diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 22389ffb..b596dce3 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -188,6 +188,15 @@ jobs: admin_root: ${{ inputs.admin_root }} aws_pcr0: ${{ inputs.aws_pcr0 }} + - name: Prepare EKS metadata + id: prepare_eks_metadata + if: ${{ inputs.operator_type == 'eks' }} + uses: IABTechLab/uid2-shared-actions/actions/prepare_eks_metadata@kcc-UID2-3783-e2e-test-for-eks + with: + operator_image_version: ${{ inputs.operator_image_version }} + admin_root: ${{ inputs.admin_root }} + aws_pcr0: ${{ inputs.aws_pcr0 }} + - name: Bring up Docker Compose id: docker-compose env: diff --git a/actions/prepare_eks_metadata/action.yaml b/actions/prepare_eks_metadata/action.yaml new file mode 100644 index 00000000..d62bc93c --- /dev/null +++ b/actions/prepare_eks_metadata/action.yaml @@ -0,0 +1,31 @@ +name: Prepare EKS Metadata +description: Prepares the EKS enclave metadata + +inputs: + operator_image_version: + description: The uid2-operator image version + default: latest + admin_root: + description: The root path for uid2-admin folder + default: uid2-admin + +outputs: + image_hash: + description: The operator image hash + value: ${{ steps.image_digest.outputs.IMAGE_HASH }} + operator_key: + description: The operator key + value: ${{ steps.enclave_metadata.outputs.OPERATOR_KEY }} + +runs: + using: "composite" + + steps: + - name: Prepare EKS enclave deployment files + id: enclave_metadata + shell: bash + env: + IMAGE_VERSION: ${{ inputs.operator_image_version }} + run: | + bash uid2-shared-actions/scripts/prepare_eks_deployment_files.sh + diff --git a/scripts/eks/prepare_eks_deployment_files.sh b/scripts/eks/prepare_eks_deployment_files.sh new file mode 100644 index 00000000..ffb2e320 --- /dev/null +++ b/scripts/eks/prepare_eks_deployment_files.sh @@ -0,0 +1,67 @@ +#!/usr/bin/env bash +set -ex + +ROOT="uid2-shared-actions/scripts/eks" +INPUT_DIR="${ROOT}/artifacts_schema" +OUTPUT_DIR="${ROOT}/azure-artifacts" + +if [ -z "${IMAGE_VERSION}" ]; then + echo "IMAGE_VERSION can not be empty" + exit 1 +fi + +IMAGE="ghcr.io/iabtechlab/uid2-operator-eks-uid2:${IMAGE_VERSION}" + +if [ -d "${OUTPUT_DIR}" ]; then + echo "${OUTPUT_DIR} exists" +fi + +INPUT_TEMPLATE_FILE="${INPUT_DIR}/template.json" +INPUT_PARAMETERS_FILE="${INPUT_DIR}/parameters.json" +OUTPUT_TEMPLATE_FILE="${OUTPUT_DIR}/template.json" +OUTPUT_PARAMETERS_FILE="${OUTPUT_DIR}/parameters.json" +OUTPUT_POLICY_DIGEST_FILE="${OUTPUT_DIR}/digest.txt" + +if [[ -d ${OUTPUT_DIR} ]]; then + echo "${OUTPUT_DIR} exists, skipping - this only happens during local testing" +else + mkdir -p ${OUTPUT_DIR} + + # Install confcom extension, az is originally available in GitHub workflow environment + az extension add --name confcom + if [[ $? -ne 0 ]]; then + echo "Failed to install Azure confcom extension" + exit 1 + fi + + # Required by az confcom + sudo usermod -aG docker ${USER} + if [[ $? -ne 0 ]]; then + echo "Failed to add current user to Docker group" + exit 1 + fi + + # Generate deployment template + cp ${INPUT_TEMPLATE_FILE} ${OUTPUT_TEMPLATE_FILE} + sed -i "s#IMAGE_PLACEHOLDER#${IMAGE}#g" ${OUTPUT_TEMPLATE_FILE} + if [[ $? -ne 0 ]]; then + echo "Failed to pre-process template file" + exit 1 + fi + + az confcom acipolicygen --approve-wildcards --template-file ${OUTPUT_TEMPLATE_FILE} > ${OUTPUT_POLICY_DIGEST_FILE} + if [[ $? -ne 0 ]]; then + echo "Failed to generate template file" + exit 1 + fi + + cp ${INPUT_PARAMETERS_FILE} ${OUTPUT_PARAMETERS_FILE} +fi + +if [ -z "${GITHUB_OUTPUT}" ]; then + echo "Not in GitHub action" +else + echo "OUTPUT_TEMPLATE_FILE=${OUTPUT_TEMPLATE_FILE}" >> ${GITHUB_OUTPUT} + echo "OUTPUT_PARAMETERS_FILE=${OUTPUT_PARAMETERS_FILE}" >> ${GITHUB_OUTPUT} + echo "OUTPUT_POLICY_DIGEST_FILE=${OUTPUT_POLICY_DIGEST_FILE}" >> ${GITHUB_OUTPUT} +fi