constellation/.github/workflows/aws-snp-launchmeasurement.yml

name: AWS SNP Launch Measurement

on:
  schedule:
    # Run daily at 22:00.
    - cron: '0 22 * * *'
  workflow_dispatch:

jobs:
  run:
    runs-on: ubuntu-24.04
    steps:
    - name: Checkout repository
      uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
      with:
        ref: ${{ github.head_ref }}
        path: constellation

    - name: Install Nix
      uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31.8.1

    - name: Download Firmware release
      id: download-firmware
      uses: robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05 # v1.12
      with:
        repository: aws/uefi
        latest: true
        zipBall: true

    - name: Build UEFI firmware
      id: build-uefi
      shell: bash
      run: |
        # Unzip into a extra dir so that we can find "default.nix" and make sure we end up in the right directory.
        mkdir aws-uefi
        zipLocation=$(find . -name "uefi-*.zip")
        unzip -d aws-uefi "$zipLocation"
        buildfilePath="$(find aws-uefi -name 'default.nix')"
        pushd "$(dirname "$buildfilePath")" || exit 1

        nix-build --pure

        ovmfPath=$(realpath result/ovmf_img.fd)
        echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT"
        popd || exit 1

    - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
      with:
        repository: virtee/sev-snp-measure-go.git
        ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8
        path: sev-snp-measure-go


    - name: Generate API objects
      shell: bash
      run: |
        pushd sev-snp-measure-go/sevsnpmeasure || exit 1
        go build .

        ./sevsnpmeasure parse-metadata ${{ steps.build-uefi.outputs.ovmfPath }} -o metadata.json

        jq < metadata.json

        popd || exit 1