separate the intel-sgx-sdk and enclave docker image build

toshihiko-okubo · toshihiko-okubo · commit c29ea31ba789 · 2025-06-19T10:43:40.000+09:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -68,14 +68,14 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ github.token }}
           logout: true
-      - id: meta
+      - id: metadata
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository }}/${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}
           tags: |
             type=sha,prefix=,format=long
             ${{ github.event.inputs.tag }}
-      - name: Build and Release
+      - name: Build and Push
         uses: docker/build-push-action@v5
         id: docker_build_and_push
         with:
@@ -84,8 +84,8 @@ jobs:
           build-args: |
             LCP_ELC_TYPE=${{ github.event.inputs.enclave }}
             DEPLOYMENT_NETWORK=${{ github.event.inputs.network }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
           cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}:buildCache
           cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/${{ github.event.inputs.enclave }}/${{ github.event.inputs.network }}:buildCache,mode=max
       - name: Create Release
diff --git a/.github/workflows/sgxsdk.yml b/.github/workflows/sgxsdk.yml
@@ -0,0 +1,36 @@
+name: SgxSDK
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read  # checkout
+      packages: write # Push Docker Image to ghcr.io
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+          logout: true
+      - id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}/intel-sgx-sdk
+          tags: |
+            type=sha,prefix=,format=long
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        id: docker_build_and_push
+        with:
+          context: ./sgxsdk
+          push: true
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/intel-sgx-sdk:buildCache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/intel-sgx-sdk:buildCache,mode=max
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,4 @@
-FROM ubuntu:noble-20250529
-
-ARG INTEL_SGX_SDK_VERSION=2.25.100.3
-LABEL com.intel.sgx.sdk.version=$INTEL_SGX_SDK_VERSION
+FROM ghcr.io/datachainlab/toki-bridge-lcp-enclaves/intel-sgx-sdk:70724a0e3fd3818a75b9976da2957fc9b728f41c
 
 ARG RUST_TOOLCHAIN_VERSION=nightly-2024-09-05
 LABEL org.rust-lang.org.toolchain.version=$RUST_TOOLCHAIN_VERSION
@@ -16,17 +13,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 
 WORKDIR /app
 
-# ref: https://github.com/intel/linux-sgx/blob/sgx_2.25/README.md#install-the-intelr-sgx-sdk
-RUN apt update && apt install -y \
-    build-essential=12.10ubuntu1 \
-    curl file python-is-python3 && \
-    rm -rf /var/lib/apt/lists/*
-
-ENV INTEL_SGX_SDK_VERSION=$INTEL_SGX_SDK_VERSION
-
 ADD ./scripts ./scripts
-RUN bash ./scripts/install_build_dependencies.sh
-
 ENV rust_toolchain=$RUST_TOOLCHAIN_VERSION
 RUN bash ./scripts/install_rust.sh
 
diff --git a/sgxsdk/Dockerfile b/sgxsdk/Dockerfile
@@ -0,0 +1,19 @@
+FROM ubuntu:noble-20250529
+
+ARG INTEL_SGX_SDK_VERSION=2.25.100.3
+LABEL com.intel.sgx.sdk.version=$INTEL_SGX_SDK_VERSION
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+WORKDIR /app
+
+# ref: https://github.com/intel/linux-sgx/blob/sgx_2.25/README.md#install-the-intelr-sgx-sdk
+RUN apt update && apt install -y \
+    build-essential=12.10ubuntu1 \
+    curl file python-is-python3 && \
+    rm -rf /var/lib/apt/lists/*
+
+ENV INTEL_SGX_SDK_VERSION=$INTEL_SGX_SDK_VERSION
+
+ADD ./scripts ./scripts
+RUN bash ./scripts/install_sgx_sdk.sh
diff --git a/sgxsdk/scripts/install_sgx_sdk.sh b/sgxsdk/scripts/install_sgx_sdk.sh
@@ -8,6 +8,6 @@ cd /root && \
 curl -o sdk.sh $SDK_URL && \
 chmod a+x /root/sdk.sh && \
 echo -e 'no\n/opt' | ./sdk.sh && \
-echo 'source /opt/sgxsdk/environment' >> /root/.bashrc && \
+echo 'source /opt/sgxsdk.yml/environment' >> /root/.bashrc && \
 cd /root && \
 rm ./sdk.sh
