diff --git a/.github/actions/build_eks_docker_image/action.yaml b/.github/actions/build_eks_docker_image/action.yaml index ca652986b..ffe0fd10e 100644 --- a/.github/actions/build_eks_docker_image/action.yaml +++ b/.github/actions/build_eks_docker_image/action.yaml @@ -1,21 +1,23 @@ name: Build AWS EKS Docker Image -description: Builds the docker images to use as a EKS Pod. Includes building the EIF +description: Builds the docker images to use as a EKS Pod. inputs: - version_number_input: - description: If set, the version number will not be incremented and the given number will be used. - default: '' identity_scope: description: The identity scope [uid2, euid] required: true - artifacts_output_dir: - description: The output directory for the artifacts + eif_repo_owner: + description: The owner of the EIF repo required: true - image_tag: - description: The Tag to give the docker image + eif_repo_name: + description: The name of the EIF repo required: true - new_version: - description: The new version number after potentially updating the POM + operator_release: + description: The operator release that has the EIF to use + default: '' + operator_run_number: + description: The Operator run number for artifacts. Ignored if Operator Release is given + artifacts_output_dir: + description: The output directory for the artifacts required: true github_token: description: The GitHub token used to login to Docker @@ -24,21 +26,74 @@ inputs: outputs: enclave_id: description: The enclave id for this EIF. - value: ${{ steps.build_aws_eif.outputs.enclave_id }} + value: ${{ steps.versionNumber.outputs.ENCLAVE_ID }} + image_tag: + description: The Image tag of the docker image + value: ${{ steps.versionNumber.outputs.VERSION_NUMBER }} + eif_version_number: + description: The version number of the EIF used to build the image + value: ${{ steps.versionNumber.outputs.VERSION_NUMBER }} runs: using: "composite" steps: - - name: Build AWS EIF for EKS - id: build_aws_eif - uses: IABTechLab/uid2-operator/.github/actions/build_aws_eif@main + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Make output dir + shell: bash + run: | + mkdir ${{ inputs.artifacts_output_dir }} -p + + - name: Get EIF for Release ${{ inputs.operator_release }} + uses: IABTechLab/uid2-operator/.github/actions/download_release_artifact@main + if: ${{ inputs.operator_release != '' }} with: - identity_scope: ${{ inputs.identity_scope }} - artifacts_base_output_dir: ${{ inputs.artifacts_output_dir }} - amazonlinux_dockerfile: ./scripts/aws/pipeline/amazonlinux2023.Dockerfile - makefile: Makefile.eif - version_number_input: ${{ inputs.version_number_input }} + github_token: ${{ inputs.github_token }} + repo_owner: ${{ inputs.eif_repo_owner }} + repo_name: ${{ inputs.eif_repo_name }} + release_name: ${{ inputs.operator_release }} + artifact_name: aws-${{ inputs.identity_scope }}-deployment-files + folder: ${{ inputs.artifacts_output_dir }} + + - name: Get EIF for Run ${{ inputs.operator_run_number }} + id: get_eif_for_run + uses: dawidd6/action-download-artifact@v6 + if: ${{ inputs.operator_release == '' }} + with: + name: 'aws-${{ inputs.identity_scope }}-deployment-files-.*' + name_is_regexp: true + run_id: ${{ inputs.operator_run_number }} + skip_unpack: true + + - name: Show folder + shell: bash + working-directory: ${{ inputs.artifacts_output_dir }} + run: | + ls -al + + - name: Unzip artifacts + if: ${{ inputs.operator_release == '' }} + shell: bash + run: | + ARTIFACTS='${{ steps.get_eif_for_run.outputs.artifacts }}' + FILE=$(echo $ARTIFACTS | jq -r '.[0].name') + unzip -o -d ${{ inputs.artifacts_output_dir }} $FILE.zip + rm $FILE.zip + + - name: Get version number and Enclave Id + id: versionNumber + shell: bash + working-directory: ${{ inputs.artifacts_output_dir }} + run: | + ls -al + VERSION_NUMBER=$(cat ./version_number.txt) + echo "VERSION_NUMBER=$VERSION_NUMBER" >> $GITHUB_OUTPUT + echo "Version Number: " $VERSION_NUMBER + ENCLAVE_ID=$(cat ./pcr0.txt) + echo "ENCLAVE_ID=$ENCLAVE_ID" >> $GITHUB_OUTPUT + echo "Enclave ID:" $ENCLAVE_ID - name: Copy docker files for the Operator Pod shell: bash @@ -69,7 +124,7 @@ runs: with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-eks-${{ inputs.identity_scope }} tags: | - type=raw,value=${{ inputs.image_tag }} + type=raw,value=${{ steps.versionNumber.outputs.VERSION_NUMBER }} - name: Build and export to Docker uses: docker/build-push-action@v5 @@ -79,8 +134,8 @@ runs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | - JAR_VERSION=${{ inputs.new_version }} - IMAGE_VERSION=${{ inputs.new_version }} + JAR_VERSION=${{ steps.versionNumber.outputs.VERSION_NUMBER }} + IMAGE_VERSION=${{ steps.versionNumber.outputs.VERSION_NUMBER }} BUILD_TARGET=${{ env.ENCLAVE_PROTOCOL }} - name: Push to Docker @@ -92,8 +147,8 @@ runs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | - JAR_VERSION=${{ inputs.new_version }} - IMAGE_VERSION=${{ inputs.new_version }} + JAR_VERSION=${{ steps.versionNumber.outputs.VERSION_NUMBER }} + IMAGE_VERSION=${{ steps.versionNumber.outputs.VERSION_NUMBER }} - name: Check disk usage shell: bash diff --git a/.github/workflows/publish-aws-eks-nitro-enclave-docker.yaml b/.github/workflows/publish-aws-eks-nitro-enclave-docker.yaml index 0cd361226..9aca99b0b 100644 --- a/.github/workflows/publish-aws-eks-nitro-enclave-docker.yaml +++ b/.github/workflows/publish-aws-eks-nitro-enclave-docker.yaml @@ -1,104 +1,85 @@ -name: Publish EKS Operator -run-name: ${{ format('Publish {0} EKS Operator', inputs.release_type) }} +name: Publish EKS Operator Docker Images +run-name: >- + ${{ inputs.operator_release == '' && format('Publish EKS Operator Docker Images for Operator Run Number: {0}', inputs.operator_run_number) || format('Publish EKS Operator Docker Images for Operator Release: {0}', inputs.operator_release)}} on: workflow_dispatch: inputs: - release_type: - type: choice - description: The type of release - default: Snapshot - options: - - Snapshot - - Patch - - Minor - - Major - version_number_input: - description: If set, the version number will not be incremented and the given number will be used. + operator_release: + description: The Operator Release number that built the EIF files to use + type: string + operator_run_number: + description: The Operator run number. Ignored if Release Number specified. type: string - default: '' workflow_call: inputs: - release_type: - description: The type of version number to return. Must be one of [Snapshot, Patch, Minor or Major] - required: true + operator_release: + description: The Operator Release number that built the EIF files to use type: string - version_number_input: - description: If set, the version number will not be incremented and the given number will be used. + operator_run_number: + description: The Operator run number. Ignored if Release Number specified. type: string - default: '' env: REGISTRY: ghcr.io ENCLAVE_PROTOCOL: aws-nitro ARTIFACTS_BASE_OUTPUT_DIR: ${{ github.workspace }}/deployment-artifacts IMAGE_NAME: ${{ github.repository }} + REPO_OWNER: IABTechLab + REPO_NAME: uid2-operator jobs: - start: - name: Update Operator Version - runs-on: ubuntu-latest - steps: - - name: Update Operator Version - id: update_version - uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@main - with: - release_type: ${{ inputs.release_type }} - version_number_input: ${{ inputs.version_number_input }} - image_tag_suffix: eks-nitro - - outputs: - new_version: ${{ steps.update_version.outputs.new_version }} - is_release: ${{ steps.update_version.outputs.is_release }} - image_tag: ${{ steps.update_version.outputs.image_tag }} - - buildUID2EIF: - name: Build UID2 EIF and Pod for EKS + buildUID2Image: + name: Build UID2 Pod for EKS runs-on: ubuntu-latest permissions: contents: write security-events: write packages: write - needs: start steps: - name: Build Docker Image for EKS Pod - id: build_docker_image - uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@main + id: build_docker_image_uid + uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@tjm-UID2-4116-use-eif-artifact-for-eks-build with: identity_scope: uid2 artifacts_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/uid2 - version_number_input: ${{ inputs.version_number_input }} - image_tag: ${{ needs.start.outputs.image_tag }} - new_version: ${{ needs.start.outputs.new_version }} github_token: ${{ secrets.GITHUB_TOKEN }} + eif_repo_owner: ${{ env.REPO_OWNER }} + eif_repo_name: ${{ env.REPO_NAME }} + operator_release: ${{ inputs.operator_release }} + operator_run_number: ${{ inputs.operator_run_number }} + outputs: - enclave_id: ${{ steps.build_docker_image.outputs.enclave_id }} + enclave_id: ${{ steps.build_docker_image_uid.outputs.enclave_id }} + eif_version_number: ${{ steps.build_docker_image_uid.outputs.eif_version_number }} - buildEUIDEIF: - name: Build EUID EIF and Pod for EKS + buildEUIDImage: + name: Build EUID Pod for EKS runs-on: ubuntu-latest permissions: contents: write security-events: write packages: write - needs: start steps: - name: Build Docker Image for EKS Pod - id: build_docker_image - uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@main + id: build_docker_image_euid + uses: IABTechLab/uid2-operator/.github/actions/build_eks_docker_image@tjm-UID2-4116-use-eif-artifact-for-eks-build with: identity_scope: euid artifacts_output_dir: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/euid - version_number_input: ${{ inputs.version_number_input }} - image_tag: ${{ needs.start.outputs.image_tag }} - new_version: ${{ needs.start.outputs.new_version }} github_token: ${{ secrets.GITHUB_TOKEN }} + eif_repo_owner: ${{ env.REPO_OWNER }} + eif_repo_name: ${{ env.REPO_NAME }} + operator_release: ${{ inputs.operator_release }} + operator_run_number: ${{ inputs.operator_run_number }} + outputs: - enclave_id: ${{ steps.build_docker_image.outputs.enclave_id }} + enclave_id: ${{ steps.build_docker_image_euid.outputs.enclave_id }} + eif_version_number: ${{ steps.build_docker_image_euid.outputs.eif_version_number }} cleanup: name: Cleanup Building AWS Image runs-on: ubuntu-latest - needs: [start, buildUID2EIF, buildEUIDEIF] + needs: [buildUID2Image, buildEUIDImage] steps: - name: Check disk usage shell: bash @@ -108,36 +89,15 @@ jobs: - name: Save Enclave Ids run: | mkdir -p ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests - echo ${{ needs.buildUID2EIF.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.start.outputs.new_version }}.txt - echo ${{ needs.buildEUIDEIF.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.start.outputs.new_version }}.txt + echo "UID2 EIF Version: ${{ needs.buildUID2Image.outputs.eif_version_number }}" > ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.buildUID2Image.outputs.eif_version_number }}.txt + echo ${{ needs.buildUID2Image.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.buildUID2Image.outputs.eif_version_number }}.txt + + echo "EUID EIF Version: ${{ needs.buildEUIDImage.outputs.eif_version_number }}" > ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.buildEUIDImage.outputs.eif_version_number }}.txt + echo ${{ needs.buildEUIDImage.outputs.enclave_id }} >> ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.buildEUIDImage.outputs.eif_version_number }}.txt - name: Save Manifests as build artifacts uses: actions/upload-artifact@v4 with: - name: aws-eks-enclave-ids-${{ needs.start.outputs.new_version }} + name: aws-eks-enclave-ids-${{ needs.buildUID2Image.outputs.eif_version_number }} path: ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests if-no-files-found: error - - - name: Build changelog - id: github_release - if: ${{ inputs.version_number_input == '' && needs.start.outputs.is_release == 'true' }} - uses: mikepenz/release-changelog-builder-action@v4 - with: - configurationJson: | - { - "template": "#{{CHANGELOG}}\n## Installation\n```\See [AWS Marketplace](https://unifiedid.com/docs/guides/operator-guide-aws-marketplace) for details\n```\n\n## Changelog\n#{{UNCATEGORIZED}}", - "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )" - } - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create release - if: ${{ inputs.version_number_input == '' && needs.start.outputs.is_release == 'true' }} - uses: softprops/action-gh-release@v2 - with: - name: ${{ needs.start.outputs.new_version }} - body: ${{ steps.github_release.outputs.changelog }} - draft: true - files: | - ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-uid2-enclave-id-${{ needs.start.outputs.new_version }}.txt - ${{ env.ARTIFACTS_BASE_OUTPUT_DIR }}/manifests/aws-eks-euid-enclave-id-${{ needs.start.outputs.new_version }}.txt diff --git a/.github/workflows/publish-aws-nitro-enclave-docker.yaml b/.github/workflows/publish-aws-nitro-eif.yaml similarity index 98% rename from .github/workflows/publish-aws-nitro-enclave-docker.yaml rename to .github/workflows/publish-aws-nitro-eif.yaml index 6146dbe21..89b45991d 100644 --- a/.github/workflows/publish-aws-nitro-enclave-docker.yaml +++ b/.github/workflows/publish-aws-nitro-eif.yaml @@ -1,5 +1,5 @@ -name: Publish AWS Nitro Operator -run-name: ${{ format('Publish {0} AWS Nitro Operator', inputs.release_type) }} +name: Publish AWS Nitro EIFs +run-name: ${{ format('Publish {0} AWS Nitro EIFs', inputs.release_type) }} on: workflow_dispatch: inputs: