From 48b0dd66ec5162937e1ca654de385958bd5ab1f4 Mon Sep 17 00:00:00 2001
From: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
Date: Wed, 29 Mar 2023 16:12:14 +0900
Subject: [PATCH] CC: Introduce secure image in payload image

This is a preliminary work to establish an e2e test for a new runtime
class kata-qemu-se (IBM secure execution).

Fixes: #6544

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
---
 .github/workflows/cc-payload-after-push-s390x.yaml     | 10 ++++++++++
 .../kata-deploy/local-build/dockerbuild/Dockerfile     |  1 +
 2 files changed, 11 insertions(+)

diff --git a/.github/workflows/cc-payload-after-push-s390x.yaml b/.github/workflows/cc-payload-after-push-s390x.yaml
index cdd2d8828d..0bb90e6d67 100644
--- a/.github/workflows/cc-payload-after-push-s390x.yaml
+++ b/.github/workflows/cc-payload-after-push-s390x.yaml
@@ -15,6 +15,7 @@ jobs:
           - cc-kernel
           - cc-qemu
           - cc-rootfs-image
+          - cc-se-image
           - cc-virtiofsd
     steps:
       - name: Login to Kata Containers quay.io
@@ -31,6 +32,14 @@ jobs:
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0 # This is needed in order to keep the commit ids history
+
+      - name: Place a host key document
+        run: |
+          mkdir -p "host-key-document"
+          cp "${CI_HKD_PATH}" "host-key-document"
+        env:
+          CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
+
       - name: Build ${{ matrix.asset }}
         run: |
           make "${KATA_ASSET}-tarball"
@@ -42,6 +51,7 @@ jobs:
           KATA_ASSET: ${{ matrix.asset }}
           TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
           PUSH_TO_REGISTRY: yes
+          HKD_PATH: "host-key-document"
 
       - name: store-artifact ${{ matrix.asset }}
         uses: actions/upload-artifact@v3
diff --git a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile
index 1338f482a2..c4eaf12bdf 100644
--- a/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile
+++ b/tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile
@@ -45,6 +45,7 @@ RUN apt-get update && \
   unzip \
   wget \
   xz-utils && \
+  if uname -m | grep -Eq 's390x'; then apt-get install -y s390-tools; fi && \
   apt-get clean && rm -rf /var/lib/apt/lists
 
 ENV USER ${IMG_USER}