diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9656edfbd..837e5319b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -277,4 +277,55 @@ jobs: - uses: geekyeggo/delete-artifact@v5 # Delete notary-server from the build job, It is part of the zipfile with the signature with: - name: notary-server \ No newline at end of file + name: notary-server + + gramine-sgx-docker: + runs-on: ubuntu-latest + needs: gramine-sgx + permissions: + contents: read + packages: write + env: + CONTAINER_REGISTRY: ghcr.io + if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/dev' + steps: + - name: Download notary-server-sgx.zip from gramine-sgx job + uses: actions/download-artifact@v4 + with: + name: notary-server-sgx.zip + path: ./notary-server-sgx + + - name: Create Dockerfile + run: | + cat < ./Dockerfile + FROM gramineproject/gramine:latest + WORKDIR /work + COPY ./notary-server-sgx /work + RUN chmod +x /work/notary-server + LABEL org.opencontainers.image.source=https://github.com/tlsnotary/tlsn + LABEL org.opencontainers.image.description="TLSNotary notary server in SGX/Gramine." + ENTRYPOINT ["gramine-sgx", "notary-server"] + EOF + + - name: Log in to the Container registry + uses: docker/login-action@v2 + with: + registry: ${{ env.CONTAINER_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker image of notary server + id: meta-notary-server-sgx + uses: docker/metadata-action@v4 + with: + images: ${{ env.CONTAINER_REGISTRY }}/${{ github.repository }}/notary-server-sgx + + - name: Build and push Docker image of notary server + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: ${{ steps.meta-notary-server-sgx.outputs.tags }} + labels: ${{ steps.meta-notary-server-sgx.outputs.labels }} + file: ./Dockerfile +