feat: 暗号整数をEnclave内で復号し平均計算するPostgreSQLエクステンションを作成

.dockerignore

@@ -12,3 +12,4 @@ docker/
 !docker/entrypoint
 
 .dockerignore
+.git

Cargo.toml

@@ -20,6 +20,9 @@ members = [
     "modules/key-vault-ecall-types",
     "modules/occlum-enclave",
     "modules/occlum-host",
+    "modules/encrypted-sql-ops-enclave",
+    "modules/encrypted-sql-ops-host",
+    "modules/encrypted-sql-ops-ecall-types",
     "nodes/key-vault",
     "nodes/state-runtime/api",
     "nodes/state-runtime/server",
@@ -31,9 +34,14 @@ members = [
     "example/occlum/rpc-types",
     "example/occlum/enclave",
     "example/occlum/host",
+    "example/encrypted-sql-ops/enclave",
     "example/wallet",
     "tests/integration",
     "tests/units/enclave",
     "tests/units/host",
     "tests/utils",
 ]
+exclude = [
+    # If adding this to workspace, top-level `cargo check` needs `pgx` installed and initialized.
+    "example/encrypted-sql-ops/pg-extension",
+]

azure-pipelines.yml

@@ -22,6 +22,19 @@ stages:
         - script: docker-compose down
           condition: always()
           displayName: 'rust-sgx-sdk docker-compose down'
+
+        - script: |
+            cp .env.sample .env
+            export SPID=$(SPID)
+            export SUB_KEY=$(SUB_KEY)
+
+            docker-compose -f pgx-docker-compose.yml up -d
+            docker-compose -f pgx-docker-compose.yml exec -T sgx_machine_pgx bash -c "cd anonify && ./scripts/encrypted-sql-ops-pg-test.sh"
+          displayName: 'Run encrypted-sql-ops-pg integration tests'
+        - script: docker-compose -f pgx-docker-compose.yml down
+          condition: always()
+          displayName: 'pgx docker-compose down'
+
         # NOTE: temporary removed: Add once occlum version bump up to 0.23.0
         # - script: |
         #     cp .env.sample .env
@@ -124,6 +137,25 @@ stages:
         dockerfile: ./docker/base-anonify-dev.Dockerfile
         buildContext: .
 
+    - task: Docker@2
+      displayName: Build anonify-dev-pgx image
+      inputs:
+        command: build
+        containerRegistry: anonify-ci-cd-acr
+        repository: anonify-dev-pgx
+        tags: latest
+        dockerfile: ./docker/base-anonify-dev-pgx.Dockerfile
+        buildContext: .
+    - task: Docker@2
+      displayName: Push anonify-dev-pgx image
+      inputs:
+        command: push
+        containerRegistry: anonify-ci-cd-acr
+        repository: anonify-dev-pgx
+        tags: latest
+        dockerfile: ./docker/base-anonify-dev-pgx.Dockerfile
+        buildContext: .
+
     - script: docker image prune -f
       displayName: Remove dangling images
 
@@ -153,6 +185,7 @@ stages:
         tags: latest
         dockerfile: ./docker/example-erc20.Dockerfile
         buildContext: .
+
     - task: Docker@2
       displayName: Build key-vault for erc20 image
       inputs:
@@ -172,5 +205,55 @@ stages:
         tags: latest
         dockerfile: ./docker/example-keyvault.Dockerfile
         buildContext: .
+
+    - task: Docker@2
+      displayName: Build encrypted-sql-ops-pg image
+      inputs:
+        command: build
+        containerRegistry: anonify-ci-cd-acr
+        repository: encrypted-sql-ops-pg
+        tags: latest
+        dockerfile: ./docker/example-encrypted-sql-ops-pg.Dockerfile
+        buildContext: .
+        arguments: '--build-arg AZ_KV_ENDPOINT=$(AZ_KV_ENDPOINT) --build-arg AZURE_CLIENT_ID=$(AZURE_CLIENT_ID) --build-arg AZURE_CLIENT_SECRET=$(AZURE_CLIENT_SECRET) --build-arg AZURE_TENANT_ID=$(AZURE_TENANT_ID) --build-arg PROD_ID=$(PROD_ID) --build-arg ISVSVN=$(ISVSVN)'
+    - task: Docker@2
+      displayName: Push encrypted-sql-ops-pg image
+      inputs:
+        command: push
+        containerRegistry: anonify-ci-cd-acr
+        repository: encrypted-sql-ops-pg
+        tags: latest
+        dockerfile: ./docker/example-encrypted-sql-ops-pg.Dockerfile
+        buildContext: .
+
     - script: docker image prune -f
       displayName: Remove dangling images
+
+- stage: E2E_encrypted_sql_ops_pg
+  condition: eq(variables['Build.SourceBranch'], 'refs/heads/main')
+  jobs:
+  - job: E2E_encrypted_sql_ops_pg
+    pool:
+      name: 'AnonifyAgent'
+    steps:
+      - task: Docker@2
+        displayName: Build encrypted-sql-ops-pg image
+        inputs:
+          command: build
+          containerRegistry: anonify-ci-cd-acr
+          repository: encrypted-sql-ops-pg
+          tags: latest
+          dockerfile: ./docker/example-encrypted-sql-ops-pg.Dockerfile
+          buildContext: .
+          arguments: '--build-arg AZ_KV_ENDPOINT=$(AZ_KV_ENDPOINT) --build-arg AZURE_CLIENT_ID=$(AZURE_CLIENT_ID) --build-arg AZURE_CLIENT_SECRET=$(AZURE_CLIENT_SECRET) --build-arg AZURE_TENANT_ID=$(AZURE_TENANT_ID) --build-arg PROD_ID=$(PROD_ID) --build-arg ISVSVN=$(ISVSVN)'
+      - script: |
+          export SPID=$(SPID)
+          export SUB_KEY=$(SUB_KEY)
+          docker-compose -f esop-docker-compose.yml up --exit-code-from encrypted_sql_ops_pg
+        displayName: 'Run E2E tests for encrypted-sql-ops-pg'
+      - script: docker image prune -f
+        condition: always()
+        displayName: Remove dangling images
+      - script: docker-compose -f esop-docker-compose.yml down
+        condition: always()
+        displayName: 'Shutdown'

docker/README.md

@@ -26,6 +26,8 @@ Should match to the name: `docker/base-*.Dockerfile` in order for CI to build &
   - for developing in the occlum-enable environment
 - `base-occlum-host.Dockerfile`
   - for a non-sgx environment to communicate with occlum enclave
+- `base-anonify-dev-pgx.Dockerfile`
+  - [pgx](https://github.com/zombodb/pgx) is installed in addition to `anonify-dev` container.
 
 #### Example `docker run` command
 
@@ -47,6 +49,3 @@ $ docker run  --env-file .env -v `pwd`:/home/anonify-dev/anonify --rm -it anonif
 ### Application Images
 
 Should match to the name: `docker/example-*.Dockerfile` in order for CI to build & push every time main branch has been changed (supposing app codes have been modified).
-
-- `example-erc20.Dockerfile`
-- `example-keyvault.Dockerfile`