Skip to content

Add BuildOnPush GitHub Actions workflow for automated builds and secu… #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
poojaaudi wants to merge 1 commit into from
Closed

Add BuildOnPush GitHub Actions workflow for automated builds and secu… #8

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
104 changes: 104 additions & 0 deletions .github/workflows/BuildOnPush.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
name: CI

on:
pull_request:
push:
branches:
- build-yml

permissions: read-all

jobs:
setup:
runs-on: ubuntu-latest
outputs:
runner: ${{ steps.step1.outputs.runner }}
steps:
- name: Check repository
id: step1
run: |
if [ ${{ github.repository }} == 'intel/trustauthority-client-for-java' ]; then
echo "runner=ubuntu-latest" >> $GITHUB_OUTPUT
else
echo "runner=self-hosted" >> $GITHUB_OUTPUT
fi

security-file-check:
needs: [setup]
runs-on: ${{ needs.setup.outputs.runner }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0

- name: Check Security.md file
run: |
if [ ! -f ./SECURITY.md ]; then
echo "Security.md file is missing"
exit 1
fi

build-push:
needs: [setup]
runs-on: ${{ needs.setup.outputs.runner }}
env:
http_proxy: ${{ secrets.HTTP_PROXY }}
https_proxy: ${{ secrets.HTTPS_PROXY }}
no_proxy: ${{ secrets.NO_PROXY }}
strategy:
matrix:
adapter:
- { name: "TDX", type: "tdx", app_path: "tdx-sample-app", tar_name: "trust_authority_java_tdx.tar.gz" }
- { name: "SGX", type: "sgx", app_path: "sgx-sample-app", tar_name: "trust_authority_java_sgx.tar.gz" }
name: Build and Push - ${{ matrix.adapter.name }}
steps:
- name: Checkout Code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
with:
ref: main
path: client-java
fetch-depth: 0


- name: Setup Java JDK
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'temurin'
java-version: '17'

- name: Install Maven manually
run: |
curl -LO https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
tar -xzf apache-maven-3.6.3-bin.tar.gz

- name: Create .env file for ${{ matrix.adapter.type }}
run: |
# Fetch MAVEN_PROXY_HOST and MAVEN_PROXY_PORT from secrets.HTTP_PROXY
export HTTP_PROXY_VALUE=$(echo "${{ secrets.HTTP_PROXY }}" | sed 's|^http://||;s|^https://||')
cd client-java/examples/${{ matrix.adapter.app_path }}/
cat <<EOF | tee .env
UBUNTU_VERSION=20.04
MAVEN_VERSION=3.6.3
MAVEN_PROXY_HOST=$(echo $HTTP_PROXY_VALUE | cut -d':' -f1)
MAVEN_PROXY_PORT=$(echo $HTTP_PROXY_VALUE | cut -d':' -f2 | sed 's/\///')
TRUST_AUTHORITY_CLIENT_VERSION=v1.2.0
DCAP_VERSION=1.19.100.3-focal1
PSW_VERSION=2.22.100.3
ADAPTER_TYPE=${{ matrix.adapter.type }}
EOF

- name: Build ${{ matrix.adapter.type }} Docker image
run: |
cd client-java/examples/${{ matrix.adapter.app_path }}/
docker-compose --env-file .env build

- name: Save ${{ matrix.adapter.type }} Docker image as tar.gz
run: |
LATEST_IMAGE=$(docker images --format "{{.Repository}}:{{.Tag}}" trust_authority_java_client_${{ matrix.adapter.type }}_sample_app)
docker save $LATEST_IMAGE | gzip > client-java/${{ matrix.adapter.tar_name }}

- name: Upload ${{ matrix.adapter.type }} build artifacts
uses: actions/upload-artifact@v4
with:
name: client-java-${{ github.run_number }}-${{ matrix.adapter.name }}
path: client-java/${{ matrix.adapter.tar_name }}
Loading