Merge pull request #491 from nsacyber/issue-490

[#490] Create workflow to build and push ACA Docker Image
This commit is contained in:
iadgovuser26 2022-09-02 12:29:57 -04:00 committed by GitHub
commit 4a429f6637
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 107 additions and 2 deletions

View File

@ -0,0 +1,25 @@
FROM centos:7
# Install packages for installing HIRS ACA
RUN yum -y update && yum clean all
# install build tools for TPM2 provisioner
RUN yum install -y epel-release cmake make git gcc-c++ doxygen graphviz protobuf-compiler cppcheck python libssh2-devel openssl libcurl-devel log4cplus-devel protobuf-devel re2-devel tpm2-tss-devel tpm2-abrmd-devel && yum clean all
# install build tools for ACA
RUN yum install -y sudo yum install java-1.8.0-openjdk-devel protobuf-compiler rpm-build epel-release cmake make git gcc-c++ doxygen graphviz cppcheck python libssh2-devel openssl libcurl-devel log4cplus-devel protobuf-devel re2-devel tpm2-tss-devel tpm2-abrmd-devel trousers-devel && yum clean all
# install run time dependencies
RUN yum install -y mariadb-server openssl tomcat java-1.8.0-openjdk-headless rpmdevtools coreutils initscripts chkconfig sed grep wget which firewalld policycoreutils net-tools git rpm-build && yum clean all
# Remove TLSv1, TLSv1.1, references to prevent java security from stopping tomcat launch
RUN sed -i 's/TLSv1,//' /usr/lib/jvm/java-1.8.0-openjdk-1.8.0*/jre/lib/security/java.security
RUN sed -i 's/TLSv1.1,//' /usr/lib/jvm/java-1.8.0-openjdk-1.8.0*/jre/lib/security/java.security
RUN mkdir /hirs
# Expose ACA Port
EXPOSE 8443 8080
COPY ../../package/rpm/RPMS/noarch/HIRS_AttestationCA*.el7.noarch.rpm /
COPY ../../scripts/aca_image_setup.sh /
CMD ["sh","/aca_image_setup.sh"]
RUN yum install -y HIRS_AttestationCA*.el7.noarch.rpm

View File

@ -1,3 +1,64 @@
name: ACA Docker Image Build
on:
workflow_dispatch
on:
release:
types: [ published ]
workflow_dispatch:
inputs:
imagename:
description: 'ACA Docker Image Name'
default: 'aca-centos7'
required: false
type: string
jobs:
# run the package script for HIRS ACA, Provisioners, tcg_rim_tool, and tcg_eventlog_tool
Package:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: '8'
distribution: 'adopt'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
package_centos:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- name: directory setup
run: |
mkdir -p artifacts/jars
mkdir -p artifacts/wars
mkdir -p artifacts/rpms
- name: Create HIRS packages
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ --password-stdin
docker run --rm \
-v $(pwd):/HIRS hirs/hirs-ci:centos7 /bin/bash \
-c 'pushd /HIRS; \
sh package/package.centos.sh; \
cp /HIRS/package/rpm/RPMS/noarch/* /.; \
cp /HIRS/package/rpm/RPMS/x86_64/* /.; \
cp /HIRS/scripts/aca_image_setup.sh /.; \
popd;' \
- name: Build and publish a release Docker image for ${{ github.repository }}
if: github.event_name == 'release'
uses: macbre/push-to-ghcr@master
with:
image_name: nsacyber/hirs/aca-centos7
github_token: ${{ secrets.GHCR_TOKEN }}
dockerfile: "./.ci/docker/Dockerfile.acaimage"
- name: Build and publish a Docker image for ${{ github.repository }}
if: github.event_name == 'workflow_dispatch'
uses: macbre/push-to-ghcr@master
with:
image_name: nsacyber/hirs/${{ inputs.imagename }}
github_token: ${{ secrets.GITHUB_TOKEN }}
dockerfile: "./.ci/docker/Dockerfile.acaimage"

View File

@ -0,0 +1,19 @@
#!/bin/bash
# Setup db
if [[ $(pgrep -c -u mysql mysqld) -ne 0 ]]; then
echo "shutting down ..."
usr/bin/mysqladmin -u root shutdown -p;
fi
/usr/libexec/mariadb-prepare-db-dir
nohup /usr/bin/mysqld_safe --basedir=/usr &>/dev/null &
MYSQLD_PID=$(pgrep -u mysql mysqld)
/usr/libexec/mariadb-wait-ready $MYSQLD_PID
mysql -fu root < /opt/hirs/scripts/common/db_create.sql.el7
mysql -fu root < /opt/hirs/scripts/common/secure_mysql.sql
# Start tomcat
/usr/libexec/tomcat/server start