Use docker bake (#117)

Author: jplock

.github/workflows/docker-bake.yml

@@ -4,11 +4,9 @@ on:
   push:
     branches:
       - main
-      - jp-bake
   pull_request:
     branches:
       - main
-      - jp-bake
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref_name }}

buildspec.yml

@@ -7,17 +7,14 @@ phases:
   build:
     commands:
       - echo Build started on `date`
-      - cd parent
-      - make build-docker
-      - CONTAINER_ID=$(docker create parent-vault:latest)
-      - docker cp $CONTAINER_ID:/app/parent-vault ./parent-vault
-      - docker rm $CONTAINER_ID
-      - cd ../enclave
-      - make build-docker
+      - docker buildx bake
       - echo Build completed on `date`
   post_build:
     commands:
       - '[ ${CODEBUILD_BUILD_SUCCEEDING:-0} -eq 1 ] || exit 1'
+      - CONTAINER_ID=$(docker create parent-vault:latest)
+      - docker cp $CONTAINER_ID:/app/parent-vault ./parent-vault
+      - docker rm $CONTAINER_ID
       - echo "${PRIVATE_KEY}" > nitro_vault_key.pem
       - openssl req -new -key nitro_vault_key.pem -sha384 -nodes -subj "/CN=AWS/C=US/ST=WA/L=Seattle/O=Amazon/OU=AWS" -out nitro_vault_csr.pem
       - openssl x509 -req -days 365 -in nitro_vault_csr.pem -out nitro_vault_cert.pem -sha384 -signkey nitro_vault_key.pem
@@ -29,8 +26,8 @@ phases:
 artifacts:
   discard-paths: yes
   files:
-    - parent/parent-vault  # Used by Deploy:DeployVault
-    - enclave/enclave-vault.eif  # Used by Deploy:DeployVault
+    - parent-vault  # Used by Deploy:DeployVault
+    - enclave-vault.eif  # Used by Deploy:DeployVault
     - vault_template.yml  # Used by Deploy:DeployVault
     - vault_template_configuration.json  # Used by Deploy:DeployVault
 

docker-bake.hcl

@@ -8,13 +8,8 @@ target "parent" {
     args = {
         TARGETPLATFORM = "x86_64-unknown-linux-gnu"
     }
-    attest = [
-        "type=provenance,mode=max",
-        "type=sbom",
-    ]
     platforms = ["linux/amd64"]
     tags = ["parent-vault:latest"]
-    output = ["type=cacheonly"]
     cache-to = ["type=gha,ignore-error=true,mode=max,scope=parent"]
     cache-from = ["type=gha,scope=parent"]
 }
@@ -25,13 +20,8 @@ target "enclave" {
     args = {
         TARGETPLATFORM = "x86_64-unknown-linux-musl"
     }
-    attest = [
-        "type=provenance,mode=max",
-        "type=sbom",
-    ]
     platforms = ["linux/amd64"]
     tags = ["enclave-vault:latest"]
-    output = ["type=cacheonly"]
     cache-to = ["type=gha,ignore-error=true,mode=max,scope=enclave"]
     cache-from = ["type=gha,scope=enclave"]
 }