Add caches in github actions #49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build K8s-ready container with eif | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - '**' | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: cargo-bins/cargo-binstall@main | |
| - name: Make more disk space available on public runner | |
| run: | | |
| # rmz seems to be faster at deleting files than rm | |
| cargo binstall -y rmz | |
| sudo mv /home/runner/.cargo/bin/rmz /usr/local/bin/rmz | |
| echo "Available storage before:" | |
| sudo df -h | |
| echo | |
| sudo rmz -f $AGENT_TOOLSDIRECTORY | |
| sudo rmz -f /opt/az | |
| sudo rmz -f /opt/ghc | |
| sudo rmz -f /opt/google | |
| sudo rmz -f /opt/microsoft | |
| sudo rmz -f /opt/pipx | |
| sudo rmz -f /usr/lib/mono | |
| sudo rmz -f /usr/local/julia* | |
| sudo rmz -f /usr/local/lib/android | |
| sudo rmz -f /usr/local/lib/node_modules | |
| sudo rmz -f /usr/local/share/boost | |
| sudo rmz -f /usr/local/share/chromium | |
| sudo rmz -f /usr/local/share/powershell | |
| sudo rmz -f /usr/share/az_* | |
| sudo rmz -f /usr/share/dotnet | |
| sudo rmz -f /usr/share/gradle-* | |
| sudo rmz -f /usr/share/swift | |
| echo "Available storage after:" | |
| sudo df -h | |
| echo | |
| - name: Fix submodule permissions check | |
| run: | | |
| git config --global --add safe.directory '*' | |
| # Set up Docker Buildx | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Log in to GitHub Container Registry | |
| - name: Log In to GitHub Container Registry | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
| - run: mkdir -p ~/nitro-cache | |
| - id: nitro-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/nitro-cache | |
| key: nitro-cache-${{ runner.os }} | |
| # Install AWS Nitro CLI | |
| - name: Install Nitro CLI | |
| if: steps.nitro-cache.outputs.cache-hit != 'true' | |
| run: | | |
| sudo apt install build-essential | |
| git clone https://github.com/aws/aws-nitro-enclaves-cli.git | |
| cd aws-nitro-enclaves-cli | |
| make nitro-cli | |
| sudo cp build/nitro_cli/release/nitro-cli /usr/bin | |
| sudo cp build/nitro_cli/release/nitro-cli ~/nitro-cache/ | |
| cd .. | |
| rm -rf aws-nitro-enclaves-cli | |
| docker system prune -f | |
| docker rmi nitro_cli:1.0 | |
| - if: steps.nitro-cache.outputs.cache-hit == 'true' | |
| run: sudo cp ~/nitro-cache/nitro-cli /usr/bin | |
| - name: Create folder for logs | |
| run: | | |
| sudo mkdir --mode=0777 -p /var/log/nitro_enclaves | |
| - run: mkdir -p ~/nitro-kernel-cache | |
| - id: nitro-kernel-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/nitro-kernel-cache | |
| key: nitro-kernal-cache-${{ runner.os }} | |
| # Install AWS Nitro Enclave kernel | |
| - run: sudo mkdir -p /usr/share/nitro_enclaves/blobs | |
| - name: Install Nitro CLI | |
| if: steps.nitro-kernel-cache.outputs.cache-hit != 'true' | |
| run: | | |
| git clone https://github.com/aws/aws-nitro-enclaves-sdk-bootstrap.git | |
| cd aws-nitro-enclaves-sdk-bootstrap | |
| tee -a kernel/microvm-kernel-config-x86_64 <<EOF | |
| CONFIG_MD=y | |
| CONFIG_MD_BITMAP_FILE=y | |
| CONFIG_BLK_DEV_DM_BUILTIN=y | |
| CONFIG_BLK_DEV_DM=y | |
| CONFIG_DM_CRYPT=y | |
| EOF | |
| tee -a kernel/microvm-kernel-config-aarch64 <<EOF | |
| CONFIG_MD=y | |
| CONFIG_MD_BITMAP_FILE=y | |
| CONFIG_BLK_DEV_DM_BUILTIN=y | |
| CONFIG_BLK_DEV_DM=y | |
| CONFIG_DM_CRYPT=y | |
| EOF | |
| docker build -t blobs_all . | |
| docker create --name extract_blobs blobs_all | |
| docker cp extract_blobs:/blobs ./blobs | |
| docker rm extract_blobs | |
| sudo cp blobs/* /usr/share/nitro_enclaves/blobs | |
| sudo cp blobs/* ~/nitro-kernel-cache | |
| cd .. | |
| rm -rf aws-nitro-enclaves-sdk-bootstrap | |
| docker system prune -f | |
| docker rmi blobs_all:latest | |
| - if: steps.nitro-kernel-cache.outputs.cache-hit == 'true' | |
| run: sudo cp ~/nitro-kernel-cache/* /usr/share/nitro_enclaves/blobs | |
| # Check out the code | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| # Build the main Docker image | |
| - name: Build Docker Image | |
| run: | | |
| docker build --no-cache \ | |
| -f Dockerfile \ | |
| --target nitro-node-enclave \ | |
| -t nitro-node-enclave:latest . | |
| # Create directory for artifacts | |
| - name: Create Output Directory | |
| run: | | |
| mkdir -p output | |
| # Create the EIF file | |
| - name: Create EIF | |
| run: | | |
| nitro-cli build-enclave --docker-uri nitro-node-enclave:latest --output-file output/nitro.eif | |
| # Build and push the enclave Docker image | |
| - name: Build and Push Enclave Docker Image | |
| run: | | |
| docker build -f Dockerfile.enclave -t ghcr.io/${{ github.repository }}:${{ github.sha }} . | |
| docker push ghcr.io/${{ github.repository }}:${{ github.sha }} |