Merge pull request #193 from eyakubovich/ey/fix-enclaver-run #141

Workflow file for this run

.github/workflows/release.yaml at 20f9196

	name: Build Release

	on:
	push:
	branches:
	- main
	tags:
	- v*

	jobs:
	build-release-binaries:
	strategy:
	matrix:
	include:
	- target: 'x86_64-unknown-linux-musl'
	host: 'ubuntu-latest'
	uses_musl: true
	extra_cargo_args: '--features=run_enclave,odyn'
	- target: 'aarch64-unknown-linux-musl'
	host: 'ubuntu-latest'
	uses_musl: true
	extra_cargo_args: '--features=run_enclave,odyn'
	- target: 'x86_64-apple-darwin'
	host: 'macos-latest'
	- target: 'aarch64-apple-darwin'
	host: 'macos-latest'

	runs-on: ${{ matrix.host }}

	steps:
	- uses: actions/checkout@v3

	- uses: actions-rs/toolchain@v1
	with:
	toolchain: stable
	target: ${{ matrix.target }}
	default: true

	- uses: Swatinem/rust-cache@v2
	with:
	workspaces: "enclaver -> target"
	key: ${{ matrix.target }}

	- name: Build Release Binaries (native cargo)
	if: ${{ !matrix.uses_musl }}
	run: \|
	cargo build \
	--target ${{ matrix.target }} \
	--manifest-path enclaver/Cargo.toml \
	--release \
	${{ matrix.extra_cargo_args }}

	- name: Build Release Binaries (cargo-zigbuild)
	if: ${{ matrix.uses_musl }}
	uses: ./.github/actions/cargo-zigbuild
	with:
	args: \|
	--target ${{ matrix.target }}
	--manifest-path enclaver/Cargo.toml
	--release
	${{ matrix.extra_cargo_args }}

	- name: Upload Artifacts
	uses: actions/upload-artifact@v3
	with:
	name: ${{ matrix.target }}
	path: \|
	enclaver/target/${{ matrix.target }}/release/enclaver
	enclaver/target/${{ matrix.target }}/release/enclaver-run
	enclaver/target/${{ matrix.target }}/release/odyn


	publish-images:
	if: github.repository == 'edgebitio/enclaver' && (github.ref == 'refs/heads/main' \|\| github.ref_type == 'tag')
	needs: build-release-binaries
	runs-on: ubuntu-latest

	permissions:
	contents: 'read'
	id-token: 'write'

	steps:
	- name: Download Binaries
	uses: actions/download-artifact@v3

	# Putting the binaries into a path whose name exactly matches Docker's
	# architecture naming conventions makes it easy for the Dockerfiles to
	# COPY architecture-specific files into the image in a nice, cacheable
	# way.
	- name: Re-Arrange Binaries
	shell: bash
	run: \|
	mv x86_64-unknown-linux-musl amd64
	mv aarch64-unknown-linux-musl arm64
	chmod 755 amd64/odyn amd64/enclaver-run arm64/odyn arm64/enclaver-run

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Authenticate to Google Cloud
	uses: 'google-github-actions/auth@v0'
	with:
	workload_identity_provider: 'projects/77991489452/locations/global/workloadIdentityPools/gh-actions-identity-pool/providers/gh-actions-identity-provider'
	service_account: 'github-actions-service-account@edgebit-containers.iam.gserviceaccount.com'

	- name: Configure GCP Docker Auth
	run: \|
	gcloud auth configure-docker us-docker.pkg.dev

	- name: Authenticate to AWS
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-to-assume: arn:aws:iam::970625735569:role/GitHubActionsECRPush

	- name: Configure AWS Docker Auth
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v1
	with:
	registry-type: public

	- name: Generate Odyn Image Metadata
	id: odyn-metadata
	uses: docker/metadata-action@v4
	with:
	images: \|
	us-docker.pkg.dev/edgebit-containers/containers/odyn
	public.ecr.aws/p0s1m1r8/odyn
	tags: \|
	type=sha,
	type=semver,pattern=v{{major}}
	type=semver,pattern=v{{major}}.{{minor}}
	type=semver,pattern=v{{major}}.{{minor}}.{{patch}}
	type=raw,value=latest,enable=${{ github.ref_type == 'tag' }}

	- name: Build Odyn Image
	uses: docker/build-push-action@v3
	with:
	context: "{{defaultContext}}:build/dockerfiles"
	build-contexts: artifacts=.
	file: odyn-release.dockerfile
	platforms: linux/amd64,linux/arm64
	push: true
	tags: ${{ steps.odyn-metadata.outputs.tags }}

	- name: Generate Runtime Base Image Metadata
	id: wrapper-base-metadata
	uses: docker/metadata-action@v4
	with:
	images: \|
	us-docker.pkg.dev/edgebit-containers/containers/enclaver-wrapper-base
	public.ecr.aws/p0s1m1r8/enclaver-wrapper-base
	tags: \|
	type=sha,
	type=semver,pattern=v{{major}}
	type=semver,pattern=v{{major}}.{{minor}}
	type=semver,pattern=v{{major}}.{{minor}}.{{patch}}
	type=raw,value=latest,enable=${{ github.ref_type == 'tag' }}

	- name: Build Runtime Base Image
	uses: docker/build-push-action@v3
	with:
	context: "{{defaultContext}}:build/dockerfiles"
	build-contexts: artifacts=.
	file: runtimebase.dockerfile
	platforms: linux/amd64,linux/arm64
	push: true
	tags: ${{ steps.wrapper-base-metadata.outputs.tags }}

	upload-release-artifact:
	if: github.repository == 'edgebitio/enclaver' && github.ref_type == 'tag'
	needs: build-release-binaries
	runs-on: ubuntu-latest

	strategy:
	matrix:
	include:
	- target: 'x86_64-unknown-linux-musl'
	release_name: 'enclaver-linux-x86_64'
	- target: 'aarch64-unknown-linux-musl'
	release_name: 'enclaver-linux-aarch64'
	- target: 'x86_64-apple-darwin'
	release_name: 'enclaver-macos-x86_64'
	- target: 'aarch64-apple-darwin'
	release_name: 'enclaver-macos-aarch64'

	steps:
	- name: Download Binaries
	uses: actions/download-artifact@v3

	- name: Construct Release Artifact
	shell: bash
	run: \|
	release_dir="${{ matrix.release_name }}-${{ github.ref_name }}"

	mkdir ${release_dir}
	mv ${{ matrix.target }}/enclaver ${release_dir}/enclaver
	chmod 755 ${release_dir}/enclaver
	tar -czf ${release_dir}.tar.gz ${release_dir}
	sha256sum ${release_dir}.tar.gz > ${release_dir}.tar.gz.sha256

	- name: Upload Artifact to GH Release
	uses: softprops/action-gh-release@v1
	with:
	draft: true
	tag_name: ${{ github.ref_name }}
	files: \|
	${{ matrix.release_name }}-${{ github.ref_name }}.tar.gz
	${{ matrix.release_name }}-${{ github.ref_name }}.tar.gz.sha256

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #193 from eyakubovich/ey/fix-enclaver-run #141

Workflow file

Merge pull request #193 from eyakubovich/ey/fix-enclaver-run #141

Jobs

Run details

Workflow file for this run