -v ~/.secretd:/root/.secretd -v ~/.secretcli:/root/.secretcli enigma secretd init -# > docker run -it -p 26657:26657 -p 26656:26656 -v ~/.secretd:/root/.secretd -v ~/.secretcli:/root/.secretcli enigma secretd start -FROM baiduxlab/sgx-rust:2004-1.1.3 AS build-env-rust-go - -ENV PATH="/root/.cargo/bin:$PATH" -ENV GOROOT=/usr/local/go -ENV GOPATH=/go/ -ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin - -ADD https://go.dev/dl/go1.19.linux-amd64.tar.gz go.linux-amd64.tar.gz -RUN tar -C /usr/local -xzf go.linux-amd64.tar.gz -RUN go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version - -RUN wget -q https://github.com/WebAssembly/wabt/releases/download/1.0.20/wabt-1.0.20-ubuntu.tar.gz && \ - tar -xf wabt-1.0.20-ubuntu.tar.gz wabt-1.0.20/bin/wat2wasm wabt-1.0.20/bin/wasm2wat && \ - mv wabt-1.0.20/bin/wat2wasm wabt-1.0.20/bin/wasm2wat /bin && \ - chmod +x /bin/wat2wasm /bin/wasm2wat && \ - rm -f wabt-1.0.20-ubuntu.tar.gz - - -# Set working directory for the build -WORKDIR /go/src/github.com/enigmampc/SecretNetwork/ - -ARG BUILD_VERSION="v0.0.0" -ARG SGX_MODE=SW -ARG FEATURES -ARG FEATURES_U - -ENV VERSION=${BUILD_VERSION} -ENV SGX_MODE=${SGX_MODE} -ENV FEATURES=${FEATURES} -ENV FEATURES_U=${FEATURES_U} -ENV MITIGATION_CVE_2020_0551=LOAD - -COPY third_party/build third_party/build - -# Add source files -COPY go-cosmwasm go-cosmwasm/ -COPY cosmwasm cosmwasm/ - -WORKDIR /go/src/github.com/enigmampc/SecretNetwork/ - -COPY deployment/docker/MakefileCopy Makefile - -# RUN make clean -RUN make vendor - -WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm - -COPY api_key.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/ -COPY spid.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/ -COPY api_key.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/ -COPY spid.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/ -COPY api_key.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/ -COPY spid.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/ - -RUN . /opt/sgxsdk/environment && env \ - && MITIGATION_CVE_2020_0551=LOAD VERSION=${VERSION} FEATURES=${FEATURES} FEATURES_U=${FEATURES_U} SGX_MODE=${SGX_MODE} make build-rust - -# Set working directory for the build -WORKDIR /go/src/github.com/enigmampc/SecretNetwork - -COPY --from=enigmampc/rocksdb:v6.24.2 /usr/local/lib/librocksdb.a /usr/local/lib/librocksdb.a - -# Add source files -COPY go-cosmwasm go-cosmwasm -# This is due to some esoteric docker bug with the underlying filesystem, so until I figure out a better way, this should be a workaround -RUN true -COPY x x -RUN true -COPY types types -RUN true -COPY app app -COPY go.mod . -COPY go.sum . -COPY cmd cmd -COPY Makefile . -RUN true -COPY client client - -RUN . /opt/sgxsdk/environment && env && CGO_LDFLAGS="-L/usr/local/lib -lrocksdb" DB_BACKEND=rocksdb MITIGATION_CVE_2020_0551=LOAD VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust -RUN . /opt/sgxsdk/environment && env && MITIGATION_CVE_2020_0551=LOAD VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli - -RUN rustup target add wasm32-unknown-unknown && apt update -y && apt install clang -y && make build-test-contract - -# workaround because paths seem kind of messed up -# RUN cp /opt/sgxsdk/lib64/libsgx_urts_sim.so /usr/lib/libsgx_urts_sim.so -# RUN cp /opt/sgxsdk/lib64/libsgx_uae_service_sim.so /usr/lib/libsgx_uae_service_sim.so -# RUN cp /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so /usr/lib/libgo_cosmwasm.so -# RUN cp /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /usr/lib/librust_cosmwasm_enclave.signed.so -# RUN cp /go/src/github.com/enigmampc/SecretNetwork/cosmwasm/packages/wasmi-runtime/librust_cosmwasm_enclave.signed.so x/compute/internal/keeper -# RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/x/compute/internal/keeper/.sgx_secrets - -#COPY deployment/ci/go-tests.sh . -# -#RUN chmod +x go-tests.sh - -# ENTRYPOINT ["/bin/bash", "go-tests.sh"] -ENTRYPOINT ["/bin/bash"] \ No newline at end of file diff --git a/deployment/dockerfiles/base-rust.Dockerfile b/deployment/dockerfiles/base-rust.Dockerfile deleted file mode 100644 index b2492a7da..000000000 --- a/deployment/dockerfiles/base-rust.Dockerfile +++ /dev/null @@ -1,43 +0,0 @@ -FROM baiduxlab/sgx-rust:2004-1.1.3 AS build-env-rust-go - -ENV PATH="/root/.cargo/bin:$PATH" - -#RUN wget -q https://github.com/WebAssembly/wabt/releases/download/1.0.20/wabt-1.0.20-ubuntu.tar.gz && \ -# tar -xf wabt-1.0.20-ubuntu.tar.gz wabt-1.0.20/bin/wat2wasm wabt-1.0.20/bin/wasm2wat && \ -# mv wabt-1.0.20/bin/wat2wasm wabt-1.0.20/bin/wasm2wat /bin && \ -# chmod +x /bin/wat2wasm /bin/wasm2wat && \ -# rm -f wabt-1.0.20-ubuntu.tar.gz - -# Set working directory for the build -WORKDIR /go/src/github.com/enigmampc/SecretNetwork/ - -ARG BUILD_VERSION="v0.0.0" -ARG SGX_MODE=SW -ARG FEATURES -ARG FEATURES_U - -ENV VERSION=${BUILD_VERSION} -ENV SGX_MODE=${SGX_MODE} -ENV FEATURES=${FEATURES} -ENV FEATURES_U=${FEATURES_U} -ENV MITIGATION_CVE_2020_0551=LOAD - -COPY third_party/build third_party/build - -# Add source files -COPY go-cosmwasm go-cosmwasm/ -COPY cosmwasm cosmwasm/ - -WORKDIR /go/src/github.com/enigmampc/SecretNetwork/ - -COPY deployment/docker/MakefileCopy Makefile - -# RUN make clean -RUN make vendor - -WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm - -RUN . /opt/sgxsdk/environment && env \ - && MITIGATION_CVE_2020_0551=LOAD VERSION=${VERSION} FEATURES=${FEATURES} FEATURES_U=${FEATURES_U} SGX_MODE=${SGX_MODE} make build-rust - -ENTRYPOINT ["/bin/bash"] \ No newline at end of file diff --git a/deployment/dockerfiles/base.Dockerfile b/deployment/dockerfiles/base.Dockerfile index 98990e59a..9fae8d80d 100644 --- a/deployment/dockerfiles/base.Dockerfile +++ b/deployment/dockerfiles/base.Dockerfile @@ -1,37 +1,11 @@ -# Simple usage with a mounted data directory: -# > docker build -t enigma . -# > docker run -it -p 26657:26657 -p 26656:26656 -v ~/.secretd:/root/.secretd -v ~/.secretcli:/root/.secretcli enigma secretd init -# > docker run -it -p 26657:26657 -p 26656:26656 -v ~/.secretd:/root/.secretd -v ~/.secretcli:/root/.secretcli enigma secretd start -FROM enigmampc/rocksdb:v6.24.2 AS build-env-rust-go +ARG SCRT_BASE_IMAGE_SECRETD=enigmampc/rocksdb:v6.24.2 +ARG SCRT_BASE_IMAGE_ENCLAVE=baiduxlab/sgx-rust:2004-1.1.3 +# enigmampc/rocksdb:v6.24.2 -ENV PATH="/root/.cargo/bin:$PATH" -ENV GOROOT=/usr/local/go -ENV GOPATH=/go/ -ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin - -ADD https://go.dev/dl/go1.19.linux-amd64.tar.gz go.linux-amd64.tar.gz -RUN tar -C /usr/local -xzf go.linux-amd64.tar.gz -RUN go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version - -RUN wget -q https://github.com/WebAssembly/wabt/releases/download/1.0.20/wabt-1.0.20-ubuntu.tar.gz && \ - tar -xf wabt-1.0.20-ubuntu.tar.gz wabt-1.0.20/bin/wat2wasm wabt-1.0.20/bin/wasm2wat && \ - mv wabt-1.0.20/bin/wat2wasm wabt-1.0.20/bin/wasm2wat /bin && \ - chmod +x /bin/wat2wasm /bin/wasm2wat && \ - rm -f wabt-1.0.20-ubuntu.tar.gz - - -#### Install rocksdb deps - -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - zlib1g-dev \ - libbz2-dev \ - liblz4-dev \ - libzstd-dev -# +FROM $SCRT_BASE_IMAGE_ENCLAVE AS compile-enclave +ENV PATH="/root/.cargo/bin:$PATH" -# rm -rf /tmp/rocksdb # Set working directory for the build WORKDIR /go/src/github.com/enigmampc/SecretNetwork/ @@ -39,8 +13,6 @@ ARG BUILD_VERSION="v0.0.0" ARG SGX_MODE=SW ARG FEATURES ARG FEATURES_U -ARG DB_BACKEND=goleveldb -ARG CGO_LDFLAGS ENV VERSION=${BUILD_VERSION} ENV SGX_MODE=${SGX_MODE} @@ -63,19 +35,37 @@ RUN make vendor WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm -COPY api_key.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/ -COPY spid.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/ -COPY api_key.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/ -COPY spid.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/ -COPY api_key.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/ -COPY spid.txt /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/ - RUN . /opt/sgxsdk/environment && env \ && MITIGATION_CVE_2020_0551=LOAD VERSION=${VERSION} FEATURES=${FEATURES} FEATURES_U=${FEATURES_U} SGX_MODE=${SGX_MODE} make build-rust +ENTRYPOINT ["/bin/bash"] + +FROM $SCRT_BASE_IMAGE_SECRETD AS compile-secretd + +ENV GOROOT=/usr/local/go +ENV GOPATH=/go/ +ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin + +ADD https://go.dev/dl/go1.19.linux-amd64.tar.gz go.linux-amd64.tar.gz +RUN tar -C /usr/local -xzf go.linux-amd64.tar.gz +RUN go install github.com/jteeuwen/go-bindata/go-bindata@latest && go-bindata -version + # Set working directory for the build WORKDIR /go/src/github.com/enigmampc/SecretNetwork +ARG BUILD_VERSION="v0.0.0" +ARG SGX_MODE=SW +ARG FEATURES +ARG FEATURES_U +ARG DB_BACKEND=goleveldb +ARG CGO_LDFLAGS + +ENV VERSION=${BUILD_VERSION} +ENV SGX_MODE=${SGX_MODE} +ENV FEATURES=${FEATURES} +ENV FEATURES_U=${FEATURES_U} +ENV MITIGATION_CVE_2020_0551=LOAD + # Add source files COPY go-cosmwasm go-cosmwasm # This is due to some esoteric docker bug with the underlying filesystem, so until I figure out a better way, this should be a workaround @@ -94,10 +84,27 @@ COPY client client RUN ln -s /usr/lib/x86_64-linux-gnu/liblz4.so /usr/local/lib/liblz4.so && ln -s /usr/lib/x86_64-linux-gnu/libzstd.so /usr/local/lib/libzstd.so +RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/ + +COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so +COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so +# COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so + +RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop +RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy +RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production + +RUN --mount=type=secret,id=SPID,dst=/run/secrets/spid.txt cat /run/secrets/spid.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/spid.txt +RUN --mount=type=secret,id=SPID,dst=/run/secrets/spid.txt cat /run/secrets/spid.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/spid.txt +RUN --mount=type=secret,id=SPID,dst=/run/secrets/spid.txt cat /run/secrets/spid.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/spid.txt + +RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop/api_key.txt +RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy/api_key.txt +RUN --mount=type=secret,id=API_KEY,dst=/run/secrets/api_key.txt cat /run/secrets/api_key.txt > /go/src/github.com/enigmampc/SecretNetwork/ias_keys/production/api_key.txt + RUN . /opt/sgxsdk/environment && env && CGO_LDFLAGS=${CGO_LDFLAGS} DB_BACKEND=${DB_BACKEND} MITIGATION_CVE_2020_0551=LOAD VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_local_no_rust RUN . /opt/sgxsdk/environment && env && MITIGATION_CVE_2020_0551=LOAD VERSION=${VERSION} FEATURES=${FEATURES} SGX_MODE=${SGX_MODE} make build_cli -# RUN rustup target add wasm32-unknown-unknown && apt update -y && apt install clang -y && make build-test-contract +ENTRYPOINT ["/bin/bash"] + -# ENTRYPOINT ["/bin/bash", "go-tests.sh"] -ENTRYPOINT ["/bin/bash"] \ No newline at end of file diff --git a/deployment/dockerfiles/build-deb.Dockerfile b/deployment/dockerfiles/build-deb.Dockerfile index 5c138111a..b68856f0f 100644 --- a/deployment/dockerfiles/build-deb.Dockerfile +++ b/deployment/dockerfiles/build-deb.Dockerfile @@ -1,6 +1,8 @@ -FROM rust-go-base-image:latest AS build-env-rust-go -# Final image -FROM enigmampc/enigma-sgx-base:2004-1.1.3 +ARG SCRT_BIN_IMAGE=rust-go-base-image +ARG SCRT_BASE_IMAGE=enigmampc/enigma-sgx-base:2004-1.1.3 + +FROM $SCRT_BIN_IMAGE AS build-env-rust-go +FROM $SCRT_BASE_IMAGE as build-deb # wasmi-sgx-test script requirements RUN apt-get update && \ diff --git a/deployment/dockerfiles/compile-contracts.Dockerfile b/deployment/dockerfiles/compile-contracts.Dockerfile new file mode 100644 index 000000000..9a649f9cb --- /dev/null +++ b/deployment/dockerfiles/compile-contracts.Dockerfile @@ -0,0 +1,19 @@ +FROM baiduxlab/sgx-rust:2004-1.1.3 + +RUN mkdir -p /opt/secret/.sgx_secrets + +COPY scripts/install-wasm-tools.sh install-wasm-tools.sh +RUN chmod +x install-wasm-tools.sh +RUN ./install-wasm-tools.sh + +RUN $HOME/.cargo/bin/rustup install 1.61 +RUN $HOME/.cargo/bin/rustup target add wasm32-unknown-unknown + +ENV GOROOT=/usr/local/go +ENV GOPATH=/go/ +ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin + +ADD https://go.dev/dl/go1.19.linux-amd64.tar.gz go.linux-amd64.tar.gz +RUN tar -C /usr/local -xzf go.linux-amd64.tar.gz + +ENTRYPOINT ["/bin/bash"] diff --git a/deployment/dockerfiles/dev-image.Dockerfile b/deployment/dockerfiles/dev-image.Dockerfile index 8473acbf2..1995a2b84 100644 --- a/deployment/dockerfiles/dev-image.Dockerfile +++ b/deployment/dockerfiles/dev-image.Dockerfile @@ -1,5 +1,6 @@ # Final image -FROM build-release +ARG SCRT_BASE_IMAGE=build-release +FROM $SCRT_BASE_IMAGE as build-localsecret COPY deployment/docker/devimage/bootstrap_init_no_stop.sh bootstrap_init.sh COPY deployment/docker/devimage/faucet/faucet_server.js . diff --git a/deployment/dockerfiles/go-tests.Dockerfile b/deployment/dockerfiles/go-tests.Dockerfile index 1c775e13f..5a438c934 100644 --- a/deployment/dockerfiles/go-tests.Dockerfile +++ b/deployment/dockerfiles/go-tests.Dockerfile @@ -1,28 +1,42 @@ -# Simple usage with a mounted data directory: -# > docker build -t enigma . -# > docker run -it -p 26657:26657 -p 26656:26656 -v ~/.secretd:/root/.secretd -v ~/.secretcli:/root/.secretcli enigma secretd init -# > docker run -it -p 26657:26657 -p 26656:26656 -v ~/.secretd:/root/.secretd -v ~/.secretcli:/root/.secretcli enigma secretd start -FROM rust-go-base-image +FROM ghcr.io/scrtlabs/compile-contracts:1.5.0 -RUN cp /go/src/github.com/enigmampc/SecretNetwork/cosmwasm/enclaves/execute/librust_cosmwasm_enclave.signed.so x/compute/internal/keeper RUN mkdir -p /opt/secret/.sgx_secrets -RUN rustup target add wasm32-unknown-unknown +WORKDIR secretnetwork -COPY scripts/install-wasm-tools.sh . -RUN chmod +x install-wasm-tools.sh -RUN ./install-wasm-tools.sh +COPY cosmwasm cosmwasm +COPY Makefile . +COPY x x -RUN make build-test-contract +RUN . /root/.cargo/env && make build-test-contract -# workaround because paths seem kind of messed up -# RUN cp /opt/sgxsdk/lib64/libsgx_urts_sim.so /usr/lib/libsgx_urts_sim.so -# RUN cp /opt/sgxsdk/lib64/libsgx_uae_service_sim.so /usr/lib/libsgx_uae_service_sim.so -# RUN cp /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so /usr/lib/libgo_cosmwasm.so -# RUN cp /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /usr/lib/librust_cosmwasm_enclave.signed.so +# Add source files +COPY go-cosmwasm go-cosmwasm +# This is due to some esoteric docker bug with the underlying filesystem, so until I figure out a better way, this should be a workaround + +COPY types types +RUN true +COPY app app +COPY go.mod . +COPY go.sum . +COPY cmd cmd +RUN true +COPY client client +COPY ias_keys ias_keys + +COPY spid.txt ias_keys/develop/spid.txt +COPY spid.txt ias_keys/sw_dummy/spid.txt +COPY spid.txt ias_keys/production/spid.txt + +COPY api_key.txt ias_keys/develop/api_key.txt +COPY api_key.txt ias_keys/sw_dummy/api_key.txt +COPY api_key.txt ias_keys/production/api_key.txt COPY deployment/ci/go-tests.sh . RUN chmod +x go-tests.sh +COPY --from=azcr.io/enigmampc/ci-base-image:latest /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so ./go-cosmwasm/api/libgo_cosmwasm.so +COPY --from=azcr.io/enigmampc/ci-base-image:latest /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so x/compute/internal/keeper/librust_cosmwasm_enclave.signed.so + ENTRYPOINT ["/bin/bash", "go-tests.sh"] diff --git a/deployment/dockerfiles/local-node.Dockerfile b/deployment/dockerfiles/local-node.Dockerfile deleted file mode 100644 index 6e82a7300..000000000 --- a/deployment/dockerfiles/local-node.Dockerfile +++ /dev/null @@ -1,50 +0,0 @@ -# Final image -FROM build-release - -ARG SGX_MODE=SW -ENV SGX_MODE=${SGX_MODE} -# -ARG SECRET_LOCAL_NODE_TYPE -ENV SECRET_LOCAL_NODE_TYPE=${SECRET_LOCAL_NODE_TYPE} - -ENV PKG_CONFIG_PATH="" -ENV SCRT_ENCLAVE_DIR=/usr/lib/ - -COPY deployment/docker/sanity-test.sh /root/ -RUN chmod +x /root/sanity-test.sh - -COPY x/compute/internal/keeper/testdata/erc20.wasm erc20.wasm -RUN true -COPY deployment/ci/wasmi-sgx-test.sh . -RUN true -COPY deployment/ci/bootstrap_init.sh . -RUN true -COPY deployment/ci/node_init.sh . -RUN true -COPY deployment/ci/startup.sh . -RUN true -COPY deployment/ci/node_key.json . - -RUN chmod +x /usr/bin/secretd -# RUN chmod +x /usr/bin/secretcli -RUN chmod +x wasmi-sgx-test.sh -RUN chmod +x bootstrap_init.sh -RUN chmod +x startup.sh -RUN chmod +x node_init.sh - - -#RUN mkdir -p /root/.secretd/.compute/ -#RUN mkdir -p /root/.sgx_secrets/ -#RUN mkdir -p /root/.secretd/.node/ - -# Enable autocomplete -#RUN secretcli completion > /root/secretcli_completion -#RUN secretd completion > /root/secretd_completion -# -#RUN echo 'source /root/secretd_completion' >> ~/.bashrc -#RUN echo 'source /root/secretcli_completion' >> ~/.bashrc - -#ENV LD_LIBRARY_PATH=/opt/sgxsdk/libsgx-enclave-common/:/opt/sgxsdk/lib64/ - -# Run secretd by default, omit entrypoint to ease using container with secretcli -ENTRYPOINT ["/bin/bash", "startup.sh"] diff --git a/deployment/dockerfiles/release.Dockerfile b/deployment/dockerfiles/release.Dockerfile index d776bcb7a..8fbf8b09c 100644 --- a/deployment/dockerfiles/release.Dockerfile +++ b/deployment/dockerfiles/release.Dockerfile @@ -1,8 +1,10 @@ -# Base image -FROM rust-go-base-image AS build-env-rust-go +ARG SCRT_BIN_IMAGE=rust-go-base-image +ARG SCRT_BASE_IMAGE=enigmampc/enigma-sgx-base:2004-1.1.3 + +FROM $SCRT_BIN_IMAGE AS build-env-rust-go # Final image -FROM enigmampc/enigma-sgx-base:2004-1.1.3 as build-release +FROM $SCRT_BASE_IMAGE as build-node # wasmi-sgx-test script requirements RUN apt-get update && \ @@ -30,8 +32,11 @@ ENV SGX_MODE=${SGX_MODE} ARG SECRET_NODE_TYPE=BOOTSTRAP ENV SECRET_NODE_TYPE=${SECRET_NODE_TYPE} +ENV PKG_CONFIG_PATH="" ENV SCRT_ENCLAVE_DIR=/usr/lib/ + + # workaround because paths seem kind of messed up RUN cp /opt/sgxsdk/lib64/libsgx_urts_sim.so /usr/lib/libsgx_urts_sim.so RUN cp /opt/sgxsdk/lib64/libsgx_uae_service_sim.so /usr/lib/libsgx_uae_service_sim.so @@ -65,7 +70,6 @@ RUN mkdir -p /root/.secretd/.node/ RUN mkdir -p /root/config/ - ####### Node parameters ARG MONIKER=default ARG CHAINID=secretdev-1 diff --git a/integration-tests/test.ts b/integration-tests/test.ts index 084bc0e39..7eb392bbb 100644 --- a/integration-tests/test.ts +++ b/integration-tests/test.ts @@ -1912,6 +1912,10 @@ describe("IBC", () => { v1Wasm, v010Wasm, ]); + if (tx.code !== TxResultCode.Success) { + console.error(tx.rawLog); + } + expect(tx.code).toBe(TxResultCode.Success); contracts["secretdev-2"].v1.codeId = Number( tx.arrayLog.find((x) => x.key === "code_id").value @@ -1930,6 +1934,10 @@ describe("IBC", () => { contracts["secretdev-2"].v1, contracts["secretdev-2"].v010, ]); + if (tx.code !== TxResultCode.Success) { + console.error(tx.rawLog); + } + expect(tx.code).toBe(TxResultCode.Success); contracts["secretdev-2"].v1.address = tx.arrayLog.find( (x) => x.key === "contract_address" @@ -1984,11 +1992,9 @@ describe("IBC", () => { }, timeoutTimestampSec: String(Math.floor(Date.now() / 1000 + 30)), }); - - if (result.code !== 0) { + if (result.code !== TxResultCode.Success) { console.error(result.rawLog); } - expect(result.code).toBe(TxResultCode.Success); // checking ack/timeout on secretdev-1 might be cleaner diff --git a/scripts/install-wasm-tools.sh b/scripts/install-wasm-tools.sh index 1955ac82d..75d9dcf6d 100755 --- a/scripts/install-wasm-tools.sh +++ b/scripts/install-wasm-tools.sh @@ -70,9 +70,9 @@ rustup update nightly rustup target add wasm32-unknown-unknown --toolchain stable rustup target add wasm32-unknown-unknown --toolchain nightly -# While ink! is pinned to a specific nightly version of the Rust compiler you will need to explicitly install that toolchain. -rustup install nightly-2019-05-21 -rustup target add wasm32-unknown-unknown --toolchain nightly-2019-05-21 +## While ink! is pinned to a specific nightly version of the Rust compiler you will need to explicitly install that toolchain. +#rustup install nightly-2019-05-21 +#rustup target add wasm32-unknown-unknown --toolchain nightly-2019-05-21 echo "Installing wasm-prune into ~/.cargo/bin" cargo install pwasm-utils-cli --bin wasm-prune --force