From a8e425b2d6309bf921d44b4e91177cd3f8e80b4e Mon Sep 17 00:00:00 2001
From: Pooja Audichya <pooja.audichya@intel.com>
Date: Tue, 20 May 2025 14:48:37 +0530
Subject: [PATCH] Add BuildOnPush GitHub Actions workflow for automated builds
 and security checks

---
 .github/workflows/BuildOnPush.yml | 104 ++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)
 create mode 100644 .github/workflows/BuildOnPush.yml

diff --git a/.github/workflows/BuildOnPush.yml b/.github/workflows/BuildOnPush.yml
new file mode 100644
index 0000000..90c807d
--- /dev/null
+++ b/.github/workflows/BuildOnPush.yml
@@ -0,0 +1,104 @@
+name: CI
+
+on:
+    pull_request:
+    push:
+      branches:
+        - build-yml
+
+permissions: read-all
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      runner: ${{ steps.step1.outputs.runner }}
+    steps:
+      - name: Check repository
+        id: step1
+        run: |
+          if [ ${{ github.repository }} == 'intel/trustauthority-client-for-java' ]; then
+            echo "runner=ubuntu-latest" >> $GITHUB_OUTPUT
+          else
+            echo "runner=self-hosted" >> $GITHUB_OUTPUT
+          fi
+
+  security-file-check:
+    needs: [setup]
+    runs-on: ${{ needs.setup.outputs.runner }}
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        with:
+          fetch-depth: 0
+
+      - name: Check Security.md file
+        run: |
+          if [ ! -f ./SECURITY.md ]; then
+            echo "Security.md file is missing"
+            exit 1
+          fi
+
+  build-push:
+    needs: [setup]
+    runs-on: ${{ needs.setup.outputs.runner }}
+    env:
+      http_proxy: ${{ secrets.HTTP_PROXY }}
+      https_proxy: ${{ secrets.HTTPS_PROXY }}
+      no_proxy: ${{ secrets.NO_PROXY }}
+    strategy:
+      matrix:
+        adapter:
+          - { name: "TDX", type: "tdx", app_path: "tdx-sample-app", tar_name: "trust_authority_java_tdx.tar.gz" }
+          - { name: "SGX", type: "sgx", app_path: "sgx-sample-app", tar_name: "trust_authority_java_sgx.tar.gz" }
+    name: Build and Push - ${{ matrix.adapter.name }}
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
+        with:
+          ref: main
+          path: client-java
+          fetch-depth: 0
+
+
+      - name: Setup Java JDK
+        uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Install Maven manually
+        run: |
+          curl -LO https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
+          tar -xzf apache-maven-3.6.3-bin.tar.gz
+
+      - name: Create .env file for ${{ matrix.adapter.type }}
+        run: |
+          # Fetch MAVEN_PROXY_HOST and MAVEN_PROXY_PORT from secrets.HTTP_PROXY
+          export HTTP_PROXY_VALUE=$(echo "${{ secrets.HTTP_PROXY }}" | sed 's|^http://||;s|^https://||')
+          cd client-java/examples/${{ matrix.adapter.app_path }}/
+          cat <<EOF | tee .env
+          UBUNTU_VERSION=20.04
+          MAVEN_VERSION=3.6.3
+          MAVEN_PROXY_HOST=$(echo $HTTP_PROXY_VALUE | cut -d':' -f1)
+          MAVEN_PROXY_PORT=$(echo $HTTP_PROXY_VALUE | cut -d':' -f2 | sed 's/\///')
+          TRUST_AUTHORITY_CLIENT_VERSION=v1.2.0
+          DCAP_VERSION=1.19.100.3-focal1
+          PSW_VERSION=2.22.100.3
+          ADAPTER_TYPE=${{ matrix.adapter.type }}
+          EOF
+
+      - name: Build ${{ matrix.adapter.type }} Docker image
+        run: |
+          cd client-java/examples/${{ matrix.adapter.app_path }}/
+          docker-compose --env-file .env build
+
+      - name: Save ${{ matrix.adapter.type }} Docker image as tar.gz
+        run: |
+          LATEST_IMAGE=$(docker images --format "{{.Repository}}:{{.Tag}}" trust_authority_java_client_${{ matrix.adapter.type }}_sample_app)
+          docker save $LATEST_IMAGE | gzip > client-java/${{ matrix.adapter.tar_name }}
+
+      - name: Upload ${{ matrix.adapter.type }} build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: client-java-${{ github.run_number }}-${{ matrix.adapter.name }}
+          path: client-java/${{ matrix.adapter.tar_name }}
\ No newline at end of file