constellation/.github/workflows/build-enclave.yml

name: Build and Upload the Enclave Image File
on:
  workflow_dispatch:
    inputs:
      coordinator-name:
        description: Coordinator name
        required: true
        type: string

  workflow_call:
    inputs:
      coordinator-name:
        required: true
        type: string

    secrets:
      CI_GITHUB_REPOSITORY:
        required: true
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true
      AWS_DEFAULT_REGION:
        required: true
      BUCKET_NAME:
        required: true
      PUBLIC_BUCKET_NAME:
        required: true
      SSH_PUB_KEY:
        required: true


jobs:
  build-enclave:
    name: "Build the Enclave"
    runs-on: ubuntu-latest
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v2
        with:
          submodules: recursive
          token: ${{ secrets.CI_GITHUB_REPOSITORY }}

      - name: Install AWS CLI
        id: prepare
        run: sudo apt-get update && sudo apt-get -y install awscli

      - name: Download bzImage, init and nsm.ko to AWS S3 Bucket
        id: download-artifacts
        run: aws s3 cp s3://${{ secrets.BUCKET_NAME }}/blobs/ ${{ github.workspace }}/images/aws/enclave/userland/dependencies/blobs/ --recursive

      - name: Download Coordinator
        id: download-coordinator
        run: aws s3 cp s3://${{ secrets.PUBLIC_BUCKET_NAME }}/coordinator/${{ inputs.coordinator-name }}${{ github.event.inputs.coordinator-name }} ${{ github.workspace }}/images/aws/enclave/userland/build/coordinator

      - name: Write ssh public key to file
        run: echo $SSH_PUB_KEY >> ${{ env.SSH_PUB_KEY_PATH }} && chmod 644 ${{ env.SSH_PUB_KEY_PATH }}
        env:
          SSH_PUB_KEY: ${{ secrets.SSH_PUB_KEY }}
          SSH_PUB_KEY_PATH: ~/authorized_keys

      - name: Build the eif file
        run: make -j$(nproc) SSH_DIR=~/ -C ${{ github.workspace }}/images/aws/enclave/

      - name: Upload eif file to AWS S3 Bucket
        id: upload
        run: aws s3 cp ${{ github.workspace }}/images/aws/enclave/userland/build/ s3://${{ secrets.BUCKET_NAME }}/eif/ --recursive --exclude "*" --include "*.eif" --quiet