SecureValueRecovery2/.github/workflows/push.yml

name: Build and push Docker image

on:
  release:
    types: [published]

env:
  DOCKER_BUILD_ARGS: --cache-from type=gha --cache-to type=gha
  DOCKER_BUILDKIT: 1
  BUILDX_CONTAINER: container

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      id-token: write # This is required for requesting the JWT
      contents: read  # This is required for actions/checkout

    steps:
      - name: Checkout main project
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          submodules: recursive
          lfs: true

      - name: Show releases
        run: find enclave/releases -ls

      - name: Expose Docker environmental variables for gha cache
        # This action takes in the ID tokens etc provided by the permissions,
        # as well as some environmental data, and exposes them to future steps
        # in the correct locations and formats for their use with the `gha`
        # GitHub Actions cache for Docker.
        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0

      - name: Setup Docker
        run: docker buildx create --use --name container --driver docker-container

      - name: 'Az CLI login'
        uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: 'Docker login'
        run:
          az acr login --name ${{ secrets.AZURE_CONTAINER_REGISTRY_NAME }}

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 #v4.0.2
        with:
          role-to-assume: "${{ vars.ECR_ROLE }}"
          aws-region: us-east-1

      - name: Login to ECR
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
        with:
          registry: "${{ vars.ECR_REGISTRY }}"

      # https://github.com/actions/runner-images/issues/2840#issuecomment-790492173
      - name: Clear some disk space
        run: |
          sudo rm -rf /usr/share/dotnet
          sudo rm -rf /opt/ghc
          sudo rm -rf /usr/local/share/boost
          sudo rm -rf "$AGENT_TOOLSDIRECTORY"          

      - name: Build binaries
        run: |
          make docker_enclave_test
          make          

      - name: Build and push container image
        run: |
          make enclave_release
          docker tag svr2_sgxrun:latest "${{ secrets.REGISTRY_LOGIN_SERVER }}/svr2:${GITHUB_REF_NAME}"
          docker push "${{ secrets.REGISTRY_LOGIN_SERVER }}/svr2:${GITHUB_REF_NAME}"
          docker tag svr2_nsmhost:latest "${{ vars.ECR_REGISTRY }}/signal-ecr/svr:${GITHUB_REF_NAME}"
          docker push "${{ vars.ECR_REGISTRY }}/signal-ecr/svr:${GITHUB_REF_NAME}"