name: Build and Upload the Enclave Image File on: workflow_dispatch: inputs: coordinator-name: description: Coordinator name required: true type: string workflow_call: inputs: coordinator-name: required: true type: string secrets: CI_GITHUB_REPOSITORY: required: true AWS_ACCESS_KEY_ID: required: true AWS_SECRET_ACCESS_KEY: required: true AWS_DEFAULT_REGION: required: true BUCKET_NAME: required: true PUBLIC_BUCKET_NAME: required: true SSH_PUB_KEY: required: true jobs: build-enclave: name: "Build the Enclave" runs-on: ubuntu-latest env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} steps: - name: Checkout id: checkout uses: actions/checkout@v2 with: submodules: recursive token: ${{ secrets.CI_GITHUB_REPOSITORY }} - name: Install AWS CLI id: prepare run: sudo apt-get update && sudo apt-get -y install awscli - name: Download bzImage, init and nsm.ko to AWS S3 Bucket id: download-artifacts run: aws s3 cp s3://${{ secrets.BUCKET_NAME }}/blobs/ ${{ github.workspace }}/images/aws/enclave/userland/dependencies/blobs/ --recursive - name: Download Coordinator id: download-coordinator run: aws s3 cp s3://${{ secrets.PUBLIC_BUCKET_NAME }}/coordinator/${{ inputs.coordinator-name }}${{ github.event.inputs.coordinator-name }} ${{ github.workspace }}/images/aws/enclave/userland/build/coordinator - name: Write ssh public key to file run: echo $SSH_PUB_KEY >> ${{ env.SSH_PUB_KEY_PATH }} && chmod 644 ${{ env.SSH_PUB_KEY_PATH }} env: SSH_PUB_KEY: ${{ secrets.SSH_PUB_KEY }} SSH_PUB_KEY_PATH: ~/authorized_keys - name: Build the eif file run: make -j$(nproc) SSH_DIR=~/ -C ${{ github.workspace }}/images/aws/enclave/ - name: Upload eif file to AWS S3 Bucket id: upload run: aws s3 cp ${{ github.workspace }}/images/aws/enclave/userland/build/ s3://${{ secrets.BUCKET_NAME }}/eif/ --recursive --exclude "*" --include "*.eif" --quiet