From 262460436ac51f0fac276f8440a2f2cd39b7d419 Mon Sep 17 00:00:00 2001
From: Lei Li <cdlleili@cn.ibm.com>
Date: Thu, 30 May 2024 08:48:24 +0800
Subject: [PATCH] add workflow for as to support cross compiling

Signed-off-by: Lei Li <cdlleili@cn.ibm.com>
---
 .../as-build-and-push-cross-compilation.yaml  | 100 ++++++++++++++++++
 attestation-service/Dockerfile.as-restful     |   2 +-
 2 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/as-build-and-push-cross-compilation.yaml

diff --git a/.github/workflows/as-build-and-push-cross-compilation.yaml b/.github/workflows/as-build-and-push-cross-compilation.yaml
new file mode 100644
index 0000000000..24bb3c3f00
--- /dev/null
+++ b/.github/workflows/as-build-and-push-cross-compilation.yaml
@@ -0,0 +1,100 @@
+name: Build and Push CoCoAS / RVPS Image with cross-compilation supports
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  build_and_push:
+    permissions:
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        instance:
+          - ubuntu-latest
+        platform:
+          - linux/amd64
+          - linux/s390x
+        tag:
+          - coco-as-grpc
+          - coco-as-restful
+          - rvps
+        include:
+          - docker_file: attestation-service/Dockerfile.as-grpc
+            tag: coco-as-grpc
+            name: gRPC CoCo-AS
+          - docker_file: attestation-service/Dockerfile.as-restful
+            tag: coco-as-restful
+            name: RESTful CoCo-AS
+          - docker_file: attestation-service/rvps/Dockerfile
+            tag: rvps
+            name: RVPS
+    runs-on: ${{ matrix.instance }}
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to GHCR Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build ${{ matrix.name }} Container Image
+      run: |
+        commit_sha=${{ github.sha }}
+        arch=$(uname -m)
+        docker buildx build -f ${{ matrix.docker_file }} --load --build-arg ARCH=${arch} \
+          --platform ${{ matrix.platform }} \
+          -t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${arch} \
+          -t ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${arch} .
+
+  publish_multi_arch_image:
+    needs: build_and_push
+    permissions:
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        tag:
+          - coco-as-grpc
+          - coco-as-restful
+          - rvps
+        include:
+          - tag: coco-as-grpc
+            name: gRPC CoCo-AS
+          - tag: coco-as-restful
+            name: RESTful CoCo-AS
+          - tag: rvps
+            name: RVPS
+    runs-on: ubuntu-latest
+    steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to GHCR Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Publish Multi-arch Image for ${{ matrix.name }}
+      run: |
+        commit_sha=${{ github.sha }}
+        docker manifest create ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha} \
+          --amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-s390x \
+          --amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-x86_64
+        docker manifest inspect ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}
+        docker manifest create ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest \
+          --amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-s390x \
+          --amend ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-x86_64
+        docker manifest inspect ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest
diff --git a/attestation-service/Dockerfile.as-restful b/attestation-service/Dockerfile.as-restful
index 280f06b42c..dc8a3f58e0 100644
--- a/attestation-service/Dockerfile.as-restful
+++ b/attestation-service/Dockerfile.as-restful
@@ -48,7 +48,7 @@ LABEL org.opencontainers.image.source="https://github.com/confidential-container
 RUN apt-get update && apt-get install curl gnupg openssl -y && \
     rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} /tmp/* /var/tmp/*
 
-RUN if [ "${ARCH}" = "x86_64" ]; then curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
+RUN if [ "${TARGETARCH}" = "amd64" ]; then curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
     echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
     apt-get update && \
     apt-get install -y libsgx-dcap-default-qpl libsgx-dcap-quote-verify && \