2022-03-22 11:03:15 -04:00
|
|
|
name: Build and Upload the Enclave Image File
|
|
|
|
on:
|
|
|
|
workflow_dispatch:
|
|
|
|
inputs:
|
|
|
|
coordinator-name:
|
|
|
|
description: Coordinator name
|
|
|
|
required: true
|
|
|
|
type: string
|
|
|
|
|
|
|
|
workflow_call:
|
|
|
|
inputs:
|
|
|
|
coordinator-name:
|
|
|
|
required: true
|
|
|
|
type: string
|
|
|
|
|
|
|
|
secrets:
|
|
|
|
CI_GITHUB_REPOSITORY:
|
|
|
|
required: true
|
|
|
|
AWS_ACCESS_KEY_ID:
|
|
|
|
required: true
|
|
|
|
AWS_SECRET_ACCESS_KEY:
|
|
|
|
required: true
|
|
|
|
AWS_DEFAULT_REGION:
|
|
|
|
required: true
|
|
|
|
BUCKET_NAME:
|
|
|
|
required: true
|
|
|
|
PUBLIC_BUCKET_NAME:
|
|
|
|
required: true
|
|
|
|
SSH_PUB_KEY:
|
|
|
|
required: true
|
|
|
|
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
build-enclave:
|
|
|
|
name: "Build the Enclave"
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
env:
|
|
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
|
|
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
|
|
|
id: checkout
|
|
|
|
uses: actions/checkout@v2
|
|
|
|
with:
|
|
|
|
submodules: recursive
|
|
|
|
token: ${{ secrets.CI_GITHUB_REPOSITORY }}
|
|
|
|
|
|
|
|
- name: Install AWS CLI
|
|
|
|
id: prepare
|
|
|
|
run: sudo apt-get update && sudo apt-get -y install awscli
|
|
|
|
|
|
|
|
- name: Download bzImage, init and nsm.ko to AWS S3 Bucket
|
|
|
|
id: download-artifacts
|
|
|
|
run: aws s3 cp s3://${{ secrets.BUCKET_NAME }}/blobs/ ${{ github.workspace }}/images/aws/enclave/userland/dependencies/blobs/ --recursive
|
|
|
|
|
|
|
|
- name: Download Coordinator
|
|
|
|
id: download-coordinator
|
2022-03-24 05:32:51 -04:00
|
|
|
run: aws s3 cp s3://${{ secrets.PUBLIC_BUCKET_NAME }}/coordinator/${{ inputs.coordinator-name }}${{ github.event.inputs.coordinator-name }} ${{ github.workspace }}/images/aws/enclave/userland/build/coordinator
|
2022-03-22 11:03:15 -04:00
|
|
|
|
|
|
|
- name: Write ssh public key to file
|
|
|
|
run: echo $SSH_PUB_KEY >> ${{ env.SSH_PUB_KEY_PATH }} && chmod 644 ${{ env.SSH_PUB_KEY_PATH }}
|
|
|
|
env:
|
|
|
|
SSH_PUB_KEY: ${{ secrets.SSH_PUB_KEY }}
|
|
|
|
SSH_PUB_KEY_PATH: ~/authorized_keys
|
|
|
|
|
|
|
|
- name: Build the eif file
|
|
|
|
run: make -j$(nproc) SSH_DIR=~/ -C ${{ github.workspace }}/images/aws/enclave/
|
|
|
|
|
|
|
|
- name: Upload eif file to AWS S3 Bucket
|
|
|
|
id: upload
|
|
|
|
run: aws s3 cp ${{ github.workspace }}/images/aws/enclave/userland/build/ s3://${{ secrets.BUCKET_NAME }}/eif/ --recursive --exclude "*" --include "*.eif" --quiet
|
|
|
|
|
|
|
|
|