remove aws image

2025-02-02 10:35:08 -05:00 · 2022-04-19 12:12:34 +02:00 · 2022-04-19 12:12:34 +02:00 · 4f6af8d304
commit 4f6af8d304
parent 990ca20469
21 changed files with 9 additions and 228 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -17,7 +17,7 @@ admin.conf
 coordinatorConfig.json
 coordinator-*
-/images
+/image
 # Dockerfiles
 Dockerfile
--- a/.github/workflows/build-ami.yml
+++ b/.github/workflows/build-ami.yml
@ -1,55 +0,0 @@
 name: Build the AMI Template
 on:
  workflow_dispatch:
  workflow_call:
    secrets:
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true
      AWS_DEFAULT_REGION:
        required: true
      BUCKET_NAME:
        required: true
 jobs:
  build-enclave:
    name: "Build the AMI"
    runs-on: ubuntu-latest
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
      working-directory: images/aws/ec2
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v2
      - name: Install AWS CLI
        id: prepare
        run: sudo apt-get update && sudo apt-get -y install awscli
      - name: Download eif
        id: download_eif
        run: aws s3 cp s3://${{ secrets.BUCKET_NAME }}/eif/ ${{ github.workspace }}/${{ env.working-directory }}/ --recursive --quiet
      - name: Download gvproxy
        id: download_gvproxy
        run: aws s3 cp s3://${{ secrets.BUCKET_NAME }}/gvproxy/gvproxy ${{ github.workspace }}/${{ env.working-directory }}/ --quiet
      - name: Install build dependencies
        run: sudo apt-get -y install packer
      - name: Init packer
        run: packer init .
        working-directory: ${{ env.working-directory }}
      - name: Validate packer
        run: packer validate -syntax-only .
        working-directory: ${{ env.working-directory }}
      - name: Build packer
        run: packer build -color=false .
        working-directory: ${{ env.working-directory }}
--- a/.github/workflows/build-coreos-debug.yml
+++ b/.github/workflows/build-coreos-debug.yml
@ -14,7 +14,7 @@ jobs:
      run:
        shell: bash
    env:
-      working-directory: ${{ github.workspace }}/images/fcos
+      working-directory: ${{ github.workspace }}/image
      SHELL: /bin/bash
      GOPATH: /home/github-actions-runner-user/go
      GOCACHE: /home/github-actions-runner-user/.cache/go-build
--- a/.github/workflows/build-coreos.yml
+++ b/.github/workflows/build-coreos.yml
@ -42,7 +42,7 @@ jobs:
      run:
        shell: bash
    env:
-      working-directory: ${{ github.workspace }}/images/fcos
+      working-directory: ${{ github.workspace }}/image
      SHELL: /bin/bash
    steps:
      - name: Checkout
--- a/.github/workflows/build-enclave.yml
+++ b/.github/workflows/build-enclave.yml
@ -1,74 +0,0 @@
 name: Build and Upload the Enclave Image File
 on:
  workflow_dispatch:
    inputs:
      coordinator-name:
        description: Coordinator name
        required: true
        type: string
  workflow_call:
    inputs:
      coordinator-name:
        required: true
        type: string
    secrets:
      CI_GITHUB_REPOSITORY:
        required: true
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true
      AWS_DEFAULT_REGION:
        required: true
      BUCKET_NAME:
        required: true
      PUBLIC_BUCKET_NAME:
        required: true
      SSH_PUB_KEY:
        required: true
 jobs:
  build-enclave:
    name: "Build the Enclave"
    runs-on: ubuntu-latest
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v2
        with:
          submodules: recursive
          token: ${{ secrets.CI_GITHUB_REPOSITORY }}
      - name: Install AWS CLI
        id: prepare
        run: sudo apt-get update && sudo apt-get -y install awscli
      - name: Download bzImage, init and nsm.ko to AWS S3 Bucket
        id: download-artifacts
        run: aws s3 cp s3://${{ secrets.BUCKET_NAME }}/blobs/ ${{ github.workspace }}/images/aws/enclave/userland/dependencies/blobs/ --recursive
      - name: Download Coordinator
        id: download-coordinator
        run: aws s3 cp s3://${{ secrets.PUBLIC_BUCKET_NAME }}/coordinator/${{ inputs.coordinator-name }}${{ github.event.inputs.coordinator-name }} ${{ github.workspace }}/images/aws/enclave/userland/build/coordinator
      - name: Write ssh public key to file
        run: echo $SSH_PUB_KEY >> ${{ env.SSH_PUB_KEY_PATH }} && chmod 644 ${{ env.SSH_PUB_KEY_PATH }}
        env:
          SSH_PUB_KEY: ${{ secrets.SSH_PUB_KEY }}
          SSH_PUB_KEY_PATH: ~/authorized_keys
      - name: Build the eif file
        run: make -j$(nproc) SSH_DIR=~/ -C ${{ github.workspace }}/images/aws/enclave/
      - name: Upload eif file to AWS S3 Bucket
        id: upload
        run: aws s3 cp ${{ github.workspace }}/images/aws/enclave/userland/build/ s3://${{ secrets.BUCKET_NAME }}/eif/ --recursive --exclude "*" --include "*.eif" --quiet
--- a/.github/workflows/build-kernel.yml
+++ b/.github/workflows/build-kernel.yml
@ -1,36 +0,0 @@
 name: Build the Kernel
 on:
  push:
    branches:
      - main
    paths:
      - 'kernel/**'
  workflow_dispatch:
 jobs:
  compile-and-upload-kernel:
    name: "Compile and upload the Kernel"
    runs-on: ubuntu-latest
    steps:
      - name: Install build dependencies
        id: install
        run: sudo apt-get update && sudo apt-get install -y git build-essential fakeroot libncurses5-dev libssl-dev ccache bison flex libelf-dev dwarves
      - name: Checkout
        id: checkout
        uses: actions/checkout@v2
      - name: Compile using make
        id: compile
        run: make -C ${{ github.workspace }}/images/aws/kernel/
      - name: Install AWS CLI
        id: prepare
        run: sudo apt-get -y install awscli
      - name: Upload bzImage, init and nsm.ko to AWS S3 Bucket
        id: upload
        run: aws s3 cp ${{ github.workspace }}/images/aws/kernel/build/blobs/ s3://${{ secrets.BUCKET_NAME }}/blobs/ --recursive --quiet
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
--- a/.github/workflows/build-patched-gvisor-proxy.yml
+++ b/.github/workflows/build-patched-gvisor-proxy.yml
@ -1,47 +0,0 @@
 name: Patch gvisor-tap-vsock and Upload to S3
 on:
  workflow_dispatch:
    inputs:
      version:
        description: "gvisor version"
        required: true
        default: 0.3.0
 jobs:
  build:
    name: "Build"
    runs-on: ubuntu-latest
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
      working-directory: ec2
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v2
      - name: Prepare Download
        id: prepare
        run: sudo apt-get update && sudo apt-get -y install wget tar make
      - name: Download and unpack sources
        id: unpack
        run: wget -c https://github.com/containers/gvisor-tap-vsock/archive/refs/tags/v${{ github.event.inputs.version }}.tar.gz -O - | tar xz
        working-directory: ${{ github.workspace }}
      - name: Install go
        uses: actions/setup-go@v2
        with:
          go-version: go1.17.6
      - name: Patch source code
        run: patch --ignore-whitespace ${{ github.workspace }}/gvisor-tap-vsock-${{ github.event.inputs.version }}/pkg/services/forwarder/tcp.go < ${{ github.workspace }}/images/aws/ec2/patches/remove_link_local.patch
        working-directory: ${{ env.working-directory }}
      - name: Build gvisor
        id: build
        run: make -C ${{ github.workspace }}/gvisor-tap-vsock-${{ github.event.inputs.version }}/
      - name: Upload gvproxy
        id: upload_gvproxy
        run: aws s3 cp ${{ github.workspace }}/gvisor-tap-vsock-${{ github.event.inputs.version }}/bin/gvproxy s3://${{ secrets.BUCKET_NAME }}/gvproxy/gvproxy --quiet
--- a/.gitignore
+++ b/.gitignore
@ -25,16 +25,9 @@ util/pcr-reader/pcrs/
 # Debug and testing files
 debug/
-# Images
+# Image
-images/aws/kernel/build/*
+image/*.ign
-images/aws/kernel/sed*
+image/build/*
-images/aws/enclave/userland/build/*
+image/dependencies/coordinator
-images/aws/enclave/userland/dependencies/blobs/*
+image/images/*
-images/aws/enclave/userland/privatekey
+image/cosa.lock
 images/aws/enclave/userland/publickey
 images/aws/enclave/.build-*
 images/*.ign
 images/fcos/build/*
 images/fcos/dependencies/coordinator
 images/fcos/images/*
 images/fcos/cosa.lock
--- a/images/fcos/Makefile
+++ b/images/fcos/Makefile
--- a/images/fcos/assembler/README.md
+++ b/images/fcos/assembler/README.md
--- a/images/fcos/build/.gitkeep
+++ b/images/fcos/build/.gitkeep
--- a/images/fcos/dependencies/.gitkeep
+++ b/images/fcos/dependencies/.gitkeep
--- a/images/fcos/dm-verity/recalculate-dm-verity.sh
+++ b/images/fcos/dm-verity/recalculate-dm-verity.sh
--- a/images/fcos/docker.env
+++ b/images/fcos/docker.env
--- a/images/fcos/docs/README.md
+++ b/images/fcos/docs/README.md
--- a/images/fcos/docs/cloud-providers.md
+++ b/images/fcos/docs/cloud-providers.md
--- a/images/fcos/images/.gitkeep
+++ b/images/fcos/images/.gitkeep
--- a/images/fcos/podman.env
+++ b/images/fcos/podman.env
--- a/images/fcos/runner/README.md
+++ b/images/fcos/runner/README.md
--- a/images/fcos/runner/cloud-init.txt
+++ b/images/fcos/runner/cloud-init.txt
--- a/images/fcos/runner/google-cloud-function.py
+++ b/images/fcos/runner/google-cloud-function.py