From 415d4591bd878802505536c2f3662b35bbbc20ee Mon Sep 17 00:00:00 2001
From: Justin Plock <jplock@users.noreply.github.com>
Date: Fri, 20 Dec 2024 17:31:20 -0500
Subject: [PATCH] Use docker bake (#117)

---
 .github/workflows/docker-bake.yml |  2 --
 buildspec.yml                     | 15 ++++++---------
 docker-bake.hcl                   | 10 ----------
 3 files changed, 6 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/docker-bake.yml b/.github/workflows/docker-bake.yml
index dbc7f1f..9cb9095 100644
--- a/.github/workflows/docker-bake.yml
+++ b/.github/workflows/docker-bake.yml
@@ -4,11 +4,9 @@ on:
   push:
     branches:
       - main
-      - jp-bake
   pull_request:
     branches:
       - main
-      - jp-bake
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref_name }}
diff --git a/buildspec.yml b/buildspec.yml
index f566e01..e2fb4da 100644
--- a/buildspec.yml
+++ b/buildspec.yml
@@ -7,17 +7,14 @@ phases:
   build:
     commands:
       - echo Build started on `date`
-      - cd parent
-      - make build-docker
-      - CONTAINER_ID=$(docker create parent-vault:latest)
-      - docker cp $CONTAINER_ID:/app/parent-vault ./parent-vault
-      - docker rm $CONTAINER_ID
-      - cd ../enclave
-      - make build-docker
+      - docker buildx bake
       - echo Build completed on `date`
   post_build:
     commands:
       - '[ ${CODEBUILD_BUILD_SUCCEEDING:-0} -eq 1 ] || exit 1'
+      - CONTAINER_ID=$(docker create parent-vault:latest)
+      - docker cp $CONTAINER_ID:/app/parent-vault ./parent-vault
+      - docker rm $CONTAINER_ID
       - echo "${PRIVATE_KEY}" > nitro_vault_key.pem
       - openssl req -new -key nitro_vault_key.pem -sha384 -nodes -subj "/CN=AWS/C=US/ST=WA/L=Seattle/O=Amazon/OU=AWS" -out nitro_vault_csr.pem
       - openssl x509 -req -days 365 -in nitro_vault_csr.pem -out nitro_vault_cert.pem -sha384 -signkey nitro_vault_key.pem
@@ -29,8 +26,8 @@ phases:
 artifacts:
   discard-paths: yes
   files:
-    - parent/parent-vault  # Used by Deploy:DeployVault
-    - enclave/enclave-vault.eif  # Used by Deploy:DeployVault
+    - parent-vault  # Used by Deploy:DeployVault
+    - enclave-vault.eif  # Used by Deploy:DeployVault
     - vault_template.yml  # Used by Deploy:DeployVault
     - vault_template_configuration.json  # Used by Deploy:DeployVault
 
diff --git a/docker-bake.hcl b/docker-bake.hcl
index 8f2f29f..766ecac 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -8,13 +8,8 @@ target "parent" {
     args = {
         TARGETPLATFORM = "x86_64-unknown-linux-gnu"
     }
-    attest = [
-        "type=provenance,mode=max",
-        "type=sbom",
-    ]
     platforms = ["linux/amd64"]
     tags = ["parent-vault:latest"]
-    output = ["type=cacheonly"]
     cache-to = ["type=gha,ignore-error=true,mode=max,scope=parent"]
     cache-from = ["type=gha,scope=parent"]
 }
@@ -25,13 +20,8 @@ target "enclave" {
     args = {
         TARGETPLATFORM = "x86_64-unknown-linux-musl"
     }
-    attest = [
-        "type=provenance,mode=max",
-        "type=sbom",
-    ]
     platforms = ["linux/amd64"]
     tags = ["enclave-vault:latest"]
-    output = ["type=cacheonly"]
     cache-to = ["type=gha,ignore-error=true,mode=max,scope=enclave"]
     cache-from = ["type=gha,scope=enclave"]
 }
\ No newline at end of file