ci: added publishing intel trust authority AS docker

- Refactored directory structure for building KBS docker images - Added publishing KBS intel trust authority AS docker image on ghcr.io - Fixed building KBS ITA AS image - moved from OpenSSL 1 to OpenSSL 3 Signed-off-by: Pawel Proskurnicki <[email protected]>
confidential-containers · Jun 14, 2024 · 67d375b · 67d375b
1 parent fb96ea1
commit 67d375b
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 5 deletions.
diff --git a/.github/workflows/kbs-build-and-push.yaml b/.github/workflows/kbs-build-and-push.yaml
@@ -18,15 +18,20 @@ jobs:
         tag:
           - kbs
           - kbs-grpc-as
+          - kbs-ita-as
         include:
           - tag: kbs
             docker_file: kbs/docker/Dockerfile
             https_crypto: openssl
             name: build-in AS
           - tag: kbs-grpc-as
-            docker_file: kbs/docker/Dockerfile.coco-as-grpc
+            docker_file: kbs/docker/coco-as-grpc/Dockerfile
             https_crypto: rustls
             name: gRPC AS
+          - tag: kbs-ita-as
+            docker_file: kbs/docker/intel-trust-authority/Dockerfile
+            https_crypto: rustls
+            name: Intel Trust Authority AS
     runs-on: ${{ matrix.instance }}
 
     steps:
@@ -78,6 +83,7 @@ jobs:
         image:
           - kbs
           - kbs-grpc-as
+          - kbs-ita-as
     permissions:
       packages: write
     runs-on: ubuntu-latest

diff --git a/.github/workflows/kbs-docker-build.yml b/.github/workflows/kbs-docker-build.yml
@@ -16,5 +16,6 @@ jobs:
       run: |
         DOCKER_BUILDKIT=1 docker build -t kbs:coco-as . -f kbs/docker/Dockerfile; \
         DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-openssl --build-arg KBS_FEATURES=coco-as-builtin,openssl,resource,opa . -f kbs/docker/Dockerfile; \
-        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/Dockerfile.coco-as-grpc; \
-        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/Dockerfile.rhel-ubi
+        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/coco-as-grpc/Dockerfile; \
+        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/rhel-ubi/Dockerfile; \
+        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-intel-trust-authority . -f kbs/docker/intel-trust-authority/Dockerfile
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,7 +3,7 @@ services:
   kbs:
     build:
       context: .
-      dockerfile: ./kbs/docker/Dockerfile.coco-as-grpc
+      dockerfile: ./kbs/docker/coco-as-grpc/Dockerfile
     #image: ghcr.io/confidential-containers/key-broker-service:latest
     command: [
         "/usr/local/bin/kbs",

diff --git a/hack/release-helper.sh b/hack/release-helper.sh
@@ -9,6 +9,7 @@ declare -g release_tag
 declare -A staged_to_release=(
     ["staged-images/kbs"]="key-broker-service"
     ["staged-images/kbs-grpc-as"]="key-broker-service"
+    ["staged-images/kbs-ita-as"]="key-broker-service"
     ["staged-images/rvps"]="reference-value-provider-service"
     ["staged-images/coco-as-grpc"]="attestation-service"
     ["staged-images/coco-as-restful"]="attestation-service"

diff --git a/kbs/docker/Dockerfile.coco-as-grpc → kbs/docker/coco-as-grpc/Dockerfile b/kbs/docker/Dockerfile.coco-as-grpc → kbs/docker/coco-as-grpc/Dockerfile
diff --git a/kbs/docker/Dockerfile.intel-trust-authority → kbs/docker/intel-trust-authority/Dockerfile b/kbs/docker/Dockerfile.intel-trust-authority → kbs/docker/intel-trust-authority/Dockerfile
@@ -1,12 +1,14 @@
 FROM rust:latest as builder
+ARG ARCH=x86_64
+ARG HTTPS_CRYPTO=rustls
 
 WORKDIR /usr/src/kbs
 COPY . .
 
 RUN apt-get update && apt install -y git
 
 # Build and Install KBS
-RUN cargo install --path kbs/src/kbs --no-default-features --features intel-trust-authority-as,rustls,resource,opa
+RUN cargo install --path kbs/src/kbs --no-default-features --features intel-trust-authority-as,${HTTPS_CRYPTO},resource,opa
 
 FROM ubuntu:22.04
 

diff --git a/kbs/docker/Dockerfile.rhel-ubi → kbs/docker/rhel-ubi/Dockerfile b/kbs/docker/Dockerfile.rhel-ubi → kbs/docker/rhel-ubi/Dockerfile