diff --git a/BUILD b/BUILD index a8f6095..9153974 100644 --- a/BUILD +++ b/BUILD @@ -13,6 +13,8 @@ # limitations under the License. load("@bazel_toolchains//rules/exec_properties:exec_properties.bzl", "create_rbe_exec_properties_dict") +load("@rules_pkg//pkg:install.bzl", "pkg_install") +load("@rules_pkg//pkg:mappings.bzl", "pkg_files") exports_files([".rustfmt.toml"]) @@ -28,3 +30,28 @@ platform( ), parents = ["@local_config_platform//:host"], ) + +# All artifacts that will be built for release, along with their names in the +# destination directory. +_ALL_BINARIES = { + "//containers/agg_core:oci_runtime_bundle.tar": "agg_core/container.tar", + "//containers/confidential_transform_test_concat:oci_runtime_bundle.tar": "confidential_transform_test_concat/container.tar", + "//containers/fed_sql:oci_runtime_bundle.tar": "fed_sql/container.tar", + "//containers/sql_server:oci_runtime_bundle.tar": "sql_server/container.tar", + "//containers/test_concat:oci_runtime_bundle.tar": "test_concat/container.tar", + "//examples/square_enclave_app": "square_example/binary", + "//examples/sum_enclave_app": "sum_example/binary", + "//ledger_enclave_app": "ledger/binary", + "//replicated_ledger_enclave_app": "replicated_ledger/binary", +} + +pkg_files( + name = "all_binaries", + srcs = _ALL_BINARIES.keys(), + renames = _ALL_BINARIES, +) + +pkg_install( + name = "install_binaries", + srcs = [":all_binaries"], +) diff --git a/containers/agg_core/BUILD b/containers/agg_core/BUILD index 8b337e9..b482113 100644 --- a/containers/agg_core/BUILD +++ b/containers/agg_core/BUILD @@ -16,8 +16,6 @@ load("@oak//bazel:defs.bzl", "oci_runtime_bundle") load("@rules_oci//oci:defs.bzl", "oci_image") load("@rules_pkg//pkg:tar.bzl", "pkg_tar") -package(default_visibility = ["//:__subpackages__"]) - cc_binary( name = "main", srcs = ["main.cc"], @@ -47,6 +45,7 @@ oci_image( oci_runtime_bundle( name = "oci_runtime_bundle", image = ":oci_image", + visibility = ["//:__pkg__"], ) cc_library( diff --git a/containers/confidential_transform_test_concat/BUILD b/containers/confidential_transform_test_concat/BUILD index f10efad..31933b1 100644 --- a/containers/confidential_transform_test_concat/BUILD +++ b/containers/confidential_transform_test_concat/BUILD @@ -90,4 +90,5 @@ oci_image( oci_runtime_bundle( name = "oci_runtime_bundle", image = ":oci_image", + visibility = ["//:__pkg__"], ) diff --git a/containers/fed_sql/BUILD b/containers/fed_sql/BUILD index 73bd4a8..c1bda3e 100644 --- a/containers/fed_sql/BUILD +++ b/containers/fed_sql/BUILD @@ -104,4 +104,5 @@ oci_image( oci_runtime_bundle( name = "oci_runtime_bundle", image = ":oci_image", + visibility = ["//:__pkg__"], ) diff --git a/containers/sql_server/BUILD b/containers/sql_server/BUILD index 74962ec..9355ba1 100644 --- a/containers/sql_server/BUILD +++ b/containers/sql_server/BUILD @@ -16,8 +16,6 @@ load("@oak//bazel:defs.bzl", "oci_runtime_bundle") load("@rules_oci//oci:defs.bzl", "oci_image") load("@rules_pkg//pkg:tar.bzl", "pkg_tar") -package(default_visibility = ["//:__subpackages__"]) - cc_binary( name = "main", srcs = ["main.cc"], @@ -47,6 +45,7 @@ oci_image( oci_runtime_bundle( name = "oci_runtime_bundle", image = ":oci_image", + visibility = ["//:__pkg__"], ) cc_library( diff --git a/containers/test_concat/BUILD b/containers/test_concat/BUILD index 7e2db1f..93f48c4 100644 --- a/containers/test_concat/BUILD +++ b/containers/test_concat/BUILD @@ -45,6 +45,7 @@ oci_image( oci_runtime_bundle( name = "oci_runtime_bundle", image = ":oci_image", + visibility = ["//:__pkg__"], ) cc_library( diff --git a/examples/square_enclave_app/BUILD b/examples/square_enclave_app/BUILD index 66a0ac3..68f0aa4 100644 --- a/examples/square_enclave_app/BUILD +++ b/examples/square_enclave_app/BUILD @@ -18,6 +18,7 @@ rust_binary( name = "square_enclave_app", srcs = glob(["src/*.rs"]), platform = "@oak//:x86_64-unknown-none", + visibility = ["//:__pkg__"], deps = [ "//examples/square_service", "//pipeline_transforms", diff --git a/examples/sum_enclave_app/BUILD b/examples/sum_enclave_app/BUILD index 13ff085..87d47b9 100644 --- a/examples/sum_enclave_app/BUILD +++ b/examples/sum_enclave_app/BUILD @@ -18,6 +18,7 @@ rust_binary( name = "sum_enclave_app", srcs = glob(["src/*.rs"]), platform = "@oak//:x86_64-unknown-none", + visibility = ["//:__pkg__"], deps = [ "//examples/sum_service", "//pipeline_transforms", diff --git a/ledger_enclave_app/BUILD b/ledger_enclave_app/BUILD index 262fefa..06e26b8 100644 --- a/ledger_enclave_app/BUILD +++ b/ledger_enclave_app/BUILD @@ -18,6 +18,7 @@ rust_binary( name = "ledger_enclave_app", srcs = glob(["src/*.rs"]), platform = "@oak//:x86_64-unknown-none", + visibility = ["//:__pkg__"], deps = [ "//ledger_service", "//third_party/federated_compute", diff --git a/replicated_ledger_enclave_app/BUILD b/replicated_ledger_enclave_app/BUILD index dcc7939..948a475 100644 --- a/replicated_ledger_enclave_app/BUILD +++ b/replicated_ledger_enclave_app/BUILD @@ -18,6 +18,7 @@ rust_binary( name = "replicated_ledger_enclave_app", srcs = glob(["src/*.rs"]), platform = "@oak//:x86_64-unknown-none", + visibility = ["//:__pkg__"], deps = [ "//ledger_service", "@oak//oak_restricted_kernel_sdk", diff --git a/scripts/build.sh b/scripts/build.sh index 245ac64..e8a1853 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -29,26 +29,11 @@ set -e set -x -readonly WORKSPACE_DIR="$(dirname -- "$0")/.." # If bazelisk isn't in user's path, the BAZELISK environment variable may be set # instead. This may also be used to pass startup options like --nosystem_rc to # bazel; this usage requires us to not quote ${BAZELISK} when used later. readonly BAZELISK="${BAZELISK:-bazelisk}" -# List of targets that will be built in release mode, along with the name of the -# resulting artifacts in BINARY_OUTPUTS_DIR. -declare -Ar RELEASE_TARGETS=( - [//containers/sql_server:oci_runtime_bundle.tar]=sql_server/container.tar - [//containers/test_concat:oci_runtime_bundle.tar]=test_concat/container.tar - [//containers/confidential_transform_test_concat:oci_runtime_bundle.tar]=confidential_transform_test_concat/container.tar - [//containers/agg_core:oci_runtime_bundle.tar]=agg_core/container.tar - [//containers/fed_sql:oci_runtime_bundle.tar]=fed_sql/container.tar - [//examples/square_enclave_app:square_enclave_app]=square_example/binary - [//examples/sum_enclave_app:sum_enclave_app]=sum_example/binary - [//ledger_enclave_app:ledger_enclave_app]=ledger/binary - [//replicated_ledger_enclave_app:replicated_ledger_enclave_app]=replicated_ledger/binary -) - if [ "$1" == "continuous" ]; then ${BAZELISK} test //... --config=asan --build_tag_filters=-asan --test_tag_filters=-asan elif [ "$1" == "sanitizers" ]; then @@ -57,20 +42,14 @@ elif [ "$1" == "sanitizers" ]; then ${BAZELISK} test //... --config=ubsan --build_tag_filters=-noubsan --test_tag_filters=-noubsan elif [ "$1" == "release" ]; then ${BAZELISK} test //... - ${BAZELISK} build -c opt "${!RELEASE_TARGETS[@]}" # BINARY_OUTPUTS_DIR may be unset if this script is run manually; it'll # always be set during CI builds. if [[ -n "${BINARY_OUTPUTS_DIR}" ]]; then - readonly BAZEL_BIN="$(${BAZELISK} info -c opt bazel-bin)" - for target in "${!RELEASE_TARGETS[@]}"; do - dst="${BINARY_OUTPUTS_DIR}/${RELEASE_TARGETS[$target]}" - mkdir --parents "$(dirname "$dst")" - # Binaries may be in one of multiple bazel-bin directories, not just the - # one returned by bazel. Since no binary will appear in more than one, we - # can simply add a wildcard character to allow suffixes (e.g. k8-opt*). - cp -f "${BAZEL_BIN%/bin}"*"/bin${target/:/\//}" "$dst" - done + ${BAZELISK} run -c opt //:install_binaries -- --destdir "${BINARY_OUTPUTS_DIR}" + else + # If unset, verify the binaries can be built with -c opt. + ${BAZELISK} build -c opt //:install_binaries fi else ${BAZELISK} test //...