Add release checklist, cleanup version output, add release pipeline

.azure-pipelines/azure-pipelines-master.yml

@@ -0,0 +1,20 @@
+trigger:
+  branches:
+    include:
+    - 'oe_port'
+  paths:
+    exclude:
+    - '*.md'
+    - 'docs/'
+pr: none
+
+extends:
+  template: template.yml
+  parameters:
+    publish: true
+    apt_repo_blob_container: apt-dev
+    # Use hosted agent for building to ensure dev-releases are always built on a fresh VM.
+    # Our own pools currently re-use VMs to decrease queueing and execution time and
+    # this makes it easier to mess with them, e.g. via external pull requests.
+    build_pool:
+      vmImage: ubuntu-latest

.azure-pipelines/azure-pipelines-nightly.yml

@@ -11,7 +11,7 @@ schedules:
 extends:
   template: template.yml
   parameters:
-    skip_publish: true
+    publish: false
     test_timeout_minutes: 120 # ethread==1 takes longer to run
     ethreads:
     - 1

.azure-pipelines/azure-pipelines-release.yml

@@ -0,0 +1,18 @@
+trigger: none
+pr: none
+
+extends:
+  template: template.yml
+  parameters:
+    publish: true
+    apt_repo_blob_container: apt
+    # Use hosted agent for building to ensure releases are always built on a fresh VM.
+    # Our own pools currently re-use VMs to decrease queueing and execution time and
+    # this makes it easier to mess with them, e.g. via external pull requests.
+    build_pool:
+      vmImage: ubuntu-latest
+    test_timeout_minutes: 120 # ethread==1 takes longer to run
+    ethreads:
+    - 1
+    - 4
+    - 8

.azure-pipelines/azure-pipelines.yml

@@ -1,20 +1,14 @@
-trigger:
-  branches:
-    include:
-    - 'oe_port'
-  paths:
-    exclude:
-    - 'README.md'
-    - 'docs/'
-
+trigger: none
 pr:
   branches:
     include:
     - '*'  # must quote since "*" is a YAML reserved character; we want a string
   paths:
     exclude:
-    - 'README.md'
+    - '*.md'
     - 'docs/'
 
 extends:
   template: template.yml
+  parameters:
+    publish: false

.azure-pipelines/scripts/install_prerequisites.sh

@@ -8,8 +8,11 @@ sudo apt-get install -y \
     make gcc g++ bc python xutils-dev flex bison autogen libgcrypt20-dev libjson-c-dev \
     autopoint pkgconf autoconf libtool libcurl4-openssl-dev libprotobuf-dev libprotobuf-c-dev protobuf-compiler protobuf-c-compiler libssl-dev \
     ninja-build ansible linux-headers-$(uname -r) \
-    docker.io python3-venv unzip dkms debhelper apt-utils pax-utils openjdk-8-jdk-headless \
+    python3-venv unzip dkms debhelper apt-utils pax-utils openjdk-8-jdk-headless \
     expect
 
-# Allow to run Docker without sudo
-sudo chmod u+s $(which docker)
+if [[ ! -x "$(command -v docker)" ]]; then
+    sudo apt-get install -y docker.io
+    # Allow to run Docker without sudo
+    sudo chmod u+s $(which docker)
+fi

.azure-pipelines/template.yml

@@ -33,14 +33,18 @@ parameters:
   default:
     debug: /opt/sgx-lkl-debug
     nonrelease: /opt/sgx-lkl-nonrelease
+- name: 'build_pool'
+  type: object
+  default:
+    name: scaleset-nosgx
 - name: 'test_pool_mapping'
   type: object
   default:
     sw:
       name: scaleset-nosgx
     hw:
       name: scaleset-sgx
-- name: 'skip_publish'
+- name: 'publish'
   type: boolean
   default: false
 - name: 'apt_repo_blob_container'
@@ -58,8 +62,7 @@ stages:
     - job: build_${{ build_mode }}
       displayName: 'Build: ${{ build_mode }}'
 
-      pool:
-        name: "scaleset-nosgx"
+      pool: ${{ parameters.build_pool }}
 
       steps:
         - checkout: self
@@ -164,16 +167,13 @@ stages:
                 pathtoPublish: "report"
                 artifactName: logs
 
-- ${{ if not(parameters.skip_publish) }}:
+- ${{ if parameters.publish }}:
   - stage: publish
     displayName: Publish
     dependsOn: build_and_test
     jobs:
     - job: Publish
 
-      # Don't publish for PR builds.
-      condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
-
       # A free hosted agent is good enough for the publish job.
       # It also has the Azure CLI installed already.
       pool:

RELEASE.md

@@ -0,0 +1,18 @@
+# Release Checklist
+
+- Choose the next [CalVer](https://calver.org/) version, e.g. `20.05` (`YY.MM`).
+- Ensure that `CHANGELOG.md` is up-to-date including version numbers.
+- Create a release branch `release/20.05` from master.
+- Critical issues should have fixes delivered to both master and `release/20.05`.
+- On the release branch, update the version in `VERSION`.
+- Commit and push.
+- Run the [release pipeline](https://dev.azure.com/sgx-lkl/sgx-lkl/_build?definitionId=5) and wait for successful completion.
+- Create and push a new git tag `20.05` from the release branch.
+- Switch to master and update `VERSION` to `20.06-dev` with the expected next version.
+
+## Pre-release and patch releases  
+
+- Any pre-release and patch releases are from commits in the release branch `release/20.05`.
+- Release candidates have a version like `20.05-rc1`,`20.05-rc2`, etc.
+- After a final release (`20.05`), patches have a version like `20.05.1`, `20.05.2`, etc.
+- Make sure to update `VERSION` with the pre-release / patch version.

src/Makefile

@@ -14,10 +14,11 @@ CFLAGS_MAIN = -I$(OE_SDK_INCLUDES)
 CFLAGS_ENCLAVE = -I$(OE_SDK_INCLUDES) -I${OE_SDK_INCLUDES}/openenclave/3rdparty -fPIE
 LINK_MAIN =
 
-GIT_VERSION = "$(shell git describe --dirty --always --tags || echo unknown)"
+SGXLKL_VERSION = "$(shell cat ${SGXLKL_ROOT}/VERSION)"
+SGXLKL_GIT_COMMIT = "$(shell git rev-parse --short HEAD || echo unknown)"
 LKL_VERSION = "$(shell make --quiet -C ${SGXLKL_ROOT}/lkl kernelversion)"
 
-CFLAGS_MAIN += $(SGXLKL_CFLAGS_EXTRA) -DGIT_VERSION=\"$(GIT_VERSION)\" -DLKL_VERSION=\"$(LKL_VERSION)\"
+CFLAGS_MAIN += $(SGXLKL_CFLAGS_EXTRA) -DSGXLKL_VERSION=\"$(SGXLKL_VERSION)\" -DSGXLKL_GIT_COMMIT=\"$(SGXLKL_GIT_COMMIT)\" -DLKL_VERSION=\"$(LKL_VERSION)\"
 
 # Copied from sgx-lkl-musl/config.mak after ./configure
 # TODO: Do not hardcode cflags here

src/main-oe/sgxlkl_run_oe.c

@@ -51,7 +51,7 @@
 #define BUILD_INFO "[NON-RELEASE build (-O3)]"
 #endif
 
-#define SGXLKL_INFO_STRING "SGX-LKL (OE) Git version %s LKL version %s %s"
+#define SGXLKL_INFO_STRING "SGX-LKL (OE) %s (%s) LKL %s %s"
 #define SGXLKL_LAUNCHER_NAME "sgx-lkl-run-oe"
 
 // One first empty block for bootloaders, and offset in second block
@@ -108,7 +108,7 @@ __gdb_hook_starter_ready(void* base_addr, int mode, char* libsgxlkl_path)
 
 static void version()
 {
-    printf(SGXLKL_INFO_STRING, GIT_VERSION, LKL_VERSION, BUILD_INFO);
+    printf(SGXLKL_INFO_STRING, SGXLKL_VERSION, SGXLKL_GIT_COMMIT, LKL_VERSION, BUILD_INFO);
     printf("\n");
 }
 
@@ -1695,7 +1695,7 @@ int main(int argc, char* argv[], char* envp[])
     }
 
     sgxlkl_host_verbose(
-        SGXLKL_INFO_STRING, GIT_VERSION, LKL_VERSION, BUILD_INFO);
+        SGXLKL_INFO_STRING, SGXLKL_VERSION, SGXLKL_GIT_COMMIT, LKL_VERSION, BUILD_INFO);
     sgxlkl_host_verbose_raw(
         encl.mode == SW_DEBUG_MODE
             ? " [SOFTWARE DEBUG]\n"

tests/basic/print_lkl_version/Makefile

@@ -17,10 +17,10 @@ $(DISK_IMAGE):
 	${SGXLKL_DISK_TOOL} create --size=${IMAGE_SIZE} --alpine="busybox" ${DISK_IMAGE}
 
 run-hw: $(DISK_IMAGE)
-	@(${SGXLKL_ENV} ${SGXLKL_STARTER} --hw-debug ${DISK_IMAGE} /bin/uname -a 2>&1 | grep -E 'LKL version \S+') && echo "TEST PASSED (found LKL version string)"
+	@(${SGXLKL_ENV} ${SGXLKL_STARTER} --hw-debug ${DISK_IMAGE} /bin/uname -a 2>&1 | grep -E ' LKL \S+') && echo "TEST PASSED (found LKL version string)"
 
 run-sw: $(DISK_IMAGE)
-	@(${SGXLKL_ENV} ${SGXLKL_STARTER} --sw-debug ${DISK_IMAGE} /bin/uname -a 2>&1 | grep -E 'LKL version \S+') && echo "TEST PASSED (found LKL version string)"
+	@(${SGXLKL_ENV} ${SGXLKL_STARTER} --sw-debug ${DISK_IMAGE} /bin/uname -a 2>&1 | grep -E ' LKL \S+') && echo "TEST PASSED (found LKL version string)"
 
 clean:
 	rm -f $(DISK_IMAGE)