add workflow for as to support cross compiling

Signed-off-by: Lei Li <[email protected]>
confidential-containers · Jun 3, 2024 · 2624604 · 2624604
1 parent ef5b640
commit 2624604
Show file tree

Hide file tree

Showing 2 changed files with 101 additions and 1 deletion.
diff --git a/.github/workflows/as-build-and-push-cross-compilation.yaml b/.github/workflows/as-build-and-push-cross-compilation.yaml
@@ -0,0 +1,100 @@
+name: Build and Push CoCoAS / RVPS Image with cross-compilation supports
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  build_and_push:
+    permissions:
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        instance:
+          - ubuntu-latest
+        platform:
+          - linux/amd64
+          - linux/s390x
+        tag:
+          - coco-as-grpc
+          - coco-as-restful
+          - rvps
+        include:
+          - docker_file: attestation-service/Dockerfile.as-grpc
+            tag: coco-as-grpc
+            name: gRPC CoCo-AS
+          - docker_file: attestation-service/Dockerfile.as-restful
+            tag: coco-as-restful
+            name: RESTful CoCo-AS
+          - docker_file: attestation-service/rvps/Dockerfile
+            tag: rvps
+            name: RVPS
+    runs-on: ${{ matrix.instance }}
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to GHCR Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build ${{ matrix.name }} Container Image
+      run: |
+        commit_sha=${{ github.sha }}
+        arch=$(uname -m)
+        docker buildx build -f ${{ matrix.docker_file }} --load --build-arg ARCH=${arch} \
+          --platform ${{ matrix.platform }} \
+          -t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${arch} \
+          -t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${arch} .
+
+  publish_multi_arch_image:
+    needs: build_and_push
+    permissions:
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        tag:
+          - coco-as-grpc
+          - coco-as-restful
+          - rvps
+        include:
+          - tag: coco-as-grpc
+            name: gRPC CoCo-AS
+          - tag: coco-as-restful
+            name: RESTful CoCo-AS
+          - tag: rvps
+            name: RVPS
+    runs-on: ubuntu-latest
+    steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to GHCR Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Publish Multi-arch Image for ${{ matrix.name }}
+      run: |
+        commit_sha=${{ github.sha }}
+        docker manifest create ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha} \
+          --amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-s390x \
+          --amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-x86_64
+        docker manifest inspect ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}
+        docker manifest create ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest \
+          --amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-s390x \
+          --amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-x86_64
+        docker manifest inspect ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest
diff --git a/attestation-service/Dockerfile.as-restful b/attestation-service/Dockerfile.as-restful
@@ -48,7 +48,7 @@ LABEL org.opencontainers.image.source="https://github.com/confidential-container
 RUN apt-get update && apt-get install curl gnupg openssl -y && \
     rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*
 
-RUN if [ "${ARCH}" = "x86_64" ]; then curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
+RUN if [ "${TARGETARCH}" = "amd64" ]; then curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
     echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
     apt-get update && \
     apt-get install -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify && \