-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathaction.yaml
More file actions
129 lines (110 loc) · 6.18 KB
/
action.yaml
File metadata and controls
129 lines (110 loc) · 6.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Build AWS EIF
description: Builds the EIF for AWS private operators
inputs:
identity_scope:
description: The identity scope [uid2, euid]
required: true
artifacts_base_output_dir:
description: The base output directory for the AMI artifacts
required: true
amazonlinux_dockerfile:
description: The Docker file to use to build the EIF
default: amazonlinux.Dockerfile
makefile:
description: The make file to use
default: Makefile.eif
version_number_input:
description: If set, the version number will not be incremented and the given number will be used.
default: ''
commit_sha:
description: The commit SHA for committing the new version for pom.xml.
default: ''
outputs:
enclave_id:
description: The enclave id for this EIF.
value: ${{ steps.prepare_artifacts.outputs.enclave_id }}
runs:
using: "composite"
steps:
- name: Checkout full history at commit sha ${{ inputs.commit_sha }}
uses: actions/checkout@v4
with:
ref: ${{ inputs.commit_sha }}
# git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout.
fetch-depth: 0
- name: Restore timestamps
uses: thetradedesk/git-restore-mtime-action@v1.3
- name: Free up space - delete preinstalled tools
shell: bash
run: |
rm -rf /opt/hostedtoolcache
- name: Check disk usage
shell: bash
run: |
df -h
- name: Run amazonlinux Docker image
shell: bash
run: |
docker build -t amazonlinux -f ${{ inputs.amazonlinux_dockerfile }} .
docker run -d --privileged --name amazonlinux amazonlinux:latest
- name: Create build folder
id: buildFolder
shell: bash
run: |
BUILD_FOLDER="./build/${{ inputs.identity_scope }}"
mkdir -p $BUILD_FOLDER
echo "BUILD_FOLDER=$BUILD_FOLDER" >> $GITHUB_OUTPUT
- name: Get identity scope
shell: bash
run: |
echo "${{ inputs.identity_scope }}" | tr '[:lower:]' '[:upper:]' > ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/identity_scope.txt
cat ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/identity_scope.txt
- name: Get version number
shell: bash
run: |
echo ${{ inputs.version_number_input }} > ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt
cat ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt
- name: Build EIF
shell: bash
run: |
make -f ${{ inputs.makefile }} ${{ inputs.identity_scope }}operator.eif
- name: Free up space
shell: bash
run: |
echo y | docker system prune -a
- name: Prepare artifacts
id: prepare_artifacts
shell: bash
run: |
ARTIFACTS_OUTPUT_DIR="${{ inputs.artifacts_base_output_dir }}"
mkdir -p ${ARTIFACTS_OUTPUT_DIR}
cp ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/identity_scope.txt ${ARTIFACTS_OUTPUT_DIR}/
cp ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/version_number.txt ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/ec2.py ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/confidential_compute.py ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/requirements.txt ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/proxies.host.yaml ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/sockd.conf ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/uid2operator.service ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/pipeline/$(cat ${{ steps.buildFolder.outputs.BUILD_FOLDER }}/identity_scope.txt)_VERSION ${ARTIFACTS_OUTPUT_DIR}/VERSION
cp ./scripts/aws/syslog-ng/syslog-ng-server.conf ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/syslog-ng/server_al_2023/ivykis-0.43-1.amzn2023.x86_64.rpm ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/syslog-ng/server_al_2023/libnet-1.2-2.amzn2023.0.2.x86_64.rpm ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/syslog-ng/server_al_2023/pubkey.gpg ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/syslog-ng/server_al_2023/syslog-ng-4.7.1.104.gcc5a7d9-1.amzn2023.x86_64.rpm ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/syslog-ng/server_al_2023/syslog-ng-logrotate-4.7.1.104.gcc5a7d9-1.amzn2023.x86_64.rpm ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/logrotate/operator-logrotate.conf ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/logrotate/logrotate ${ARTIFACTS_OUTPUT_DIR}/
cp ./scripts/aws/logrotate/logrotateDaily ${ARTIFACTS_OUTPUT_DIR}/
cp -r ./scripts/aws/config-server ${ARTIFACTS_OUTPUT_DIR}/
docker cp amazonlinux:/sockd ${ARTIFACTS_OUTPUT_DIR}/
docker cp amazonlinux:/vsockpx ${ARTIFACTS_OUTPUT_DIR}/
docker cp amazonlinux:/${{ inputs.identity_scope }}operator.eif ${ARTIFACTS_OUTPUT_DIR}/uid2operator.eif
docker cp amazonlinux:/pcr0.txt ${{ steps.buildFolder.outputs.BUILD_FOLDER }}
docker cp amazonlinux:/pcr0.txt ${ARTIFACTS_OUTPUT_DIR}/
echo "enclave_id=$(cat ${{ steps.buildFolder.outputs.BUILD_FOLDER}}/pcr0.txt)" >> $GITHUB_OUTPUT
- name: Cleanup
shell: bash
run: |
docker rm -vf $(docker ps -a -q)
docker rmi -f $(docker images -aq)