Add Oak Client Android app to Kokoro build and make it importable.

Change-Id: I4467412d5584abfd81689394949f137bc80714c3
project-oak · Jun 12, 2024 · cd0b745 · cd0b745
1 parent f962837
commit cd0b745
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 11 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -18,6 +18,7 @@ jobs:
       matrix:
         buildconfig:
           - buildconfigs/key_xor_test_app.sh
+          - buildconfigs/oak_client_android_app.sh
           - buildconfigs/oak_containers_kernel.sh
           - buildconfigs/oak_containers_orchestrator.sh
           - buildconfigs/oak_containers_stage1.sh

diff --git a/.gitignore b/.gitignore
@@ -51,6 +51,9 @@ rust-project.json
 # Ignore downloaded temporary files, such as the trusted root CA certificates.
 /downloads/
 
+# Binary or other files generated during build, see `justfile`.
+/generated/
+
 # Ignore generated binary files.
 **/bin/
 # Except if it is source code in a vendored crate.

diff --git a/buildconfigs/oak_client_android_app.sh b/buildconfigs/oak_client_android_app.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+# Build configuration for oak_client_android_app.
+#
+export PACKAGE_NAME=oak_client_android_app
+
+export BUILD_COMMAND=(
+  nix
+  develop
+  --command
+  just
+  oak_client_android_app
+)
+
+export SUBJECT_PATHS=(
+  generated/client_app.apk
+)
diff --git a/justfile b/justfile
@@ -62,6 +62,16 @@ oak_restricted_kernel_simple_io_init_rd_bin:
 oak_restricted_kernel_simple_io_init_rd_wrapper: oak_restricted_kernel_simple_io_init_rd_bin
     just restricted_kernel_bzimage_and_provenance_subjects oak_restricted_kernel_simple_io_init_rd
 
+oak_client_android_app:
+    bazel build --config=unsafe-fast-presubmit --compilation_mode opt \
+        //java/src/main/java/com/google/oak/client/android:client_app
+    # Copy out to a directory which does not change with bazel config and does
+    # not interfere with cargo. It should be reused for other targets as well.
+    mkdir --parents generated
+    cp --preserve=timestamps --no-preserve=mode \
+        bazel-bin/java/src/main/java/com/google/oak/client/android/client_app.apk \
+        generated
+
 stage0_bin:
     env --chdir=stage0_bin \
         cargo objcopy --release -- --output-target=binary \
@@ -179,7 +189,9 @@ all_ensure_no_std: (ensure_no_std "micro_rpc") (ensure_no_std "oak_attestation_v
 
 # Entry points for Kokoro CI.
 
-kokoro_build_binaries_rust: all_enclave_apps oak_restricted_kernel_bin oak_restricted_kernel_simple_io_init_rd_wrapper stage0_bin
+kokoro_build_binaries_rust: all_enclave_apps oak_restricted_kernel_bin \
+    oak_restricted_kernel_simple_io_init_rd_wrapper stage0_bin \
+    oak_client_android_app
 
 kokoro_oak_containers: all_oak_containers_binaries oak_functions_containers_container_bundle_tar
     OAK_CONTAINERS_BINARIES_ALREADY_BUILT=1 RUST_LOG="debug" cargo nextest run --all-targets --hide-progress-bar --package='oak_containers_hello_world_untrusted_app'

diff --git a/kokoro/build_binaries_rust.sh b/kokoro/build_binaries_rust.sh
@@ -20,24 +20,26 @@ touch "${KOKORO_ARTIFACTS_DIR}/binaries/git_commit_${KOKORO_GIT_COMMIT_oak:?}"
 # Copy the generated binaries to Placer. The timestamps are used to convey
 # the creation time.
 readonly generated_binaries=(
-    ./oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/oak_restricted_kernel_simple_io_init_rd_wrapper_bin
-    ./stage0_bin/target/x86_64-unknown-none/release/stage0_bin
-    ./enclave_apps/target/x86_64-unknown-none/release/key_xor_test_app
-    ./enclave_apps/target/x86_64-unknown-none/release/oak_echo_enclave_app
-    ./enclave_apps/target/x86_64-unknown-none/release/oak_echo_raw_enclave_app
-    ./enclave_apps/target/x86_64-unknown-none/release/oak_functions_enclave_app
-    ./enclave_apps/target/x86_64-unknown-none/release/oak_functions_insecure_enclave_app
-    ./enclave_apps/target/x86_64-unknown-none/release/oak_orchestrator
+    enclave_apps/target/x86_64-unknown-none/release/key_xor_test_app
+    generated/client_app.apk
+    enclave_apps/target/x86_64-unknown-none/release/oak_echo_enclave_app
+    enclave_apps/target/x86_64-unknown-none/release/oak_echo_raw_enclave_app
+    enclave_apps/target/x86_64-unknown-none/release/oak_functions_enclave_app
+    enclave_apps/target/x86_64-unknown-none/release/oak_functions_insecure_enclave_app
+    enclave_apps/target/x86_64-unknown-none/release/oak_orchestrator
+    oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/oak_restricted_kernel_simple_io_init_rd_wrapper_bin
+    stage0_bin/target/x86_64-unknown-none/release/stage0_bin
 )
 readonly binary_names=(
-    oak_restricted_kernel_simple_io_init_rd_wrapper_bin
-    stage0_bin
     key_xor_test_app
+    oak_client_android_app
     oak_echo_enclave_app
     oak_echo_raw_enclave_app
     oak_functions_enclave_app
     oak_functions_insecure_enclave_app
     oak_orchestrator
+    oak_restricted_kernel_simple_io_init_rd_wrapper_bin
+    stage0_bin
 )
 for i in "${!binary_names[@]}"; do
     cp --preserve=timestamps \