From ae85d81d76ebdb899708c405a95b99642f6cabe1 Mon Sep 17 00:00:00 2001 From: Stas Date: Fri, 22 Apr 2022 13:53:16 -0700 Subject: [PATCH] OneFuzz CLI Docker container (#1831) * OneFuzz CLI Docker container * Update docs/OneFuzz-Docker-CLI.md Co-authored-by: Joe Ranweiler Co-authored-by: stas Co-authored-by: Joe Ranweiler --- docs/OneFuzz-Docker-CLI.md | 33 +++++++++++++++++++++++++ src/Dockerfile | 49 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 docs/OneFuzz-Docker-CLI.md create mode 100644 src/Dockerfile diff --git a/docs/OneFuzz-Docker-CLI.md b/docs/OneFuzz-Docker-CLI.md new file mode 100644 index 000000000..05d96ce19 --- /dev/null +++ b/docs/OneFuzz-Docker-CLI.md @@ -0,0 +1,33 @@ +# OneFuzz CLI in a Docker container + +## Using official release Docker container +TODO + +## Building your own Docker container + +Docker file is located in `src` folder. + +To buid your own OneFuzz CLI Docker container use following command from `src` folder +``` +docker build . --tag --build-arg REPO= --build-arg PR= --build-arg GITHUB_TOKEN= +``` +where + +- - container image tag, it's an optional parameter. It will be used later in the document to explain how to run the container. + +- - GitHub repository that contains a successfully build pull request that will be used for creating Docker container. +- - GitHub pull request number that contains build artifacts to use to create Docker container. +- - In GitHub, generate a personal access token (PAT) with the `public_repo` scope. + You may need to enable SSO for the token, depending on the org that your OneFuzz fork belongs to. + + +## Running OneFuzz CLI Docker container + +There are three different scenarios that get enabled with OneFuzz CLI Docker container + +1. To have a new OneFuzz CLI session where you need to configure and authenticate every time on Docker container startup use following command `docker run -it `. + +2. If you have used OneFuzz CLI in your dev environment, and want to re-use configuration and authentication cache. Run following command (PowerShell example) `docker run -it -v $env:USERPROFILE\.cache\onefuzz:/root/.cache/onefuzz `. It will mount your OneFuzz cache folder into OneFuzz CLI Docker container. + +3. If you have several OneFuzz deployments. You can store OneFuzz configuration per deployment in your dev environment by creating a different folder for each OneFuzz deployment and then mounting that folder as OneFuzz CLI cache when running the Docker container. +`docker run -it -v :/root/.cache/onefuzz ` \ No newline at end of file diff --git a/src/Dockerfile b/src/Dockerfile new file mode 100644 index 000000000..4a33e4a61 --- /dev/null +++ b/src/Dockerfile @@ -0,0 +1,49 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +# Dockerized OneFuzz CLI + +FROM ubuntu:20.04 AS installer-env + +# Pull Request that contains OneFuzz release-artifacts +# used to create the Docker container +ARG PR +ARG GITHUB_TOKEN +ARG REPO="microsoft/onefuzz" + +ENV GITHUB_ISSUE_TOKEN=${GITHUB_TOKEN} + +RUN apt-get update && \ + apt-get install --yes --quiet curl \ + unzip \ + python3 \ + python3-pip \ + wget \ + && \ + pip3 install PyGithub && \ + mkdir onefuzz-prep + +RUN wget https://aka.ms/downloadazcopy-v10-linux && \ + tar -xvf downloadazcopy-v10-linux + + +COPY "./utils/check-pr/github_client.py" "/onefuzz-prep" +RUN python3 /onefuzz-prep/github_client.py --destination /onefuzz-prep/ --pr ${PR} --repo ${REPO} && \ + unzip /onefuzz-prep/release-artifacts.zip -d /onefuzz-prep + + +FROM ubuntu:20.04 + +COPY --from=installer-env ["/onefuzz-prep/sdk", "/onefuzz-sdk"] +COPY --from=installer-env ["/azcopy_linux_amd64_*/azcopy", "/usr/bin"] + +RUN apt-get update && \ + apt-get install --yes --quiet \ + python3 \ + python3-pip \ + python-is-python3 + +RUN pip install /onefuzz-sdk/onefuzztypes-*.whl && \ + pip install /onefuzz-sdk/onefuzz-*.whl + +CMD onefuzz --help && /bin/bash