From a898faa38a7d3adf28bec66f1b8e936e40ba3e41 Mon Sep 17 00:00:00 2001
From: syncomp-dev1 <“syncomp-dev1@users.noreply.github.com”>
Date: Thu, 1 Sep 2022 09:03:02 -0400
Subject: [PATCH] Files added for ACA Docker image workflow

---
 .ci/docker/Dockerfile.acaimage        | 25 +++++++++++
 .github/workflows/build_aca_image.yml | 62 +++++++++++++++++++++++++++
 scripts/aca_image_setup.sh            | 19 ++++++++
 3 files changed, 106 insertions(+)
 create mode 100644 .ci/docker/Dockerfile.acaimage
 create mode 100644 .github/workflows/build_aca_image.yml
 create mode 100644 scripts/aca_image_setup.sh

diff --git a/.ci/docker/Dockerfile.acaimage b/.ci/docker/Dockerfile.acaimage
new file mode 100644
index 00000000..c938b547
--- /dev/null
+++ b/.ci/docker/Dockerfile.acaimage
@@ -0,0 +1,25 @@
+FROM centos:7
+
+# Install packages for installing HIRS ACA
+RUN yum -y update && yum clean all
+# install build tools for TPM2 provisioner
+RUN yum install -y epel-release cmake make git gcc-c++ doxygen graphviz protobuf-compiler cppcheck python libssh2-devel openssl libcurl-devel log4cplus-devel protobuf-devel re2-devel tpm2-tss-devel tpm2-abrmd-devel  && yum clean all
+
+# install build tools for ACA
+RUN yum install -y sudo yum install java-1.8.0-openjdk-devel protobuf-compiler rpm-build epel-release cmake make git gcc-c++ doxygen graphviz cppcheck python libssh2-devel openssl libcurl-devel log4cplus-devel protobuf-devel re2-devel tpm2-tss-devel tpm2-abrmd-devel trousers-devel && yum clean all
+# install run time dependencies
+RUN yum install -y mariadb-server openssl tomcat java-1.8.0-openjdk-headless rpmdevtools coreutils initscripts chkconfig sed grep wget which firewalld policycoreutils net-tools git  rpm-build && yum clean all
+
+# Remove TLSv1, TLSv1.1, references to prevent java security from stopping tomcat launch
+RUN sed -i 's/TLSv1,//' /usr/lib/jvm/java-1.8.0-openjdk-1.8.0*/jre/lib/security/java.security
+RUN sed -i 's/TLSv1.1,//' /usr/lib/jvm/java-1.8.0-openjdk-1.8.0*/jre/lib/security/java.security
+
+RUN mkdir /hirs
+
+# Expose ACA Port
+EXPOSE 8443 8080
+
+COPY ../../package/rpm/RPMS/noarch/HIRS_AttestationCA*.el7.noarch.rpm /
+COPY ../../scripts/aca_image_setup.sh /
+CMD ["sh","/aca_image_setup.sh"]
+RUN yum install -y HIRS_AttestationCA*.el7.noarch.rpm
\ No newline at end of file
diff --git a/.github/workflows/build_aca_image.yml b/.github/workflows/build_aca_image.yml
new file mode 100644
index 00000000..727972bc
--- /dev/null
+++ b/.github/workflows/build_aca_image.yml
@@ -0,0 +1,62 @@
+name: ACA Image Build Test
+on: 
+  release:
+    types: [ published ]
+    inputs:
+      imagename:
+        description: 'ACA Docker Image Name'
+        default: 'aca-test'
+        required: false
+        type: string
+  workflow_dispatch:
+    inputs:
+      imagename:
+        description: 'ACA Docker Image Name'
+        default: 'aca-test'
+        required: false
+        type: string
+jobs:
+# run the package script for HIRS ACA, Provisioners, tcg_rim_tool, and tcg_eventlog_tool
+  Package:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up JDK 11
+      uses: actions/setup-java@v2
+      with:
+        java-version: '8'
+        distribution: 'adopt'
+        server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
+        settings-path: ${{ github.workspace }} # location for the settings.xml file
+  package_centos:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+    - uses: actions/checkout@v2
+    - name: directory setup
+      run: |
+       mkdir -p artifacts/jars
+       mkdir -p artifacts/wars
+       mkdir -p artifacts/rpms
+    - name: Create HIRS packages
+      run: |
+       echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ --password-stdin
+       docker run --rm \
+       -v $(pwd):/HIRS hirs/hirs-ci:centos7 /bin/bash \
+       -c 'pushd /HIRS; \
+          sh package/package.centos.sh; \
+          cp /HIRS/package/rpm/RPMS/noarch/* /.; \
+          cp /HIRS/package/rpm/RPMS/x86_64/* /.; \
+          cp /HIRS/scripts/aca_image_setup.sh /.; \
+          popd;' \
+    - name: Build and publish a Docker image for ${{ github.repository }}
+      uses: macbre/push-to-ghcr@master
+      with:
+        image_name: nsacyber/hirs/${{ inputs.imagename }}
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        dockerfile: "./.ci/docker/Dockerfile.acaimage"
diff --git a/scripts/aca_image_setup.sh b/scripts/aca_image_setup.sh
new file mode 100644
index 00000000..9f4d61fc
--- /dev/null
+++ b/scripts/aca_image_setup.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Setup db
+
+if [[ $(pgrep -c -u mysql mysqld) -ne 0 ]]; then
+    echo "shutting down ..."
+    usr/bin/mysqladmin -u root shutdown -p;
+ fi
+ 
+/usr/libexec/mariadb-prepare-db-dir
+nohup /usr/bin/mysqld_safe --basedir=/usr &>/dev/null &
+MYSQLD_PID=$(pgrep -u mysql mysqld)
+/usr/libexec/mariadb-wait-ready $MYSQLD_PID
+
+mysql -fu root < /opt/hirs/scripts/common/db_create.sql.el7
+mysql -fu root < /opt/hirs/scripts/common/secure_mysql.sql
+
+# Start tomcat
+/usr/libexec/tomcat/server start