Merge pull request #8690 from OpenMined/tauquir/attestation-cd-pipeline

Deployment pipeline for enclave attestation service
OpenMined · May 3, 2024 · ee441d3 · ee441d3
2 parents b418368 + 31b5bd6
commit ee441d3
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/.github/workflows/cd-syft-dev.yml b/.github/workflows/cd-syft-dev.yml
@@ -129,6 +129,17 @@ jobs:
             ${{ secrets.ACR_SERVER }}/openmined/grid-seaweedfs:dev-${{ github.sha }}
             ${{ secrets.ACR_SERVER }}/openmined/grid-seaweedfs:${{ steps.grid.outputs.GRID_VERSION }}
 
+      - name: Build and push `grid-enclave-attestation` image to registry
+        uses: docker/build-push-action@v5
+        with:
+          context: ./packages/grid/enclave/attestation
+          file: ./packages/grid/enclave/attestation/attestation.dockerfile
+          push: true
+          tags: |
+            ${{ secrets.ACR_SERVER }}/openmined/grid-enclave-attestation:dev
+            ${{ secrets.ACR_SERVER }}/openmined/grid-enclave-attestation:dev-${{ github.sha }}
+            ${{ secrets.ACR_SERVER }}/openmined/grid-enclave-attestation:${{ steps.grid.outputs.GRID_VERSION }}
+
       - name: Build Helm Chart & Copy to infra
         if: github.ref == 'refs/heads/dev' || github.event.inputs.deploy-helm == 'true'
         shell: bash

diff --git a/.github/workflows/cd-syft.yml b/.github/workflows/cd-syft.yml
@@ -236,6 +236,27 @@ jobs:
           digest="${{ steps.grid-seaweedfs-build.outputs.digest }}"
           touch "/tmp/digests/grid-seaweedfs/${digest#sha256:}"
 
+      # Some of the dependencies of grid-enclave-attestation are not available for arm64
+      # Hence, we are building grid-enclave-attestation only for x64 (see the `if` conditional)
+      - name: Build and push `grid-enclave-attestation` image to DockerHub
+        if: ${{ endsWith(matrix.runner, '-x64') }}
+        id: grid-enclave-attestation-build
+        uses: docker/build-push-action@v5
+        with:
+          context: ./packages/grid/enclave/attestation
+          file: ./packages/grid/enclave/attestation/attestation.dockerfile
+          platforms: ${{ steps.release_metadata.outputs.release_platform }}
+          outputs: type=image,name=openmined/grid-enclave-attestation,push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=registry,ref=openmined/grid-enclave-attestation:cache-${{ steps.release_metadata.outputs.short_release_platform }}
+          cache-to: type=registry,ref=openmined/grid-enclave-attestation:cache-${{ steps.release_metadata.outputs.short_release_platform}},mode=max
+
+      - name: Export digest for grid-enclave-attestation
+        if: ${{ endsWith(matrix.runner, '-x64') }}
+        run: |
+          mkdir -p /tmp/digests/grid-enclave-attestation
+          digest="${{ steps.grid-enclave-attestation-build.outputs.digest }}"
+          touch "/tmp/digests/grid-enclave-attestation/${digest#sha256:}"
+
       - name: Build and push `syft` image to registry
         id: syft-build
         uses: docker/build-push-action@v5
@@ -312,6 +333,14 @@ jobs:
             -t openmined/grid-seaweedfs:${{ needs.build-and-push-docker-images.outputs.release_tag }} \
             $(printf 'openmined/grid-seaweedfs@sha256:%s ' *)
 
+      - name: Create manifest list and push for grid-enclave-attestation
+        working-directory: /tmp/digests/grid-enclave-attestation
+        run: |
+          docker buildx imagetools create  \
+            -t openmined/grid-enclave-attestation:${{ needs.build-and-push-docker-images.outputs.grid_version }} \
+            -t openmined/grid-enclave-attestation:${{ needs.build-and-push-docker-images.outputs.release_tag }} \
+            $(printf 'openmined/grid-enclave-attestation@sha256:%s ' *)
+
       - name: Create manifest list and push for syft
         working-directory: /tmp/digests/syft
         run: |