deploy to staging

.github/workflows/deploy-control-plane-image-staging.yml

@@ -1,13 +1,13 @@
-on:
-  push:
-    paths:
-      - control-plane/**
-      - shared/**
-      - .github/workflows/deploy-control-plane-image-staging.yml
-      - scripts/start-cage.sh
-      - scripts/health-check.sh
-    branches:
-      - main
+on: [push]
+  # push:
+  #   paths:
+  #     - control-plane/**
+  #     - shared/**
+  #     - .github/workflows/deploy-control-plane-image-staging.yml
+  #     - scripts/start-cage.sh
+  #     - scripts/health-check.sh
+  #   branches:
+  #     - main
 name: Deploy new control plane image
 env:
   LINUX_TARGET: x86_64-unknown-linux-musl

control-plane/src/configuration.rs

@@ -35,7 +35,6 @@ pub fn get_aws_profile() -> String {
     std::env::var("AWS_PROFILE").unwrap_or_else(|_| "ev-local-customers".to_string())
 }
 
-
 pub fn get_aws_region() -> aws_types::region::Region {
     let region = std::env::var("AWS_REGION")
         .ok()
@@ -51,11 +50,7 @@ pub struct EnclaveRunConfig {
 }
 
 impl EnclaveRunConfig {
-    pub fn new(
-        num_cpus: String,
-        ram_size_mib: String,
-        debug_mode: String,
-    ) -> EnclaveRunConfig {
+    pub fn new(num_cpus: String, ram_size_mib: String, debug_mode: String) -> EnclaveRunConfig {
         EnclaveRunConfig {
             num_cpus,
             ram_size_mib,
@@ -64,7 +59,6 @@ impl EnclaveRunConfig {
     }
 }
 
-
 #[derive(Clone)]
 pub struct EnclaveContext {
     pub uuid: String,

control-plane/src/lib.rs

@@ -11,10 +11,10 @@ pub mod egressproxy;
 pub mod enclave_connection;
 pub mod error;
 pub mod health;
+pub mod orchestration;
 pub mod stats_client;
 pub mod stats_proxy;
 pub mod tls_proxy;
-pub mod orchestration;
 
 #[cfg(test)]
 pub mod mocks;

control-plane/src/main.rs

@@ -5,9 +5,7 @@ use control_plane::stats_client::StatsClient;
 use control_plane::stats_proxy::StatsProxy;
 use control_plane::{config_server, tls_proxy};
 use shared::{print_version, utils::pipe_streams, ENCLAVE_CONNECT_PORT};
-use tls_parser::nom::Or;
 use std::net::{IpAddr, Ipv4Addr, SocketAddr};
-use std::process::Command;
 use storage_client_interface::s3;
 use tokio::io::AsyncWriteExt;
 use tokio::time::{sleep, Duration};
@@ -84,7 +82,8 @@ async fn main() -> Result<()> {
             config_server.listen(),
             provisioner_proxy.listen(),
             acme_proxy.listen(),
-            StatsProxy::listen()
+            StatsProxy::listen(),
+            Orchestration::start_enclave()
         );
 
         if let Err(err) = tcp_result {
@@ -253,7 +252,9 @@ fn listen_for_shutdown_signal() {
                 // Wait for 55 seconds before terminating enclave - ECS waits 55 seconds to kill the container
                 sleep(Duration::from_millis(55000)).await;
 
-                let output = Orchestration::shutdown_all_enclaves().expect("failed to terminate enclave");
+                let output = Orchestration::shutdown_all_enclaves()
+                    .await
+                    .expect("failed to terminate enclave");
 
                 log::info!(
                     "Terminated enclave: {}",

control-plane/src/orchestration.rs

@@ -1,7 +1,9 @@
-use std::{process::{Command, Output, Stdio}, vec};
+use std::process::{Output, Stdio};
+
 use log::info;
 use serde_json::Value;
 use thiserror::Error;
+use tokio::process::Command;
 
 use crate::configuration::get_enclave_run_config;
 
@@ -24,27 +26,28 @@ pub enum OrchestrationError {
 pub struct Orchestration;
 
 impl Orchestration {
-    pub fn shutdown_all_enclaves() -> Result<Output, OrchestrationError> {
+    pub async fn shutdown_all_enclaves() -> Result<Output, OrchestrationError> {
         Command::new("sh")
-                .arg("-c")
-                    .arg("nitro-cli terminate-enclave --all")
-                    .output()
-                    .map_err(|e| OrchestrationError::Io(e))
+            .arg("-c")
+            .arg("nitro-cli terminate-enclave --all")
+            .output()
+            .await
+            .map_err(|e| OrchestrationError::Io(e))
     }
 
-
-    pub fn start_enclave() -> Result<(), OrchestrationError> {
+    pub async fn start_enclave() -> Result<(), OrchestrationError> {
         let run_config = get_enclave_run_config();
 
         info!("[HOST] Checking for running enclaves...");
 
-        let running_enclaves = Self::run_command_capture_stdout(&["nitro-cli", "describe-enclaves"])?;
+        let running_enclaves =
+            Self::run_command_capture_stdout(&["nitro-cli", "describe-enclaves"]).aw?;
         let enclaves: Value = serde_json::from_str(&running_enclaves)?;
         let v = vec![];
         let enclaves_array = enclaves.as_array().unwrap_or(&v);
         if enclaves_array.len() > 0 {
             info!("There's an enclave already running on this host. Terminating it...");
-            Self::shutdown_all_enclaves()?;
+            Self::shutdown_all_enclaves().await?;
             info!("Enclave terminated. Waiting 10s...");
             std::thread::sleep(std::time::Duration::from_secs(10));
         } else {
@@ -55,10 +58,14 @@ impl Orchestration {
         let mut run_command = vec![
             "nitro-cli",
             "run-enclave",
-            "--cpu-count", &run_config.num_cpus,
-            "--memory", &run_config.ram_size_mib,
-            "--enclave-cid", "2021",
-            "--eif-path", "enclave.eif",
+            "--cpu-count",
+            &run_config.num_cpus,
+            "--memory",
+            &run_config.ram_size_mib,
+            "--enclave-cid",
+            "2021",
+            "--eif-path",
+            "enclave.eif",
         ];
 
         if run_config.debug_mode == "true" {
@@ -68,36 +75,44 @@ impl Orchestration {
             println!("Debug mode disabled...");
         }
 
-        Self::run_command_capture_stdout(&run_command)?;
+        Self::run_command_capture_stdout(&run_command).await?;
 
         info!("Enclave started... Waiting 5 seconds for warmup.");
         std::thread::sleep(std::time::Duration::from_secs(10));
 
         if run_config.debug_mode == "true" {
             println!("Attaching headless console for running enclaves...");
-            let running_enclaves = Self::run_command_capture_stdout(&["nitro-cli", "describe-enclaves"])?;
+            let running_enclaves =
+                Self::run_command_capture_stdout(&["nitro-cli", "describe-enclaves"]).await?;
             let enclaves: Value = serde_json::from_str(&running_enclaves)?;
             let v = vec![];
             let enclaves_array = enclaves.as_array().unwrap_or(&v);
             for enclave in enclaves_array {
                 let id = enclave["EnclaveID"].as_str().unwrap();
-                Self::run_command_capture_stdout(&["nitro-cli", "console", "--enclave-id", id])?;
+                Self::run_command_capture_stdout(&["nitro-cli", "console", "--enclave-id", id])
+                    .await?;
             }
         }
         Ok(())
     }
 
-    fn run_command_capture_stdout(args: &[&str]) -> Result<String, OrchestrationError> {
+    async fn run_command_capture_stdout(args: &[&str]) -> Result<String, OrchestrationError> {
         let output = Command::new(args[0])
             .args(&args[1..])
             .stderr(Stdio::inherit())
-            .output()?;
-
+            .output()
+            .await?;
+
         if !output.status.success() {
-            return Err(OrchestrationError::CommandFailed(format!("Command {:?} failed with exit status: {}", args, output.status).into()));
+            return Err(OrchestrationError::CommandFailed(
+                format!(
+                    "Command {:?} failed with exit status: {}",
+                    args, output.status
+                )
+                .into(),
+            ));
         }
-    
+
         Ok(String::from_utf8_lossy(&output.stdout).to_string())
     }
 }
-