From 3b7d11b74eaece8e12a02d6ce1ce474c5ccd2a06 Mon Sep 17 00:00:00 2001
From: Pawel Proskurnicki <pawel.proskurnicki@intel.com>
Date: Fri, 21 Jun 2024 09:53:18 +0200
Subject: [PATCH] ci: Added publishing Intel Trust Authority docker image

Signed-off-by: Pawel Proskurnicki <pawel.proskurnicki@intel.com>
---
 .github/workflows/kbs-build-and-push.yaml   | 24 +++++++++++++++++++++
 .github/workflows/kbs-docker-build.yml      |  3 ++-
 hack/release-helper.sh                      |  4 ++++
 kbs/docker/Dockerfile.intel-trust-authority |  3 ++-
 release-guide.md                            |  1 +
 5 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/kbs-build-and-push.yaml b/.github/workflows/kbs-build-and-push.yaml
index 78859c0990..30590ea7ec 100644
--- a/.github/workflows/kbs-build-and-push.yaml
+++ b/.github/workflows/kbs-build-and-push.yaml
@@ -101,3 +101,27 @@ jobs:
           --amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest-x86_64" \
           --amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest-s390x"
         docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest"
+
+  build_and_push_ita:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Container Image KBS (Intel Trust Authority AS)
+        run: |
+          commit_sha=${{ github.sha }}
+          DOCKER_BUILDKIT=1 docker build -f "kbs/docker/Dockerfile.intel-trust-authority" --push \
+          -t "ghcr.io/confidential-containers/staged-images/kbs-ita-as:${commit_sha}" \
+          -t "ghcr.io/confidential-containers/staged-images/kbs-ita-as:latest" .
\ No newline at end of file
diff --git a/.github/workflows/kbs-docker-build.yml b/.github/workflows/kbs-docker-build.yml
index defcff4673..8899d4d9a4 100644
--- a/.github/workflows/kbs-docker-build.yml
+++ b/.github/workflows/kbs-docker-build.yml
@@ -17,4 +17,5 @@ jobs:
         DOCKER_BUILDKIT=1 docker build -t kbs:coco-as . -f kbs/docker/Dockerfile; \
         DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-openssl --build-arg KBS_FEATURES=coco-as-builtin,openssl,resource,opa . -f kbs/docker/Dockerfile; \
         DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/Dockerfile.coco-as-grpc; \
-        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/Dockerfile.rhel-ubi
+        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/Dockerfile.rhel-ubi; \
+        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-ita . -f kbs/docker/Dockerfile.intel-trust-authority
diff --git a/hack/release-helper.sh b/hack/release-helper.sh
index 722fbac0a8..a463083a38 100755
--- a/hack/release-helper.sh
+++ b/hack/release-helper.sh
@@ -6,15 +6,19 @@ declare -g gh_username
 declare -g gh_token
 declare -g release_candidate_sha
 declare -g release_tag
+
+# Output naming convention along with release guide can be found in release-guide.md
 declare -A staged_to_release=(
     ["staged-images/kbs"]="key-broker-service"
     ["staged-images/kbs-grpc-as"]="key-broker-service"
+    ["staged-images/kbs-ita-as"]="key-broker-service"
     ["staged-images/rvps"]="reference-value-provider-service"
     ["staged-images/coco-as-grpc"]="attestation-service"
     ["staged-images/coco-as-restful"]="attestation-service"
 )
 declare -A staged_to_release_tag_prefix=(
     ["staged-images/kbs"]="built-in-as-"
+    ["staged-images/kbs-ita-as"]="ita-as-"
     ["staged-images/coco-as-restful"]="rest-"
 )
 
diff --git a/kbs/docker/Dockerfile.intel-trust-authority b/kbs/docker/Dockerfile.intel-trust-authority
index 8aeae5f62e..f1078d828d 100644
--- a/kbs/docker/Dockerfile.intel-trust-authority
+++ b/kbs/docker/Dockerfile.intel-trust-authority
@@ -1,4 +1,5 @@
 FROM rust:latest as builder
+ARG HTTPS_CRYPTO=rustls
 
 WORKDIR /usr/src/kbs
 COPY . .
@@ -6,7 +7,7 @@ COPY . .
 RUN apt-get update && apt install -y git
 
 # Build and Install KBS
-RUN cargo install --path kbs/src/kbs --no-default-features --features intel-trust-authority-as,rustls,resource,opa
+RUN cargo install --path kbs/src/kbs --no-default-features --features intel-trust-authority-as,${HTTPS_CRYPTO},resource,opa
 
 FROM ubuntu:22.04
 
diff --git a/release-guide.md b/release-guide.md
index e975785288..69dec8054f 100644
--- a/release-guide.md
+++ b/release-guide.md
@@ -17,6 +17,7 @@ mappings:
 ```
 staged-images/kbs:latest -> key-broker-service:built-in-as-v0.8.2
 staged-images/kbs-grpc-as:latest -> key-broker-service:v0.8.2
+staged-images/kbs-ita-as:latest -> key-broker-service:ita-as-v0.8.2
 staged-images/rvps:latest -> reference-value-provider-service:v0.8.2
 staged-images/coco-as-grpc:latest -> attestation-service:v0.8.2
 staged-images/coco-as-restful:latest -> attestation-service:rest-v0.8.2