add circleci (#2)

.circleci/config.yml

@@ -0,0 +1,112 @@
+# Copyright 2023 Ant Group Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+version: 2.1
+
+setup: true
+
+
+# Define a job to be invoked later in a workflow.
+# See: https://circleci.com/docs/2.0/configuration-reference/#jobs
+jobs:
+  lint:
+    # Use machine executor for convenient data sharing between the host and docker-compose cluster
+    docker:
+      - image: secretflow/lint-ci:latest
+    resource_class: medium
+    shell: /bin/bash --login -eo pipefail
+    steps:
+      - checkout
+      - run:
+          name: Checkout devtools
+          command: git clone https://github.com/secretflow/devtools.git ../devtools
+      - run:
+          name: Whitespace check
+          command: bash ../devtools/lint-whitespace.sh
+  linux_ut:
+    # Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub.
+    # See: https://circleci.com/docs/2.0/configuration-reference/#docker-machine-macos-windows-executor
+    docker:
+      - image: secretflow/ubuntu-base-ci:latest
+    resource_class: 2xlarge+
+    shell: /bin/bash --login -eo pipefail
+    # Add steps to the job
+    # See: https://circleci.com/docs/2.0/configuration-reference/#steps
+    steps:
+      # Kill the whole ci after 1hr
+      - run:
+          name: Cancel build after set time
+          background: true
+          command: |
+            sleep 3600
+            echo "Canceling workflow as too much time has elapsed"
+            curl -X POST --header "Content-Type: application/json" "https://circleci.com/api/v2/workflow/${CIRCLE_WORKFLOW_ID}/cancel?circle-token=${BUILD_TIMER_TOKEN}"
+      - checkout
+      - restore_cache:
+          name: "Restore build cache"
+          key: serving-build-comp-{{ arch }}-
+      - run:
+          name: Checkout devtools
+          command: git clone https://github.com/secretflow/devtools.git ../devtools
+      - run:
+          name: Decompress cache
+          command: sh ../devtools/decompress-build-cache.sh serving_build_cache
+      - run:
+          name: "build"
+          command: bazel build //... -c opt --ui_event_filters=-info,-debug,-warning --disk_cache=~/.cache/serving_build_cache --jobs 20
+      - run:
+          name: "test"
+          command: |
+            set +e
+            declare -i test_status
+            bazel test //... -c opt --ui_event_filters=-info,-debug,-warning --test_output=errors --disk_cache=~/.cache/serving_build_cache | tee test_result.log; test_status=${PIPESTATUS[0]}
+
+            sh ../devtools/rename-junit-xml.sh
+            find bazel-bin/ -executable -type f -name "*_test"  -print0 | xargs -0 tar -cvzf test_binary.tar.gz
+            find bazel-testlogs/ -type f -name "test.log"  -print0 | xargs -0 tar -cvzf test_logs.tar.gz
+
+            exit ${test_status}
+      - run:
+          name: "integration test"
+          command: |
+            set +e
+            declare -i test_status
+            python .ci/integration_test.py 2>&1 | tee integration_test.log; test_status=${PIPESTATUS[0]}
+
+            exit ${test_status}
+      - run:
+          name: Cleanup and compress cache
+          command: |
+            sh ../devtools/clean_disk_cache.sh ~/.cache/serving_build_cache
+            sh ../devtools/compress-build-cache.sh serving_build_cache
+          when: always
+      - save_cache:
+          key: serving-build-comp-{{ arch }}-{{ .Environment.CIRCLE_BUILD_NUM }}
+          paths:
+            - /root/.cache/serving_build_cache.tar.gz
+          when: always
+      - store_test_results:
+          path: test-results
+      - store_artifacts:
+          path: test_binary.tar.gz
+      - store_artifacts:
+          path: test_logs.tar.gz
+      - store_artifacts:
+          path: integration_test.log
+
+workflows:
+  unittest-workflow:
+    jobs:
+      - linux_ut
+      - lint

.github/workflows/buildifier.yml

@@ -0,0 +1,12 @@
+---
+name: Bazel files linter
+on:
+  push:
+    branches:
+    - main
+  pull_request:
+    branches:
+    - main
+jobs:
+  bazel-formatting-check:
+    uses: secretflow/.github/.github/workflows/bazel-linter.yml@main

.github/workflows/cla.yml

@@ -0,0 +1,11 @@
+---
+name: CLA Assistant
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened, closed, synchronize]
+jobs:
+  CLAssistant:
+    uses: secretflow/.github/.github/workflows/cla.yml@main
+    secrets: inherit

.github/workflows/clang-format-linter.yml

@@ -0,0 +1,12 @@
+---
+name: Run clang-format Linter
+on:
+  push:
+    branches:
+    - main
+  pull_request:
+    branches:
+    - main
+jobs:
+  run-clang-format:
+    uses: secretflow/.github/.github/workflows/clang-format.yml@main

.github/workflows/stale.yml

@@ -0,0 +1,9 @@
+---
+name: Mark stale issues and pull requests
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: 40 9 * * *
+jobs:
+  stale:
+    uses: secretflow/.github/.github/workflows/stale.yml@main

.github/workflows/yaml-lint.yml

@@ -0,0 +1,12 @@
+---
+name: Yaml Lint
+on:
+  push:
+    branches:
+    - main
+  pull_request:
+    branches:
+    - main
+jobs:
+  yaml-linter:
+    uses: secretflow/.github/.github/workflows/yaml-linter.yml@main

README.md

@@ -1,5 +1,7 @@
 # SecretFlow-Serving
 
+[![CircleCI](https://dl.circleci.com/status-badge/img/gh/secretflow/serving/tree/main.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/secretflow/serving/tree/main)
+
 SecretFlow-Serving is a serving system for  privacy-preserving machine learning models.
 
 ## Serve a model

SECURITY.md

@@ -0,0 +1,35 @@
+<!-- BEGIN ANT GROUP SECURITY.MD -->
+
+## Security
+
+If you believe you have found a security vulnerability in any SecretFlow repository that meets [SecretFlow's definition of a security vulnerability](https://security.alipay.com/announcement.htm?id=1), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the ANT GROUP SECURITY Response Center at [https://security.alipay.com/](https://security.alipay.com/).
+
+If you prefer to submit without logging in, send email to [[email protected]](mailto:[email protected]). 
+
+You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [https://security.alipay.com/](https://security.alipay.com/).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+
+## Preferred Languages
+
+We prefer all communications to be in Chinese or English.
+
+
+<!-- END ANT GROUP SECURITY.MD BLOCK -->