Skip to content

fix: remove sconification steps #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jbern0rd merged 2 commits into from
Apr 30, 2026
Merged

fix: remove sconification steps #28

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a21f61b
fix: remove sconification steps
jbern0rd Apr 29, 2026
f90f26a
ci: upgrade rust-build and docker-build workflows
jbern0rd Apr 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .cargo/config.toml
View file
Open in desktop

This file was deleted.

71 changes: 10 additions & 61 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:

jobs:
build-and-test:
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@rust-build-v2.0.0
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@rust-build-v2.1.0
with:
rust-version: '1.88.0'
working-directory: "."
Expand All @@ -21,9 +21,9 @@ jobs:
runs-on: ubuntu-latest
if: |
github.ref_name == 'main' ||
startsWith(github.head_ref, 'feature/') ||
startsWith(github.head_ref, 'bugfix/') ||
(github.event_name == 'workflow_dispatch' && (startsWith(github.ref_name, 'feature/') || startsWith(github.ref_name, 'bugfix/')))
startsWith(github.head_ref, 'feat/') ||
startsWith(github.head_ref, 'fix/') ||
(github.event_name == 'workflow_dispatch' && (startsWith(github.ref_name, 'feat/') || startsWith(github.ref_name, 'fix/')))
outputs:
image_tag: ${{ steps.determine-tag.outputs.image_tag }}
steps:
Expand All @@ -40,8 +40,8 @@ jobs:
echo "Processing main branch"
echo "image_tag=dev-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT
else
# This covers feature/ and bugfix/ branches
echo "Processing feature/bugfix branch ${{ github.head_ref }}"
# This covers feat/ and fix/ branches
echo "Processing feat/fix branch ${{ github.head_ref }}"
echo "image_tag=feature-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT
fi

Expand All @@ -51,7 +51,7 @@ jobs:
strategy:
matrix:
package: [post-compute, pre-compute]
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v2.4.0
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v3.3.0
with:
image-name: docker-regis.iex.ec/tee-worker-${{ matrix.package }}-rust
image-tag: ${{ needs.prepare.outputs.image_tag }}
Expand All @@ -62,60 +62,9 @@ jobs:
security-scan: true
security-report: "sarif"
hadolint: true
platforms: linux/amd64
platform: linux/amd64
secrets:
dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN_PULL_ONLY }}
username: ${{ secrets.NEXUS_USERNAME }}
password: ${{ secrets.NEXUS_PASSWORD }}

build-tee-image:
name: Build TEE images
needs: [prepare, build-oci-image]
runs-on: ubuntu-latest
strategy:
matrix:
sconify_image:
- name: registry.scontain.com/scone-debug/iexec-sconify-image-unlocked
version: 5.9.1
tee_worker:
- binary: /app/tee-worker-post-compute
img_from: docker-regis.iex.ec/tee-worker-post-compute-rust
img_to: docker-regis.iex.ec/tee-worker-post-compute-rust-unlocked
- binary: /app/tee-worker-pre-compute
img_from: docker-regis.iex.ec/tee-worker-pre-compute-rust
img_to: docker-regis.iex.ec/tee-worker-pre-compute-rust-unlocked
steps:
- name: Login to Scontain registry
uses: docker/login-action@v3
with:
registry: registry.scontain.com
username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
- name: Login to Docker regis
uses: docker/login-action@v3
with:
registry: docker-regis.iex.ec
username: ${{ secrets.NEXUS_USERNAME }}
password: ${{ secrets.NEXUS_PASSWORD }}
- name: Pull sconification tools
run: docker pull ${{ matrix.sconify_image.name }}:${{ matrix.sconify_image.version }}
- name: Pull native image
run: docker pull ${{ matrix.tee_worker.img_from }}:${{ needs.prepare.outputs.image_tag }}
- name: Sconify
run: |
IMG_FROM=${{ matrix.tee_worker.img_from }}:${{ needs.prepare.outputs.image_tag }}
IMG_TO=${{ matrix.tee_worker.img_to }}:${{ needs.prepare.outputs.image_tag }}-sconify-${{ matrix.sconify_image.version }}-debug
SCONE_IMAGE=${{ matrix.sconify_image.name }}:${{ matrix.sconify_image.version }}
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock $SCONE_IMAGE \
sconify_iexec --cli=$SCONE_IMAGE --crosscompiler=$SCONE_IMAGE \
--base=alpine:3.22 --from=$IMG_FROM --to=$IMG_TO --binary=${{ matrix.tee_worker.binary }} \
--heap=1G --stack=8M --host-path=/etc/hosts --host-path=/etc/resolv.conf --no-color --verbose
echo
docker run --rm -e SCONE_HASH=1 $IMG_TO
- name: Push TEE image
run: docker push ${{ matrix.tee_worker.img_to }}:${{ needs.prepare.outputs.image_tag }}-sconify-${{ matrix.sconify_image.version }}-debug
- name: Clean OCI images
run: |
docker image rm -f \
${{ matrix.tee_worker.img_from }}:${{ needs.prepare.outputs.image_tag }} \
${{ matrix.tee_worker.img_to }}:${{ needs.prepare.outputs.image_tag }}-sconify-${{ matrix.sconify_image.version }}-debug \
${{ matrix.sconify_image.name }}:${{ matrix.sconify_image.version }}
94 changes: 0 additions & 94 deletions .github/workflows/sconify-release.yaml
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 1 addition & 4 deletions post-compute/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
FROM rust:1.88-alpine3.22 AS builder

# Install build dependencies with pinned versions
RUN apk add --no-cache musl-dev=1.2.5-r10 openssl-dev=3.5.4-r0
RUN apk add --no-cache musl-dev=1.2.5-r12 openssl-dev=3.5.6-r0 openssl-libs-static=3.5.6-r0

WORKDIR /app

Expand All @@ -13,9 +13,6 @@ RUN cargo build --release --bin tee-worker-post-compute

FROM alpine:3.22

# Install required runtime dependencies with pinned versions
RUN apk add --no-cache libgcc=14.2.0-r6

# Set working directory
WORKDIR /app

Expand Down
5 changes: 1 addition & 4 deletions pre-compute/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
FROM rust:1.88-alpine3.22 AS builder

# Install build dependencies with pinned versions
RUN apk add --no-cache musl-dev=1.2.5-r10 openssl-dev=3.5.4-r0
RUN apk add --no-cache musl-dev=1.2.5-r12 openssl-dev=3.5.6-r0 openssl-libs-static=3.5.6-r0

WORKDIR /app

Expand All @@ -13,9 +13,6 @@ RUN cargo build --release --bin tee-worker-pre-compute

FROM alpine:3.22

# Install required runtime dependencies with pinned versions
RUN apk add --no-cache libgcc=14.2.0-r6

# Set working directory
WORKDIR /app

Expand Down
Loading