From 0aae6a08d1c8d6de5fe3bd8e58fcaf274b67f466 Mon Sep 17 00:00:00 2001
From: pproskur <pawel.proskurnicki@intel.com>
Date: Wed, 12 Jun 2024 13:53:59 +0200
Subject: [PATCH] ci: added publishing intel trust authority AS docker

- Refactored directory structure for building KBS docker images
- Added publishing KBS intel trust authority AS docker image on ghcr.io
- Fixed building KBS ITA AS image - moved from OpenSSL 1 to OpenSSL 3

Signed-off-by: Pawel Proskurnicki <pawel.proskurnicki@intel.com>
---
 .github/workflows/kbs-build-and-push.yaml                  | 7 ++++++-
 .github/workflows/kbs-docker-build.yml                     | 5 +++--
 docker-compose.yml                                         | 2 +-
 .../{Dockerfile.coco-as-grpc => coco-as-grpc/Dockerfile}   | 0
 .../Dockerfile}                                            | 3 ++-
 kbs/docker/{Dockerfile.rhel-ubi => rhel-ubi/Dockerfile}    | 0
 6 files changed, 12 insertions(+), 5 deletions(-)
 rename kbs/docker/{Dockerfile.coco-as-grpc => coco-as-grpc/Dockerfile} (100%)
 rename kbs/docker/{Dockerfile.intel-trust-authority => intel-trust-authority/Dockerfile} (83%)
 rename kbs/docker/{Dockerfile.rhel-ubi => rhel-ubi/Dockerfile} (100%)

diff --git a/.github/workflows/kbs-build-and-push.yaml b/.github/workflows/kbs-build-and-push.yaml
index 7cba6312ea..1f1ea499c1 100644
--- a/.github/workflows/kbs-build-and-push.yaml
+++ b/.github/workflows/kbs-build-and-push.yaml
@@ -31,4 +31,9 @@ jobs:
     - name: Build Container Image KBS (gRPC AS)
       run: |
         commit_sha=${{ github.sha }}
-        DOCKER_BUILDKIT=1 docker build -t ghcr.io/confidential-containers/staged-images/kbs-grpc-as:${commit_sha} -t ghcr.io/confidential-containers/staged-images/kbs-grpc-as:latest . -f kbs/docker/Dockerfile.coco-as-grpc --push
+        DOCKER_BUILDKIT=1 docker build -t ghcr.io/confidential-containers/staged-images/kbs-grpc-as:${commit_sha} -t ghcr.io/confidential-containers/staged-images/kbs-grpc-as:latest . -f kbs/docker/coco-as-grpc/Dockerfile --push
+
+    - name: Build Container Image KBS (intel-trust-authority AS)
+      run: |
+        commit_sha=${{ github.sha }}
+        DOCKER_BUILDKIT=1 docker build -t ghcr.io/confidential-containers/staged-images/kbs-intel-trust-authority-as:${commit_sha} -t ghcr.io/confidential-containers/staged-images/kbs-intel-trust-authority-as:latest . -f kbs/docker/intel-trust-authority/Dockerfile --push
\ No newline at end of file
diff --git a/.github/workflows/kbs-docker-build.yml b/.github/workflows/kbs-docker-build.yml
index defcff4673..a4a6ff43d1 100644
--- a/.github/workflows/kbs-docker-build.yml
+++ b/.github/workflows/kbs-docker-build.yml
@@ -16,5 +16,6 @@ jobs:
       run: |
         DOCKER_BUILDKIT=1 docker build -t kbs:coco-as . -f kbs/docker/Dockerfile; \
         DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-openssl --build-arg KBS_FEATURES=coco-as-builtin,openssl,resource,opa . -f kbs/docker/Dockerfile; \
-        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/Dockerfile.coco-as-grpc; \
-        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/Dockerfile.rhel-ubi
+        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-grpc . -f kbs/docker/coco-as-grpc/Dockerfile; \
+        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-rhel-ubi . -f kbs/docker/rhel-ubi/Dockerfile; \
+        DOCKER_BUILDKIT=1 docker build -t kbs:coco-as-intel-trust-authority . -f kbs/docker/intel-trust-authority/Dockerfile
diff --git a/docker-compose.yml b/docker-compose.yml
index 8e14c38da9..028e659b64 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ services:
   kbs:
     build:
       context: .
-      dockerfile: ./kbs/docker/Dockerfile.coco-as-grpc
+      dockerfile: ./kbs/docker/coco-as-grpc/Dockerfile
     #image: ghcr.io/confidential-containers/key-broker-service:latest
     command: [
         "/usr/local/bin/kbs",
diff --git a/kbs/docker/Dockerfile.coco-as-grpc b/kbs/docker/coco-as-grpc/Dockerfile
similarity index 100%
rename from kbs/docker/Dockerfile.coco-as-grpc
rename to kbs/docker/coco-as-grpc/Dockerfile
diff --git a/kbs/docker/Dockerfile.intel-trust-authority b/kbs/docker/intel-trust-authority/Dockerfile
similarity index 83%
rename from kbs/docker/Dockerfile.intel-trust-authority
rename to kbs/docker/intel-trust-authority/Dockerfile
index 8aeae5f62e..090b7a03cb 100644
--- a/kbs/docker/Dockerfile.intel-trust-authority
+++ b/kbs/docker/intel-trust-authority/Dockerfile
@@ -6,7 +6,8 @@ COPY . .
 RUN apt-get update && apt install -y git
 
 # Build and Install KBS
-RUN cargo install --path kbs/src/kbs --no-default-features --features intel-trust-authority-as,rustls,resource,opa
+ARG KBS_FEATURES=intel-trust-authority-as,rustls,resource,opa
+RUN cargo install --path kbs/src/kbs --no-default-features --features ${KBS_FEATURES}
 
 FROM ubuntu:22.04
 
diff --git a/kbs/docker/Dockerfile.rhel-ubi b/kbs/docker/rhel-ubi/Dockerfile
similarity index 100%
rename from kbs/docker/Dockerfile.rhel-ubi
rename to kbs/docker/rhel-ubi/Dockerfile