constellation/.github/workflows/aws-snp-launchmeasurement.yml

name: AWS SNP Launch Measurement

on:
  schedule:
    # Run daily at 22:00.
    - cron: '0 22 * * *'
  workflow_dispatch:

jobs:
  run:
    runs-on: ubuntu-22.04
    steps:
    - name: Checkout repository
      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      with:
        ref: ${{ github.head_ref }}
    - name: Install necessary tools
      run: |
        sudo apt-get update
        sudo apt-get install -y python3 python3-pip
        sudo python3 -m pip install --user --require-hashes -r .github/workflows/aws-snp-launchmeasurements-requirements.txt

    - name: Install Nix
      uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # v22

    - name: Download Firmware release
      id: download-firmware
      uses: robinraju/release-downloader@efa4cd07bd0195e6cc65e9e30c251b49ce4d3e51 # tag=v1.8
      with:
        repository: aws/uefi
        latest: true
        zipBall: true

    - name: Build UEFI firmware
      id: build-uefi
      shell: bash
      run: |
        # Unzip into a extra dir so that we can find "default.nix" and make sure we end up in the right directory.
        mkdir aws-uefi
        zipLocation=$(find . -name "uefi-*.zip")
        unzip -d aws-uefi "$zipLocation"
        buildfilePath="$(find aws-uefi -name 'default.nix')"
        pushd "$(dirname "$buildfilePath")" || exit 1

        nix-build --pure

        ovmfPath=$(realpath result/ovmf_img.fd)
        echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT"

    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # tag=v3.5.2
      with:
        repository: edgelesssys/sev-snp-measure-go.git
        ref: main
        path: sev-snp-measure-go


    - name: Generate API objects
      shell: bash
      run: |
        pushd sev-snp-measure-go/sevsnpmeasure || exit 1
        go build .

        ./sevsnpmeasure parse-metadata ${{ steps.build-uefi.outputs.ovmfPath }} -o metadata.json

        jq < metadata.json