Merge pull request #450 from skalenetwork/beta #875
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push release SGX container | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - stable | |
| jobs: | |
| build: | |
| runs-on: self-hosted | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| SECRET_KEY: ${{ secrets.V2 }} | |
| steps: | |
| - name: Fail, if older Github Actions machine. Click "Re-run jobs" | |
| run: cat /proc/cpuinfo | grep avx512 | |
| - name: Login to docker | |
| run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} | |
| - uses: actions/checkout@v2 | |
| - name: Submodule update | |
| run: git submodule update --init --recursive | |
| - name: Create dir for signing enclave | |
| run: mkdir signed_enclaves | |
| - name: Write secret to file | |
| run: 'echo "$SECRET_KEY" > signed_enclaves/skale_sgx_private_key0.pem' | |
| shell: bash | |
| - name: Generate public key | |
| run: openssl rsa -in signed_enclaves/skale_sgx_private_key0.pem -pubout -out signed_enclaves/skale_sgx_public_key0.pem | |
| - name: Build and deploy docker image | |
| run : | | |
| export BRANCH=${GITHUB_REF##*/} | |
| echo "Branch $BRANCH" | |
| export VERSION=$(cat VERSION) | |
| echo "Version $VERSION" | |
| export VERSION=$(bash ./scripts/calculate_version.sh $BRANCH $VERSION) | |
| echo "::set-env name=VERSION::$VERSION" | |
| echo "Version $VERSION" | |
| export RELEASE=true | |
| echo "::set-env name=RELEASE::$RELEASE" | |
| bash ./scripts/build_image.sh DockerfileRelease sgxwallet_release | |
| bash ./scripts/publish_image.sh sgxwallet_release | |
| env: | |
| ACTIONS_ALLOW_UNSECURE_COMMANDS: true | |
| - name: Delete secrets | |
| run: rm -f signed_enclaves/skale_sgx_private_key0.pem signed_enclaves/skale_sgx_public_key0.pem | |
| - name: Copy secure_enclave.signed.so | |
| run: | | |
| export IMAGE_NAME=skalenetwork/sgxwallet_release:$VERSION | |
| docker create --name extract $IMAGE_NAME | |
| docker cp extract:/usr/src/sdk/secure_enclave/secure_enclave.signed.so signed_enclaves/secure_enclave_signed.so | |
| docker rm extract | |
| - name: Check signed enclaves dir | |
| run: ls signed_enclaves | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ env.VERSION }} | |
| release_name: ${{ env.VERSION }} | |
| draft: false | |
| prerelease: false | |
| - name: Upload signed enclave to Release | |
| uses: actions/upload-release-asset@latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: signed_enclaves/secure_enclave_signed.so | |
| asset_name: signed_enclave.so | |
| asset_content_type: application/octet-stream |