-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathDockerfile.ci
More file actions
64 lines (53 loc) · 2.54 KB
/
Dockerfile.ci
File metadata and controls
64 lines (53 loc) · 2.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Copyright (c) 2024 by Alibaba.
# Licensed under the Apache License, Version 2.0, see LICENSE for details.
# SPDX-License-Identifier: Apache-2.0
FROM openanolis/anolisos:latest as builder
ARG ARCH=x86_64
WORKDIR /usr/src/trustee
COPY . .
RUN cd /tmp && \
curl https://download.01.org/intel-sgx/sgx-dcap/1.21/linux/distro/Anolis86/sgx_rpm_local_repo.tgz --output /tmp/sgx_rpm_local_repo.tgz && \
tar zxvf /tmp/sgx_rpm_local_repo.tgz && \
yum -y install yum-utils && yum-config-manager --add-repo file:///tmp/sgx_rpm_local_repo && \
yum -y install epel-release && \
yum install -y --setopt=install_weak_deps=False --nogpgcheck pkg-config libsgx-dcap-quote-verify-devel libtdx-attest-devel \
perl wget git protobuf-compiler curl gnupg \
openssl openssl-devel clang \
tpm2-tss tpm2-tss-devel \
python38 python38-pip python38-devel \
libudev-devel && \
yum clean all && \
rm -rf /tmp/*
# Install Rust
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
ENV PATH="/root/.cargo/bin:${PATH}"
RUN rustup component add rustfmt clippy
# Download and install kubectl
ARG KUBECTL_VERSION=v1.30.0
RUN curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
chmod +x kubectl && \
mv kubectl /usr/local/bin/kubectl
# Download and install helm
ARG HELM_VERSION=v3.14.0
RUN curl -fsSL -o helm.tar.gz https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz && \
tar -zxvf helm.tar.gz && \
mv linux-amd64/helm /usr/local/bin/helm && \
rm -rf linux-amd64 helm.tar.gz
RUN helm plugin install https://github.com/AliyunContainerService/helm-acr
# Install NV Attestation SDK
RUN python3.8 -m pip install attestation-service/docker/nv_local_gpu_verifier-1.4.0-py3-none-any.whl
RUN python3.8 -m pip install attestation-service/docker/nv_attestation_sdk-1.4.0-py3-none-any.whl
RUN pip3 install --upgrade setuptools==70.0.0
RUN pip3 install --upgrade requests==2.32.0
# Build and install client tool
ENV PYTHON_VERSION=3.8
RUN cargo build -p kbs-client --locked --release --no-default-features --features ci_test
RUN cp /usr/src/trustee/target/release/kbs-client /usr/local/bin/trustee-client
# Build and install evidence dump tool
ENV PYTHON_VERSION=3.8
RUN cargo build -p evidence-dump --locked --release
RUN cp /usr/src/trustee/target/release/evidence-dump /usr/local/bin/evidence-dump
# Copy test files to /root
RUN cp -r /usr/src/trustee/test-files/* /root/
RUN rm -rf /root/.kube/config && mkdir /root/.kube && cp /root/kube-config /root/.kube/config
WORKDIR /root