Merge pull request #1 from datachainlab/init

init

Author: toshihiko-okubo

.dockerignore

@@ -0,0 +1,22 @@
+# LCP
+**/target
+
+## object file
+**/*.o
+
+## library
+**/*.a
+
+## share object
+**/*.so
+**/*.so.*
+!**/enclave.so
+
+## generated proxy
+**/*_u.c
+**/*_u.h
+**/enclave/Enclave_t.c
+**/*_t.h
+
+## test data
+tests

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "cargo"
+    directories: ["/enclaves/**/*"]
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 3
+    labels:
+      - "dependencies"
+      - "rust"

.github/workflows/release.yml

@@ -0,0 +1,103 @@
+name: Release
+on:
+  workflow_dispatch:
+    inputs:
+      enclave:
+        type: string
+        required: true
+        description: 'Enclave to be released'
+        options:
+          - ethereum
+          - optimism
+          - parlia
+      network:
+        type: string
+        required: true
+        default: mainnet
+        options:
+          - testnet
+          - mainnet
+        description: 'The network on which the enclave runs.'
+      tag:
+        type: string
+        required: true
+        description: 'Tag Name (e.g. v1.2.3)'
+      draft:
+        type: boolean
+        required: true
+        default: false
+        description: 'create a release as draft'
+      prerelease:
+        type: boolean
+        required: true
+        default: false
+        description: 'create a release as prerelease'
+
+jobs:
+  release:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write # Push Tag and Create Release
+      packages: write # Push Docker Image to ghcr.io
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Check if tag exists
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OWNER: ${{ github.repository_owner }}
+          REPO: ${{ github.event.repository.name }}
+          TAG: ${{ github.event.inputs.enclave }}-${{ github.event.inputs.network }}-${{ github.event.inputs.tag }}
+        run: |
+          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
+            -H "Authorization: token ${GITHUB_TOKEN}" \
+            "https://api.github.com/repos/${OWNER}/${REPO}/git/refs/tags/${TAG}")
+          if [ "$STATUS" = "200" ]; then
+            echo "🚫 Tag '${TAG}' already exists."
+            exit 1
+          fi
+      - name: Configure Git user
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          logout: true
+      - id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}/${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}
+          tags: |
+            type=sha,prefix=,format=long
+            ${{ github.event.inputs.tag }}
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        id: docker_build_and_push
+        with:
+          context: .
+          push: true
+          build-args: |
+            LCP_ELC_TYPE=${{ github.event.inputs.enclave }}
+            DEPLOYMENT_NETWORK=${{ github.event.inputs.network }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}:buildCache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}:buildCache,mode=max
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: ${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}/${{ github.event.inputs.tag }}
+          tag_name: ${{ github.event.inputs.enclave }}-${{ github.event.inputs.network }}-${{ github.event.inputs.tag }}
+          draft: ${{ github.event.inputs.draft }}
+          prerelease: ${{ github.event.inputs.prerelease }}
+          generate_release_notes: true
+          append_body: true
+          body: |
+            ## Docker Image
+            1. Image Digest: ${{ steps.docker_build_and_push.outputs.imageid }}
+            2. [Link to Docker Repository](https://github.com/${{ github.repository }}/pkgs/container/${{ github.event.repository.name }}%2F${{ github.event.inputs.enclave }}%2F${{ github.event.inputs.network }})

.github/workflows/sgxsdk.yml

@@ -0,0 +1,36 @@
+name: SgxSDK
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read  # checkout
+      packages: write # Push Docker Image to ghcr.io
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          logout: true
+      - id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}/intel-sgx-sdk
+          tags: |
+            type=sha,prefix=,format=long
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        id: docker_build_and_push
+        with:
+          context: ./sgxsdk
+          push: true
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/intel-sgx-sdk:buildCache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/intel-sgx-sdk:buildCache,mode=max

.github/workflows/test.yml

@@ -0,0 +1,77 @@
+name: Test
+on:
+  pull_request:
+
+jobs:
+  get-enclaves:
+    runs-on: ubuntu-24.04
+    outputs:
+      enclaves: ${{ steps.changed.outputs.enclaves }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - id: changed
+        run: |
+          enclaves=$(find enclaves -maxdepth 1 -mindepth 1 -type d -printf '%f\n' | jq -R . | jq -s -c .)
+          echo "enclaves=$enclaves" >> "$GITHUB_OUTPUT"
+  build:
+    needs: get-enclaves
+    if: needs.get-enclaves.outputs.enclaves != '[]'
+    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        enclave: ${{ fromJson(needs.get-enclaves.outputs.enclaves) }}
+        network: [testnet, mainnet]
+    permissions:
+      contents: read # For checkout repo
+      packages: write # For Push Image for buildCache to ghcr.io
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          logout: true
+      - id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}/${{ matrix.enclave }}/${{ matrix.network }}
+          tags: ${{ github.event.pull_request.head.sha }}
+      - name: Set UID and GID as env
+        run: |
+          echo "UID=$(id -u)" >> "$GITHUB_ENV"
+          echo "GID=$(id -g)" >> "$GITHUB_ENV"
+      - uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          build-args: |
+            LCP_ELC_TYPE=${{ matrix.enclave }}
+            DEPLOYMENT_NETWORK=${{ matrix.network }}
+            UID=${{ env.UID }}
+            GID=${{ env.GID }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/${{ matrix.enclave }}/${{ matrix.network }}:buildCache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/${{ matrix.enclave }}/${{ matrix.network }}:buildCache,mode=max
+          outputs: type=docker # save the image locally
+      - name: Test
+        run: |
+          # Check whether the MRENCLAVE calculated locally when updating the enclave and 
+          # the MRENCLAVE derived from the Image created in the test case are the same value.
+          
+          mkdir -p tests/${{ matrix.enclave }}/mrenclaves/${{ matrix.network }}
+          docker run --rm -v $(pwd)/tests/${{ matrix.enclave }}/mrenclaves/${{ matrix.network }}:/app/tests/mrenclave \
+          ghcr.io/${{ github.repository }}/${{ matrix.enclave }}/${{ matrix.network }}:${{ github.event.pull_request.head.sha }} \
+          bash -c "/app/scripts/mrenclave.sh /out /app/tests/mrenclave > mrenclave.log 2>&1 || { cat mrenclave.log; exit 1; }"
+          
+          mrenclave_local=$(yq -r .${{ matrix.enclave }}.${{ matrix.network }} < mrenclaves.yaml)
+          mrenclave_test=$(cat tests/${{ matrix.enclave }}/mrenclaves/${{ matrix.network }}/MRENCLAVE)
+          
+          echo "Local:$mrenclave_local"
+          echo "Test: $mrenclave_test"
+          
+          [ "$mrenclave_local" = "$mrenclave_test" ]

.gitignore

@@ -0,0 +1,18 @@
+#object file
+*.o
+
+#library
+*.a
+
+#share object
+*.so
+*.so.*
+
+#generated proxy
+*_u.c
+*_u.h
+enclave/Enclave_t.c
+*_t.h
+
+target/
+tests/

Dockerfile

@@ -0,0 +1,59 @@
+FROM ghcr.io/datachainlab/toki-bridge-lcp-enclaves/intel-sgx-sdk:cb5743b676b9547d7cd0700de0192a690b90a033
+
+ARG RUST_TOOLCHAIN_VERSION=nightly-2024-09-05
+LABEL org.rust-lang.org.toolchain.version=$RUST_TOOLCHAIN_VERSION
+
+ARG LCP_ELC_TYPE
+LABEL finance.toki.lcp.enclave.elc=$LCP_ELC_TYPE
+
+ARG DEPLOYMENT_NETWORK=localnet
+LABEL finance.toki.lcp.enclave.network=$DEPLOYMENT_NETWORK
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+ARG UID=1000
+ARG GID=1000
+ARG USERNAME=app
+
+RUN set -eux; \
+    # If a user with the same ID exists, delete and create.
+    if getent passwd "$UID" > /dev/null; then \
+        OLD_USER=$(getent passwd "$UID" | cut -d: -f1); \
+        echo "Removing existing user: $OLD_USER"; \
+        userdel -r "$OLD_USER" || true; \
+    fi; \
+    # If group does not exist, create group.
+    if ! getent group "$GID" > /dev/null; then \
+        groupadd -g "$GID" "$USERNAME"; \
+    fi; \
+    useradd -u "$UID" -g "$GID" -m "$USERNAME";
+
+RUN mkdir -p /app && chown $UID:$GID /app
+RUN mkdir -p /out && chown $UID:$GID /out
+
+USER $USERNAME
+WORKDIR /app
+
+ADD --chown=$UID:$GID ./scripts ./scripts
+ENV rust_toolchain=$RUST_TOOLCHAIN_VERSION
+RUN bash ./scripts/install_rust.sh
+
+SHELL ["/bin/bash", "-c", "-l"]
+
+ADD --chown=$UID:$GID ./buildcommon.mk ./buildcommon.mk
+ADD --chown=$UID:$GID ./buildenv.mk ./buildenv.mk
+ADD --chown=$UID:$GID ./enclaves/$LCP_ELC_TYPE ./enclaves/$LCP_ELC_TYPE
+
+ARG SGX_MODE=HW
+ENV SGX_MODE=$SGX_MODE
+ENV LCP_ELC_TYPE=$LCP_ELC_TYPE
+ENV DEPLOYMENT_NETWORK=$DEPLOYMENT_NETWORK
+
+RUN make -C enclaves/$LCP_ELC_TYPE enclave/enclave_sig.dat
+
+RUN cp enclaves/$LCP_ELC_TYPE/enclave/enclave.so \
+    enclaves/$LCP_ELC_TYPE/enclave/Enclave.config.xml \
+    enclaves/$LCP_ELC_TYPE/enclave/enclave_sig.dat \
+    /out/
+
+WORKDIR /out

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2025 Datachain, Inc
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Makefile

@@ -0,0 +1,39 @@
+DOCKER ?= docker
+
+ENCLAVES_DIRS := $(shell find enclaves -mindepth 1 -maxdepth 1 -type d -exec basename {} \;)
+NETWORKS      := testnet mainnet
+ENCLAVES      := $(foreach e,$(ENCLAVES_DIRS),$(foreach n,$(NETWORKS),$(e)/$(n)))
+
+# docker image
+REPOSITORY ?= ghcr.io/datachainlab/toki-bridge-enclaves
+TAG ?= $(shell git rev-parse HEAD)
+
+# docker build parameter
+UID ?= $(shell id -u)
+GID ?= $(shell id -g)
+
+.PHONY: all
+all:
+	make $(ENCLAVES)
+
+.PHONY: $(ENCLAVES)
+$(ENCLAVES):
+	enclave=$(word 1,$(subst /, ,$@)); \
+	deployment_network=$(word 2,$(subst /, ,$@)); \
+	make mrenclave LCP_ELC_TYPE=$$enclave DEPLOYMENT_NETWORK=$$deployment_network
+
+.PHONY: build
+build:
+	$(DOCKER) build -t $(REPOSITORY)/$(LCP_ELC_TYPE)/$(DEPLOYMENT_NETWORK):$(TAG) \
+	--build-arg LCP_ELC_TYPE=$(LCP_ELC_TYPE) \
+	--build-arg DEPLOYMENT_NETWORK=$(DEPLOYMENT_NETWORK) \
+	--build-arg UID=$(UID) --build-arg GID=$(GID) \
+	.
+
+.PHONY: mrenclave
+mrenclave: build
+	mkdir -p $(PWD)/tests/$(LCP_ELC_TYPE)/mrenclaves/$(DEPLOYMENT_NETWORK)
+	$(DOCKER) run --rm $(REPOSITORY)/$(LCP_ELC_TYPE)/$(DEPLOYMENT_NETWORK):$(TAG) \
+    bash -c "/app/scripts/mrenclave.sh /out /app/tests/mrenclave > mrenclave.log 2>&1 && cat /app/tests/mrenclave/MRENCLAVE || { cat mrenclave.log; exit 1; }" > $(PWD)/tests/$(LCP_ELC_TYPE)/mrenclaves/$(DEPLOYMENT_NETWORK)/MRENCLAVE && \
+	yq ".$(LCP_ELC_TYPE).$(DEPLOYMENT_NETWORK) = \"$$(cat $(PWD)/tests/$(LCP_ELC_TYPE)/mrenclaves/$(DEPLOYMENT_NETWORK)/MRENCLAVE)\" | .$(LCP_ELC_TYPE).$(DEPLOYMENT_NETWORK) style=\"double\"" -i mrenclaves.yaml || exit 1
+