github readme #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Enclave | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
jobs: | |
build-enclave: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Log in to Docker Hub | |
run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin | |
- name: Verify required files are present | |
run: | | |
if [[ ! -f Dockerfile || ! -f setup.sh || ! -f supervisord.conf ]]; then | |
echo "Required files (Dockerfile, setup.sh, supervisord.conf) are missing!" | |
exit 1 | |
fi | |
- name: Move files to folder structure | |
run: | | |
# Ensure setup directory exists | |
mkdir -p setup | |
# Move files into setup/ directory if not already there | |
mv Dockerfile setup/ || echo "Dockerfile already in setup/" | |
mv setup.sh setup/ || echo "setup.sh already in setup/" | |
mv supervisord.conf setup/ || echo "supervisord.conf already in setup/" | |
# Check and add outer Dockerfile and entrypoint.sh if not present | |
if [ ! -f Dockerfile ]; then | |
echo "Creating outer Dockerfile" | |
cat <<EOF > Dockerfile | |
# base image | |
FROM marlinorg/nitro-cli | |
# working directory | |
WORKDIR /app/setup | |
# add files | |
COPY entrypoint.sh ./ | |
RUN chmod +x entrypoint.sh | |
# entry point | |
ENTRYPOINT [ "/app/setup/entrypoint.sh" ] | |
EOF | |
fi | |
# Create entrypoint.sh if not present | |
if [ ! -f entrypoint.sh ]; then | |
echo "Creating entrypoint.sh" | |
cat <<EOF > entrypoint.sh | |
#!/bin/sh | |
dockerd & | |
sleep 10 | |
# Determine architecture | |
ARCH=\$(uname -m) | |
if [ "\$ARCH" = "aarch64" ]; then | |
PLATFORM=linux/arm64 | |
else | |
PLATFORM=linux/amd64 | |
fi | |
docker buildx create --name multiplatformEnclave --driver docker-container --bootstrap | |
docker buildx use multiplatformEnclave | |
cd /app/mount/setup | |
docker buildx build --platform \$PLATFORM -t enclave:latest --load . | |
mkdir -p /app/mount/enclave | |
mkdir -p /var/log/nitro_enclaves | |
touch /var/log/nitro_enclaves/nitro_enclaves.log | |
nitro-cli build-enclave --docker-uri enclave:latest --output-file /app/mount/enclave/enclave.eif | |
EOF | |
chmod +x entrypoint.sh | |
fi | |
- name: Commit and push entrypoint.sh if created | |
run: | | |
git config --global user.name "github-actions[bot]" | |
git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
git add entrypoint.sh | |
git commit -m "Add entrypoint.sh generated by GitHub Actions" || echo "No changes to commit" | |
git push | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and Run Enclave | |
run: | | |
docker build -t enclave . | |
docker run --privileged -v $(pwd):/app/mount enclave | |
- name: Verify enclave.eif file | |
id: verify_eif | |
run: | | |
echo "Searching for enclave.eif file..." | |
EIF_PATH=$(find / -name "enclave.eif" 2>/dev/null | head -n 1) | |
if [ -z "$EIF_PATH" ]; then | |
echo "Error: enclave.eif file not found!" | |
exit 1 | |
fi | |
echo "File found at $EIF_PATH" | |
echo "EIF_PATH=$EIF_PATH" >> $GITHUB_ENV | |
- name: Initialize Git LFS | |
run: | | |
git lfs install | |
git lfs track "enclave/enclave.eif" | |
git add .gitattributes | |
git commit -m "Track enclave.eif with Git LFS" || echo "No changes to commit" | |
- name: Commit and push enclave.eif | |
run: | | |
cd $GITHUB_WORKSPACE # Move to the root directory of the repository | |
mkdir -p enclave | |
# Only copy if the file does not already exist in the target path | |
if [ ! -f enclave/enclave.eif ]; then | |
cp "$EIF_PATH" enclave/enclave.eif | |
else | |
echo "enclave.eif already exists in the destination path, skipping copy." | |
fi | |
git add enclave/enclave.eif | |
git commit -m "Add generated enclave.eif file" || echo "No changes to commit" | |
git push | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |