diff --git a/.github/actions/build-cpp/entrypoint.sh b/.github/actions/build-cpp/entrypoint.sh index 5eefd6f60..e8c44fa27 100644 --- a/.github/actions/build-cpp/entrypoint.sh +++ b/.github/actions/build-cpp/entrypoint.sh @@ -20,10 +20,10 @@ function build() { cp -rf /github/workspace/conanfile.txt /pktvisor-src/ mkdir /tmp/build cd /tmp/build - conan profile new --detect default && \ - conan profile update settings.compiler.libcxx=libstdc++11 default && \ + conan profile new --detect default + conan profile update settings.compiler.libcxx=libstdc++11 default conan config set general.revisions_enabled=1 - PKG_CONFIG_PATH=/local/lib/pkgconfig cmake -DCMAKE_BUILD_TYPE=$INPUT_BUILD_TYPE -DASAN=$INPUT_ASAN /pktvisor-src && \ + PKG_CONFIG_PATH=/local/lib/pkgconfig cmake -DCMAKE_BUILD_TYPE=$INPUT_BUILD_TYPE -DASAN=$INPUT_ASAN /pktvisor-src make all -j 4 } diff --git a/.github/hosted-runner/amd64/user_data.sh b/.github/hosted-runner/amd64/user_data.sh index cff6e954c..c63dcb27f 100644 --- a/.github/hosted-runner/amd64/user_data.sh +++ b/.github/hosted-runner/amd64/user_data.sh @@ -5,7 +5,7 @@ apt-get update -y apt-get install apt-transport-https qemu qemu-user-static ca-certificates gnupg2 curl tar software-properties-common build-essential zlib1g-dev \ libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libsqlite3-dev libreadline-dev libffi-dev libbz2-dev python3 python3-pip python3-dev python xvfb \ libfontconfig1 libfreetype6 xfonts-scalable fonts-liberation fonts-noto-cjk g++-10-arm-linux-gnueabihf g++-10-multilib-arm-linux-gnueabihf \ -gcc-10-arm-linux-gnueabihf gcc-10-arm-linux-gnueabihf-base gcc-10-multilib-arm-linux-gnueabihf python3-venv tcpreplay docker.io containerd cmake -y +gcc-10-arm-linux-gnueabihf gcc-10-arm-linux-gnueabihf-base gcc-10-multilib-arm-linux-gnueabihf python3-venv tcpreplay docker.io containerd cmake zip -y #set permission to use docker usermod -aG docker ubuntu @@ -21,6 +21,6 @@ chown ubuntu.ubuntu /actions-runner -R #extract git actions runner installer /bin/su -c "cd /actions-runner && tar xzf ./actions-runner-linux-x64-2.296.2.tar.gz" - ubuntu >> /home/ubuntu/user-data.log -/bin/su -c "cd /actions-runner && ./config.sh --unattended --url https://github.com/ns1labs/pktvisor --token RUNNER_TOKEN --name AMD64_RUNNER --work _work --runasservice" - ubuntu >> /home/ubuntu/user-data.log +/bin/su -c "cd /actions-runner && ./config.sh --unattended --url https://github.com/ns1labs/pktvisor --token RUNNER_TOKEN --name AMD64_RUNNER --labels RUNNER_LABEL --work _work --runasservice" - ubuntu >> /home/ubuntu/user-data.log /bin/su -c "cd /actions-runner && ./run.sh" - ubuntu >> /home/ubuntu/user-data.log diff --git a/.github/hosted-runner/arm32/main.tf b/.github/hosted-runner/arm32/main.tf new file mode 100644 index 000000000..62150472d --- /dev/null +++ b/.github/hosted-runner/arm32/main.tf @@ -0,0 +1,20 @@ +resource "aws_instance" "orb-devops" { + ami = lookup(var.amis, var.aws_region) + instance_type = var.instance_type + security_groups = [aws_security_group.sg_SelfRunner_arm32.id] + key_name = var.key_name + user_data = file("user_data.sh") + associate_public_ip_address = true + subnet_id = "subnet-0e4137bca8a8a81da" + + ebs_block_device { + device_name = "/dev/sda1" + volume_size = 20 + } + + tags = { + Name = "orb-pktvisor-self-runner-${var.environment}" + Provider = "terraform" + Role = "test" + } +} diff --git a/.github/hosted-runner/arm32/output.tf b/.github/hosted-runner/arm32/output.tf new file mode 100644 index 000000000..2e0c4fdf7 --- /dev/null +++ b/.github/hosted-runner/arm32/output.tf @@ -0,0 +1,3 @@ +output "ip" { + value = aws_instance.orb-devops.public_ip +} diff --git a/.github/hosted-runner/arm32/provider.tf b/.github/hosted-runner/arm32/provider.tf new file mode 100644 index 000000000..b319d7938 --- /dev/null +++ b/.github/hosted-runner/arm32/provider.tf @@ -0,0 +1,5 @@ +provider "aws" { + access_key = var.aws_access_key + secret_key = var.aws_secret_key + region = var.aws_region +} \ No newline at end of file diff --git a/.github/hosted-runner/arm32/security-group.tf b/.github/hosted-runner/arm32/security-group.tf new file mode 100644 index 000000000..e9c153cb3 --- /dev/null +++ b/.github/hosted-runner/arm32/security-group.tf @@ -0,0 +1,32 @@ +resource "aws_security_group" "sg_SelfRunner_arm32" { + name = "sg_pktvisor_SelfRunner_arm32_${var.environment}" + description = "Allow all outbound traffic and inbound 22/80" + vpc_id = "vpc-0cd4a525c008d8d71" + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "SelfRunner_arm32_${var.environment}" + Provisioner = "terraform" + + } +} diff --git a/.github/hosted-runner/arm32/user_data.sh b/.github/hosted-runner/arm32/user_data.sh new file mode 100644 index 000000000..c63dcb27f --- /dev/null +++ b/.github/hosted-runner/arm32/user_data.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +#installing packages +apt-get update -y +apt-get install apt-transport-https qemu qemu-user-static ca-certificates gnupg2 curl tar software-properties-common build-essential zlib1g-dev \ +libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libsqlite3-dev libreadline-dev libffi-dev libbz2-dev python3 python3-pip python3-dev python xvfb \ +libfontconfig1 libfreetype6 xfonts-scalable fonts-liberation fonts-noto-cjk g++-10-arm-linux-gnueabihf g++-10-multilib-arm-linux-gnueabihf \ +gcc-10-arm-linux-gnueabihf gcc-10-arm-linux-gnueabihf-base gcc-10-multilib-arm-linux-gnueabihf python3-venv tcpreplay docker.io containerd cmake zip -y + +#set permission to use docker +usermod -aG docker ubuntu + +#creating directory git actions runner +mkdir actions-runner && cd actions-runner + +chown ubuntu.ubuntu /actions-runner -R + +#get git actions self-runner +/bin/su -c "cd /actions-runner && curl -o actions-runner-linux-x64-2.296.2.tar.gz -L https://github.com/actions/runner/releases/download/v2.296.2/actions-runner-linux-x64-2.296.2.tar.gz" - ubuntu >> /home/ubuntu/user-data.log + +#extract git actions runner installer +/bin/su -c "cd /actions-runner && tar xzf ./actions-runner-linux-x64-2.296.2.tar.gz" - ubuntu >> /home/ubuntu/user-data.log + +/bin/su -c "cd /actions-runner && ./config.sh --unattended --url https://github.com/ns1labs/pktvisor --token RUNNER_TOKEN --name AMD64_RUNNER --labels RUNNER_LABEL --work _work --runasservice" - ubuntu >> /home/ubuntu/user-data.log + +/bin/su -c "cd /actions-runner && ./run.sh" - ubuntu >> /home/ubuntu/user-data.log diff --git a/.github/hosted-runner/arm32/vars.tf b/.github/hosted-runner/arm32/vars.tf new file mode 100644 index 000000000..2a2855af0 --- /dev/null +++ b/.github/hosted-runner/arm32/vars.tf @@ -0,0 +1,29 @@ +variable "aws_access_key" { + default = "AWSID" +} +variable "aws_secret_key" { + default = "AWSSECRET" +} + +variable "environment" { + default = "ENVIRONMENT" +} + +variable "aws_region" { + default = "us-east-1" +} + +variable "amis" { + type = map + default = { + us-east-1 = "ami-070650c005cce4203" //ubuntu 20.04 arm64 on us-east-1 + } +} + +variable "key_name" { + default = "devops-key" +} + +variable "instance_type" { + default = "t3.xlarge" +} diff --git a/.github/hosted-runner/arm64/user_data.sh b/.github/hosted-runner/arm64/user_data.sh index 3aee6b1fd..449dcdb8a 100644 --- a/.github/hosted-runner/arm64/user_data.sh +++ b/.github/hosted-runner/arm64/user_data.sh @@ -5,7 +5,7 @@ apt-get update -y apt-get install apt-transport-https qemu qemu-user-static ca-certificates gnupg2 curl tar software-properties-common build-essential zlib1g-dev \ libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libsqlite3-dev libreadline-dev libffi-dev libbz2-dev python3 python3-pip python3-dev python2 xvfb \ libfontconfig1 libfreetype6 xfonts-scalable fonts-liberation fonts-noto-cjk g++-10-arm-linux-gnueabihf cmake \ -gcc-10-arm-linux-gnueabihf gcc-10-arm-linux-gnueabihf-base python3-venv tcpreplay docker.io containerd -y +gcc-10-arm-linux-gnueabihf gcc-10-arm-linux-gnueabihf-base python3-venv tcpreplay docker.io containerd zip -y #set permission to use docker usermod -aG docker ubuntu @@ -21,6 +21,6 @@ chown ubuntu.ubuntu /actions-runner -R #extract git actions runner installer /bin/su -c "cd /actions-runner && tar xzf ./actions-runner-linux-arm64-2.294.0.tar.gz" - ubuntu >> /home/ubuntu/user-data.log -/bin/su -c "cd /actions-runner && ./config.sh --unattended --url https://github.com/ns1labs/pktvisor --token RUNNER_TOKEN --name ARM64_RUNNER --work _work --runasservice" - ubuntu >> /home/ubuntu/user-data.log +/bin/su -c "cd /actions-runner && ./config.sh --unattended --url https://github.com/ns1labs/pktvisor --token RUNNER_TOKEN --name ARM64_RUNNER --labels RUNNER_LABEL --work _work --runasservice" - ubuntu >> /home/ubuntu/user-data.log /bin/su -c "cd /actions-runner && ./run.sh" - ubuntu >> /home/ubuntu/user-data.log diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml index a4aa9a763..9c38e6fec 100644 --- a/.github/workflows/build-release.yml +++ b/.github/workflows/build-release.yml @@ -18,10 +18,6 @@ env: jobs: unit-tests: - # The CMake configure and build commands are platform agnostic and should work equally - # well on Windows or Mac. You can convert this to a matrix build if you need - # cross-platform coverage. - # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix strategy: matrix: os: [ ubuntu-latest, macos-11 ] @@ -30,13 +26,9 @@ jobs: - uses: actions/checkout@v2 - name: Create Build Environment - # Some projects don't allow in-source building, so create a separate build directory - # We'll use this as our working directory for all subsequent commands run: cmake -E make_directory ${{github.workspace}}/build - name: Get Conan - # You may pin to the exact commit or the version. - # uses: turtlebrowser/get-conan@4dc7e6dd45c8b1e02e909979d7cfc5ebba6ddbe2 uses: turtlebrowser/get-conan@v1.0 - name: linux package install @@ -46,26 +38,18 @@ jobs: sudo apt-get install --yes --no-install-recommends jq - name: Configure CMake - # Use a bash shell so we can use the same syntax for environment variable - # access regardless of the host operating system shell: bash working-directory: ${{github.workspace}}/build - # Note the current convention is to use the -S and -B options here to specify source - # and build directories, but this is only available with CMake 3.13 and higher. - # The CMake binaries on the Github Actions machines are (as of this writing) 3.12 run: PKG_CONFIG_PATH=${{github.workspace}}/local/lib/pkgconfig cmake $GITHUB_WORKSPACE -DCMAKE_BUILD_TYPE=$BUILD_TYPE - name: Build working-directory: ${{github.workspace}}/build shell: bash - # Execute the build. You can specify a specific target with "--target " run: cmake --build . --config $BUILD_TYPE -- -j 2 - name: Test working-directory: ${{github.workspace}}/build shell: bash - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail run: ctest -C $BUILD_TYPE - name: Login to ns1labs conan @@ -157,6 +141,12 @@ jobs: run: | echo "# What's new" > changelog.md git log ${{ env.LAST_TAG }}..HEAD --pretty=format:"$ad- %s [%an]" >> changelog.md + sed -i -e "s/- /• /g" changelog.md + + - name: Post pktvisor changelog in slack channel + run: | + curl -d "text=:mega: *Pktvisor release reporter* :mega: + $(cat changelog.md)" -d "channel=C02SEF78ZPT" -H "Authorization: Bearer ${{secrets.SLACK_APP_TOKEN}}" -X POST https://slack.com/api/chat.postMessage - name: Create release id: create_release @@ -170,11 +160,13 @@ jobs: draft: false prerelease: false + spinup-arm64-runner: - needs: [ package-amd64, prebuild-package ] + needs: [ prebuild-package ] runs-on: ubuntu-latest outputs: runner_token: ${{ steps.token.outputs.runner }} + runner_label: ${{ env.RUNNER_LABEL }} if: github.event_name != 'pull_request' steps: - name: Checkout @@ -183,21 +175,25 @@ jobs: - name: Generate runner token id: token run: | - sleep 3 curl -X POST -H "authorization: Bearer ${{ secrets.BOT_TOKEN }}" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/ns1labs/pktvisor/actions/runners/registration-token -o token.json echo "::set-output name=runner::$(cat token.json | jq .token --raw-output )" cat token.json + + - name: Get short commit hash to a variable + id: commit_hash + run: | + echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - name: Inject runner token in user_data.sh run: | cd .github/hosted-runner/arm64/ ESCAPED_REPLACE_RUNNER_TOKEN=$(printf '%s\n' "${{ steps.token.outputs.runner }}" | sed -e 's/[\/&]/\\&/g') sed -i -e "s/RUNNER_TOKEN/$ESCAPED_REPLACE_RUNNER_TOKEN/g" user_data.sh - - - name: Get short commit hash to a variable - id: commit_hash - run: | - echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" + ESCAPED_REPLACE_RUNNER_NAME=$(printf '%s\n' "${{ steps.commit_hash.outputs.sha_short }}-arm64" | sed -e 's/[\/&]/\\&/g') + sed -i -e "s/ARM64_RUNNER/$ESCAPED_REPLACE_RUNNER_NAME/g" user_data.sh + ESCAPED_REPLACE_RUNNER_LABEL=$(printf '%s\n' "${{ steps.commit_hash.outputs.sha_short }}-arm64" | sed -e 's/[\/&]/\\&/g') + sed -i -e "s/RUNNER_LABEL/$ESCAPED_REPLACE_RUNNER_LABEL/g" user_data.sh + echo "RUNNER_LABEL=${{ steps.commit_hash.outputs.sha_short }}-arm64" >> $GITHUB_ENV - name: Inject AWS key run: | @@ -256,6 +252,7 @@ jobs: runs-on: ubuntu-latest outputs: runner_token: ${{ steps.token.outputs.runner }} + runner_label: ${{ env.RUNNER_LABEL }} if: github.event_name != 'pull_request' steps: - name: Checkout @@ -267,18 +264,23 @@ jobs: curl -X POST -H "authorization: Bearer ${{ secrets.BOT_TOKEN }}" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/ns1labs/pktvisor/actions/runners/registration-token -o token.json echo "::set-output name=runner::$(cat token.json | jq .token --raw-output )" cat token.json + + - name: Get short commit hash to a variable + id: commit_hash + run: | + echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - name: Inject runner token in user_data.sh run: | cd .github/hosted-runner/amd64/ ESCAPED_REPLACE_RUNNER_TOKEN=$(printf '%s\n' "${{ steps.token.outputs.runner }}" | sed -e 's/[\/&]/\\&/g') sed -i -e "s/RUNNER_TOKEN/$ESCAPED_REPLACE_RUNNER_TOKEN/g" user_data.sh + ESCAPED_REPLACE_RUNNER_NAME=$(printf '%s\n' "${{ steps.commit_hash.outputs.sha_short }}-amd64" | sed -e 's/[\/&]/\\&/g') + sed -i -e "s/AMD64_RUNNER/$ESCAPED_REPLACE_RUNNER_NAME/g" user_data.sh + ESCAPED_REPLACE_RUNNER_LABEL=$(printf '%s\n' "${{ steps.commit_hash.outputs.sha_short }}-amd64" | sed -e 's/[\/&]/\\&/g') + sed -i -e "s/RUNNER_LABEL/$ESCAPED_REPLACE_RUNNER_LABEL/g" user_data.sh + echo "RUNNER_LABEL=${{ steps.commit_hash.outputs.sha_short }}-amd64" >> $GITHUB_ENV - - name: Get short commit hash to a variable - id: commit_hash - run: | - echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - - name: Inject AWS key run: | cd .github/hosted-runner/amd64/ @@ -333,13 +335,40 @@ jobs: package-arm64: needs: [ spinup-arm64-runner ] - runs-on: [self-hosted, linux, ARM64] + runs-on: ${{ needs.spinup-arm64-runner.outputs.runner_label }} if: github.event_name != 'pull_request' steps: - name: Attach to workspace uses: actions/download-artifact@v2 with: name: workspace + + - name: Build pktvisord + push symbol to backtrace.io + uses: ./.github/actions/build-cpp + with: + context: "." + build_type: "Release" + asan: "OFF" + symbol_url: ${{secrets.SYMBOL_URL}} + file: "./Dockerfile" + + - name: Build pktvisor-cli + uses: ./.github/actions/build-go + with: + context: "." + file: "./Dockerfile" + + - name: Debug artifacts + run: ls -lha . + + - name: compacting arm64 binary + run: | + zip pktvisor-arm64.zip pktvisor-cli pktvisor-reader pktvisord + + - name: Upload arm64 binary to latest release + run: | + chmod a+x ./docker/upload-gh-asset.sh + ./docker/upload-gh-asset.sh github_api_token=${{ secrets.BOT_TOKEN }} owner=ns1labs repo=pktvisor tag=LATEST filename=./pktvisor-arm64.zip - name: Get branch name shell: bash @@ -379,6 +408,16 @@ jobs: id: buildx uses: docker/setup-buildx-action@v2 + - name: Replace token + run: | + sed -i -e "s/CP_TOKEN/${{ secrets.CRASHPAD_TOKEN }}/g" docker/run.sh + + - name: Replace escape url + run: | + REPLACE=${{ secrets.CRASHPAD_URL }} + ESCAPED_REPLACE=$(printf '%s\n' "$REPLACE" | sed -e 's/[\/&]/\\&/g') + sed -i -e "s/CP_URL/$ESCAPED_REPLACE/g" docker/run.sh + - name: Build + push - pktvisor (multi-arch) env: IMAGE_NAME: ghcr.io/ns1labs/pktvisor @@ -386,25 +425,21 @@ jobs: with: builder: ${{ steps.buildx.outputs.name }} context: . - file: ./docker/Dockerfile + file: ./docker/Dockerfile.crashhandler platforms: linux/arm64 push: true tags: ${{ env.IMAGE_NAME }}:arm64 - cache-from: type=gha - cache-to: type=gha,mode=max - build-args: | - ghtoken=${{ secrets.GITHUB_TOKEN }} package-armv7: needs: [ spinup-amd64-runner ] - runs-on: [self-hosted, linux, x64] + runs-on: ${{ needs.spinup-amd64-runner.outputs.runner_label }} if: github.event_name != 'pull_request' steps: - name: Attach to workspace uses: actions/download-artifact@v2 with: name: workspace - + - name: Get branch name shell: bash run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" >> $GITHUB_ENV @@ -415,7 +450,6 @@ jobs: - name: Get VERSION run: | echo "VERSION=`cat ${{github.workspace}}/build/VERSION`" >> $GITHUB_ENV - - name: Debug version run: echo ${{ env.VERSION }} @@ -425,7 +459,6 @@ jobs: echo "REF_TAG=latest" >> $GITHUB_ENV echo "PRERELEASE=false" >> $GITHUB_ENV echo "DRAFT=true" >> $GITHUB_ENV - - name: Debug ref tag run: echo ${{ env.REF_TAG }} @@ -435,6 +468,15 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + + - name: Replace token + run: | + sed -i -e "s/CP_TOKEN/${{ secrets.CRASHPAD_TOKEN }}/g" docker/run.sh + - name: Replace escape url + run: | + REPLACE=${{ secrets.CRASHPAD_URL }} + ESCAPED_REPLACE=$(printf '%s\n' "$REPLACE" | sed -e 's/[\/&]/\\&/g') + sed -i -e "s/CP_URL/$ESCAPED_REPLACE/g" docker/run.sh - name: Set up QEMU uses: docker/setup-qemu-action@v2 @@ -454,8 +496,6 @@ jobs: platforms: linux/arm/v7 push: true tags: ${{ env.IMAGE_NAME }}:armv7 - build-args: | - ghtoken=${{ secrets.GITHUB_TOKEN }} package-amd64: needs: [ prebuild-package ] @@ -466,6 +506,33 @@ jobs: uses: actions/download-artifact@v2 with: name: workspace + + - name: Build pktvisord + push symbol to backtrace.io + uses: ./.github/actions/build-cpp + with: + context: "." + build_type: "Release" + asan: "OFF" + symbol_url: ${{secrets.SYMBOL_URL}} + file: "./Dockerfile" + + - name: Build pktvisor-cli + uses: ./.github/actions/build-go + with: + context: "." + file: "./Dockerfile" + + - name: Debug artifacts + run: ls -lha . + + - name: compacting amd64 binary + run: | + zip pktvisor-amd64.zip pktvisor-cli pktvisor-reader pktvisord + + - name: Upload amd64 binary to latest release + run: | + chmod a+x ./docker/upload-gh-asset.sh + ./docker/upload-gh-asset.sh github_api_token=${{ secrets.BOT_TOKEN }} owner=ns1labs repo=pktvisor tag=LATEST filename=./pktvisor-amd64.zip - name: Get branch name shell: bash @@ -501,6 +568,19 @@ jobs: - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Replace token + run: | + sed -i -e "s/CP_TOKEN/${{ secrets.CRASHPAD_TOKEN }}/g" docker/run.sh + + - name: Replace escape url + run: | + REPLACE=${{ secrets.CRASHPAD_URL }} + ESCAPED_REPLACE=$(printf '%s\n' "$REPLACE" | sed -e 's/[\/&]/\\&/g') + sed -i -e "s/CP_URL/$ESCAPED_REPLACE/g" docker/run.sh - name: Build + push - pktvisor (multi-arch) env: @@ -509,14 +589,10 @@ jobs: with: builder: ${{ steps.buildx.outputs.name }} context: . - file: ./docker/Dockerfile + file: ./docker/Dockerfile.crashhandler platforms: linux/amd64 push: true tags: ${{ env.IMAGE_NAME }}:amd64 - cache-from: type=gha - cache-to: type=gha,mode=max - build-args: | - ghtoken=${{ secrets.GITHUB_TOKEN }} remove-github-runner-arm64: needs: [ package-arm64 ] diff --git a/docker/Dockerfile b/docker/Dockerfile index 7ca8fa80e..360d2a410 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -40,20 +40,27 @@ RUN go build -o pktvisor-cli cmd/pktvisor-cli/main.go FROM debian:bullseye-slim AS runtime -ENV RUNTIME_DEPS "curl ca-certificates" +ENV RUNTIME_DEPS "curl ca-certificates wget" RUN \ apt-get update && \ apt-get upgrade --yes --force-yes && \ apt-get install --yes --force-yes --no-install-recommends ${RUNTIME_DEPS} && \ rm -rf /var/lib/apt + +#create dir and download geo db +RUN mkdir /geo-db +RUN cd /geo-db && wget https://github.com/ns1labs/geo-asn-database/raw/main/asn.mmdb.gz +RUN cd /geo-db && wget https://github.com/ns1labs/geo-asn-database/raw/main/city.mmdb.gz COPY --from=cppbuild /tmp/build/bin/pktvisord /usr/local/sbin/pktvisord COPY --from=cppbuild /tmp/build/bin/crashpad_handler /usr/local/sbin/crashpad_handler COPY --from=cppbuild /tmp/build/bin/pktvisor-reader /usr/local/sbin/pktvisor-reader COPY --from=gobuild /src/pktvisor-cli /usr/local/bin/pktvisor-cli -COPY docker/entry.sh /entry.sh -RUN chmod a+x /entry.sh +COPY ./docker/entry-cp.sh /entry-cp.sh +COPY ./docker/run.sh /run.sh +RUN chmod a+x /entry-cp.sh +RUN chmod a+x /run.sh -ENTRYPOINT [ "/entry.sh" ] +ENTRYPOINT [ "/entry-cp.sh" ] diff --git a/docker/upload-gh-asset.sh b/docker/upload-gh-asset.sh new file mode 100755 index 000000000..ef3d0ac8c --- /dev/null +++ b/docker/upload-gh-asset.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash +# +# Author: Stefan Buck +# License: MIT +# https://gist.github.com/stefanbuck/ce788fee19ab6eb0b4447a85fc99f447 +# +# +# This script accepts the following parameters: +# +# * owner +# * repo +# * tag +# * filename +# * github_api_token +# +# Script to upload a release asset using the GitHub API v3. +# +# Example: +# +# upload-github-release-asset.sh github_api_token=TOKEN owner=stefanbuck repo=playground tag=v0.1.0 filename=./build.zip +# + +# Check dependencies. +set -e +xargs=$(which gxargs || which xargs) + +# Validate settings. +[ "$TRACE" ] && set -x + +CONFIG=$@ + +for line in $CONFIG; do + eval "$line" +done + +# Define variables. +GH_API="https://api.github.com" +GH_REPO="$GH_API/repos/$owner/$repo" +GH_TAGS="$GH_REPO/releases/tags/$tag" +AUTH="Authorization: token $github_api_token" +WGET_ARGS="--content-disposition --auth-no-challenge --no-cookie" +CURL_ARGS="-LJO#" + +if [[ "$tag" == 'LATEST' ]]; then + GH_TAGS="$GH_REPO/releases/latest" +fi + +# Validate token. +curl -o /dev/null -sH "$AUTH" $GH_REPO || { echo "Error: Invalid repo, token or network issue!"; exit 1; } + +# Read asset tags. +response=$(curl -sH "$AUTH" $GH_TAGS) + +# Get ID of the asset based on given filename. +eval $(echo "$response" | grep -m 1 "id.:" | grep -w id | tr : = | tr -cd '[[:alnum:]]=') +[ "$id" ] || { echo "Error: Failed to get release id for tag: $tag"; echo "$response" | awk 'length($0)<100' >&2; exit 1; } + +# Upload asset +echo "Uploading asset... " + +# Construct url +GH_ASSET="https://uploads.github.com/repos/$owner/$repo/releases/$id/assets?name=$(basename $filename)" + +curl -X POST -H "$GITHUB_OAUTH_BASIC" --data-binary @"$filename" -H "Authorization: token $github_api_token" -H "Content-Type: application/octet-stream" "$GH_ASSET"