name: AWS SNP Launch Measurement on: schedule: # Run daily at 22:00. - cron: '0 22 * * *' workflow_dispatch: jobs: run: runs-on: ubuntu-22.04 steps: - name: Checkout repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ github.head_ref }} path: constellation - name: Install necessary tools run: | sudo apt-get update sudo apt-get install -y python3 python3-pip sudo python3 -m pip install --user --require-hashes -r constellation/.github/workflows/aws-snp-launchmeasurements-requirements.txt - name: Install Nix uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 - name: Download Firmware release id: download-firmware uses: robinraju/release-downloader@a96f54c1b5f5e09e47d9504526e96febd949d4c2 # v1.11 with: repository: aws/uefi latest: true zipBall: true - name: Build UEFI firmware id: build-uefi shell: bash run: | # Unzip into a extra dir so that we can find "default.nix" and make sure we end up in the right directory. mkdir aws-uefi zipLocation=$(find . -name "uefi-*.zip") unzip -d aws-uefi "$zipLocation" buildfilePath="$(find aws-uefi -name 'default.nix')" pushd "$(dirname "$buildfilePath")" || exit 1 nix-build --pure ovmfPath=$(realpath result/ovmf_img.fd) echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT" popd || exit 1 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: repository: virtee/sev-snp-measure-go.git ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8 path: sev-snp-measure-go - name: Generate API objects shell: bash run: | pushd sev-snp-measure-go/sevsnpmeasure || exit 1 go build . ./sevsnpmeasure parse-metadata ${{ steps.build-uefi.outputs.ovmfPath }} -o metadata.json jq < metadata.json popd || exit 1