CI: use composite action for tdx dep installation

To reduce duplucation among the workflows Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
confidential-containers · Oct 2, 2024 · 861b379 · 861b379
1 parent 735a227
commit 861b379
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 24 deletions.
diff --git a/.github/actions/install-intel-dcap/action.yml b/.github/actions/install-intel-dcap/action.yml
@@ -0,0 +1,15 @@
+name: 'Install Intel DCAP libraries'
+inputs:
+  ubuntu-version:
+    required: true
+runs:
+  using: "composite"
+  steps:
+  - name: Install TDX dependencies
+    id: install-tdx-dependencies
+    shell: bash
+    run: |
+      sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
+      sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu ${{ inputs.ubuntu-version }} main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
+      sudo apt-get update
+      sudo apt-get install -y --no-install-recommends libtdx-attest-dev
diff --git a/.github/workflows/aa_basic.yml b/.github/workflows/aa_basic.yml
@@ -65,12 +65,9 @@ jobs:
         run: |
           sudo apt-get update && sudo apt-get install -y protobuf-compiler
 
-      - name: Install TDX dependencies
-        run: |
-          sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
-          sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends libtdx-attest-dev
+      - uses: ./.github/actions/install-intel-dcap
+        with:
+          ubuntu-version: jammy
         if: matrix.instance == 'ubuntu-22.04'
 
       - name: Install TPM dependencies

diff --git a/.github/workflows/aa_cc_kbc.yml b/.github/workflows/aa_cc_kbc.yml
@@ -55,12 +55,9 @@ jobs:
           override: true
           components: rustfmt
 
-      - name: Install TDX dependencies
-        run: |
-          sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
-          sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends libtdx-attest-dev
+      - uses: ./.github/actions/install-intel-dcap
+        with:
+          ubuntu-version: jammy
 
       - name: Install TPM dependencies
         run: |

diff --git a/.github/workflows/image_rs_build.yml b/.github/workflows/image_rs_build.yml
@@ -56,12 +56,9 @@ jobs:
         run: |
           sudo apt install -y clang llvm pkg-config nettle-dev protobuf-compiler libprotobuf-dev
 
-      - name: Install TDX dependencies
-        run: |
-          sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
-          sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends libtdx-attest-dev
+      - uses: ./.github/actions/install-intel-dcap
+        with:
+          ubuntu-version: jammy
         if: matrix.instance == 'ubuntu-latest'
 
       - name: Install TPM dependencies

diff --git a/.github/workflows/publish-artifacts.yml b/.github/workflows/publish-artifacts.yml
@@ -91,13 +91,10 @@ jobs:
       run: |
         sudo apt-get install -y --no-install-recommends libtss2-dev
 
-    - name: Install tdx dependencies
+    - uses: ./.github/actions/install-intel-dcap
+      with:
+        ubuntu-version: jammy
       if: matrix.tee == 'tdx'
-      run: |
-        sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
-        sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
-        sudo apt-get update
-        sudo apt-get install -y --no-install-recommends libtdx-attest-dev
 
     - uses: actions/checkout@v4