From 5e4a31c0c5032b9138ef34b292ae3397df18a29f Mon Sep 17 00:00:00 2001
From: Nikita Shyrei <nikitas2209@gmail.com>
Date: Thu, 25 Apr 2024 13:07:27 +0200
Subject: [PATCH] CI to publish docker images (#10)

* - init

* code review change

* - added tag files

* - updated tag to 1.1.4

* - fixed file extension

* - changed secret

* - test run

* bash fix

* - turn off test run
---
 .github/workflows/build-docker-images.yml | 81 +++++++++++++++++++++++
 docker/enclave-base/tag                   |  1 +
 docker/parent-base/tag                    |  1 +
 3 files changed, 83 insertions(+)
 create mode 100644 .github/workflows/build-docker-images.yml
 create mode 100644 docker/enclave-base/tag
 create mode 100644 docker/parent-base/tag

diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
new file mode 100644
index 0000000..7e35856
--- /dev/null
+++ b/.github/workflows/build-docker-images.yml
@@ -0,0 +1,81 @@
+name: Build and publish Docker Images
+
+on:
+  push:
+    branches: [ "master" ]
+    paths:
+      - 'docker/enclave-base/**'
+      - 'docker/parent-base/**'
+  pull_request:
+    branches: [ "master" ]
+    types:
+      - closed
+      - opened
+    paths:
+      - 'docker/enclave-base/**'
+      - 'docker/parent-base/**'
+
+jobs:
+  build-docker-images:
+    runs-on: ubuntu-20.04
+    if: github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'edited')
+    steps:
+      - name: Pull main repository
+        uses: actions/checkout@v3
+        with:
+          repository: fortanix/salmiac
+
+      - name: Build docker images
+        run: |
+          cd docker/enclave-base
+          TAG=$(cat tag)
+          docker build -t fortanix/enclave-base:$TAG .
+          docker save -o /tmp/enclave-base.tar fortanix/enclave-base
+
+          cd ../parent-base
+          TAG=$(cat tag)
+          docker build -t fortanix/parent-base:$TAG .
+          docker save -o /tmp/parent-base.tar fortanix/parent-base
+
+      - name: Upload enclave-base artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: enclave-base
+          path: /tmp/enclave-base.tar
+
+      - name: Upload parent-base artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: parent-base
+          path: /tmp/parent-base.tar
+
+  push-docker-images:
+    runs-on: ubuntu-20.04
+    needs: build-docker-images
+    if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true
+    steps:
+      - name: Download enclave-base artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: enclave-base
+          path: /tmp/enclave-base
+
+      - name: Download parent-base artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: parent-base
+          path: /tmp/parent-base
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PAT }}
+
+      - name: Load and push docker images
+        run: |
+          enclave_base_load_output=$(docker load --input /tmp/enclave-base/enclave-base.tar)
+          parent_base_load_output=$(docker load --input /tmp/parent-base/parent-base.tar)
+
+          docker push $(echo $enclave_base_load_output | awk '{print $3}')
+          docker push $(echo $parent_base_load_output | awk '{print $3}')
diff --git a/docker/enclave-base/tag b/docker/enclave-base/tag
new file mode 100644
index 0000000..e6d5cb8
--- /dev/null
+++ b/docker/enclave-base/tag
@@ -0,0 +1 @@
+1.0.2
\ No newline at end of file
diff --git a/docker/parent-base/tag b/docker/parent-base/tag
new file mode 100644
index 0000000..1b87bcd
--- /dev/null
+++ b/docker/parent-base/tag
@@ -0,0 +1 @@
+1.1.4
\ No newline at end of file