Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade enclave dependency versions #115

Merged
merged 10 commits into from
Dec 20, 2024
Merged

Upgrade enclave dependency versions #115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
4fd61d8
[chore] Tweak enclave build
jplock Dec 20, 2024
36e09e2
missed one
jplock Dec 20, 2024
cf1cf78
remove shared libs
jplock Dec 20, 2024
e2d06d8
Upgrade aws-lc from v1.12.0 to v1.41.1
jplock Dec 20, 2024
fe95d6f
WIP
jplock Dec 20, 2024
b898c6a
Upgrade powertools from 3.3.0 to 3.4.0
jplock Dec 20, 2024
181f9c0
WIP
jplock Dec 20, 2024
d1ca496
try caching
jplock Dec 20, 2024
3b5d29e
change name
jplock Dec 20, 2024
87ebb44
WIP
jplock Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions .github/workflows/docker-bake.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: docker bake

on:
push:
branches:
- main
pull_request:
branches:
- main

concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true

env:
RUST_BACKTRACE: 1
CARGO_TERM_COLOR: never

jobs:
docker:
if: github.repository_owner == 'aws-samples'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Docker buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
- name: Build
uses: docker/bake-action@3fc70e1131fee40a422dd8dd0ff22014ae20a1f3 # v5.11.0
env:
SOURCE_DATE_EPOCH: 0
with:
push: false
10 changes: 6 additions & 4 deletions .github/workflows/rust.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Rust
name: rust tests

on:
push:
Expand All @@ -14,15 +14,17 @@ concurrency:

env:
RUST_BACKTRACE: 1
CARGO_TERM_COLOR: always
CARGO_TERM_COLOR: never

jobs:
test:
if: github.repository_owner == 'aws-samples'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Cache
uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
- name: Format
run: cargo fmt --all -- --check --verbose
- name: Build
Expand Down
8 changes: 4 additions & 4 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion api/dependencies/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
aws-lambda-powertools[tracer,parser]==3.3.0
aws-lambda-powertools[tracer,parser]==3.4.0
cryptography==43.0.3
hpke==0.3.2
pksuid==1.1.2
Expand Down
4 changes: 2 additions & 2 deletions api/requirements-dev.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
black==24.10.0
aws-lambda-powertools[all,aws-sdk]==3.3.0
boto3-stubs[dynamodb,kms]==1.35.81
aws-lambda-powertools[all,aws-sdk]==3.4.0
boto3-stubs[dynamodb,kms]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this gets updated too frequently and is only a dev dependency

2 changes: 1 addition & 1 deletion canary/dependencies/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
aws-lambda-powertools==3.3.0
aws-lambda-powertools==3.4.0
4 changes: 2 additions & 2 deletions canary/requirements-dev.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
black==24.10.0
aws-lambda-powertools[all,aws-sdk]==3.3.0
boto3-stubs[dynamodb,kms]==1.35.81
aws-lambda-powertools[all,aws-sdk]==3.4.0
boto3-stubs[dynamodb,kms]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this gets updated too frequently and is only a dev dependency

25 changes: 25 additions & 0 deletions docker-bake.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
group "default" {
targets = ["parent", "enclave"]
}

target "parent" {
context = "./parent"
dockerfile = "Dockerfile"
args = {
TARGETPLATFORM = "x86_64-unknown-linux-gnu"
}
tags = ["parent-vault:latest"]
cache-to = ["type=gha,ignore-error=true,mode=max,scope=parent"]
cache-from = ["type=gha,scope=parent"]
}

target "enclave" {
context = "./enclave"
dockerfile = "Dockerfile"
args = {
TARGETPLATFORM = "x86_64-unknown-linux-musl"
}
tags = ["enclave-vault:latest"]
cache-to = ["type=gha,ignore-error=true,mode=max,scope=enclave"]
cache-from = ["type=gha,scope=enclave"]
}
16 changes: 10 additions & 6 deletions enclave/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
##
## based on https://github.com/aws/aws-nitro-enclaves-acm/blob/main/env/enclave/Dockerfile
####################################################################################################
FROM public.ecr.aws/docker/library/rust:alpine as kmstool
FROM public.ecr.aws/docker/library/rust:alpine AS kmstool

ARG TARGETPLATFORM
ENV RUSTFLAGS="-C target-feature=-crt-static"
Expand All @@ -32,7 +32,7 @@ RUN ln -s /usr/lib /usr/lib64
WORKDIR /tmp/crt-builder

# Build AWS libcrypto
RUN git clone --depth 1 -b v1.12.0 https://github.com/awslabs/aws-lc.git
RUN git clone --depth 1 -b v1.41.1 https://github.com/awslabs/aws-lc.git
RUN cmake \
-DCMAKE_PREFIX_PATH=/usr \
-DCMAKE_INSTALL_PREFIX=/usr \
Expand Down Expand Up @@ -123,7 +123,7 @@ RUN cmake \
RUN cmake --build aws-c-auth/build --parallel $(nproc) --target install

# JSON-C library
RUN git clone --depth 1 -b json-c-0.16-20220414 https://github.com/json-c/json-c.git
RUN git clone --depth 1 -b json-c-0.18-20240915 https://github.com/json-c/json-c.git
RUN cmake \
-DCMAKE_PREFIX_PATH=/usr \
-DCMAKE_INSTALL_PREFIX=/usr \
Expand All @@ -134,6 +134,7 @@ RUN cmake --build json-c/build --parallel $(nproc) --target install

# NSM LIB
RUN git clone --depth 1 -b v0.4.0 "https://github.com/aws/aws-nitro-enclaves-nsm-api"
RUN rustup target add $TARGETPLATFORM
RUN cd aws-nitro-enclaves-nsm-api \
&& PATH="$PATH:/root/.cargo/bin" cargo build --release --target $TARGETPLATFORM --jobs $(nproc) -p nsm-lib \
&& mv target/$TARGETPLATFORM/release/libnsm.so /usr/lib/ \
Expand All @@ -152,22 +153,25 @@ RUN cmake --build aws-nitro-enclaves-sdk-c/build --parallel $(nproc) --target in
####################################################################################################
## Chef image
####################################################################################################
FROM public.ecr.aws/docker/library/rust:alpine as chef
FROM public.ecr.aws/docker/library/rust:alpine AS chef
ARG TARGETPLATFORM

WORKDIR /app
RUN apk add --no-cache build-base
RUN rustup target add $TARGETPLATFORM
RUN cargo install cargo-chef --locked

####################################################################################################
## Planner image
####################################################################################################
FROM chef as planner
FROM chef AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json

####################################################################################################
## Builder image
####################################################################################################
FROM chef as builder
FROM chef AS builder
ARG TARGETPLATFORM

COPY --from=planner /app/recipe.json recipe.json
Expand Down
6 changes: 3 additions & 3 deletions parent/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
####################################################################################################
## Chef image
####################################################################################################
FROM public.ecr.aws/docker/library/rust:latest as chef
FROM public.ecr.aws/docker/library/rust:latest AS chef
ARG TARGETPLATFORM

WORKDIR /app
Expand All @@ -15,14 +15,14 @@ RUN cargo install cargo-chef --locked
####################################################################################################
## Planner image
####################################################################################################
FROM chef as planner
FROM chef AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json

####################################################################################################
## Builder image
####################################################################################################
FROM chef as builder
FROM chef AS builder
ARG TARGETPLATFORM

COPY --from=planner /app/recipe.json recipe.json
Expand Down
Loading