Action to add a member

Dockerfile

@@ -0,0 +1,19 @@
+FROM mcr.microsoft.com/ccf/app/dev:4.0.1-sgx
+
+RUN apt update && \
+    apt install -y \
+    python3.8 \
+    python3-pip
+
+RUN apt install -y perl
+
+RUN python3.8 -m pip install pip --upgrade
+
+# Install CCF Python package to procure cose_signing
+RUN pip install ccf==4.* || exit 1
+
+COPY set_member.json /opt/ccf_sgx/bin/
+COPY entrypoint.sh actions/deploy/entrypoint.sh
+
+RUN ["chmod", "+x", "/actions/deploy/entrypoint.sh"]
+ENTRYPOINT ["/actions/deploy/entrypoint.sh"]

README.md

@@ -1,2 +1,41 @@
-# azure-managedccf-activate-member-action
-A GitHub action to add and activate a member in a Managed CCF instance.
+# Action for deployment of applications to CCF
+
+This GitHub action is designed to automate deployment of an application to a CCF network.
+
+---
+
+## Pre-reqs
+
+These action require 2 secrets to be stored in GitHub.
+
+- MEMBERCERT - The certificate that has access to the network, which will be used to sign the transactions for CCF.
+
+- MEMBERKEY - The private key associated with the MEMBERCERT.
+
+---
+
+## Example workflow: Sample
+
+```
+on: [push]
+
+jobs:
+  ccf-deploy:
+    runs-on: ubuntu-latest
+    name: Deploy CCF application
+    env:
+      CCF_URL: '<your ccf endpoint>/'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: CCF deploy
+        uses: msftsettiy/azure-managedccf-deploy-app-action@v0.1.0-alpha
+        id: deploy
+        env:
+          CERTD: ${{ secrets.MEMBERCERT }}
+          KEYD: ${{ secrets.MEMBERKEY }}
+        with:
+          application: '<path to your bundled application>'
+      - name: Get the proposal id
+        run: echo "The proposal id is ${{ steps.deploy.outputs.proposal }}"
+```

action.yaml

@@ -0,0 +1,19 @@
+# action.yaml
+name: 'CCF add member'
+author: 'Microsoft'
+description: 'Automated the addition of a member to a Managaed CCF instance'
+branding: 
+  icon: 'package'
+  color: 'blue'
+inputs:
+  new_member_cert:
+    description: 'The public certificate of the new member being added'
+    required: true
+outputs:
+  proposal:
+    description: 'The proposal id for the proposal to add the member'
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  args:
+    - ${{ inputs.new_member_cert }}

entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+cp $1 /opt/ccf_sgx/bin/new_member_cert
+
+# CERTD and KEYD represents an active member identity in the Managed CCF instance
+echo "$CERTD" > /opt/ccf_sgx/bin/cert
+echo "$KEYD" > /opt/ccf_sgx/bin/key
+
+cd /opt/ccf_sgx/bin
+
+# Generate a temp file name
+temp_file=`cat /dev/urandom | tr -cd 'a-f0-9' | head -c 32`
+
+# Replace the '\n' with literal '\n' character
+awk '{printf "%s\\n", $0}' new_member_cert > $temp_file
+
+# Replace the __MEMBER_CERTIFICATE__ placeholder in the proposal with the actual member certificate
+export MEMBER_CERT = $(cat $temp_file)
+perl -p -i -e 's/__MEMBER_CERTIFICATE__/$ENV{MEMBER_CERT}/g' set_member.json
+
+# Add the member
+curl ${CCF_URL}/gov/ack/update_state_digest -X POST -k --key key --cert cert > request.json
+content=$(ccf_cose_sign1 --ccf-gov-msg-type ack --ccf-gov-msg-created_at `date -Is` --signing-key key --signing-cert cert --content set_member.json | curl ${CCF_URL}/gov/ack -k -H "content-type: application/cose" --data-binary @-)
+proposal=$(echo "${content}" | jq '.proposal_id')
+echo "proposal=$proposal" >> $GITHUB_OUTPUT

set_member.json

@@ -0,0 +1,10 @@
+{
+    "actions": [
+      {
+        "name": "set_member",
+        "args": {
+          "cert": "__MEMBER_CERTIFICATE__"
+        }
+      }
+    ]
+  }