Skip to content

Merge pull request #438 from mkulke/mkulke/fix-kbs-e2e-test-binaries-… #3

Merge pull request #438 from mkulke/mkulke/fix-kbs-e2e-test-binaries-…

Merge pull request #438 from mkulke/mkulke/fix-kbs-e2e-test-binaries-… #3

name: Build and Push CoCoAS / RVPS Image
on:
push:
branches:
- main
jobs:
build_and_push:
permissions:
packages: write
strategy:
fail-fast: false
matrix:
instance:
- ubuntu-latest
- s390x
tag:
- coco-as-grpc
- coco-as-restful
- rvps
include:
- docker_file: attestation-service/Dockerfile.as-grpc
tag: coco-as-grpc
name: gRPC CoCo-AS
- docker_file: attestation-service/Dockerfile.as-restful
tag: coco-as-restful
name: RESTful CoCo-AS
- docker_file: rvps/Dockerfile
tag: rvps
name: RVPS
runs-on: ${{ matrix.instance }}
steps:
- name: Take a pre-action for self-hosted runner
run: |
# NOTE: Use file checking instead triggering a step based on a runner type
# to avoid updating the step for each new self-hosted runner.
if [ -f "${HOME}/script/pre_action.sh" ]; then
"${HOME}/script/pre_action.sh" cc-trustee
fi
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build ${{ matrix.name }} Container Image
run: |
commit_sha=${{ github.sha }}
arch=$(uname -m)
DOCKER_BUILDKIT=1 docker build -f "${{ matrix.docker_file }}" --push --build-arg ARCH="${arch}" \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${arch}" \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${arch}" .
- name: Take a post-action for self-hosted runner
if: always()
run: |
# Please check out the note in the pre-action step for the reason of using file checking
if [ -f "${HOME}/script/post_action.sh" ]; then
"${HOME}/script/post_action.sh" cc-trustee
fi
publish_multi_arch_image:
needs: build_and_push
permissions:
packages: write
strategy:
fail-fast: false
matrix:
tag:
- coco-as-grpc
- coco-as-restful
- rvps
include:
- tag: coco-as-grpc
name: gRPC CoCo-AS
- tag: coco-as-restful
name: RESTful CoCo-AS
- tag: rvps
name: RVPS
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish Multi-arch Image for ${{ matrix.name }}
run: |
commit_sha=${{ github.sha }}
docker manifest create "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-s390x" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-x86_64"
docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}"
docker manifest create "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-s390x" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-x86_64"
docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest"