CC: Introduce secure image in payload image

This is a preliminary work to establish an e2e test for a new runtime class kata-qemu-se (IBM secure execution). Fixes: #6544 Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
2025-08-24 18:52:08 +00:00 · 2023-03-29 16:12:14 +09:00 · 2023-03-29 16:12:14 +09:00 · 48b0dd66ec
commit 48b0dd66ec
parent 4c810c7933
2 changed files with 11 additions and 0 deletions
--- a/.github/workflows/cc-payload-after-push-s390x.yaml
+++ b/.github/workflows/cc-payload-after-push-s390x.yaml
@ -15,6 +15,7 @@ jobs:
          - cc-kernel
          - cc-qemu
          - cc-rootfs-image
+          - cc-se-image
          - cc-virtiofsd
    steps:
      - name: Login to Kata Containers quay.io
@ -31,6 +32,14 @@ jobs:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0 # This is needed in order to keep the commit ids history
+
+      - name: Place a host key document
+        run: |
+          mkdir -p "host-key-document"
+          cp "${CI_HKD_PATH}" "host-key-document"
+        env:
+          CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
+
      - name: Build ${{ matrix.asset }}
        run: |
          make "${KATA_ASSET}-tarball"
@ -42,6 +51,7 @@ jobs:
          KATA_ASSET: ${{ matrix.asset }}
          TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
          PUSH_TO_REGISTRY: yes
+          HKD_PATH: "host-key-document"

      - name: store-artifact ${{ matrix.asset }}
        uses: actions/upload-artifact@v3
--- a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile
+++ b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile
@ -45,6 +45,7 @@ RUN apt-get update && \
  unzip \
  wget \
  xz-utils && \
+  if uname -m | grep -Eq 's390x'; then apt-get install -y s390-tools; fi && \
  apt-get clean && rm -rf /var/lib/apt/lists

 ENV USER ${IMG_USER}