Create a workflow for generating Enclaver docker image
#23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Enclaver Docker Image | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| config_hash: | |
| type: string | |
| description: 'SHA256 hash for the config' | |
| required: false | |
| default: "2b65fec23d880a003ebde5dc037a4e03b82fd6cbfa6d183f17a08bd0ca232bb9" | |
| nitro_node_image: | |
| type: string | |
| description: 'Nitro node image to build in dockerfile' | |
| required: false | |
| default: ghcr.io/espressosystems/nitro-espresso-integration/nitro-node:v3.3.2-fcd633f | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout the repository | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| # Set up Docker Buildx | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Update sha256 hash of config | |
| - name: Update config hash in entrypoint | |
| run: | | |
| CONFIG_HASH="${{ github.event.inputs.config_hash }}" | |
| echo "Using hash: $CONFIG_HASH" | |
| sed -i 's/^EXPECTED_CONFIG_SHA256=.*$/EXPECTED_CONFIG_SHA256="'"$CONFIG_HASH"'"/' ./docker/aws-nitro-entrypoint.sh | |
| grep "EXPECTED_CONFIG_SHA256" ./docker/aws-nitro-entrypoint.sh | |
| # Update dockerfile | |
| - name: Update Nitro Node Image in Dockerfile | |
| run: | | |
| NITRO_IMAGE="${{ github.event.inputs.nitro_node_image }}" | |
| if [ -n "$NITRO_IMAGE" ]; then | |
| echo "Updating Dockerfile to use custom nitro-node image: $NITRO_IMAGE" | |
| sed -i 's|^FROM ghcr.io/espressosystems/nitro-espresso-integration/nitro-node:.*$|FROM '"$NITRO_IMAGE"'|' ./docker/Dockerfile.aws-nitro-poster | |
| grep "^FROM" ./docker/Dockerfile.aws-nitro-poster | |
| else | |
| echo "Using default nitro-node image" | |
| fi | |
| # Build Docker image | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./docker/Dockerfile.aws-nitro-poster | |
| push: false | |
| tags: nitro-image:latest | |
| load: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Run Docker container and execute Enclaver installation | |
| - name: Run Enclaver installation | |
| run: | | |
| echo "Downloading and installing Enclaver..." | |
| ARCH=$(uname -m) | |
| LATEST_RELEASE=$(curl -s https://api.github.com/repositories/516492075/releases/latest) | |
| DOWNLOAD_URL=$(echo "$LATEST_RELEASE" | jq -r ".assets[] | select(.name | test(\"^enclaver-linux-$ARCH.*tar.gz$\")) | .browser_download_url") | |
| if [ -z "$DOWNLOAD_URL" ]; then | |
| echo "Could not find Enclaver download URL" | |
| exit 1 | |
| fi | |
| curl -L "$DOWNLOAD_URL" -o enclaver.tar.gz | |
| tar xzf enclaver.tar.gz | |
| sudo install enclaver-*/enclaver /usr/local/bin/ | |
| rm -rf enclaver.tar.gz enclaver-* | |
| enclaver --version | |
| - name: Preprocess enclaver.yaml with branch name | |
| env: | |
| BRANCH_NAME: ${{ github.ref_name }} | |
| run: | | |
| # Use sed to replace a placeholder in enclaver.yaml with the branch name | |
| sed -i "s|{{BRANCH_NAME}}|$BRANCH_NAME|g" ./enclaver/enclaver.yaml | |
| # Run Enclaver build | |
| - name: Run Enclaver build | |
| run: | | |
| enclaver build --file ./enclaver/enclaver.yaml | |
| docker images |