Merge pull request #1563 from IABTechLab/mkc-UID2-4765-aks-workflow-4

Add Azure AKS workflow

Author: mcollins-ttd

.github/actions/build_ami/action.yaml

@@ -59,7 +59,7 @@ runs:
       uses: actions/checkout@v4
 
     - name: Get EIF for Release ${{ inputs.operator_release }}
-      uses: IABTechLab/uid2-operator/.github/actions/download_release_artifact@main
+      uses: ./.github/actions/download_release_artifact
       if: ${{ inputs.operator_release != '' }}
       with:
         github_token: ${{ inputs.github_token }}

.github/actions/build_eks_docker_image/action.yaml

@@ -47,7 +47,7 @@ runs:
         mkdir ${{ inputs.artifacts_output_dir }} -p
 
     - name: Get EIF for Release ${{ inputs.operator_release }}
-      uses: IABTechLab/uid2-operator/.github/actions/download_release_artifact@main
+      uses: ./.github/actions/download_release_artifact
       if: ${{ inputs.operator_release != '' }}
       with:
         github_token: ${{ inputs.github_token }}

.github/actions/install_az_cli/action.yaml

@@ -0,0 +1,36 @@
+name: 'Install Azure CLI'
+description: 'Install Azure CLI'
+runs:
+  using: 'composite'
+  steps:
+    - name: uninstall azure-cli
+      shell: bash
+      run: |
+        sudo apt-get remove -y azure-cli
+
+    - name: install azure-cli 2.61.0
+      shell: bash
+      run: |
+        sudo apt-get update
+        sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release
+        sudo mkdir -p /etc/apt/keyrings
+        curl -sLS https://packages.microsoft.com/keys/microsoft.asc |
+          gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null
+        sudo chmod go+r /etc/apt/keyrings/microsoft.gpg
+        AZ_DIST=$(lsb_release -cs)
+        echo "Types: deb
+        URIs: https://packages.microsoft.com/repos/azure-cli/
+        Suites: ${AZ_DIST}
+        Components: main
+        Architectures: $(dpkg --print-architecture)
+        Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources
+        sudo apt-get update
+        sudo apt-get install azure-cli
+
+        apt-cache policy azure-cli
+        # Obtain the currently installed distribution
+        AZ_DIST=$(lsb_release -cs)
+        # Store an Azure CLI version of choice
+        AZ_VER=2.61.0
+        # Install a specific version
+        sudo apt-get install azure-cli=${AZ_VER}-1~${AZ_DIST} --allow-downgrades

.github/workflows/build-uid2-ami.yaml

@@ -42,7 +42,7 @@ jobs:
 
       - name: Build UID2 Operator AMI
         id: buildAMI
-        uses: IABTechLab/uid2-operator/.github/actions/build_ami@main
+        uses: ./.github/actions/build_ami
         with:
           identity_scope: uid2
           eif_repo_owner: ${{ env.REPO_OWNER }}
@@ -92,7 +92,7 @@ jobs:
 
         - name: Build EUID Operator AMI
           id: buildAMI
-          uses: IABTechLab/uid2-operator/.github/actions/build_ami@main
+          uses: ./.github/actions/build_ami
           with:
             identity_scope: euid
             eif_repo_owner: ${{ env.REPO_OWNER }}

.github/workflows/publish-all-operators.yaml

@@ -169,12 +169,18 @@ jobs:
           pattern: gcp-oidc-enclave-ids-*
           path: ./manifests/gcp_oidc_operator
 
-      - name: Download Azure manifest
+      - name: Download Azure CC manifest
         uses: actions/download-artifact@v4
         with:
           pattern: azure-cc-enclave-id-*
           path: ./manifests/azure_cc_operator
 
+      - name: Download Azure AKS manifest
+        uses: actions/download-artifact@v4
+        with:
+          pattern: azure-aks-enclave-id-*
+          path: ./manifests/azure_aks_operator
+
       - name: Download EIF manifest
         uses: actions/download-artifact@v4
         with:
@@ -217,6 +223,7 @@ jobs:
           (cd ./deployment/aws-euid-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../aws-euid-deployment-files-${{ needs.start.outputs.new_version }}.zip . )
           (cd ./deployment/aws-uid2-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../aws-uid2-deployment-files-${{ needs.start.outputs.new_version }}.zip . )
           (cd ./deployment/azure-cc-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../azure-cc-deployment-files-${{ needs.start.outputs.new_version }}.zip . )
+          (cd ./deployment/azure-aks-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../azure-aks-deployment-files-${{ needs.start.outputs.new_version }}.zip . )
           (cd ./deployment/gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }}.zip . )
           (cd manifests && zip -r ../uid2-operator-release-manifests-${{ needs.start.outputs.new_version }}.zip .)
 
@@ -230,6 +237,7 @@ jobs:
               ./aws-euid-deployment-files-${{ needs.start.outputs.new_version }}.zip
               ./aws-uid2-deployment-files-${{ needs.start.outputs.new_version }}.zip
               ./azure-cc-deployment-files-${{ needs.start.outputs.new_version }}.zip
+              ./azure-aks-deployment-files-${{ needs.start.outputs.new_version }}.zip
               ./gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }}.zip
               ./uid2-operator-release-manifests-${{ needs.start.outputs.new_version }}.zip
   notifyFailure:

.github/workflows/publish-aws-eks-nitro-enclave-docker.yaml

@@ -36,9 +36,12 @@ jobs:
       security-events: write
       packages: write
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Build Docker Image for EKS Pod
         id: build_docker_image_uid
-        uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@main
+        uses: ./.github/actions/build_eks_docker_image
         with:
           identity_scope: uid2
           artifacts_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/uid2
@@ -61,9 +64,12 @@ jobs:
       security-events: write
       packages: write
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Build Docker Image for EKS Pod
         id: build_docker_image_euid
-        uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@main
+        uses: ./.github/actions/build_eks_docker_image
         with:
           identity_scope: euid
           artifacts_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid

.github/workflows/publish-aws-nitro-eif.yaml

@@ -48,9 +48,12 @@ jobs:
         env: 
           GITHUB_CONTEXT: ${{ toJson(github) }}
 
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Update Operator Version
         id: update_version
-        uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@main
+        uses: ./.github/actions/update_operator_version
         with:
           release_type: ${{ inputs.release_type }}
           version_number_input: ${{ inputs.version_number_input }}
@@ -68,9 +71,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: start
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Build UID2 AWS EIF
         id: build_uid2_eif
-        uses: IABTechLab/uid2-operator/.github/actions/build_aws_eif@main
+        uses: ./.github/actions/build_aws_eif
         with:
           identity_scope: uid2
           artifacts_base_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/uid2
@@ -104,9 +110,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: start
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Build EUID AWS EIF
         id: build_euid_eif
-        uses: IABTechLab/uid2-operator/.github/actions/build_aws_eif@main
+        uses: ./.github/actions/build_aws_eif
         with:
           identity_scope: euid
           artifacts_base_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid

.github/workflows/publish-azure-cc-enclave-docker.yaml

@@ -69,10 +69,16 @@ jobs:
     outputs:
       jar_version: ${{ steps.update_version.outputs.new_version }}
       image_tag: ${{ steps.update_version.outputs.image_tag }}
+      is_release: ${{ steps.update_version.outputs.is_release }}
+      docker_version: ${{ steps.meta.outputs.version }}
+      tags: ${{ steps.meta.outputs.tags }}
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Update Operator Version
         id: update_version
-        uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@main
+        uses: ./.github/actions/update_operator_version
         with:
           release_type: ${{ inputs.release_type }}
           version_number_input: ${{ inputs.version_number_input }}
@@ -159,97 +165,98 @@ jobs:
             JAR_VERSION=${{ steps.update_version.outputs.new_version }}
             IMAGE_VERSION=${{ steps.update_version.outputs.new_version }}
 
-      - name: uninstall azure-cli 
-        run: |
-          sudo apt-get remove -y azure-cli
-      
-      - name: install azure-cli 2.61.0
-        run: |
-          sudo apt-get update
-          sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release
-          sudo mkdir -p /etc/apt/keyrings
-          curl -sLS https://packages.microsoft.com/keys/microsoft.asc |
-            gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null
-          sudo chmod go+r /etc/apt/keyrings/microsoft.gpg
-          AZ_DIST=$(lsb_release -cs)
-          echo "Types: deb
-          URIs: https://packages.microsoft.com/repos/azure-cli/
-          Suites: ${AZ_DIST}
-          Components: main
-          Architectures: $(dpkg --print-architecture)
-          Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources
-          sudo apt-get update
-          sudo apt-get install azure-cli
-
-          apt-cache policy azure-cli
-          # Obtain the currently installed distribution
-          AZ_DIST=$(lsb_release -cs)
-          # Store an Azure CLI version of choice
-          AZ_VER=2.61.0
-          # Install a specific version
-          sudo apt-get install azure-cli=${AZ_VER}-1~${AZ_DIST} --allow-downgrades
+  azureCc:
+    name: Create Azure CC artifacts
+    runs-on: ubuntu-latest
+    permissions: {}
+    needs: buildImage
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Azure CLI
+        uses: ./.github/actions/install_az_cli
 
       - name: check azure-cli version
         run: |
           az --version
 
       - name: Generate Azure deployment artifacts
         env:
-          IMAGE: ${{ steps.meta.outputs.tags }}
+          IMAGE: ${{ needs.buildImage.outputs.tags }}
           OUTPUT_DIR: ${{ env.ARTIFACTS_OUTPUT_DIR }}
           MANIFEST_DIR: ${{ env.MANIFEST_OUTPUT_DIR }}
-          VERSION_NUMBER: ${{ steps.update_version.outputs.new_version }}
+          VERSION_NUMBER: ${{ needs.buildImage.outputs.jar_version }}
         run: |
           bash ./scripts/azure-cc/deployment/generate-deployment-artifacts.sh
 
       - name: Upload deployment artifacts
         uses: actions/upload-artifact@v4
         with:
-          name: azure-cc-deployment-files-${{ steps.update_version.outputs.new_version }}
+          name: azure-cc-deployment-files-${{ needs.buildImage.outputs.jar_version }}
           path: ${{ env.ARTIFACTS_OUTPUT_DIR }}
           if-no-files-found: error
 
       - name: Upload manifest
         uses: actions/upload-artifact@v4
         with:
-          name: azure-cc-enclave-id-${{ steps.update_version.outputs.new_version }}
+          name: azure-cc-enclave-id-${{ needs.buildImage.outputs.jar_version }}
           path: ${{ env.MANIFEST_OUTPUT_DIR }}
           if-no-files-found: error
 
-      - name: Generate release archive
-        if: ${{ inputs.version_number_input == '' && steps.update_version.outputs.is_release == 'true' }}
+  e2eAzureCc:
+    name: E2E Azure CC
+    uses: ./.github/workflows/run-e2e-tests-on-operator.yaml
+    needs: [buildImage, azureCc]
+    with:
+      operator_type: azure
+      operator_image_version: ${{ needs.buildImage.outputs.image_tag }}
+    secrets: inherit
+
+  azureAks:
+    name: Create Azure AKS artifacts
+    runs-on: ubuntu-latest
+    permissions: {}
+    needs: buildImage
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Azure CLI
+        uses: ./.github/actions/install_az_cli
+
+      - name: check azure-cli version
+        run: |
+          az --version
+
+      - name: Generate Azure deployment artifacts
+        env:
+          IMAGE: ${{ needs.buildImage.outputs.tags }}
+          OUTPUT_DIR: ${{ env.ARTIFACTS_OUTPUT_DIR }}
+          MANIFEST_DIR: ${{ env.MANIFEST_OUTPUT_DIR }}
+          VERSION_NUMBER: ${{ needs.buildImage.outputs.jar_version }}
         run: |
-          zip -j ${{ env.ARTIFACTS_OUTPUT_DIR }}/uid2-operator-deployment-artifacts-${{ steps.meta.outputs.version }}.zip ${{ env.ARTIFACTS_OUTPUT_DIR }}/*
+          bash ./scripts/azure-aks/deployment/generate-deployment-artifacts.sh
 
-      - name: Build changelog
-        id: github_release
-        if: ${{ inputs.version_number_input == '' && steps.update_version.outputs.is_release == 'true' }}
-        uses: mikepenz/release-changelog-builder-action@v4
+      - name: Upload deployment artifacts
+        uses: actions/upload-artifact@v4
         with:
-          configurationJson: |
-            {
-              "template": "#{{CHANGELOG}}\n## Installation\n```\ndocker pull ${{ steps.meta.outputs.tags }}\n```\n\n## Image reference to deploy: \n```\n${{ steps.update_version.outputs.image_tag }}\n```\n\n## Changelog\n#{{UNCATEGORIZED}}",
-              "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )"
-            }
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          name: azure-aks-deployment-files-${{ needs.buildImage.outputs.jar_version }}
+          path: ${{ env.ARTIFACTS_OUTPUT_DIR }}
+          if-no-files-found: error
 
-      - name: Create release
-        if: ${{ inputs.version_number_input == '' && steps.update_version.outputs.is_release == 'true' }}
-        uses: softprops/action-gh-release@v2
+      - name: Upload manifest
+        uses: actions/upload-artifact@v4
         with:
-          name: ${{ steps.update_version.outputs.new_version }}
-          body: ${{ steps.github_release.outputs.changelog }}
-          draft: true
-          files: |
-            ${{ env.ARTIFACTS_OUTPUT_DIR }}/uid2-operator-deployment-artifacts-${{ steps.update_version.outputs.new_version }}.zip
-            ${{ env.MANIFEST_OUTPUT_DIR }}/azure-cc-operator-digest-${{ steps.update_version.outputs.new_version }}.txt
-
-  e2e:
-    name: E2E
+          name: azure-aks-enclave-id-${{ needs.buildImage.outputs.jar_version }}
+          path: ${{ env.MANIFEST_OUTPUT_DIR }}
+          if-no-files-found: error
+
+  e2eAzureAks:
+    name: E2E Azure AKS
     uses: ./.github/workflows/run-e2e-tests-on-operator.yaml
-    needs: buildImage
+    needs: [buildImage, azureAks]
     with:
-      operator_type: azure
+      operator_type: aks
       operator_image_version: ${{ needs.buildImage.outputs.image_tag }}
     secrets: inherit

.github/workflows/publish-gcp-oidc-enclave-docker.yaml

@@ -71,9 +71,12 @@ jobs:
       jar_version: ${{ steps.update_version.outputs.new_version }}
       image_tag: ${{ steps.update_version.outputs.image_tag }}
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Update Operator Version
         id: update_version
-        uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@main
+        uses: ./.github/actions/update_operator_version
         with:
           release_type: ${{ inputs.release_type }}
           version_number_input: ${{ inputs.version_number_input }}