From 8d47e34558182e2e0b161da09dd7cee18c93968d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Thu, 6 Jul 2023 10:50:17 +0200
Subject: [PATCH] cc: gha: Export MEASURE_ROOTFS=yes for rootfs-image builds
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We need to export MEASURED_ROOTFS=yes for the rootfs-image builds, as
shown here[0], otherwise the root_hash.txt file won't be generated.

A huge thanks to Choi for quickly finding this out.

Fixes: #7235

[0]:
https://github.com/kata-containers/kata-containers/blob/CCv0/tools/osbuilder/image-builder/image_builder.sh#L507,

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 .github/workflows/cc-payload-after-push-amd64.yaml            | 4 ++++
 .github/workflows/cc-payload-after-push-s390x.yaml            | 2 ++
 .github/workflows/cc-payload-amd64.yaml                       | 4 ++++
 .github/workflows/cc-payload-s390x.yaml                       | 2 ++
 .../packaging/kata-deploy/local-build/kata-deploy-binaries.sh | 1 +
 5 files changed, 13 insertions(+)

diff --git a/.github/workflows/cc-payload-after-push-amd64.yaml b/.github/workflows/cc-payload-after-push-amd64.yaml
index 82bae4e7b4..1a93fae55c 100644
--- a/.github/workflows/cc-payload-after-push-amd64.yaml
+++ b/.github/workflows/cc-payload-after-push-amd64.yaml
@@ -34,6 +34,10 @@ jobs:
             asset: cc-kernel
           - measured_rootfs: yes
             asset: cc-tdx-kernel
+          - measured_rootfs: yes
+            asset: cc-rootfs-image
+          - measured_rootfs: yes
+            asset: cc-tdx-rootfs-image
     steps:
       - name: Login to Kata Containers quay.io
         uses: docker/login-action@v2
diff --git a/.github/workflows/cc-payload-after-push-s390x.yaml b/.github/workflows/cc-payload-after-push-s390x.yaml
index d9116c599e..38e2f563ee 100644
--- a/.github/workflows/cc-payload-after-push-s390x.yaml
+++ b/.github/workflows/cc-payload-after-push-s390x.yaml
@@ -23,6 +23,8 @@ jobs:
         include:
           - measured_rootfs: yes
             asset: cc-kernel
+          - measured_rootfs: yes
+            asset: cc-rootfs-image
     steps:
       - name: Login to Kata Containers quay.io
         uses: docker/login-action@v2
diff --git a/.github/workflows/cc-payload-amd64.yaml b/.github/workflows/cc-payload-amd64.yaml
index d37328d3ae..dcf5c87c9f 100644
--- a/.github/workflows/cc-payload-amd64.yaml
+++ b/.github/workflows/cc-payload-amd64.yaml
@@ -34,6 +34,10 @@ jobs:
             asset: cc-kernel
           - measured_rootfs: yes
             asset: cc-tdx-kernel
+          - measured_rootfs: yes
+            asset: cc-rootfs-image
+          - measured_rootfs: yes
+            asset: cc-tdx-rootfs-image
     steps:
       - uses: actions/checkout@v3
       - name: Build ${{ matrix.asset }}
diff --git a/.github/workflows/cc-payload-s390x.yaml b/.github/workflows/cc-payload-s390x.yaml
index 9544bd792e..0218351d9b 100644
--- a/.github/workflows/cc-payload-s390x.yaml
+++ b/.github/workflows/cc-payload-s390x.yaml
@@ -20,6 +20,8 @@ jobs:
         include:
           - measured_rootfs: yes
             asset: cc-kernel
+          - measured_rootfs: yes
+            asset: cc-rootfs-image
     steps:
       - name: Adjust a permission for repo
         run: |
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index c2d1cf956d..6b25e5f152 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -255,6 +255,7 @@ install_cc_image() {
 	root_hash_suffix="${4:-""}"
 	tee="${5:-""}"
 	export KATA_BUILD_CC=yes
+	export MEASURED_ROOTFS=${MEASURED_ROOTFS}
 
 	local jenkins="${jenkins_url}/job/kata-containers-2.0-rootfs-image-cc-$(uname -m)/${cached_artifacts_path}"
 	local component="rootfs-image"