-
Notifications
You must be signed in to change notification settings - Fork 0
138 lines (113 loc) · 4.32 KB
/
build-enclave.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Build Enclave
on:
workflow_dispatch:
inputs:
test_environment:
description: 'Select environment for testing'
required: true
default: 'staging'
jobs:
build-enclave:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Verify required files are present
run: |
if [[ ! -f Dockerfile || ! -f setup.sh || ! -f supervisord.conf ]]; then
echo "Required files (Dockerfile, setup.sh, supervisord.conf) are missing!"
exit 1
fi
- name: Move files to folder structure
run: |
# Ensure setup directory exists
mkdir -p setup
# Move files into setup/ directory if not already there
mv Dockerfile setup/ || echo "Dockerfile already in setup/"
mv setup.sh setup/ || echo "setup.sh already in setup/"
mv supervisord.conf setup/ || echo "supervisord.conf already in setup/"
# Check and add outer Dockerfile and entrypoint.sh if not present
if [ ! -f Dockerfile ]; then
echo "Creating outer Dockerfile"
cat <<EOF > Dockerfile
# base image
FROM marlinorg/nitro-cli
# working directory
WORKDIR /app/setup
# add files
COPY entrypoint.sh ./
RUN chmod +x entrypoint.sh
# entry point
ENTRYPOINT [ "/app/setup/entrypoint.sh" ]
EOF
fi
# Create entrypoint.sh if not present
if [ ! -f entrypoint.sh ]; then
echo "Creating entrypoint.sh"
cat <<EOF > entrypoint.sh
#!/bin/sh
dockerd &
sleep 10
# Determine architecture
ARCH=\$(uname -m)
if [ "\$ARCH" = "aarch64" ]; then
PLATFORM=linux/arm64
else
PLATFORM=linux/amd64
fi
docker buildx create --name multiplatformEnclave --driver docker-container --bootstrap
docker buildx use multiplatformEnclave
cd /app/mount/setup
docker buildx build --platform \$PLATFORM -t enclave:latest --load .
mkdir -p /app/mount/enclave
mkdir -p /var/log/nitro_enclaves
touch /var/log/nitro_enclaves/nitro_enclaves.log
nitro-cli build-enclave --docker-uri enclave:latest --output-file /app/mount/enclave/enclave.eif
EOF
chmod +x entrypoint.sh
fi
- name: Build and Run Enclave
run: |
docker build -t enclave .
docker run --privileged -v $(pwd):/app/mount enclave
- name: Verify enclave.eif file
id: verify_eif
run: |
echo "Searching for enclave.eif file..."
EIF_PATH=$(find / -name "enclave.eif" 2>/dev/null | head -n 1)
if [ -z "$EIF_PATH" ]; then
echo "Error: enclave.eif file not found!"
exit 1
fi
echo "File found at $EIF_PATH"
echo "EIF_PATH=$EIF_PATH" >> $GITHUB_ENV
- name: Initialize Git LFS
run: |
git lfs install
git lfs track "enclave/enclave.eif"
git add .gitattributes
git commit -m "Track enclave.eif with Git LFS" || echo "No changes to commit"
- name: Commit and push enclave.eif
run: |
cd $GITHUB_WORKSPACE # Move to the root directory of the repository
mkdir -p enclave
# Remove existing enclave.eif if present, then copy the new file
if [ -f enclave/enclave.eif ]; then
echo "Replacing existing enclave.eif with new generated file."
rm enclave/enclave.eif
fi
cp "$EIF_PATH" enclave/enclave.eif
# Add, commit, and push changes
git add enclave/enclave.eif
git commit -m "Update generated enclave.eif file" || echo "No changes to commit"
git push
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Print Download URL
if: success()
run: |
REPO_URL="https://github.com/${{ github.repository }}"
BRANCH="${{ github.ref_name }}"
FILE_PATH="enclave/enclave.eif"
DOWNLOAD_URL="$REPO_URL/raw/$BRANCH/$FILE_PATH"
echo "The enclave.eif file can be downloaded from: $DOWNLOAD_URL"