-
Notifications
You must be signed in to change notification settings - Fork 17
129 lines (118 loc) · 5.6 KB
/
publish-aws-eks-nitro-enclave-docker.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Publish EKS Operator Docker Images
run-name: >-
${{ inputs.operator_release == '' && format('Publish EKS Operator Docker Images for Operator Run Number: {0}', inputs.operator_run_number) || format('Publish EKS Operator Docker Images for Operator Release: {0}', inputs.operator_release)}}
on:
workflow_dispatch:
inputs:
operator_release:
description: The Operator Release number that built the EIF files to use
type: string
operator_run_number:
description: The Operator run number. Ignored if Release Number specified.
type: string
workflow_call:
inputs:
operator_release:
description: The Operator Release number that built the EIF files to use
type: string
operator_run_number:
description: The Operator run number. Ignored if Release Number specified.
type: string
env:
REGISTRY: ghcr.io
ENCLAVE_PROTOCOL: aws-nitro
ARTIFACTS_BASE_OUTPUT_DIR: ${{ github.workspace }}/deployment-artifacts
IMAGE_NAME: ${{ github.repository }}
REPO_OWNER: IABTechLab
REPO_NAME: uid2-operator
jobs:
buildUID2Image:
name: Build UID2 Pod for EKS
runs-on: ubuntu-latest
permissions:
contents: write
security-events: write
packages: write
steps:
- name: Build Docker Image for EKS Pod
id: build_docker_image_uid
uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@main
with:
identity_scope: uid2
artifacts_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/uid2
github_token: ${{ secrets.GITHUB_TOKEN }}
eif_repo_owner: ${{ env.REPO_OWNER }}
eif_repo_name: ${{ env.REPO_NAME }}
operator_release: ${{ inputs.operator_release }}
operator_run_number: ${{ inputs.operator_run_number }}
outputs:
enclave_id: ${{ steps.build_docker_image_uid.outputs.enclave_id }}
eif_version_number: ${{ steps.build_docker_image_uid.outputs.eif_version_number }}
image_tag: ${{ steps.build_docker_image_uid.outputs.image_tag }}
buildEUIDImage:
name: Build EUID Pod for EKS
runs-on: ubuntu-latest
permissions:
contents: write
security-events: write
packages: write
steps:
- name: Build Docker Image for EKS Pod
id: build_docker_image_euid
uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@main
with:
identity_scope: euid
artifacts_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid
github_token: ${{ secrets.GITHUB_TOKEN }}
eif_repo_owner: ${{ env.REPO_OWNER }}
eif_repo_name: ${{ env.REPO_NAME }}
operator_release: ${{ inputs.operator_release }}
operator_run_number: ${{ inputs.operator_run_number }}
outputs:
enclave_id: ${{ steps.build_docker_image_euid.outputs.enclave_id }}
eif_version_number: ${{ steps.build_docker_image_euid.outputs.eif_version_number }}
image_tag: ${{ steps.build_docker_image_euid.outputs.image_tag }}
testUID2Eks:
name: E2E Tests UID2 EKS
uses: ./.github/workflows/run-e2e-tests-on-operator.yaml
needs: [buildUID2Image]
with:
operator_image_version: ${{ needs.buildUID2Image.outputs.image_tag }}
operator_type: eks
eks: '{ "pcr0":"${{ needs.buildUID2Image.outputs.enclave_id }}"}'
identity_scope: UID2
secrets: inherit
testEUIDEks:
name: E2E Tests EUID EKS
uses: ./.github/workflows/run-e2e-tests-on-operator.yaml
needs: [buildEUIDImage]
with:
operator_image_version: ${{ needs.buildEUIDImage.outputs.image_tag }}
operator_type: eks
eks: '{ "pcr0":"${{ needs.buildEUIDImage.outputs.enclave_id }}"}'
identity_scope: EUID
secrets: inherit
cleanup:
name: Cleanup Building AWS Image
runs-on: ubuntu-latest
needs: [buildUID2Image, buildEUIDImage, testUID2Eks, testEUIDEks]
steps:
- name: Check disk usage
shell: bash
run: |
df -h
- name: Save Enclave Ids
run: |
mkdir -p ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests
echo "UID2 EIF Version: ${{ needs.buildUID2Image.outputs.eif_version_number }}" > ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.buildUID2Image.outputs.image_tag }}.txt
echo "UID2 Image Tag: ${{ needs.buildUID2Image.outputs.image_tag }}" >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.buildUID2Image.outputs.image_tag }}.txt
echo "Enclave ID (maybe shared by other images): " ${{ needs.buildUID2Image.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.buildUID2Image.outputs.image_tag }}.txt
echo "EUID EIF Version: ${{ needs.buildEUIDImage.outputs.eif_version_number }}" > ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.buildEUIDImage.outputs.image_tag }}.txt
echo "EUID Image Tag: ${{ needs.buildEUIDImage.outputs.image_tag }}" >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.buildEUIDImage.outputs.image_tag }}.txt
echo "Enclave ID (maybe shared by other images): " ${{ needs.buildEUIDImage.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.buildEUIDImage.outputs.image_tag }}.txt
- name: Save Manifests as build artifacts
uses: actions/upload-artifact@v4
with:
name: aws-eks-enclave-ids-${{ needs.buildUID2Image.outputs.image_tag }}
path: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests
if-no-files-found: error