-
Notifications
You must be signed in to change notification settings - Fork 17
103 lines (94 loc) · 4.28 KB
/
publish-aws-eks-nitro-enclave-docker.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: Publish EKS Operator Docker Images
run-name: >-
${{ inputs.operator_release == '' && format('Publish EKS Operator Docker Images for Operator Run Number: {0}', inputs.operator_run_number) || format('Publish EKS Operator Docker Images for Operator Release: {0}', inputs.operator_release)}}
on:
workflow_dispatch:
inputs:
operator_release:
description: The Operator Release number that built the EIF files to use
type: string
operator_run_number:
description: The Operator run number. Ignored if Release Number specified.
type: string
workflow_call:
inputs:
operator_release:
description: The Operator Release number that built the EIF files to use
type: string
operator_run_number:
description: The Operator run number. Ignored if Release Number specified.
type: string
env:
REGISTRY: ghcr.io
ENCLAVE_PROTOCOL: aws-nitro
ARTIFACTS_BASE_OUTPUT_DIR: ${{ github.workspace }}/deployment-artifacts
IMAGE_NAME: ${{ github.repository }}
REPO_OWNER: IABTechLab
REPO_NAME: uid2-operator
jobs:
buildUID2Image:
name: Build UID2 Pod for EKS
runs-on: ubuntu-latest
permissions:
contents: write
security-events: write
packages: write
steps:
- name: Build Docker Image for EKS Pod
id: build_docker_image_uid
uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@main
with:
identity_scope: uid2
artifacts_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/uid2
github_token: ${{ secrets.GITHUB_TOKEN }}
eif_repo_owner: ${{ env.REPO_OWNER }}
eif_repo_name: ${{ env.REPO_NAME }}
operator_release: ${{ inputs.operator_release }}
operator_run_number: ${{ inputs.operator_run_number }}
outputs:
enclave_id: ${{ steps.build_docker_image_uid.outputs.enclave_id }}
eif_version_number: ${{ steps.build_docker_image_uid.outputs.eif_version_number }}
buildEUIDImage:
name: Build EUID Pod for EKS
runs-on: ubuntu-latest
permissions:
contents: write
security-events: write
packages: write
steps:
- name: Build Docker Image for EKS Pod
id: build_docker_image_euid
uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@main
with:
identity_scope: euid
artifacts_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid
github_token: ${{ secrets.GITHUB_TOKEN }}
eif_repo_owner: ${{ env.REPO_OWNER }}
eif_repo_name: ${{ env.REPO_NAME }}
operator_release: ${{ inputs.operator_release }}
operator_run_number: ${{ inputs.operator_run_number }}
outputs:
enclave_id: ${{ steps.build_docker_image_euid.outputs.enclave_id }}
eif_version_number: ${{ steps.build_docker_image_euid.outputs.eif_version_number }}
cleanup:
name: Cleanup Building AWS Image
runs-on: ubuntu-latest
needs: [buildUID2Image, buildEUIDImage]
steps:
- name: Check disk usage
shell: bash
run: |
df -h
- name: Save Enclave Ids
run: |
mkdir -p ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests
echo "UID2 EIF Version: ${{ needs.buildUID2Image.outputs.eif_version_number }}" > ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.buildUID2Image.outputs.eif_version_number }}.txt
echo ${{ needs.buildUID2Image.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.buildUID2Image.outputs.eif_version_number }}.txt
echo "EUID EIF Version: ${{ needs.buildEUIDImage.outputs.eif_version_number }}" > ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.buildEUIDImage.outputs.eif_version_number }}.txt
echo ${{ needs.buildEUIDImage.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.buildEUIDImage.outputs.eif_version_number }}.txt
- name: Save Manifests as build artifacts
uses: actions/upload-artifact@v4
with:
name: aws-eks-enclave-ids-${{ needs.buildUID2Image.outputs.eif_version_number }}
path: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests
if-no-files-found: error