-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'atsign-foundation:trunk' into trunk
- Loading branch information
Showing
45 changed files
with
2,874 additions
and
778 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,16 @@ | ||
version: 2 | ||
enable-beta-ecosystems: true | ||
updates: | ||
# Maintain dependencies for GitHub Actions | ||
- package-ecosystem: "github-actions" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
- package-ecosystem: "docker" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
- package-ecosystem: "pub" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
name: dockerhub_sshnpd | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
tags: | ||
- 'v*.*.*' | ||
|
||
permissions: # added using https://github.com/step-security/secure-workflows | ||
contents: read | ||
|
||
jobs: | ||
docker: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- | ||
name: Checkout | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
- | ||
name: Set up QEMU | ||
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 | ||
- | ||
name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0 | ||
- | ||
name: Login to Docker Hub | ||
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
# Extract version for docker tag | ||
- | ||
name: Get version | ||
run: echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV | ||
- | ||
name: Build and push | ||
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 | ||
with: | ||
context: . | ||
platforms: linux/amd64,linux/arm64,linux/arm/v7 | ||
push: true | ||
provenance: false | ||
tags: | | ||
atsigncompany/sshnpd:latest | ||
atsigncompany/sshnpd:release-${{ env.VERSION }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
name: Multibuild | ||
|
||
on: | ||
workflow_dispatch: | ||
|
||
permissions: # added using https://github.com/step-security/secure-repo | ||
contents: read | ||
|
||
jobs: | ||
x64_build: | ||
runs-on: ${{ matrix.os }} | ||
|
||
strategy: | ||
matrix: | ||
os: [ubuntu-latest, macOS-latest] | ||
include: | ||
- os: ubuntu-latest | ||
output-name: sshnp-linux-x64 | ||
- os: macOS-latest | ||
output-name: sshnp-macos-x64 | ||
|
||
steps: | ||
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
- uses: dart-lang/setup-dart@d6a63dab3335f427404425de0fbfed4686d93c4f # v1.5.0 | ||
- run: mkdir sshnp | ||
- run: mkdir tarball | ||
- run: dart pub get | ||
- run: dart compile exe bin/activate_cli.dart -v -o sshnp/at_activate | ||
- run: dart compile exe bin/sshnp.dart -v -o sshnp/sshnp | ||
- run: dart compile exe bin/sshnpd.dart -v -o sshnp/sshnpd | ||
- run: dart compile exe bin/sshrv.dart -v -o sshnp/sshrv | ||
- run: dart compile exe bin/sshrvd.dart -v -o sshnp/sshrvd | ||
- run: cp -r templates sshnp/templates | ||
- run: cp scripts/* sshnp | ||
- run: tar -cvzf tarball/${{ matrix.output-name }}.tgz sshnp | ||
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | ||
with: | ||
name: x64_binaries | ||
path: tarball | ||
|
||
other_build: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
- uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 | ||
- uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0 | ||
- run: | | ||
docker buildx build -t atsigncompany/sshnptarball -f Dockerfile.package \ | ||
--platform linux/arm/v7,linux/arm64,linux/riscv64 -o type=tar,dest=bins.tar . | ||
- run: mkdir tarballs | ||
- run: tar -xvf bins.tar -C tarballs | ||
- run: mkdir upload | ||
- run: cp tarballs/*/*.tgz upload/ | ||
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | ||
with: | ||
name: other_binaries | ||
path: upload | ||
|
||
notify_on_completion: | ||
needs: [x64_build, other_build] | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Google Chat Notification | ||
uses: Co-qn/google-chat-notification@3691ccf4763537d6e544bc6cdcccc1965799d056 # v1 | ||
with: | ||
name: SSH no ports binaries were built by GitHub Action ${{ github.run_number }} | ||
url: ${{ secrets.GOOGLE_CHAT_WEBHOOK }} | ||
status: ${{ job.status }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
# This workflow uses actions that are not certified by GitHub. They are provided | ||
# by a third-party and are governed by separate terms of service, privacy | ||
# policy, and support documentation. | ||
|
||
name: Scorecards supply-chain security | ||
on: | ||
# For Branch-Protection check. Only the default branch is supported. See | ||
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection | ||
branch_protection_rule: | ||
# To guarantee Maintained check is occasionally updated. See | ||
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained | ||
schedule: | ||
- cron: '22 4 * * 6' | ||
push: | ||
branches: [ "trunk" ] | ||
|
||
# Declare default permissions as read only. | ||
permissions: read-all | ||
|
||
jobs: | ||
analysis: | ||
name: Scorecards analysis | ||
runs-on: ubuntu-latest | ||
permissions: | ||
# Needed to upload the results to code-scanning dashboard. | ||
security-events: write | ||
# Needed to publish results and get a badge (see publish_results below). | ||
id-token: write | ||
# Uncomment the permissions below if installing in a private repository. | ||
# contents: read | ||
# actions: read | ||
|
||
steps: | ||
- name: "Checkout code" | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
with: | ||
persist-credentials: false | ||
|
||
- name: "Run analysis" | ||
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 | ||
with: | ||
results_file: results.sarif | ||
results_format: sarif | ||
# (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: | ||
# - you want to enable the Branch-Protection check on a *public* repository, or | ||
# - you are installing Scorecards on a *private* repository | ||
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. | ||
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} | ||
|
||
# Public repositories: | ||
# - Publish results to OpenSSF REST API for easy access by consumers | ||
# - Allows the repository to include the Scorecard badge. | ||
# - See https://github.com/ossf/scorecard-action#publishing-results. | ||
# For private repositories: | ||
# - `publish_results` will always be set to `false`, regardless | ||
# of the value entered here. | ||
publish_results: true | ||
|
||
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF | ||
# format to the repository Actions tab. | ||
- name: "Upload artifact" | ||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | ||
with: | ||
name: SARIF file | ||
path: results.sarif | ||
retention-days: 5 | ||
|
||
# Upload the results to GitHub's code scanning dashboard. | ||
- name: "Upload to code-scanning" | ||
uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 | ||
with: | ||
sarif_file: results.sarif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#!/bin/bash | ||
ssh-keygen -A | ||
/usr/sbin/sshd -D -o "ListenAddress 127.0.0.1" -o "PasswordAuthentication no" & | ||
while true | ||
do | ||
sudo -u atsign /usr/local/at/sshnpd "$@" | ||
sleep 3 | ||
done |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
FROM dart:3.0.5@sha256:65e5f5d6d72ad2f7b32f402c01b5fe8a426455b1ede1e9f840f95a2a8c14afbd AS buildimage | ||
ENV BINARYDIR=/usr/local/at | ||
SHELL ["/bin/bash", "-c"] | ||
WORKDIR /app | ||
COPY . . | ||
RUN \ | ||
set -eux ; \ | ||
mkdir -p $BINARYDIR ; \ | ||
dart pub get ; \ | ||
dart pub update ; \ | ||
dart compile exe bin/sshnpd.dart -o $BINARYDIR/sshnpd | ||
|
||
# Second stage of build FROM debian-slim | ||
FROM debian:stable-20230612-slim@sha256:b09f68bffcf9c14f3105f262e92321d05abaf48460d1f43f884325bcd4395b95 | ||
ENV HOMEDIR=/atsign | ||
ENV BINARYDIR=/usr/local/at | ||
ENV USER_ID=1024 | ||
ENV GROUP_ID=1024 | ||
COPY --from=buildimage /app/.startup.sh /atsign/ | ||
RUN \ | ||
set -eux ; \ | ||
apt-get update && apt-get install -y openssh-server sudo iputils-ping iproute2 ncat telnet net-tools nmap iperf3 tmux traceroute vim;\ | ||
addgroup --gid $GROUP_ID atsign ; \ | ||
useradd --system --uid $USER_ID --gid $GROUP_ID --shell /bin/bash --home $HOMEDIR atsign ; \ | ||
mkdir -p $HOMEDIR/.atsign/keys ; \ | ||
mkdir -p $HOMEDIR/.ssh ; \ | ||
touch $HOMEDIR/.ssh/authorized_keys ; \ | ||
chown -R atsign:atsign $HOMEDIR ; \ | ||
chmod 600 $HOMEDIR/.ssh/authorized_keys ; \ | ||
usermod -aG sudo atsign ; \ | ||
mkdir /run/sshd ; \ | ||
chmod 755 /atsign/.startup.sh | ||
COPY --from=buildimage --chown=atsign:atsign /usr/local/at/sshnpd /usr/local/at/ | ||
WORKDIR /atsign | ||
# USER atsign | ||
ENTRYPOINT ["/atsign/.startup.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
FROM atsigncompany/buildimage:3.0.5_3.1.0-163.1.beta@sha256:5d126560a8c60d9c94da3cca185208172f2368b8ba8b0423aa6ee1a890c4e33b AS build | ||
# Using atsigncompany/buildimage until official dart image has RISC-V support | ||
WORKDIR /sshnoports | ||
COPY . . | ||
RUN set -eux; \ | ||
case "$(dpkg --print-architecture)" in \ | ||
amd64) ARCH="x64";; \ | ||
armhf) ARCH="arm";; \ | ||
arm64) ARCH="arm64";; \ | ||
riscv64) ARCH="riscv64";; \ | ||
esac; \ | ||
mkdir sshnp; \ | ||
mkdir tarball; \ | ||
dart pub get; \ | ||
dart compile exe bin/activate_cli.dart -v -o sshnp/at_activate; \ | ||
dart compile exe bin/sshnp.dart -v -o sshnp/sshnp; \ | ||
dart compile exe bin/sshnpd.dart -v -o sshnp/sshnpd; \ | ||
dart compile exe bin/sshrv.dart -v -o sshnp/sshrv; \ | ||
dart compile exe bin/sshrvd.dart -v -o sshnp/sshrvd; \ | ||
cp -r templates sshnp/templates; \ | ||
cp scripts/* sshnp/; \ | ||
tar -cvzf tarball/sshnp-linux-${ARCH}.tgz sshnp | ||
|
||
FROM scratch | ||
COPY --from=build /sshnoports/tarball/* / |
Oops, something went wrong.