Add Dockerfile variant for building virtual app (#7)

Author: jumaffre

.github/workflows/ci.yml

@@ -18,5 +18,16 @@ jobs:
       - name: Build app
         run: mkdir -p build && cd build && CC="/opt/oe_lvi/clang-10" CXX="/opt/oe_lvi/clang++-10" cmake -GNinja .. && ninja
 
-      - name: Build container
-        run: docker build -t ccf-app-template .
+  build-containers:
+    runs-on: ubuntu-20.04
+    container: mcr.microsoft.com/ccf/app/dev:lts-devcontainer
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Build enclave container
+        run: docker build -t ccf-app-template:enclave -f docker/ccf_app.enclave .
+
+      - name: Build virtual container
+        run: docker build -t ccf-app-template:virtual -f docker/ccf_app.virtual .

README.md

@@ -67,13 +67,20 @@ $ curl https://127.0.0.1:8000/app/log?id=1 --cacert ./workspace/sandbox_common/s
 It is possible to build a runtime image of this application via docker:
 
 ```bash
-$ docker build -t ccf-app-template .
-$ docker run --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx ccf-app-template
+$ docker build -t ccf-app-template:enclave -f docker/ccf_app.enclave .
+$ docker run --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx ccf-app-template:enclave
 ...
 2022-01-01T12:00:00.000000Z -0.000 0   [info ] ../src/node/node_state.h:1790        | Network TLS connections now accepted
 # It is then possible to interact with the service
 ```
 
+Or, for the non-SGX (a.k.a. virtual) variant:
+
+```bash
+$ docker build -t ccf-app-template:virtual -f docker/ccf_app.virtual .
+$ docker run ccf-app-template:virtual
+```
+
 ## Dependencies
 
 If this repository is checked out on a bare VM (e.g. [for SGX deployments](https://docs.microsoft.com/en-us/azure/confidential-computing/quick-create-portal)), the dependencies required to build and run the CCF app can be installed as follows:

config/cchost_config.json config/cchost_config_enclave.json

@@ -0,0 +1,32 @@
+{
+    "enclave": {
+      "file": "/app/libccf_app.virtual.so",
+      "type": "Virtual"
+    },
+    "network": {
+      "node_to_node_interface": { "bind_address": "127.0.0.1:8081" },
+      "rpc_interfaces": {
+        "main_interface": {
+          "bind_address": "0.0.0.0:8080"
+        }
+      }
+    },
+    "command": {
+      "type": "Start",
+      "service_certificate_file": "/app/service_cert.pem",
+      "start": {
+        "constitution_files": [
+          "/app/validate.js",
+          "/app/apply.js",
+          "/app/resolve.js",
+          "/app/actions.js"
+        ],
+        "members": [
+          {
+            "certificate_file": "/app/member0_cert.pem",
+            "encryption_public_key_file": "/app/member0_enc_pubk.pem"
+          }
+        ]
+      }
+    }
+  }

config/cchost_config_virtual.json

@@ -11,10 +11,10 @@ FROM mcr.microsoft.com/ccf/app/run:2.0.7-sgx
 COPY --from=builder /build/libccf_app.enclave.so.signed /app/
 COPY --from=builder /opt/ccf/bin/*.js /app/
 COPY --from=builder /opt/ccf/bin/keygenerator.sh /app/ 
-COPY ./config/cchost_config.json /app/
+COPY ./config/cchost_config_enclave.json /app/
 WORKDIR /app/
 RUN /app/keygenerator.sh --name member0 --gen-enc-key
 
 EXPOSE 8080/tcp
 
-CMD ["/usr/bin/cchost", "--config", "/app/cchost_config.json"]
+CMD ["/usr/bin/cchost", "--config", "/app/cchost_config_enclave.json"]

Dockerfile docker/ccf_app.enclave

@@ -0,0 +1,20 @@
+# Build
+FROM mcr.microsoft.com/ccf/app/dev:2.0.7-sgx as builder
+COPY . /src
+RUN mkdir -p /build/
+WORKDIR /build/
+RUN CC="/opt/oe_lvi/clang-10" CXX="/opt/oe_lvi/clang++-10" cmake -GNinja /src && ninja
+
+# Run
+FROM mcr.microsoft.com/ccf/app/run:2.0.7-sgx
+
+COPY --from=builder /build/libccf_app.virtual.so /app/
+COPY --from=builder /opt/ccf/bin/*.js /app/
+COPY --from=builder /opt/ccf/bin/keygenerator.sh /app/ 
+COPY ./config/cchost_config_virtual.json /app/
+WORKDIR /app/
+RUN /app/keygenerator.sh --name member0 --gen-enc-key
+
+EXPOSE 8080/tcp
+
+CMD ["/usr/bin/cchost", "--config", "/app/cchost_config_virtual.json"]