From 5bfda9fc5af659d31b527fd65c8d602dc34f59a6 Mon Sep 17 00:00:00 2001
From: Kailai Wang <Kailai.Wang@hotmail.com>
Date: Wed, 30 Nov 2022 10:36:52 +0100
Subject: [PATCH 1/8] debug: try download and push

---
 .github/workflows/tee-worker-ci.yml | 318 +---------------------------
 1 file changed, 3 insertions(+), 315 deletions(-)

diff --git a/.github/workflows/tee-worker-ci.yml b/.github/workflows/tee-worker-ci.yml
index 68a0d011e9..8600381a30 100644
--- a/.github/workflows/tee-worker-ci.yml
+++ b/.github/workflows/tee-worker-ci.yml
@@ -62,7 +62,7 @@ jobs:
 
       - name: Build docker image
         run: |
-          ./scripts/litentry/build_parachain_docker.sh
+          docker pull litentry/litentry-parachain:tee-dev
 
       - name: Save docker image
         run: |
@@ -74,260 +74,12 @@ jobs:
           name: parachain-artifact
           path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
 
-  build-test:
-    runs-on: ubuntu-20.04
-    needs: check-file-change
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - flavor_id: sidechain
-            mode: sidechain
-          - flavor_id: offchain-worker
-            mode: offchain-worker
-          - flavor_id: teeracle
-            mode: teeracle
-          - flavor_id: sidechain-evm
-            mode: sidechain
-            additional_features: evm
-          - flavor_id: mockserver
-            mode: sidechain
-            additional_features: mockserver
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          buildkitd-flags: --debug
-          driver: docker-container
-
-      - name: Build Worker & Run Cargo Test
-        env:
-          DOCKER_BUILDKIT: 1
-        run: >
-          cd .. && docker build -t integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}
-          --target deployed-worker
-          --build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }}
-          -f tee-worker/build.Dockerfile .
-
-      - name: Build CLI client
-        env:
-          DOCKER_BUILDKIT: 1
-        run: >
-          cd .. && docker build -t integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}
-          --target deployed-client
-          --build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }}
-          -f tee-worker/build.Dockerfile .
-
-      - run: docker images --all
-
-      - name: Test Enclave # cargo test is not supported in the enclave, see: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/232
-        run: docker run --name ${{ env.BUILD_CONTAINER_NAME }} integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} test --all
-
-      - name: Export worker image(s)
-        run: |
-          docker image save integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} | gzip > ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
-          docker image save integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} | gzip > ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
-
-      - name: Upload worker image
-        uses: actions/upload-artifact@v3
-        with:
-          name: integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
-          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
-
-      - name: Upload CLI client image
-        uses: actions/upload-artifact@v3
-        with:
-          name: integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
-          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
-
-  clippy:
-    runs-on: ubuntu-latest
-    needs: check-file-change
-    container: "integritee/integritee-dev:0.1.9"
-    steps:
-      - uses: actions/checkout@v3
-      - name: init rust
-        # enclave is not in the same workspace
-        run: rustup show && cd enclave-runtime && rustup show
-
-      - name: Clippy default features
-        run: cargo clippy -- -D warnings
-      - name: Enclave # Enclave is separate as it's not in the workspace
-        run: cd enclave-runtime && cargo clippy -- -D warnings
-
-      - name: Clippy with EVM feature
-        run: |
-          cargo clippy --features evm -- -D warnings
-          cd enclave-runtime && cargo clippy --features evm -- -D warnings
-      - name: Clippy with Sidechain feature
-        run: |
-          cargo clippy --features sidechain -- -D warnings
-          cd enclave-runtime && cargo clippy --features sidechain -- -D warnings
-      - name: Clippy with Teeracle feature
-        run: |
-          cargo clippy --features teeracle -- -D warnings
-          cd enclave-runtime && cargo clippy --features teeracle -- -D warnings
-      - name: Clippy with Offchain-worker feature
-        run: |
-          cargo clippy --features offchain-worker -- -D warnings
-          cd enclave-runtime && cargo clippy --features offchain-worker -- -D warnings
-      - name: Fail-fast; cancel other jobs
-        if: failure()
-        uses: andymckay/cancel-action@0.2
-
-  fmt:
-    runs-on: ubuntu-latest
-    needs: check-file-change
-    steps:
-      - uses: actions/checkout@v3
-      - name: init rust
-        run: rustup show
-
-      - name: Worker & Client
-        run: cargo fmt --all -- --check
-      - name: Enclave # Enclave is separate as it's not in the workspace
-        run: cd enclave-runtime && cargo fmt --all -- --check
-
-      - name: Install taplo
-        run: cargo install taplo-cli --locked
-      - name: Cargo.toml fmt
-        run: taplo fmt --check
-
-      - name: Fail-fast; cancel other jobs
-        if: failure()
-        uses: andymckay/cancel-action@0.2
-
-  integration-tests:
-    runs-on: ubuntu-20.04
-    needs:
-      - build-parachain-docker
-      - build-test
-    env:
-      WORKER_IMAGE_TAG: integritee-worker:dev
-      CLIENT_IMAGE_TAG: integritee-cli:dev
-      COINMARKETCAP_KEY: ${{ secrets.COINMARKETCAP_KEY }}
-      TEERACLE_INTERVAL_SECONDS: 4
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - test: M6
-            flavor_id: sidechain
-            demo_name: demo-indirect-invocation
-          - test: M8
-            flavor_id: sidechain
-            demo_name: demo-direct-call
-          - test: Sidechain
-            flavor_id: sidechain
-            demo_name: demo-sidechain
-          - test: M6
-            flavor_id: offchain-worker
-            demo_name: demo-indirect-invocation
-          - test: Teeracle
-            flavor_id: teeracle
-            demo_name: demo-teeracle
-          - test: Benchmark
-            flavor_id: sidechain
-            demo_name: sidechain-benchmark
-          - test: EVM
-            flavor_id: sidechain-evm
-            demo_name: demo-smart-contract
-          # Litentry
-          - test: user-shielding-key
-            flavor_id: sidechain
-            demo_name: user-shielding-key
-          - test: ts-tests
-            flavor_id: mockserver
-            demo_name: ts-tests
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Pull polkadot image
-        run: |
-          docker pull parity/polkadot:latest
-
-      - uses: actions/download-artifact@v3
-        with:
-          name: parachain-artifact
-          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}
-
-      - name: Load docker image
-        run: |
-          docker load -i ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
-
-      - name: Download Worker Image
-        uses: actions/download-artifact@v3
-        with:
-          name: integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
-          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}
-
-      - name: Download CLI client Image
-        uses: actions/download-artifact@v3
-        with:
-          name: integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
-          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}
-
-      - name: Load Worker & Client Images
-        env:
-          DOCKER_BUILDKIT: 1
-        run: |
-          docker image load --input ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
-          docker image load --input ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
-          docker images --all
-
-      - name: Re-name Image Tags
-        run: |
-          docker tag integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.WORKER_IMAGE_TAG }}
-          docker tag integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.CLIENT_IMAGE_TAG }}
-          docker images --all
-
-      - name: Generate parachain artefacts
-        run: |
-          ./scripts/litentry/generate_parachain_artefacts.sh
-
-      - name: Build litentry parachain docker images
-        run: |
-          cd docker
-          docker-compose -f litentry-parachain.build.yml build
-
-      - name: Integration Test ${{ matrix.test }}-${{ matrix.flavor_id }}
-        timeout-minutes: 30
-        run: |
-          cd docker
-          docker-compose -f docker-compose.yml -f ${{ matrix.demo_name }}.yml up --no-build --exit-code-from ${{ matrix.demo_name }} -- ${{ matrix.demo_name }}
-
-      - name: Stop docker containers
-        run: |
-          cd docker
-          docker compose -f docker-compose.yml -f ${{ matrix.demo_name }}.yml stop
-
-      - name: Collect Docker Logs
-        continue-on-error: true
-        if: always()
-        uses: jwalton/gh-docker-logs@v2
-        with:
-          #images: '${{ env.WORKER_IMAGE_TAG }},${{ env.CLIENT_IMAGE_TAG }}'
-          tail: all
-          dest: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/${{ env.LOG_DIR }}
-
-      - name: Upload logs
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: logs-${{ matrix.test }}-${{ matrix.flavor_id }}
-          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/${{ env.LOG_DIR }}
-
   # Only push docker image when tests are passed and it's a push event
   push-docker-image:
     runs-on: ubuntu-latest
     needs:
-      - integration-tests
-    if: ${{ success() && (github.event_name == 'push') }}
+      - build-parachain-docker
+    if: ${{ success() }}
     steps:
       - uses: actions/download-artifact@v3
         with:
@@ -346,67 +98,3 @@ jobs:
 
       - name: Push docker image
         run: docker push litentry/litentry-parachain:tee-dev
-
-  release:
-    name: Draft Release
-    if: startsWith(github.ref, 'refs/tags/')
-    runs-on: ubuntu-latest
-    needs: [build-test, integration-tests]
-    outputs:
-      release_url: ${{ steps.create-release.outputs.html_url }}
-      asset_upload_url: ${{ steps.create-release.outputs.upload_url }}
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Download Integritee Service
-        uses: actions/download-artifact@v3
-        with:
-          name: integritee-worker-sidechain-${{ github.sha }}
-          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-worker-tmp
-
-      - name: Download Integritee Client
-        uses: actions/download-artifact@v3
-        with:
-          name: integritee-client-sidechain-${{ github.sha }}
-          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-client-tmp
-
-      - name: Download Enclave Signed
-        uses: actions/download-artifact@v3
-        with:
-          name: enclave-signed-sidechain-${{ github.sha }}
-          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/enclave-signed-tmp
-
-      - name: Move service binaries
-        run: mv ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-worker-tmp/integritee-service ./integritee-demo-validateer
-
-      - name: Move service client binaries
-        run: mv ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-client-tmp/integritee-cli ./integritee-client
-
-      - name: Move service client binaries
-        run: mv ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/enclave-signed-tmp/enclave.signed.so ./enclave.signed.so
-
-      - name: Create required package.json
-        run: test -f package.json || echo '{}' >package.json
-
-      - name: Changelog
-        uses: scottbrenner/generate-changelog-action@master
-        id: Changelog
-
-      - name: Display structure of downloaded files
-        run: ls -R
-        working-directory: .
-
-      - name: Release
-        id: create-release
-        uses: softprops/action-gh-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          body: |
-            ${{ steps.Changelog.outputs.changelog }}
-          draft: true
-          # note the path change
-          files: |
-            tee-worker/integritee-client
-            tee-worker/integritee-demo-validateer
-            tee-worker/enclave.signed.so

From 3202c7f39bdff63b31ddefed8f6ff7b6f2de21eb Mon Sep 17 00:00:00 2001
From: Kailai Wang <Kailai.Wang@hotmail.com>
Date: Wed, 30 Nov 2022 11:16:03 +0100
Subject: [PATCH 2/8] add debug commands

---
 .github/workflows/tee-worker-ci.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/tee-worker-ci.yml b/.github/workflows/tee-worker-ci.yml
index 8600381a30..c13a691021 100644
--- a/.github/workflows/tee-worker-ci.yml
+++ b/.github/workflows/tee-worker-ci.yml
@@ -88,6 +88,8 @@ jobs:
 
       - name: Load docker image
         run: |
+          ls -l ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}
+          ls -l ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
           docker load -i ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
 
       - name: Dockerhub login

From 0a59ad93b857612560d7745cf3ee247ba907f945 Mon Sep 17 00:00:00 2001
From: Kailai Wang <Kailai.Wang@hotmail.com>
Date: Wed, 30 Nov 2022 11:19:32 +0100
Subject: [PATCH 3/8] remove file checker

---
 .github/workflows/tee-worker-ci.yml | 21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/.github/workflows/tee-worker-ci.yml b/.github/workflows/tee-worker-ci.yml
index c13a691021..5c12c04991 100644
--- a/.github/workflows/tee-worker-ci.yml
+++ b/.github/workflows/tee-worker-ci.yml
@@ -34,29 +34,8 @@ defaults:
     working-directory: tee-worker
 
 jobs:
-  check-file-change:
-    runs-on: ubuntu-latest
-    # see https://github.com/orgs/community/discussions/25722
-    if: ${{ github.event_name == 'push' || !github.event.pull_request.draft }}
-    outputs:
-      src: ${{ steps.filter.outputs.src }}
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      # Checks to see if any files in the PR/commit match one of the listed file types.
-      # We can use this filter to decide whether or not to build docker images
-      - uses: dorny/paths-filter@v2
-        id: filter
-        with:
-          filters: |
-            src:
-              - 'tee-worker/**'
-
   build-parachain-docker:
     runs-on: ubuntu-latest
-    needs: check-file-change
     steps:
       - uses: actions/checkout@v3
 

From 2996d060de84e561cf4127eb43aaea8f97d3c761 Mon Sep 17 00:00:00 2001
From: Kailai Wang <Kailai.Wang@hotmail.com>
Date: Wed, 30 Nov 2022 11:31:24 +0100
Subject: [PATCH 4/8] remove defaults

---
 .github/workflows/tee-worker-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/tee-worker-ci.yml b/.github/workflows/tee-worker-ci.yml
index 5c12c04991..2d0777ab77 100644
--- a/.github/workflows/tee-worker-ci.yml
+++ b/.github/workflows/tee-worker-ci.yml
@@ -29,9 +29,9 @@ concurrency:
 
 # to minimise the changes by setting a default working directory
 # please note it only applies to the `run` command, not `use` command
-defaults:
-  run:
-    working-directory: tee-worker
+# defaults:
+#   run:
+#     working-directory: tee-worker
 
 jobs:
   build-parachain-docker:

From 2b029d3c9ea9a9b00c95a3777fd12256cbc6f5f6 Mon Sep 17 00:00:00 2001
From: Kailai Wang <Kailai.Wang@hotmail.com>
Date: Wed, 30 Nov 2022 11:38:31 +0100
Subject: [PATCH 5/8] add pwd

---
 .github/workflows/tee-worker-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/tee-worker-ci.yml b/.github/workflows/tee-worker-ci.yml
index 2d0777ab77..be7fa71c51 100644
--- a/.github/workflows/tee-worker-ci.yml
+++ b/.github/workflows/tee-worker-ci.yml
@@ -69,6 +69,7 @@ jobs:
         run: |
           ls -l ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}
           ls -l ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
+          pwd
           docker load -i ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
 
       - name: Dockerhub login

From 9077abdce13ed5a04ab2323c99e012c8d296eca3 Mon Sep 17 00:00:00 2001
From: Kailai Wang <Kailai.Wang@hotmail.com>
Date: Wed, 30 Nov 2022 12:12:35 +0100
Subject: [PATCH 6/8] make sure to chekcout code

---
 .github/workflows/tee-worker-ci.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/tee-worker-ci.yml b/.github/workflows/tee-worker-ci.yml
index be7fa71c51..fa0e3ba00b 100644
--- a/.github/workflows/tee-worker-ci.yml
+++ b/.github/workflows/tee-worker-ci.yml
@@ -29,9 +29,9 @@ concurrency:
 
 # to minimise the changes by setting a default working directory
 # please note it only applies to the `run` command, not `use` command
-# defaults:
-#   run:
-#     working-directory: tee-worker
+defaults:
+  run:
+    working-directory: tee-worker
 
 jobs:
   build-parachain-docker:
@@ -60,6 +60,8 @@ jobs:
       - build-parachain-docker
     if: ${{ success() }}
     steps:
+      - uses: actions/checkout@v3
+
       - uses: actions/download-artifact@v3
         with:
           name: parachain-artifact
@@ -73,7 +75,7 @@ jobs:
           docker load -i ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
 
       - name: Dockerhub login
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}

From 6be2e5828bd09c00f89fb74a2f6ef0206b5eb49b Mon Sep 17 00:00:00 2001
From: Kailai Wang <Kailai.Wang@hotmail.com>
Date: Wed, 30 Nov 2022 12:18:16 +0100
Subject: [PATCH 7/8] checkout code

---
 .github/workflows/tee-worker-ci.yml | 342 +++++++++++++++++++++++++++-
 1 file changed, 336 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/tee-worker-ci.yml b/.github/workflows/tee-worker-ci.yml
index fa0e3ba00b..fba8af8fcd 100644
--- a/.github/workflows/tee-worker-ci.yml
+++ b/.github/workflows/tee-worker-ci.yml
@@ -34,14 +34,35 @@ defaults:
     working-directory: tee-worker
 
 jobs:
+  check-file-change:
+    runs-on: ubuntu-latest
+    # see https://github.com/orgs/community/discussions/25722
+    if: ${{ github.event_name == 'push' || !github.event.pull_request.draft }}
+    outputs:
+      src: ${{ steps.filter.outputs.src }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      # Checks to see if any files in the PR/commit match one of the listed file types.
+      # We can use this filter to decide whether or not to build docker images
+      - uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          filters: |
+            src:
+              - 'tee-worker/**'
+
   build-parachain-docker:
     runs-on: ubuntu-latest
+    needs: check-file-change
     steps:
       - uses: actions/checkout@v3
 
       - name: Build docker image
         run: |
-          docker pull litentry/litentry-parachain:tee-dev
+          ./scripts/litentry/build_parachain_docker.sh
 
       - name: Save docker image
         run: |
@@ -53,12 +74,260 @@ jobs:
           name: parachain-artifact
           path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
 
+  build-test:
+    runs-on: ubuntu-20.04
+    needs: check-file-change
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - flavor_id: sidechain
+            mode: sidechain
+          - flavor_id: offchain-worker
+            mode: offchain-worker
+          - flavor_id: teeracle
+            mode: teeracle
+          - flavor_id: sidechain-evm
+            mode: sidechain
+            additional_features: evm
+          - flavor_id: mockserver
+            mode: sidechain
+            additional_features: mockserver
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          buildkitd-flags: --debug
+          driver: docker-container
+
+      - name: Build Worker & Run Cargo Test
+        env:
+          DOCKER_BUILDKIT: 1
+        run: >
+          cd .. && docker build -t integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}
+          --target deployed-worker
+          --build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }}
+          -f tee-worker/build.Dockerfile .
+
+      - name: Build CLI client
+        env:
+          DOCKER_BUILDKIT: 1
+        run: >
+          cd .. && docker build -t integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}
+          --target deployed-client
+          --build-arg WORKER_MODE_ARG=${{ matrix.mode }} --build-arg ADDITIONAL_FEATURES_ARG=${{ matrix.additional_features }}
+          -f tee-worker/build.Dockerfile .
+
+      - run: docker images --all
+
+      - name: Test Enclave # cargo test is not supported in the enclave, see: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/232
+        run: docker run --name ${{ env.BUILD_CONTAINER_NAME }} integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} test --all
+
+      - name: Export worker image(s)
+        run: |
+          docker image save integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} | gzip > ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
+          docker image save integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} | gzip > ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
+
+      - name: Upload worker image
+        uses: actions/upload-artifact@v3
+        with:
+          name: integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
+          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
+
+      - name: Upload CLI client image
+        uses: actions/upload-artifact@v3
+        with:
+          name: integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
+          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
+
+  clippy:
+    runs-on: ubuntu-latest
+    needs: check-file-change
+    container: "integritee/integritee-dev:0.1.9"
+    steps:
+      - uses: actions/checkout@v3
+      - name: init rust
+        # enclave is not in the same workspace
+        run: rustup show && cd enclave-runtime && rustup show
+
+      - name: Clippy default features
+        run: cargo clippy -- -D warnings
+      - name: Enclave # Enclave is separate as it's not in the workspace
+        run: cd enclave-runtime && cargo clippy -- -D warnings
+
+      - name: Clippy with EVM feature
+        run: |
+          cargo clippy --features evm -- -D warnings
+          cd enclave-runtime && cargo clippy --features evm -- -D warnings
+      - name: Clippy with Sidechain feature
+        run: |
+          cargo clippy --features sidechain -- -D warnings
+          cd enclave-runtime && cargo clippy --features sidechain -- -D warnings
+      - name: Clippy with Teeracle feature
+        run: |
+          cargo clippy --features teeracle -- -D warnings
+          cd enclave-runtime && cargo clippy --features teeracle -- -D warnings
+      - name: Clippy with Offchain-worker feature
+        run: |
+          cargo clippy --features offchain-worker -- -D warnings
+          cd enclave-runtime && cargo clippy --features offchain-worker -- -D warnings
+      - name: Fail-fast; cancel other jobs
+        if: failure()
+        uses: andymckay/cancel-action@0.2
+
+  fmt:
+    runs-on: ubuntu-latest
+    needs: check-file-change
+    steps:
+      - uses: actions/checkout@v3
+      - name: init rust
+        run: rustup show
+
+      - name: Worker & Client
+        run: cargo fmt --all -- --check
+      - name: Enclave # Enclave is separate as it's not in the workspace
+        run: cd enclave-runtime && cargo fmt --all -- --check
+
+      - name: Install taplo
+        run: cargo install taplo-cli --locked
+      - name: Cargo.toml fmt
+        run: taplo fmt --check
+
+      - name: Fail-fast; cancel other jobs
+        if: failure()
+        uses: andymckay/cancel-action@0.2
+
+  integration-tests:
+    runs-on: ubuntu-20.04
+    needs:
+      - build-parachain-docker
+      - build-test
+    env:
+      WORKER_IMAGE_TAG: integritee-worker:dev
+      CLIENT_IMAGE_TAG: integritee-cli:dev
+      COINMARKETCAP_KEY: ${{ secrets.COINMARKETCAP_KEY }}
+      TEERACLE_INTERVAL_SECONDS: 4
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - test: M6
+            flavor_id: sidechain
+            demo_name: demo-indirect-invocation
+          - test: M8
+            flavor_id: sidechain
+            demo_name: demo-direct-call
+          - test: Sidechain
+            flavor_id: sidechain
+            demo_name: demo-sidechain
+          - test: M6
+            flavor_id: offchain-worker
+            demo_name: demo-indirect-invocation
+          - test: Teeracle
+            flavor_id: teeracle
+            demo_name: demo-teeracle
+          - test: Benchmark
+            flavor_id: sidechain
+            demo_name: sidechain-benchmark
+          - test: EVM
+            flavor_id: sidechain-evm
+            demo_name: demo-smart-contract
+          # Litentry
+          - test: user-shielding-key
+            flavor_id: sidechain
+            demo_name: user-shielding-key
+          - test: ts-tests
+            flavor_id: mockserver
+            demo_name: ts-tests
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Pull polkadot image
+        run: |
+          docker pull parity/polkadot:latest
+
+      - uses: actions/download-artifact@v3
+        with:
+          name: parachain-artifact
+          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}
+
+      - name: Load docker image
+        run: |
+          docker load -i ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
+
+      - name: Download Worker Image
+        uses: actions/download-artifact@v3
+        with:
+          name: integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
+          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}
+
+      - name: Download CLI client Image
+        uses: actions/download-artifact@v3
+        with:
+          name: integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
+          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}
+
+      - name: Load Worker & Client Images
+        env:
+          DOCKER_BUILDKIT: 1
+        run: |
+          docker image load --input ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
+          docker image load --input ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }}.tar.gz
+          docker images --all
+
+      - name: Re-name Image Tags
+        run: |
+          docker tag integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.WORKER_IMAGE_TAG }}
+          docker tag integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.CLIENT_IMAGE_TAG }}
+          docker images --all
+
+      - name: Generate parachain artefacts
+        run: |
+          ./scripts/litentry/generate_parachain_artefacts.sh
+
+      - name: Build litentry parachain docker images
+        run: |
+          cd docker
+          docker-compose -f litentry-parachain.build.yml build
+
+      - name: Integration Test ${{ matrix.test }}-${{ matrix.flavor_id }}
+        timeout-minutes: 30
+        run: |
+          cd docker
+          docker-compose -f docker-compose.yml -f ${{ matrix.demo_name }}.yml up --no-build --exit-code-from ${{ matrix.demo_name }} -- ${{ matrix.demo_name }}
+
+      - name: Stop docker containers
+        run: |
+          cd docker
+          docker compose -f docker-compose.yml -f ${{ matrix.demo_name }}.yml stop
+
+      - name: Collect Docker Logs
+        continue-on-error: true
+        if: always()
+        uses: jwalton/gh-docker-logs@v2
+        with:
+          #images: '${{ env.WORKER_IMAGE_TAG }},${{ env.CLIENT_IMAGE_TAG }}'
+          tail: all
+          dest: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/${{ env.LOG_DIR }}
+
+      - name: Upload logs
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: logs-${{ matrix.test }}-${{ matrix.flavor_id }}
+          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/${{ env.LOG_DIR }}
+
   # Only push docker image when tests are passed and it's a push event
   push-docker-image:
     runs-on: ubuntu-latest
     needs:
-      - build-parachain-docker
-    if: ${{ success() }}
+      - integration-tests
+    if: ${{ success() && (github.event_name == 'push') }}
     steps:
       - uses: actions/checkout@v3
 
@@ -69,9 +338,6 @@ jobs:
 
       - name: Load docker image
         run: |
-          ls -l ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}
-          ls -l ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
-          pwd
           docker load -i ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/litentry-parachain.tar
 
       - name: Dockerhub login
@@ -82,3 +348,67 @@ jobs:
 
       - name: Push docker image
         run: docker push litentry/litentry-parachain:tee-dev
+
+  release:
+    name: Draft Release
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    needs: [build-test, integration-tests]
+    outputs:
+      release_url: ${{ steps.create-release.outputs.html_url }}
+      asset_upload_url: ${{ steps.create-release.outputs.upload_url }}
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Download Integritee Service
+        uses: actions/download-artifact@v3
+        with:
+          name: integritee-worker-sidechain-${{ github.sha }}
+          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-worker-tmp
+
+      - name: Download Integritee Client
+        uses: actions/download-artifact@v3
+        with:
+          name: integritee-client-sidechain-${{ github.sha }}
+          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-client-tmp
+
+      - name: Download Enclave Signed
+        uses: actions/download-artifact@v3
+        with:
+          name: enclave-signed-sidechain-${{ github.sha }}
+          path: ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/enclave-signed-tmp
+
+      - name: Move service binaries
+        run: mv ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-worker-tmp/integritee-service ./integritee-demo-validateer
+
+      - name: Move service client binaries
+        run: mv ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/integritee-client-tmp/integritee-cli ./integritee-client
+
+      - name: Move service client binaries
+        run: mv ${{ env.UPLOAD_DOWNLOAD_DIR_PREFIX }}/enclave-signed-tmp/enclave.signed.so ./enclave.signed.so
+
+      - name: Create required package.json
+        run: test -f package.json || echo '{}' >package.json
+
+      - name: Changelog
+        uses: scottbrenner/generate-changelog-action@master
+        id: Changelog
+
+      - name: Display structure of downloaded files
+        run: ls -R
+        working-directory: .
+
+      - name: Release
+        id: create-release
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          body: |
+            ${{ steps.Changelog.outputs.changelog }}
+          draft: true
+          # note the path change
+          files: |
+            tee-worker/integritee-client
+            tee-worker/integritee-demo-validateer
+            tee-worker/enclave.signed.so

From cd6d0445ee1a57dc8102a7ee09a1019a878fc26a Mon Sep 17 00:00:00 2001
From: Kailai Wang <Kailai.Wang@hotmail.com>
Date: Wed, 30 Nov 2022 12:20:14 +0100
Subject: [PATCH 8/8] add CI yml to detect list

---
 .github/workflows/tee-worker-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/tee-worker-ci.yml b/.github/workflows/tee-worker-ci.yml
index fba8af8fcd..e6d22a887d 100644
--- a/.github/workflows/tee-worker-ci.yml
+++ b/.github/workflows/tee-worker-ci.yml
@@ -53,6 +53,7 @@ jobs:
           filters: |
             src:
               - 'tee-worker/**'
+              - '.github/workflows/tee-worker-ci.yml'
 
   build-parachain-docker:
     runs-on: ubuntu-latest