Merge pull request #1008 from IABTechLab/tjm-UID2-4116-use-eif-artifa…

…ct-for-eks-build Use eif artifact for eks build
IABTechLab · Sep 20, 2024 · e068526 · e068526
2 parents ccf665d + d796a4f
commit e068526
Show file tree

Hide file tree

Showing 3 changed files with 124 additions and 109 deletions.
diff --git a/.github/actions/build_eks_docker_image/action.yaml b/.github/actions/build_eks_docker_image/action.yaml
@@ -1,21 +1,23 @@
 name: Build AWS EKS Docker Image
-description: Builds the docker images to use as a EKS Pod. Includes building the EIF
+description: Builds the docker images to use as a EKS Pod.
 
 inputs:
-  version_number_input:
-    description: If set, the version number will not be incremented and the given number will be used.
-    default: ''
   identity_scope:
     description: The identity scope [uid2, euid]
     required: true
-  artifacts_output_dir:
-    description: The output directory for the artifacts
+  eif_repo_owner:
+    description: The owner of the EIF repo
     required: true
-  image_tag:
-    description: The Tag to give the docker image
+  eif_repo_name:
+    description: The name of the EIF repo
     required: true
-  new_version:
-    description: The new version number after potentially updating the POM
+  operator_release:
+    description: The operator release that has the EIF to use
+    default: ''
+  operator_run_number:
+    description: The Operator run number for artifacts. Ignored if Operator Release is given
+  artifacts_output_dir:
+    description: The output directory for the artifacts
     required: true
   github_token:
     description: The GitHub token used to login to Docker
@@ -24,21 +26,74 @@ inputs:
 outputs:
   enclave_id:
     description: The enclave id for this EIF.
-    value: ${{ steps.build_aws_eif.outputs.enclave_id }}
+    value: ${{ steps.versionNumber.outputs.ENCLAVE_ID }}
+  image_tag:
+    description: The Image tag of the docker image
+    value: ${{ steps.versionNumber.outputs.VERSION_NUMBER }}
+  eif_version_number:
+    description: The version number of the EIF used to build the image
+    value: ${{ steps.versionNumber.outputs.VERSION_NUMBER }}
 
 runs:
   using: "composite"
 
   steps:
-    - name: Build AWS EIF for EKS
-      id: build_aws_eif
-      uses: IABTechLab/uid2-operator/.github/actions/build_aws_eif@main
+    - name: Checkout repo
+      uses: actions/checkout@v4
+
+    - name: Make output dir
+      shell: bash
+      run: |
+        mkdir ${{ inputs.artifacts_output_dir }} -p
+
+    - name: Get EIF for Release ${{ inputs.operator_release }}
+      uses: IABTechLab/uid2-operator/.github/actions/download_release_artifact@main
+      if: ${{ inputs.operator_release != '' }}
       with:
-        identity_scope: ${{ inputs.identity_scope }}
-        artifacts_base_output_dir: ${{ inputs.artifacts_output_dir }}
-        amazonlinux_dockerfile: ./scripts/aws/pipeline/amazonlinux2023.Dockerfile
-        makefile: Makefile.eif
-        version_number_input: ${{ inputs.version_number_input }}
+        github_token: ${{ inputs.github_token }}
+        repo_owner: ${{ inputs.eif_repo_owner }}
+        repo_name: ${{ inputs.eif_repo_name }}
+        release_name: ${{ inputs.operator_release }}
+        artifact_name: aws-${{ inputs.identity_scope }}-deployment-files
+        folder: ${{ inputs.artifacts_output_dir }}
+
+    - name: Get EIF for Run ${{ inputs.operator_run_number }}
+      id: get_eif_for_run
+      uses: dawidd6/action-download-artifact@v6
+      if: ${{ inputs.operator_release == '' }}
+      with:
+        name: 'aws-${{ inputs.identity_scope }}-deployment-files-.*'
+        name_is_regexp: true
+        run_id: ${{ inputs.operator_run_number }}
+        skip_unpack: true
+
+    - name: Show folder
+      shell: bash
+      working-directory: ${{ inputs.artifacts_output_dir }}
+      run: |
+        ls -al
+
+    - name: Unzip artifacts
+      if: ${{ inputs.operator_release == '' }}
+      shell: bash
+      run: |
+        ARTIFACTS='${{ steps.get_eif_for_run.outputs.artifacts }}'
+        FILE=$(echo $ARTIFACTS | jq -r '.[0].name')
+        unzip -o -d ${{ inputs.artifacts_output_dir }} $FILE.zip
+        rm $FILE.zip
+
+    - name: Get version number and Enclave Id
+      id: versionNumber
+      shell: bash
+      working-directory: ${{ inputs.artifacts_output_dir }}
+      run: |
+        ls -al
+        VERSION_NUMBER=$(cat ./version_number.txt)
+        echo "VERSION_NUMBER=$VERSION_NUMBER" >> $GITHUB_OUTPUT
+        echo "Version Number: " $VERSION_NUMBER
+        ENCLAVE_ID=$(cat ./pcr0.txt)
+        echo "ENCLAVE_ID=$ENCLAVE_ID" >> $GITHUB_OUTPUT
+        echo "Enclave ID:" $ENCLAVE_ID
 
     - name: Copy docker files for the Operator Pod
       shell: bash
@@ -69,7 +124,7 @@ runs:
       with:
         images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-eks-${{ inputs.identity_scope }}
         tags: |
-          type=raw,value=${{ inputs.image_tag }}
+          type=raw,value=${{ steps.versionNumber.outputs.VERSION_NUMBER }}
 
     - name: Build and export to Docker
       uses: docker/build-push-action@v5
@@ -79,8 +134,8 @@ runs:
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
         build-args: |
-          JAR_VERSION=${{ inputs.new_version }}
-          IMAGE_VERSION=${{ inputs.new_version }}
+          JAR_VERSION=${{ steps.versionNumber.outputs.VERSION_NUMBER }}
+          IMAGE_VERSION=${{ steps.versionNumber.outputs.VERSION_NUMBER }}
           BUILD_TARGET=${{ env.ENCLAVE_PROTOCOL }}
 
     - name: Push to Docker
@@ -92,8 +147,8 @@ runs:
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
         build-args: |
-          JAR_VERSION=${{ inputs.new_version }}
-          IMAGE_VERSION=${{ inputs.new_version }}
+          JAR_VERSION=${{ steps.versionNumber.outputs.VERSION_NUMBER }}
+          IMAGE_VERSION=${{ steps.versionNumber.outputs.VERSION_NUMBER }}
 
     - name: Check disk usage
       shell: bash

diff --git a/.github/workflows/publish-aws-eks-nitro-enclave-docker.yaml b/.github/workflows/publish-aws-eks-nitro-enclave-docker.yaml
@@ -1,104 +1,85 @@
-name: Publish EKS Operator
-run-name: ${{ format('Publish {0} EKS Operator', inputs.release_type) }}
+name: Publish EKS Operator Docker Images
+run-name: >-
+  ${{ inputs.operator_release == '' && format('Publish EKS Operator Docker Images for Operator Run Number: {0}', inputs.operator_run_number) || format('Publish EKS Operator Docker Images for Operator Release: {0}', inputs.operator_release)}}
 on:
   workflow_dispatch:
     inputs:
-      release_type:
-        type: choice
-        description: The type of release
-        default: Snapshot
-        options:
-        - Snapshot
-        - Patch
-        - Minor
-        - Major
-      version_number_input:
-        description: If set, the version number will not be incremented and the given number will be used.
+      operator_release:
+        description: The Operator Release number that built the EIF files to use
+        type: string
+      operator_run_number:
+        description: The Operator run number. Ignored if Release Number specified.
         type: string
-        default: ''
   workflow_call:
     inputs:
-      release_type:
-        description: The type of version number to return. Must be one of [Snapshot, Patch, Minor or Major]
-        required: true
+      operator_release:
+        description: The Operator Release number that built the EIF files to use
         type: string
-      version_number_input:
-        description: If set, the version number will not be incremented and the given number will be used.
+      operator_run_number:
+        description: The Operator run number. Ignored if Release Number specified.
         type: string
-        default: ''
 
 env:
   REGISTRY: ghcr.io
   ENCLAVE_PROTOCOL: aws-nitro
   ARTIFACTS_BASE_OUTPUT_DIR: ${{ github.workspace }}/deployment-artifacts
   IMAGE_NAME: ${{ github.repository }}
+  REPO_OWNER: IABTechLab
+  REPO_NAME: uid2-operator
 
 jobs:
-  start:
-    name: Update Operator Version
-    runs-on: ubuntu-latest
-    steps:
-      - name: Update Operator Version
-        id: update_version
-        uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@main
-        with:
-          release_type: ${{ inputs.release_type }}
-          version_number_input: ${{ inputs.version_number_input }}
-          image_tag_suffix: eks-nitro
-
-    outputs:
-      new_version: ${{ steps.update_version.outputs.new_version }}
-      is_release: ${{ steps.update_version.outputs.is_release }}
-      image_tag: ${{ steps.update_version.outputs.image_tag }}
-
-  buildUID2EIF:
-    name: Build UID2 EIF and Pod for EKS
+  buildUID2Image:
+    name: Build UID2 Pod for EKS
     runs-on: ubuntu-latest
     permissions:
       contents: write
       security-events: write
       packages: write
-    needs: start
     steps:
       - name: Build Docker Image for EKS Pod
-        id: build_docker_image
-        uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@main
+        id: build_docker_image_uid
+        uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@tjm-UID2-4116-use-eif-artifact-for-eks-build
         with:
           identity_scope: uid2
           artifacts_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/uid2
-          version_number_input: ${{ inputs.version_number_input }}
-          image_tag: ${{ needs.start.outputs.image_tag }}
-          new_version: ${{ needs.start.outputs.new_version }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
+          eif_repo_owner: ${{ env.REPO_OWNER }}
+          eif_repo_name: ${{ env.REPO_NAME }}
+          operator_release: ${{ inputs.operator_release }}
+          operator_run_number: ${{ inputs.operator_run_number }}
+
     outputs:
-      enclave_id: ${{ steps.build_docker_image.outputs.enclave_id }}
+      enclave_id: ${{ steps.build_docker_image_uid.outputs.enclave_id }}
+      eif_version_number: ${{ steps.build_docker_image_uid.outputs.eif_version_number }}
 
-  buildEUIDEIF:
-    name: Build EUID EIF and Pod for EKS
+  buildEUIDImage:
+    name: Build EUID Pod for EKS
     runs-on: ubuntu-latest
     permissions:
       contents: write
       security-events: write
       packages: write
-    needs: start
     steps:
       - name: Build Docker Image for EKS Pod
-        id: build_docker_image
-        uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@main
+        id: build_docker_image_euid
+        uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@tjm-UID2-4116-use-eif-artifact-for-eks-build
         with:
           identity_scope: euid
           artifacts_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid
-          version_number_input: ${{ inputs.version_number_input }}
-          image_tag: ${{ needs.start.outputs.image_tag }}
-          new_version: ${{ needs.start.outputs.new_version }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
+          eif_repo_owner: ${{ env.REPO_OWNER }}
+          eif_repo_name: ${{ env.REPO_NAME }}
+          operator_release: ${{ inputs.operator_release }}
+          operator_run_number: ${{ inputs.operator_run_number }}
+
     outputs:
-      enclave_id: ${{ steps.build_docker_image.outputs.enclave_id }}
+      enclave_id:  ${{ steps.build_docker_image_euid.outputs.enclave_id }}
+      eif_version_number: ${{ steps.build_docker_image_euid.outputs.eif_version_number }}
 
   cleanup:
     name: Cleanup Building AWS Image
     runs-on: ubuntu-latest
-    needs: [start, buildUID2EIF, buildEUIDEIF]
+    needs: [buildUID2Image, buildEUIDImage]
     steps:
       - name: Check disk usage
         shell: bash
@@ -108,36 +89,15 @@ jobs:
       - name: Save Enclave Ids
         run: |
           mkdir -p ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests
-          echo ${{ needs.buildUID2EIF.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.start.outputs.new_version }}.txt
-          echo ${{ needs.buildEUIDEIF.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.start.outputs.new_version }}.txt
+          echo "UID2 EIF Version: ${{ needs.buildUID2Image.outputs.eif_version_number }}" > ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.buildUID2Image.outputs.eif_version_number }}.txt
+          echo ${{ needs.buildUID2Image.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.buildUID2Image.outputs.eif_version_number }}.txt
+
+          echo "EUID EIF Version: ${{ needs.buildEUIDImage.outputs.eif_version_number }}" > ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.buildEUIDImage.outputs.eif_version_number }}.txt
+          echo ${{ needs.buildEUIDImage.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.buildEUIDImage.outputs.eif_version_number }}.txt
 
       - name: Save Manifests as build artifacts
         uses: actions/upload-artifact@v4
         with:
-          name: aws-eks-enclave-ids-${{ needs.start.outputs.new_version }}
+          name: aws-eks-enclave-ids-${{ needs.buildUID2Image.outputs.eif_version_number }}
           path: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests
           if-no-files-found: error
-
-      - name: Build changelog
-        id: github_release
-        if: ${{ inputs.version_number_input == '' && needs.start.outputs.is_release == 'true' }}
-        uses: mikepenz/release-changelog-builder-action@v4
-        with:
-          configurationJson: |
-            {
-              "template": "#{{CHANGELOG}}\n## Installation\n```\See [AWS Marketplace](https://unifiedid.com/docs/guides/operator-guide-aws-marketplace) for details\n```\n\n## Changelog\n#{{UNCATEGORIZED}}",
-              "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )"
-            }
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Create release
-        if: ${{ inputs.version_number_input == '' && needs.start.outputs.is_release == 'true' }}
-        uses: softprops/action-gh-release@v2
-        with:
-          name: ${{ needs.start.outputs.new_version }}
-          body: ${{ steps.github_release.outputs.changelog }}
-          draft: true
-          files: |
-            ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.start.outputs.new_version }}.txt
-            ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.start.outputs.new_version }}.txt
diff --git a/...ows/publish-aws-nitro-enclave-docker.yaml → .github/workflows/publish-aws-nitro-eif.yaml b/...ows/publish-aws-nitro-enclave-docker.yaml → .github/workflows/publish-aws-nitro-eif.yaml
@@ -1,5 +1,5 @@
-name: Publish AWS Nitro Operator
-run-name: ${{ format('Publish {0} AWS Nitro Operator', inputs.release_type) }}
+name: Publish AWS Nitro EIFs
+run-name: ${{ format('Publish {0} AWS Nitro EIFs', inputs.release_type) }}
 on:
   workflow_dispatch:
     inputs: