mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-18 02:39:56 +00:00
Merge pull request #491 from nsacyber/issue-490
[#490] Create workflow to build and push ACA Docker Image
This commit is contained in:
commit
4a429f6637
25
.ci/docker/Dockerfile.acaimage
Normal file
25
.ci/docker/Dockerfile.acaimage
Normal file
@ -0,0 +1,25 @@
|
||||
FROM centos:7
|
||||
|
||||
# Install packages for installing HIRS ACA
|
||||
RUN yum -y update && yum clean all
|
||||
# install build tools for TPM2 provisioner
|
||||
RUN yum install -y epel-release cmake make git gcc-c++ doxygen graphviz protobuf-compiler cppcheck python libssh2-devel openssl libcurl-devel log4cplus-devel protobuf-devel re2-devel tpm2-tss-devel tpm2-abrmd-devel && yum clean all
|
||||
|
||||
# install build tools for ACA
|
||||
RUN yum install -y sudo yum install java-1.8.0-openjdk-devel protobuf-compiler rpm-build epel-release cmake make git gcc-c++ doxygen graphviz cppcheck python libssh2-devel openssl libcurl-devel log4cplus-devel protobuf-devel re2-devel tpm2-tss-devel tpm2-abrmd-devel trousers-devel && yum clean all
|
||||
# install run time dependencies
|
||||
RUN yum install -y mariadb-server openssl tomcat java-1.8.0-openjdk-headless rpmdevtools coreutils initscripts chkconfig sed grep wget which firewalld policycoreutils net-tools git rpm-build && yum clean all
|
||||
|
||||
# Remove TLSv1, TLSv1.1, references to prevent java security from stopping tomcat launch
|
||||
RUN sed -i 's/TLSv1,//' /usr/lib/jvm/java-1.8.0-openjdk-1.8.0*/jre/lib/security/java.security
|
||||
RUN sed -i 's/TLSv1.1,//' /usr/lib/jvm/java-1.8.0-openjdk-1.8.0*/jre/lib/security/java.security
|
||||
|
||||
RUN mkdir /hirs
|
||||
|
||||
# Expose ACA Port
|
||||
EXPOSE 8443 8080
|
||||
|
||||
COPY ../../package/rpm/RPMS/noarch/HIRS_AttestationCA*.el7.noarch.rpm /
|
||||
COPY ../../scripts/aca_image_setup.sh /
|
||||
CMD ["sh","/aca_image_setup.sh"]
|
||||
RUN yum install -y HIRS_AttestationCA*.el7.noarch.rpm
|
65
.github/workflows/build_aca_image.yml
vendored
65
.github/workflows/build_aca_image.yml
vendored
@ -1,3 +1,64 @@
|
||||
name: ACA Docker Image Build
|
||||
on:
|
||||
workflow_dispatch
|
||||
on:
|
||||
release:
|
||||
types: [ published ]
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
imagename:
|
||||
description: 'ACA Docker Image Name'
|
||||
default: 'aca-centos7'
|
||||
required: false
|
||||
type: string
|
||||
jobs:
|
||||
# run the package script for HIRS ACA, Provisioners, tcg_rim_tool, and tcg_eventlog_tool
|
||||
Package:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up JDK 11
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '8'
|
||||
distribution: 'adopt'
|
||||
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
|
||||
settings-path: ${{ github.workspace }} # location for the settings.xml file
|
||||
package_centos:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: directory setup
|
||||
run: |
|
||||
mkdir -p artifacts/jars
|
||||
mkdir -p artifacts/wars
|
||||
mkdir -p artifacts/rpms
|
||||
- name: Create HIRS packages
|
||||
run: |
|
||||
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ --password-stdin
|
||||
docker run --rm \
|
||||
-v $(pwd):/HIRS hirs/hirs-ci:centos7 /bin/bash \
|
||||
-c 'pushd /HIRS; \
|
||||
sh package/package.centos.sh; \
|
||||
cp /HIRS/package/rpm/RPMS/noarch/* /.; \
|
||||
cp /HIRS/package/rpm/RPMS/x86_64/* /.; \
|
||||
cp /HIRS/scripts/aca_image_setup.sh /.; \
|
||||
popd;' \
|
||||
- name: Build and publish a release Docker image for ${{ github.repository }}
|
||||
if: github.event_name == 'release'
|
||||
uses: macbre/push-to-ghcr@master
|
||||
with:
|
||||
image_name: nsacyber/hirs/aca-centos7
|
||||
github_token: ${{ secrets.GHCR_TOKEN }}
|
||||
dockerfile: "./.ci/docker/Dockerfile.acaimage"
|
||||
- name: Build and publish a Docker image for ${{ github.repository }}
|
||||
if: github.event_name == 'workflow_dispatch'
|
||||
uses: macbre/push-to-ghcr@master
|
||||
with:
|
||||
image_name: nsacyber/hirs/${{ inputs.imagename }}
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
dockerfile: "./.ci/docker/Dockerfile.acaimage"
|
19
scripts/aca_image_setup.sh
Normal file
19
scripts/aca_image_setup.sh
Normal file
@ -0,0 +1,19 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Setup db
|
||||
|
||||
if [[ $(pgrep -c -u mysql mysqld) -ne 0 ]]; then
|
||||
echo "shutting down ..."
|
||||
usr/bin/mysqladmin -u root shutdown -p;
|
||||
fi
|
||||
|
||||
/usr/libexec/mariadb-prepare-db-dir
|
||||
nohup /usr/bin/mysqld_safe --basedir=/usr &>/dev/null &
|
||||
MYSQLD_PID=$(pgrep -u mysql mysqld)
|
||||
/usr/libexec/mariadb-wait-ready $MYSQLD_PID
|
||||
|
||||
mysql -fu root < /opt/hirs/scripts/common/db_create.sql.el7
|
||||
mysql -fu root < /opt/hirs/scripts/common/secure_mysql.sql
|
||||
|
||||
# Start tomcat
|
||||
/usr/libexec/tomcat/server start
|
Loading…
Reference in New Issue
Block a user