From 3233a500460cae9fab851419a6e81736ac61aa4c Mon Sep 17 00:00:00 2001
From: Magnus Kulke <magnuskulke@microsoft.com>
Date: Wed, 2 Oct 2024 10:02:00 +0200
Subject: [PATCH] CI: use composite action for tdx dep installation

To reduce duplucation among the workflows

Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
---
 .github/actions/install-intel-dcap/action.yml | 15 +++++++++++++++
 .github/workflows/aa_basic.yml                |  9 +++------
 .github/workflows/aa_cc_kbc.yml               |  9 +++------
 .github/workflows/image_rs_build.yml          |  9 +++------
 .github/workflows/publish-artifacts.yml       |  9 +++------
 5 files changed, 27 insertions(+), 24 deletions(-)
 create mode 100644 .github/actions/install-intel-dcap/action.yml

diff --git a/.github/actions/install-intel-dcap/action.yml b/.github/actions/install-intel-dcap/action.yml
new file mode 100644
index 000000000..4b076da24
--- /dev/null
+++ b/.github/actions/install-intel-dcap/action.yml
@@ -0,0 +1,15 @@
+name: 'Install Intel DCAP libraries'
+inputs:
+  ubuntu-version:
+    required: true
+runs:
+  using: "composite"
+  steps:
+  - name: Install TDX dependencies
+    id: install-tdx-dependencies
+    shell: bash
+    run: |
+      sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
+      sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu ${{ inputs.ubuntu-version }} main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
+      sudo apt-get update
+      sudo apt-get install -y --no-install-recommends libtdx-attest-dev
diff --git a/.github/workflows/aa_basic.yml b/.github/workflows/aa_basic.yml
index 0eff512a0..725143b83 100644
--- a/.github/workflows/aa_basic.yml
+++ b/.github/workflows/aa_basic.yml
@@ -65,12 +65,9 @@ jobs:
         run: |
           sudo apt-get update && sudo apt-get install -y protobuf-compiler
 
-      - name: Install TDX dependencies
-        run: |
-          sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
-          sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends libtdx-attest-dev
+      - uses: ./.github/actions/install-intel-dcap
+        with:
+          ubuntu-version: jammy
         if: matrix.instance == 'ubuntu-22.04'
 
       - name: Install TPM dependencies
diff --git a/.github/workflows/aa_cc_kbc.yml b/.github/workflows/aa_cc_kbc.yml
index 701b4533d..b5686dac4 100644
--- a/.github/workflows/aa_cc_kbc.yml
+++ b/.github/workflows/aa_cc_kbc.yml
@@ -55,12 +55,9 @@ jobs:
           override: true
           components: rustfmt
 
-      - name: Install TDX dependencies
-        run: |
-          sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
-          sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends libtdx-attest-dev
+      - uses: ./.github/actions/install-intel-dcap
+        with:
+          ubuntu-version: jammy
 
       - name: Install TPM dependencies
         run: |
diff --git a/.github/workflows/image_rs_build.yml b/.github/workflows/image_rs_build.yml
index 11e42fadf..1e0fb13b3 100644
--- a/.github/workflows/image_rs_build.yml
+++ b/.github/workflows/image_rs_build.yml
@@ -56,12 +56,9 @@ jobs:
         run: |
           sudo apt install -y clang llvm pkg-config nettle-dev protobuf-compiler libprotobuf-dev
 
-      - name: Install TDX dependencies
-        run: |
-          sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
-          sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends libtdx-attest-dev
+      - uses: ./.github/actions/install-intel-dcap
+        with:
+          ubuntu-version: jammy
         if: matrix.instance == 'ubuntu-latest'
 
       - name: Install TPM dependencies
diff --git a/.github/workflows/publish-artifacts.yml b/.github/workflows/publish-artifacts.yml
index ce46866de..fdf3d04d2 100644
--- a/.github/workflows/publish-artifacts.yml
+++ b/.github/workflows/publish-artifacts.yml
@@ -91,13 +91,10 @@ jobs:
       run: |
         sudo apt-get install -y --no-install-recommends libtss2-dev
 
-    - name: Install tdx dependencies
+    - uses: ./.github/actions/install-intel-dcap
+      with:
+        ubuntu-version: jammy
       if: matrix.tee == 'tdx'
-      run: |
-        sudo curl -sL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg
-        sudo echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
-        sudo apt-get update
-        sudo apt-get install -y --no-install-recommends libtdx-attest-dev
 
     - uses: actions/checkout@v4