Bump enclave-runtime from v0.2.14 to v0.2.15 in /enclaves/ethereum/enclave

.dockerignore

@@ -0,0 +1,21 @@
+#LCP
+**/target
+
+##object file
+**/*.o
+
+##library
+**/*.a
+
+##share object
+**/*.so
+**/*.so.*
+!**/enclave.so
+
+##generated proxy
+**/*_u.c
+**/*_u.h
+**/enclave/Enclave_t.c
+**/*_t.h
+
+**/*.Dockerfile

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "cargo"
+    directories: ["/enclaves/**/*"]
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 3
+    labels:
+      - "dependencies"
+      - "rust"

.github/workflows/release.yml

@@ -0,0 +1,118 @@
+name: Release
+on:
+  workflow_dispatch:
+    inputs:
+      enclave:
+        type: string
+        required: true
+        description: 'Enclave to be released'
+        options:
+          - ethereum
+          - optimism
+          - parlia
+      network:
+        type: string
+        required: true
+        default: mainnet
+        options:
+          - testnet
+          - mainnet
+        description: 'The network on which the enclave runs.'
+      tag:
+        type: string
+        required: true
+        description: 'Tag Name(e.g. v1.2.3)'
+      draft:
+        type: boolean
+        required: true
+        default: false
+        description: 'create a release as draft'
+      prerelease:
+        type: boolean
+        required: true
+        default: false
+        description: 'create a release as prerelease'
+
+jobs:
+  release:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write # Push Tag and Create Release
+      packages: write # Push Docker Image to ghcr.io
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Check if tag exists
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OWNER: ${{ github.repository_owner }}
+          REPO: ${{ github.event.repository.name }}
+          TAG: ${{ github.event.inputs.enclave }}-${{ github.event.inputs.network }}-${{ github.event.inputs.tag }}
+        run: |
+          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
+            -H "Authorization: token ${GITHUB_TOKEN}" \
+            "https://api.github.com/repos/${OWNER}/${REPO}/git/refs/tags/${TAG}")
+          if [ "$STATUS" = "200" ]; then
+            echo "🚫 Tag '${TAG}' already exists."
+            exit 1
+          fi
+      - name: Configure Git user
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          logout: true
+      - id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}/${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}
+          tags: |
+            type=sha,prefix=,format=long
+            ${{ github.event.inputs.tag }}
+      - name: Build and Release
+        uses: docker/build-push-action@v5
+        id: docker_build_and_push
+        with:
+          context: .
+          push: true
+          build-args: |
+            LCP_ELC_TYPE=${{ github.event.inputs.enclave }}
+            DEPLOYMENT_NETWORK=${{ github.event.inputs.network }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}:buildCache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}:buildCache,mode=max
+      - name: Copy assets from container
+        run: |
+          CONTAINER_ID=$(docker create ghcr.io/${{ github.repository }}/${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}:${{ github.sha }})
+
+          mkdir -p assets
+          docker cp $CONTAINER_ID:/out/enclave.so assets/enclave.so
+          docker cp $CONTAINER_ID:/out/enclave_sig.dat assets/enclave_sig.dat
+          docker cp $CONTAINER_ID:/out/Enclave.config.xml assets/Enclave.config.xml
+          docker cp $CONTAINER_ID:/tests/mrenclave/mrenclave.txt assets/mrenclave.txt
+          docker rm $CONTAINER_ID
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: ${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}/${{ github.event.inputs.tag }}
+          tag_name: ${{ github.event.inputs.enclave }}-${{ github.event.inputs.network }}-${{ github.event.inputs.tag }}
+          draft: ${{ github.event.inputs.draft }}
+          prerelease: ${{ github.event.inputs.prerelease }}
+          generate_release_notes: true
+          files: |
+            assets/enclave.so
+            assets/enclave_sig.dat
+            assets/Enclave.config.xml
+            assets/mrenclave.txt
+          append_body: true
+          body: |
+            ## Docker Image
+            1. Image Digest: ${{ steps.docker_build_and_push.outputs.imageid }}
+            2. [Link to Docker Image](https://github.com/${{ github.repository }}/pkgs/container/${{ github.event.repository.name }}%2F${{ github.event.inputs.enclave }}%2F${{ github.event.inputs.network }}?sha256=${{ steps.docker_build_and_push.outputs.digest }})

.github/workflows/test.yml

@@ -0,0 +1,66 @@
+name: Test
+on:
+  pull_request:
+
+jobs:
+  detect-changes:
+    runs-on: ubuntu-24.04
+    outputs:
+      enclaves: ${{ steps.changed.outputs.enclaves }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - id: changed
+        run: |
+          diff=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }})
+
+          # 1. If there are changes other than the enclaves dir, execute the build for all elcs.
+          # 2. If only the enclaves dir have changed, build only the elc where the changes occurred.
+          if echo $diff | grep -v '^enclaves/' > /dev/null; then
+            enclaves=$(find enclaves -maxdepth 1 -mindepth 1 -type d -printf '%f\n' | jq -R . | jq -s -c .)
+          else
+            enclaves=$(echo $diff \
+              | grep '^enclaves/' \
+              | awk -F'/' '$2 !~/\./ {print $2}' \
+              | sort -u \
+              | jq -R . | jq -s -c .)
+          fi
+
+          echo "enclaves=$enclaves" >> "$GITHUB_OUTPUT"
+  build:
+    needs: detect-changes
+    if: needs.detect-changes.outputs.enclaves != '[]'
+    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        enclave: ${{ fromJson(needs.detect-changes.outputs.enclaves) }}
+        network: [testnet, mainnet]
+    permissions:
+      contents: read # For checkout repo
+      packages: write # For Push Image to ghcr.io
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          logout: true
+      - id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}/${{ matrix.enclave }}/${{ matrix.network }}
+          tags: ${{ github.event.pull_request.head.sha }}
+      - uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          build-args: |
+            LCP_ELC_TYPE=${{ matrix.enclave }}
+            DEPLOYMENT_NETWORK=${{ matrix.network }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/${{ matrix.enclave }}/${{ matrix.network }}:buildCache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/${{ matrix.enclave }}/${{ matrix.network }}:buildCache,mode=max

.gitignore

@@ -0,0 +1,19 @@
+#object file
+*.o
+
+#library
+*.a
+
+#share object
+*.so
+*.so.*
+
+#generated proxy
+*_u.c
+*_u.h
+enclave/Enclave_t.c
+*_t.h
+
+materials/
+remote-signer/remote-signer
+target/

Dockerfile

@@ -0,0 +1,54 @@
+FROM ubuntu:noble-20250529
+
+ARG INTEL_SGX_SDK_VERSION=2.25.100.3
+LABEL com.intel.sgx.sdk.version=$INTEL_SGX_SDK_VERSION
+
+ARG RUST_TOOLCHAIN_VERSION=nightly-2024-09-05
+LABEL org.rust-lang.org.toolchain.version=$RUST_TOOLCHAIN_VERSION
+
+ARG LCP_ELC_TYPE
+LABEL finance.toki.lcp.enclave.elc=$LCP_ELC_TYPE
+
+ARG DEPLOYMENT_NETWORK=localnet
+LABEL finance.toki.lcp.enclave.network=$DEPLOYMENT_NETWORK
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+WORKDIR /app
+
+# ref: https://github.com/intel/linux-sgx/blob/sgx_2.25/README.md#install-the-intelr-sgx-sdk
+RUN apt update && apt install -y \
+    build-essential=12.10ubuntu1 \
+    curl file python-is-python3 && \
+    rm -rf /var/lib/apt/lists/*
+
+ENV INTEL_SGX_SDK_VERSION=$INTEL_SGX_SDK_VERSION
+
+ADD ./scripts ./scripts
+RUN bash ./scripts/install_build_dependencies.sh
+
+ENV rust_toolchain=$RUST_TOOLCHAIN_VERSION
+RUN bash ./scripts/install_rust.sh
+
+SHELL ["/bin/bash", "-c", "-l"]
+
+ADD ./buildenv.mk ./buildenv.mk
+ADD ./enclaves/$LCP_ELC_TYPE ./enclaves/$LCP_ELC_TYPE
+
+ARG SGX_MODE=HW
+ENV SGX_MODE=$SGX_MODE
+ENV LCP_ELC_TYPE=$LCP_ELC_TYPE
+ENV DEPLOYMENT_NETWORK=$DEPLOYMENT_NETWORK
+
+RUN make -C enclaves/$LCP_ELC_TYPE enclave/enclave_sig.dat
+
+ENV OUTPUT_DIR=/out
+RUN mkdir -p $OUTPUT_DIR && \
+    cp enclaves/$LCP_ELC_TYPE/enclave/enclave.so \
+    enclaves/$LCP_ELC_TYPE/enclave/Enclave.config.xml \
+    enclaves/$LCP_ELC_TYPE/enclave/enclave_sig.dat \
+    $OUTPUT_DIR/
+
+RUN bash ./scripts/mrenclave.sh $OUTPUT_DIR
+
+WORKDIR /out

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2025 Datachain, Inc
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Makefile

@@ -0,0 +1,22 @@
+######## Docker build Settings ########
+DOCKER       ?= docker
+DOCKER_BUILD ?= docker build
+
+LCP_ELC_TYPES      := $(notdir $(filter-out $(wildcard enclaves/*.*), $(wildcard enclaves/*)))
+DEPLOYMENT_NETWORK ?= testnet
+IMAGE_TAG          ?= $(shell git rev-parse HEAD)
+
+.PHONY: all
+all:
+	make $(LCP_ELC_TYPES)
+
+$(LCP_ELC_TYPES):
+	make enclave LCP_ELC_TYPE=$@
+
+.PHONY: enclave
+enclave:
+	$(DOCKER_BUILD) \
+		-t toki-bridge-lcp-enclaves:$(LCP_ELC_TYPE)-$(DEPLOYMENT_NETWORK)-$(IMAGE_TAG) \
+		--build-arg DEPLOYMENT_NETWORK=$(DEPLOYMENT_NETWORK) \
+		--build-arg LCP_ELC_TYPE=$(LCP_ELC_TYPE) $(EXTRA_VARS) \
+		.

README.md

@@ -1 +1,2 @@
-# toki-bridge-lcp-encalves
+# toki-bridge-lcp-enclaves
+