Merge pull request #6545 from BbolroC/se-image-in-payload

CC: Introduce secure image in payload image

.github/workflows/cc-payload-after-push-s390x.yaml

@@ -15,6 +15,7 @@ jobs:
           - cc-kernel
           - cc-qemu
           - cc-rootfs-image
+          - cc-se-image
           - cc-virtiofsd
     steps:
       - name: Login to Kata Containers quay.io
@@ -31,6 +32,14 @@ jobs:
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0 # This is needed in order to keep the commit ids history
+
+      - name: Place a host key document
+        run: |
+          mkdir -p "host-key-document"
+          cp "${CI_HKD_PATH}" "host-key-document"
+        env:
+          CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
+
       - name: Build ${{ matrix.asset }}
         run: |
           make "${KATA_ASSET}-tarball"
@@ -42,6 +51,7 @@ jobs:
           KATA_ASSET: ${{ matrix.asset }}
           TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
           PUSH_TO_REGISTRY: yes
+          HKD_PATH: "host-key-document"
 
       - name: store-artifact ${{ matrix.asset }}
         uses: actions/upload-artifact@v3

tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile

@@ -45,6 +45,7 @@ RUN apt-get update && \
   unzip \
   wget \
   xz-utils && \
+  if uname -m | grep -Eq 's390x'; then apt-get install -y s390-tools; fi && \
   apt-get clean && rm -rf /var/lib/apt/lists
 
 ENV USER ${IMG_USER}