Fix docker file and utils #55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build K8s-ready container with AWS Nitro Enclave .eif | |
| on: | |
| workflow_dispatch: | |
| merge_group: | |
| pull_request: | |
| push: | |
| tags: | |
| - "v*" | |
| branches: | |
| - integration | |
| - celestia-integration | |
| - release-tee-caff-node | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: cargo-bins/cargo-binstall@main | |
| - name: Make more disk space available on public runner | |
| run: | | |
| # rmz seems to be faster at deleting files than rm | |
| cargo binstall -y rmz | |
| sudo mv /home/runner/.cargo/bin/rmz /usr/local/bin/rmz | |
| echo "Available storage before:" | |
| sudo df -h | |
| echo | |
| sudo rmz -f $AGENT_TOOLSDIRECTORY | |
| sudo rmz -f /opt/az | |
| sudo rmz -f /opt/ghc | |
| sudo rmz -f /opt/google | |
| sudo rmz -f /opt/microsoft | |
| sudo rmz -f /opt/pipx | |
| sudo rmz -f /usr/lib/mono | |
| sudo rmz -f /usr/local/julia* | |
| sudo rmz -f /usr/local/lib/android | |
| sudo rmz -f /usr/local/lib/node_modules | |
| sudo rmz -f /usr/local/share/boost | |
| sudo rmz -f /usr/local/share/chromium | |
| sudo rmz -f /usr/local/share/powershell | |
| sudo rmz -f /usr/share/az_* | |
| sudo rmz -f /usr/share/dotnet | |
| sudo rmz -f /usr/share/gradle-* | |
| sudo rmz -f /usr/share/swift | |
| echo "Available storage after:" | |
| sudo df -h | |
| echo | |
| - name: Fix submodule permissions check | |
| run: | | |
| git config --global --add safe.directory '*' | |
| # Set up Docker Buildx | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Github Container Repo | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - run: mkdir -p ~/nitro-cache | |
| - id: nitro-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/nitro-cache | |
| key: nitro-cache-${{ runner.os }} | |
| # Install AWS Nitro CLI | |
| - name: Install Nitro CLI | |
| run: | | |
| sudo apt install build-essential | |
| git clone https://github.com/aws/aws-nitro-enclaves-cli.git | |
| cd aws-nitro-enclaves-cli | |
| make nitro-cli | |
| sudo cp build/nitro_cli/release/nitro-cli /usr/bin | |
| sudo mkdir -p /usr/share/nitro_enclaves/blobs | |
| sudo cp blobs/x86_64 /usr/share/nitro_enclaves/blobs | |
| cd .. | |
| rm -rf aws-nitro-enclaves-cli | |
| docker system prune -f | |
| docker rmi nitro_cli:1.0 | |
| - name: Create folder for logs | |
| run: | | |
| sudo mkdir --mode=0777 -p /var/log/nitro_enclaves | |
| # Check out the code | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| # Build the main Docker image | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| no-cache: true | |
| load: true | |
| target: nitro-node-enclave | |
| tags: nitro-node-enclave:latest | |
| # Create directory for artifacts | |
| - name: Create Output Directory | |
| run: | | |
| mkdir -p output | |
| # Create the EIF file | |
| - name: Create EIF | |
| run: | | |
| nitro-cli build-enclave --docker-uri nitro-node-enclave:latest --output-file output/nitro.eif | |
| # Build and push the enclave Docker image | |
| - name: Build and push the enclave Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: Dockerfile.enclave | |
| push: true | |
| tags: ghcr.io/espressosystems/nitro-espresso-integration/aws-nitro-enclave:${{ github.sha }} |