From 7e2d16f05067c8072bf663a7707d0a825eb47b34 Mon Sep 17 00:00:00 2001
From: Wojtek Porczyk <woju@invisiblethingslab.com>
Date: Fri, 12 Apr 2024 12:00:51 +0200
Subject: [PATCH] WIP [CI] Add pipeline for noble (Ubuntu 24.04 LTS)

noble is not yet released at this point

Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
---
 ...ux-sgx-ubuntu24.04-gcc-release.jenkinsfile | 21 ++++++++
 .ci/ubuntu24.04.dockerfile                    | 48 +++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 .ci/linux-sgx-ubuntu24.04-gcc-release.jenkinsfile
 create mode 100644 .ci/ubuntu24.04.dockerfile

diff --git a/.ci/linux-sgx-ubuntu24.04-gcc-release.jenkinsfile b/.ci/linux-sgx-ubuntu24.04-gcc-release.jenkinsfile
new file mode 100644
index 0000000000..baa14549cf
--- /dev/null
+++ b/.ci/linux-sgx-ubuntu24.04-gcc-release.jenkinsfile
@@ -0,0 +1,21 @@
+node('sgx') {
+    checkout scm
+
+    env.SGX = '1'
+    env.SGX_DRIVER = 'upstream'
+
+    load '.ci/lib/config-docker.jenkinsfile'
+    docker.build(
+        "local:${env.BUILD_TAG}",
+        '-f .ci/ubuntu24.04.dockerfile .'
+    ).inside("${env.DOCKER_ARGS_COMMON} ${env.DOCKER_ARGS_SGX}") {
+        load '.ci/lib/config.jenkinsfile'
+        load '.ci/lib/config-release.jenkinsfile'
+
+        load '.ci/lib/stage-lint.jenkinsfile'
+        load '.ci/lib/stage-clean-check-prepare.jenkinsfile'
+        load '.ci/lib/stage-build-sgx.jenkinsfile'
+        load '.ci/lib/stage-test.jenkinsfile'
+        load '.ci/lib/stage-clean-check.jenkinsfile'
+    }
+}
diff --git a/.ci/ubuntu24.04.dockerfile b/.ci/ubuntu24.04.dockerfile
new file mode 100644
index 0000000000..f3f2e57c2c
--- /dev/null
+++ b/.ci/ubuntu24.04.dockerfile
@@ -0,0 +1,48 @@
+FROM ubuntu:noble
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y ca-certificates
+
+# Intel's RSA-2048 key signing the intel-sgx/sgx_repo repository. Expires 2027-03-20.
+# https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
+# TODO after Intel releases for noble: fix mantic to noble
+COPY .ci/intel-sgx-deb.key /etc/apt/trusted.gpg.d/intel-sgx-deb.asc
+RUN echo deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu mantic main > /etc/apt/sources.list.d/intel-sgx.list
+
+# Dependencies for actual build.
+# NOTE: COPY invalidates docker cache when source file changes,
+# so `apt-get build-dep` will rerun if dependencies change, despite no change
+# in dockerfile.
+RUN mkdir /debian
+COPY debian/control /debian
+RUN apt-get update && apt-get -y build-dep --no-install-recommends --no-install-suggests /
+RUN rm -rf /debian
+
+# runtime dependencies of Gramine, for running tests
+# keep this synced with debian/control
+RUN apt-get update && apt-get satisfy -y \
+ 'libcurl4 (>= 7.58)' \
+ 'libprotobuf-c1' \
+ 'python3' \
+ 'python3 (>= 3.10) | python3-pkg-resources' \
+ 'python3-click (>= 6.7)' \
+ 'python3-cryptography' \
+ 'python3-jinja2' \
+ 'python3-pyelftools' \
+ 'python3-tomli (>= 1.1.0)' \
+ 'python3-tomli-w (>= 0.4.0)'
+
+# dependencies for various tests, CI-Examples, etc.
+# git: scripts/gitignore-test (among others)
+# libunwind8: libos/test/regression/bootstrap_cpp.manifest.template
+# nginx: CI-Examples/ra-tls-nginx
+# shellcheck: .ci/run-shellcheck
+RUN apt-get update && apt-get install -y \
+    git \
+    libunwind8 \
+    nginx \
+    python3-pytest \
+    shellcheck
+
+CMD ["bash"]