Skip to content

S
sgxwallet
Unverified Commit 350c35ce authored by Oleh Nikolaiev's avatar Oleh Nikolaiev Committed by GitHub
Browse files
Options

Merge pull request #316 from skalenetwork/feature/SKALE-4128-modify-release-process 

Feature/skale 4128 modify release process
parents df96cde0 a75e3f48
Hide whitespace changes
Inline Side-by-side
Showing with 41 additions and 18 deletions
.github/workflows/dockerimagerelease.yml
View file @ 350c35ce
......@@ -2,25 +2,37 @@ name: Build and push release SGX container
on:
workflow_dispatch:
push:
branches:
- stable
jobs:
build:
runs-on: ubuntu-18.04
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
SECRET_KEY: ${{ secrets.V2 }}
steps:
- name: Fail, if older Github Actions machine. Click "Re-run jobs"
run: cat /proc/cpuinfo | grep avx512
- name: Login to docker
run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
- uses: actions/checkout@v1
- name: submodule update
- name: Submodule update
run: git submodule update --init --recursive
- name: build and deploy docker image
if: |
contains(github.ref, 'develop') || contains(github.ref, 'beta') ||
contains(github.ref, 'master') || contains(github.ref, 'stable') ||
contains(github.ref, 'SECURE_ENCLAVE_CHANGES')
- name: Create dir for signing enclave
run: mkdir signed_enclaves
- name: Write secret to file
run: 'echo "$SECRET_KEY" > signed_enclaves/skale_sgx_private_key0.pem'
shell: bash
- name: Generate public key
run: openssl rsa -in signed_enclaves/skale_sgx_private_key0.pem -pubout -out signed_enclaves/skale_sgx_public_key0.pem
- name: Build enclave
run: ./autoconf.bash && ./configure --with-sgx-build=release && bash -c "make -j$(nproc)"
- name: Sign enclave
run: cd scripts && ./sign_enclave.bash
- name: Delete secrets
run: rm -f signed_enclaves/skale_sgx_private_key0.pem signed_enclaves/skale_sgx_public_key0.pem
- name: Build and deploy docker image
run : |
export BRANCH=${GITHUB_REF##*/}
echo "Branch $BRANCH"
......@@ -35,3 +47,22 @@ jobs:
bash ./scripts/publish_image.sh sgxwallet_release
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.VERSION }}
release_name: ${{ env.VERSION }}
draft: false
prerelease: false
- name: Upload signed enclave to Release
uses: actions/upload-release-asset@latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: signed_enclaves/secure_enclave_signed0.so
asset_name: signed_enclave.so
asset_content_type: application/octet-stream
DockerfileRelease
View file @ 350c35ce
......@@ -4,20 +4,12 @@ COPY . /usr/src/sdk
WORKDIR /usr/src/sdk
RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml
RUN apt update && apt install -y curl secure-delete
#Test signing key generation
RUN cd scripts && ./generate_signing_key.bash
RUN touch /var/hwmode
RUN ./autoconf.bash
RUN ./configure --with-sgx-build=release
RUN bash -c "make -j$(nproc)"
RUN cd scripts && ./sign_enclave.bash
RUN ccache -sz
RUN mkdir -p /usr/src/sdk/sgx_data
COPY docker/start.sh ./
RUN rm -rf /usr/src/sdk/sgx-sdk-build/
RUN rm /opt/intel/sgxsdk/lib64/*_sim.so
RUN rm /usr/src/sdk/secure_enclave/secure_enclave*.so
RUN cd /usr/src/sdk/secure_enclave && \
curl --output secure_enclave.signed.so \
https://raw.githubusercontent.com/skalenetwork/signed_sgx_enclaves/master/secure_enclave_signed.so.3
RUN rm /opt/intel/sgxsdk/lib64/*_sim.so
RUN rm /usr/src/sdk/secure_enclave/secure_enclave*.so
RUN cp signed_enclaves/secure_enclave_signed0.so secure_enclabve/secure_enclave.signed.so
ENTRYPOINT ["/usr/src/sdk/start.sh"]
VERSION
View file @ 350c35ce
1.75.0
\ No newline at end of file
1.76.0
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment