From c5083394c32cfb049edf89bee9240b6c41330434 Mon Sep 17 00:00:00 2001 From: Mic Bowman Date: Thu, 3 Oct 2024 16:45:55 -0600 Subject: [PATCH 1/3] Change the way we compute the version so that github workflows can use this Version information is kept in the file VERSION. The file contains lines for each version from the most recent to the most distant. Each tab separated line contains a version (of the form v?[0-9]+.[0-9]+.[0-9]+) and the hash of a git commit that represents that version. Each line may also have a short description separated by a tab. When a new version is committed, only the VERSION file should be modified and the commit should be tagged (annotated tag) with the version number. This also required some changes to the github workflow to pull the full history of the repository (otherwise the patch level of the version cannot be computed). Signed-off-by: Mic Bowman --- .github/workflows/ci.yaml | 11 ++++- VERSION | 3 ++ bin/get_version | 64 +++++++++++++++--------------- build/cmake/ProjectVariables.cmake | 8 +++- 4 files changed, 51 insertions(+), 35 deletions(-) create mode 100644 VERSION diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e82c31e3..6624d6ba 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,7 +8,7 @@ jobs: pdo_ci: if: "!contains(github.event.commits[0].message, '[skip ci]')" name: PDO CI Job - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 strategy: matrix: @@ -17,7 +17,14 @@ jobs: steps: - name: Check out repo - uses: actions/checkout@v2 + uses: actions/checkout@v4 + with: + submodules: recursive + fetch-depth: 0 + fetch-tags: true + + - name: Display branch name + run: echo "Branch name is ${{ github.head_ref }}" - name: Build and run tests if: "!contains(github.event.commits[0].message, '[debug]')" diff --git a/VERSION b/VERSION new file mode 100644 index 00000000..7972eadf --- /dev/null +++ b/VERSION @@ -0,0 +1,3 @@ +0.3.0 5fa37a13fac2749b1a6a43039ed2bee16d6cc70e +0.2.0 90884c67bf6c1445f96e068c5c06904a89de2411 +0.1.0 cd993a69cd5955ebfe5a9e74b37e26c1b479ddce diff --git a/bin/get_version b/bin/get_version index bfca2dd9..c76eff3f 100755 --- a/bin/get_version +++ b/bin/get_version @@ -14,35 +14,37 @@ # See the License for the specific language governing permissions and # limitations under the License. +import argparse +import os +import pathlib import subprocess -import sys -import warnings - -count = 0 -commit = '' -dirty = '' - -try : - output = subprocess.check_output(['git', 'describe', '--dirty']) - (version, *rest) = output.decode('utf-8').strip().split('-') - (major, minor, patch) = version.strip('v').split('.') - - # first case: this is a dirty tagged release, only dirty flag - if len(rest) == 1 : - assert rest[0] == 'dirty' - dirty = 'dirty' - # second case: this is a committed post tag release - elif len(rest) == 2 : - count = rest[0] - commit = rest[1] - # third case: this is a dirty, committed post tag release - elif len(rest) == 3 : - assert rest[2] == 'dirty' - count = rest[0] - commit = rest[1] - dirty = rest[2] - - print('{}.{}.{}'.format(major, minor, count)) -except Exception as e : - warnings.warn('failed to compute version, using default') - print('0.0.0') + +pdo_source_root = pathlib.Path(__file__).parent.parent +default_version_file = pdo_source_root / 'VERSION' + +parser = argparse.ArgumentParser() +parser.add_argument( + '--version-file', '-v', + help='File where version information is stored', + type=str, + default=default_version_file) +options = parser.parse_args() + +# the version file is a tab separated list of version numbers and git commit hashes in reverse +# order (newest is at the top of the file) +with open(options.version_file, 'r') as vf : + (version, commit, *rest) = vf.readline().strip().split('\t') + +# the version is of the form x.y.z, there may be an optional 'v' at the beginning of the version +# string +(major, minor, patch) = version.strip('v').split('.') + +# compute the number of commits since the tagged version was +# committed to the repository +command = ['git', 'rev-list', commit + '...HEAD', '--count'] +output = subprocess.run(command, cwd=pdo_source_root, capture_output=True, text=True) +count = output.stdout.strip() + +# the actual patch version number is the recorded patch number added to the number of commits +# since the version was committed +print('{}.{}.{}'.format(major, minor, int(patch) + int(count))) diff --git a/build/cmake/ProjectVariables.cmake b/build/cmake/ProjectVariables.cmake index b12f5ef1..88a6974b 100644 --- a/build/cmake/ProjectVariables.cmake +++ b/build/cmake/ProjectVariables.cmake @@ -85,9 +85,13 @@ ENDIF() # the version if something goes wrong (like running # without any annotated version tags) EXECUTE_PROCESS( - COMMAND ./get_version - WORKING_DIRECTORY ${PDO_SOURCE_ROOT}/bin + COMMAND ${PDO_SOURCE_ROOT}/bin/get_version + WORKING_DIRECTORY ${PDO_SOURCE_ROOT} OUTPUT_VARIABLE PDO_VERSION ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE ) + +IF (NOT PDO_VERSION) + MESSAGE(FATAL_ERROR "Unable to compute PDO_VERSION") +ENDIF() From 2c1585f2c28bb47e50e32d4da3d19fc9d3f2d7ec Mon Sep 17 00:00:00 2001 From: Mic Bowman Date: Thu, 3 Oct 2024 17:22:52 -0600 Subject: [PATCH 2/3] Clean up the docker configuration files based on trivy feedback Note that trivy notes errors about missing USER declarations. The final images that are built, pdo_ccf, pdo_services, and pdo_client all have users defined. Signed-off-by: Mic Bowman --- docker/pdo_base.dockerfile | 2 +- docker/pdo_ccf_base.dockerfile | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docker/pdo_base.dockerfile b/docker/pdo_base.dockerfile index 5be86fa7..52af201a 100644 --- a/docker/pdo_base.dockerfile +++ b/docker/pdo_base.dockerfile @@ -27,7 +27,7 @@ ARG ADD_APT_PKGS= ENV DEBIAN_FRONTEND "noninteractive" RUN apt-get update \ - && apt-get install -y -q \ + && apt-get install -y -q --no-install-recommends \ autoconf \ automake \ build-essential \ diff --git a/docker/pdo_ccf_base.dockerfile b/docker/pdo_ccf_base.dockerfile index e163d9bb..66d50f07 100644 --- a/docker/pdo_ccf_base.dockerfile +++ b/docker/pdo_ccf_base.dockerfile @@ -31,7 +31,7 @@ ARG ADD_APT_PKGS= ENV DEBIAN_FRONTEND "noninteractive" RUN apt-get update \ - && apt-get install -y -q \ + && apt-get install -y -q --no-install-recommends \ libsecp256k1-dev \ lsof \ python \ @@ -46,8 +46,9 @@ RUN apt-get update \ RUN echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu ${UBUNTU_NAME} main" >> /etc/apt/sources.list RUN curl https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - + RUN apt-get update \ - && apt-get install -y \ + && apt-get install -y --no-install-recommends \ sgx-aesm-service \ libsgx-dcap-ql \ libsgx-urts \ From 491ffb36c02a8b231175f3df0d32327b85409970 Mon Sep 17 00:00:00 2001 From: Mic Bowman Date: Fri, 4 Oct 2024 16:42:37 -0600 Subject: [PATCH 3/3] test github action for version [3] Signed-off-by: Mic Bowman --- .github/workflows/ci.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6624d6ba..446bba64 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -24,7 +24,10 @@ jobs: fetch-tags: true - name: Display branch name - run: echo "Branch name is ${{ github.head_ref }}" + run: | + echo "Branch name is ${{ github.head_ref }}" + echo "GITHUB_HEAD_REF=$GITHUB_HEAD_REF" + echo "GITHUB_REF=$GITHUB_REF" - name: Build and run tests if: "!contains(github.event.commits[0].message, '[debug]')"