ci: Added publishing Intel Trust Authority docker image

Signed-off-by: Pawel Proskurnicki <[email protected]>

.github/workflows/kbs-build-and-push.yaml

@@ -101,3 +101,27 @@ jobs:
           --amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest-x86_64" \
           --amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest-s390x"
         docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest"
+
+  build_and_push_ita:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Container Image KBS (Intel Trust Authority AS)
+        run: |
+          commit_sha=${{ github.sha }}
+          DOCKER_BUILDKIT=1 docker build -f "kbs/docker/Dockerfile.intel-trust-authority" --push \
+          -t "ghcr.io/confidential-containers/staged-images/kbs-ita-as:${commit_sha}" \
+          -t "ghcr.io/confidential-containers/staged-images/kbs-ita-as:latest" .

.github/workflows/kbs-docker-build.yml

@@ -17,4 +17,5 @@ jobs:
         DOCKER_BUILDKIT=1 docker build -t kbs:coco-as . -f kbs/docker/Dockerfile; \
         DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-openssl --build-arg KBS_FEATURES=coco-as-builtin,openssl,resource,opa . -f kbs/docker/Dockerfile; \
         DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/Dockerfile.coco-as-grpc; \
-        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/Dockerfile.rhel-ubi
+        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/Dockerfile.rhel-ubi; \
+        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-ita . -f kbs/docker/Dockerfile.intel-trust-authority

hack/release-helper.sh

@@ -6,15 +6,19 @@ declare -g gh_username
 declare -g gh_token
 declare -g release_candidate_sha
 declare -g release_tag
+
+# Output naming convention along with release guide can be found in release-guide.md
 declare -A staged_to_release=(
     ["staged-images/kbs"]="key-broker-service"
     ["staged-images/kbs-grpc-as"]="key-broker-service"
+    ["staged-images/kbs-ita-as"]="key-broker-service"
     ["staged-images/rvps"]="reference-value-provider-service"
     ["staged-images/coco-as-grpc"]="attestation-service"
     ["staged-images/coco-as-restful"]="attestation-service"
 )
 declare -A staged_to_release_tag_prefix=(
     ["staged-images/kbs"]="built-in-as-"
+    ["staged-images/kbs-ita-as"]="ita-as-"
     ["staged-images/coco-as-restful"]="rest-"
 )
 

kbs/docker/Dockerfile.intel-trust-authority

@@ -1,12 +1,13 @@
 FROM rust:latest as builder
+ARG HTTPS_CRYPTO=rustls
 
 WORKDIR /usr/src/kbs
 COPY . .
 
 RUN apt-get update && apt install -y git
 
 # Build and Install KBS
-RUN cargo install --path kbs/src/kbs --no-default-features --features intel-trust-authority-as,rustls,resource,opa
+RUN cargo install --path kbs/src/kbs --no-default-features --features intel-trust-authority-as,${HTTPS_CRYPTO},resource,opa
 
 FROM ubuntu:22.04
 

release-guide.md

@@ -17,6 +17,7 @@ mappings:
 ```
 staged-images/kbs:latest -> key-broker-service:built-in-as-v0.8.2
 staged-images/kbs-grpc-as:latest -> key-broker-service:v0.8.2
+staged-images/kbs-ita-as:latest -> key-broker-service:ita-as-v0.8.2
 staged-images/rvps:latest -> reference-value-provider-service:v0.8.2
 staged-images/coco-as-grpc:latest -> attestation-service:v0.8.2
 staged-images/coco-as-restful:latest -> attestation-service:rest-v0.8.2