Fixed the entrypoint.sh (#3)

Co-authored-by: Yagnesh Setti <settiy@microsoft.com>
msftsettiy · Jun 9, 2023 · 6353e19 · 6353e19
1 parent 3753558
commit 6353e19
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 22 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -7,13 +7,16 @@ RUN apt update && \
 
 RUN apt install -y perl
 
+RUN apt install -y jq
+
 RUN python3.8 -m pip install pip --upgrade
 
 # Install CCF Python package to procure cose_signing
 RUN pip install ccf==4.* || exit 1
 
 COPY set_member.json /opt/ccf_sgx/bin/
+COPY accept.json /opt/ccf_sgx/bin/
 COPY entrypoint.sh actions/deploy/entrypoint.sh
 
 RUN ["chmod", "+x", "/actions/deploy/entrypoint.sh"]
-ENTRYPOINT ["/actions/deploy/entrypoint.sh"]
+ENTRYPOINT ["/actions/deploy/entrypoint.sh"]
diff --git a/README.md b/README.md
@@ -20,22 +20,17 @@ These action require 2 secrets to be stored in GitHub.
 on: [push]
 
 jobs:
-  ccf-deploy:
+  ccf-add-member:
     runs-on: ubuntu-latest
-    name: Deploy CCF application
+    name: Add a member to a CCF network
     env:
       CCF_URL: '<your ccf endpoint>/'
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: CCF deploy
-        uses: msftsettiy/azure-managedccf-deploy-app-action@v0.1.0-alpha
-        id: deploy
+      - name: CCF add member
+        uses: msftsettiy/azure-managedccf-add-member-action@v0.1.2-alpha
+        id: add_member
         env:
+          NEWMEMBERCERTD: ${{ secrets.NEWMEMBERCERT }}
           CERTD: ${{ secrets.MEMBERCERT }}
           KEYD: ${{ secrets.MEMBERKEY }}
-        with:
-          application: '<path to your bundled application>'
-      - name: Get the proposal id
-        run: echo "The proposal id is ${{ steps.deploy.outputs.proposal }}"
 ```
diff --git a/accept.json b/accept.json
@@ -0,0 +1,3 @@
+{
+    "ballot": "export function vote (proposal, proposerId) { return true }"
+}
diff --git a/action.yaml b/action.yaml
@@ -1,13 +1,10 @@
 # action.yaml
 name: 'Azure Managed CCF Add Member action'
 author: 'Microsoft'
-description: 'Automate the addition of a member to a Managed CCF network'
+description: 'Ac action to add a member to a CCF network and activate it.'
 branding: 
   icon: 'package'
   color: 'blue'
-outputs:
-  proposal:
-    description: 'The proposal id for the proposal to add the member'
 runs:
   using: 'docker'
   image: 'Dockerfile'
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,8 +1,7 @@
 #!/bin/bash
 
-cp $1 /opt/ccf_sgx/bin/new_member_cert
-
 # CERTD and KEYD represents an active member identity in the Managed CCF instance
+echo "$NEWMEMBERCERTD" > /opt/ccf_sgx/bin/newmembercert
 echo "$CERTD" > /opt/ccf_sgx/bin/cert
 echo "$KEYD" > /opt/ccf_sgx/bin/key
 
@@ -12,14 +11,24 @@ cd /opt/ccf_sgx/bin
 temp_file=`cat /dev/urandom | tr -cd 'a-f0-9' | head -c 32`
 
 # Replace the '\n' with literal '\n' character
-awk '{printf "%s\\n", $0}' new_member_cert > $temp_file
+awk '{printf "%s\\n", $0}' newmembercert > $temp_file
 
 # Replace the __MEMBER_CERTIFICATE__ placeholder in the proposal with the actual member certificate
 export MEMBER_CERT = $(cat $temp_file)
 perl -p -i -e 's/__MEMBER_CERTIFICATE__/$ENV{MEMBER_CERT}/g' set_member.json
 
 # Add the member
+echo "Adding the member."
+content=$(ccf_cose_sign1 --ccf-gov-msg-type proposal --ccf-gov-msg-created_at `date -Is` --signing-key key --signing-cert cert --content set_member.json | curl ${CCF_URL}/gov/proposals -k -H "content-type: application/cose" --data-binary @-)
+proposal_id=$(echo "${content}" | jq '.proposal_id')
+
+# Vote on the proposal
+content=$(ccf_cose_sign1 --ccf-gov-msg-type ballot --ccf-gov-msg-created_at `date -Is` --signing-key key --signing-cert cert --content accept.json --ccf-gov-msg-proposal_id $proposal_id| curl ${CCF_URL}/gov/proposals/$proposal_id/ballots -k -H "content-type: application/cose" --data-binary @-)
+status=$(echo "${content}" | jq '.state')
+
+[[ $status="Accepted" ]] || ( echo "Member could not be added."; exit 1 )
+
+# Activate the member
+echo "Activating the member."
 curl ${CCF_URL}/gov/ack/update_state_digest -X POST -k --key key --cert cert > request.json
-content=$(ccf_cose_sign1 --ccf-gov-msg-type ack --ccf-gov-msg-created_at `date -Is` --signing-key key --signing-cert cert --content set_member.json | curl ${CCF_URL}/gov/ack -k -H "content-type: application/cose" --data-binary @-)
-proposal=$(echo "${content}" | jq '.proposal_id')
-echo "proposal=$proposal" >> $GITHUB_OUTPUT
+ccf_cose_sign1 --content request.json --signing-cert cert --signing-key key --ccf-gov-msg-type ack --ccf-gov-msg-created_at `date -Is`|curl ${CCF_URL}/gov/ack -H 'Content-Type: application/cose' --data-binary @-