Skip to content
Build Enclave

Build Enclave #37

Sign in to view logs

Build Enclave

Build Enclave #37

Workflow file for this run

.github/workflows/build-enclave.yml at c7d0b89
name: Build Enclave
on:
workflow_dispatch:
inputs:
test_environment:
description: 'Select environment for testing'
required: true
default: 'staging'
jobs:
build-enclave:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Verify required files are present
run: |
if [[ ! -f Dockerfile || ! -f setup.sh || ! -f supervisord.conf ]]; then
echo "Required files (Dockerfile, setup.sh, supervisord.conf) are missing!"
exit 1
fi
- name: Move files to folder structure
run: |
# Ensure setup directory exists
mkdir -p setup
# Move files into setup/ directory if not already there
mv Dockerfile setup/ || echo "Dockerfile already in setup/"
mv setup.sh setup/ || echo "setup.sh already in setup/"
mv supervisord.conf setup/ || echo "supervisord.conf already in setup/"
# Check and add outer Dockerfile and entrypoint.sh if not present
if [ ! -f Dockerfile ]; then
echo "Creating outer Dockerfile"
cat <<EOF > Dockerfile
# base image
FROM marlinorg/nitro-cli
# working directory
WORKDIR /app/setup
# add files
COPY entrypoint.sh ./
RUN chmod +x entrypoint.sh
# entry point
ENTRYPOINT [ "/app/setup/entrypoint.sh" ]
EOF
fi
# Create entrypoint.sh if not present
if [ ! -f entrypoint.sh ]; then
echo "Creating entrypoint.sh"
cat <<EOF > entrypoint.sh
#!/bin/sh
dockerd &
sleep 10
# Determine architecture
ARCH=\$(uname -m)
if [ "\$ARCH" = "aarch64" ]; then
PLATFORM=linux/arm64
else
PLATFORM=linux/amd64
fi
docker buildx create --name multiplatformEnclave --driver docker-container --bootstrap
docker buildx use multiplatformEnclave
cd /app/mount/setup
docker buildx build --platform \$PLATFORM -t enclave:latest --load .
mkdir -p /app/mount/enclave
mkdir -p /var/log/nitro_enclaves
touch /var/log/nitro_enclaves/nitro_enclaves.log
nitro-cli build-enclave --docker-uri enclave:latest --output-file /app/mount/enclave/enclave.eif
EOF
chmod +x entrypoint.sh
fi
- name: Build and Run Enclave
run: |
docker build -t enclave .
docker run --privileged -v $(pwd):/app/mount enclave
- name: Verify enclave.eif file
id: verify_eif
run: |
echo "Searching for enclave.eif file..."
EIF_PATH=$(find / -name "enclave.eif" 2>/dev/null | head -n 1)
if [ -z "$EIF_PATH" ]; then
echo "Error: enclave.eif file not found!"
exit 1
fi
echo "File found at $EIF_PATH"
echo "EIF_PATH=$EIF_PATH" >> $GITHUB_ENV
- name: Initialize Git LFS
run: |
git lfs install
git lfs track "enclave/enclave.eif"
git add .gitattributes
git commit -m "Track enclave.eif with Git LFS" || echo "No changes to commit"
- name: Commit and push enclave.eif
run: |
cd $GITHUB_WORKSPACE # Move to the root directory of the repository
mkdir -p enclave
# Only copy if the file does not already exist in the target path
if [ ! -f enclave/enclave.eif ]; then
cp "$EIF_PATH" enclave/enclave.eif
else
echo "enclave.eif already exists in the destination path, skipping copy."
fi
git add enclave/enclave.eif
git commit -m "Add generated enclave.eif file" || echo "No changes to commit"
git push
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Print Download URL
if: success()
run: |
REPO_URL="https://github.com/${{ github.repository }}"
BRANCH="${{ github.ref_name }}"
FILE_PATH="enclave/enclave.eif"
DOWNLOAD_URL="$REPO_URL/raw/$BRANCH/$FILE_PATH"
echo "The enclave.eif file can be downloaded from: $DOWNLOAD_URL"