wip

mcollins-ttd · mcollins-ttd · commit a624b10e5a4c · 2025-03-06T13:52:37.000+11:00
diff --git a/.github/actions/acipolicygen_cc/action.yaml b/.github/actions/acipolicygen_cc/action.yaml
@@ -4,15 +4,11 @@ inputs:
   template_file:
     description: 'Path to the template file'
     required: true
-  output_file:
-    description: 'Path to the output policy file'
-    required: true
-# outputs:
-#   policy:
-#     description: 'The base64-encoded policy'
+outputs:
+  policy:
+    description: 'The base64-encoded policy'
 runs:
   using: 'docker'
   image: Dockerfile
   args:
     - ${{ inputs.template_file }}
-    - ${{ inputs.output_file }}
diff --git a/.github/actions/acipolicygen_cc/entrypoint.sh b/.github/actions/acipolicygen_cc/entrypoint.sh
@@ -5,7 +5,7 @@ az confcom acipolicygen \
     --template-file \
     $GITHUB_WORKSPACE/$1 \
     --print-policy \
-    >> $GITHUB_WORKSPACE/$2
+    >>"$GITHUB_OUTPUT"
 
 # if [[ $? -ne 0 ]]; then
 #     exit 1
diff --git a/.github/workflows/publish-azure-cc-enclave-docker.yaml b/.github/workflows/publish-azure-cc-enclave-docker.yaml
@@ -217,12 +217,11 @@ jobs:
         with:
           # TODO
           template_file: deployment-artifacts/operator.json
-          output_file: ${{ env.SCRIPTS_DIR }}/policy.base64
 
       - name: Update operator template
         # TODO
         run: |
-          whoami
+          echo -n ${{ steps.aci_policy.outputs.policy }} >> ${{ env.SCRIPTS_DIR }}/policy.base64
           ls -lah ${{ env.SCRIPTS_DIR }}/policy.base64
           # Export the policy, update it to turn off allow_environment_variable_dropping, and then insert it into the template
           # note that the EnclaveId is generated by generate.py on the raw policy, not the base64 version
