Support locally building unsigned Linux packages (#757)

.nuke/build.schema.json

@@ -81,6 +81,9 @@
           "type": "string",
           "description": "Root directory during build execution"
         },
+        "RuntimeId": {
+          "type": "string"
+        },
         "signing_certificate_password": {
           "type": "string",
           "default": "Secrets must be entered via 'nuke :secrets [profile]'"
@@ -112,6 +115,7 @@
               "PackLinux",
               "PackLinuxPackagesLegacy",
               "PackLinuxTarballs",
+              "PackLinuxUnsigned",
               "PackOsx",
               "PackOsxTarballs",
               "PackRedHatPackage",
@@ -156,6 +160,7 @@
               "PackLinux",
               "PackLinuxPackagesLegacy",
               "PackLinuxTarballs",
+              "PackLinuxUnsigned",
               "PackOsx",
               "PackOsxTarballs",
               "PackRedHatPackage",

build-k8s-docker-local.ps1

@@ -1,24 +1,74 @@
-param (
-    [Parameter(Mandatory=$True)]
-    [string]
-    $BuildNumber,
-
+param (    
     [Parameter()]
     [string]
     $BuildArch = "amd64",
-
 
     [Parameter()]
     [string]
-    $LocalRegistryDomain = "localhost:5500"
+    $LocalRegistryDomain = "localhost:5500",
+
+    [Parameter()]
+    [switch]
+    $NonMinikubeRegistry = $false
 )
 
-$env:BUILD_NUMBER=$BuildNumber
-$env:BUILD_DATE= Get-Date -Format "yyyy-MM-dd"
-$env:BUILD_ARCH=$BuildArch
+$runtimeToBuild = "linux-$BuildArch".Replace("amd", "x")
+
+#First we pack the unsigned builds
+& .\build.ps1 -Target "PackLinuxUnsigned" -RuntimeId $runtimeToBuild
+
+#Now find the latest package version
+$package = Get-ChildItem -Path "$PSScriptRoot/_artifacts/deb" -Filter "tentacle_*_$BuildArch.deb"
+$packageNameParts = $package.Name -Split "_"
+$buildNumber = $packageNameParts[1]
+
+Write-Output "Using package $($package.Name)"
+
+$env:BUILD_NUMBER = $buildNumber
+$env:BUILD_DATE = Get-Date -Format "yyyy-MM-dd"
+$env:BUILD_ARCH = $BuildArch
 
 & docker compose -f docker-compose.build.yml -v build --pull octopusdeploy-kubernetes-tentacle-linux
 
-& docker tag "docker.packages.octopushq.com/octopusdeploy/kubernetes-tentacle:$BuildNumber-linux-$BuildArch" "$LocalRegistryDomain/kubernetes-tentacle:$BuildNumber-linux-$BuildArch"
+& docker tag "docker.packages.octopushq.com/octopusdeploy/kubernetes-tentacle:$buildNumber-linux-$BuildArch" "$LocalRegistryDomain/kubernetes-tentacle:$buildNumber-linux-$BuildArch"
+
+if (!$NonMinikubeRegistry) {
+    $registryPort = ($LocalRegistryDomain -split ":")[-1]
+
+    Write-Output "Setting kubectl context to 'minikube'"
+    & kubectl config use-context minikube
+
+    Write-Output "Forwarding minikube registry on port $registryPort"
+    $portForwardProcess = Start-Process kubectl -ArgumentList "port-forward --namespace kube-system service/registry $($registryPort):80" -NoNewWindow -PassThru
+
+    Write-Output "Running network forwarding docker container"
+    $minikubeIP = & minikube ip
+    $containerId = & docker run --rm -d --network=host alpine/socat "tcp-listen:$registryPort,reuseaddr,fork" "tcp-connect:host.docker.internal:$registryPort"
+
+    $isRunning = $false
+    Write-Output "Waiting for network forwarding docker container to be running"
+    while ($isRunning -ne $true) {
+        $runningValue = & docker inspect -f "{{.State.Running}}" $containerId
+        $isRunning = $runningValue -eq "true"
+
+        if ($isRunning -eq $false) {
+            Start-Sleep -Milliseconds 250
+        }
+    }
+    Write-Output "Network forwarding docker container running"
+}
+
+$imageName = "$LocalRegistryDomain/kubernetes-tentacle:$buildNumber-linux-$BuildArch"
+
+Write-Output "Pushing $imageName"
+
+& docker push $imageName
+
+Write-Output "Pushed $imageName"
 
-& docker push "$LocalRegistryDomain/kubernetes-tentacle:$BuildNumber-linux-$BuildArch"
+if (!$NonMinikubeRegistry) {
+    Write-Output "Stopping network forwarding docker container"
+    & docker stop $containerId | Out-Null
+    Write-Output "Stopping minikube port forwarding"
+    Stop-Process -Id $portForwardProcess.Id -ErrorAction SilentlyContinue
+}

build/Build.Pack.cs

@@ -17,6 +17,9 @@
 
 partial class Build
 {
+    //We don't sign linux packages when building locally
+    readonly bool SignLinuxPackages = !IsLocalBuild;
+
     [PublicAPI]
     Target PackOsxTarballs => _ => _
         .Description("Packs the OS/X tarballs containing the published binaries.")
@@ -45,12 +48,15 @@ partial class Build
         .Description("Legacy task until we can split creation of .rpm and .deb packages into their own tasks")
         .DependsOn(PackLinuxTarballs)
         .Requires(
-            () => !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("SIGN_PRIVATE_KEY")),
-            () => !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("SIGN_PASSPHRASE")))
+            () => !SignLinuxPackages || !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("SIGN_PRIVATE_KEY")),
+            () => !SignLinuxPackages || !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("SIGN_PASSPHRASE")))
         .Executes(() =>
         {
             const string dockerToolsContainerImage = "docker.packages.octopushq.com/octopusdeploy/tool-containers/tool-linux-packages:latest";
 
+            //this is just to stop messages such as scout vulnerability hints which are reported as errors (but don't actually fail anything)
+            Environment.SetEnvironmentVariable("DOCKER_CLI_HINTS", "false");
+
             void CreateLinuxPackages(string runtimeId)
             {
                 //TODO It's probable that the .deb and .rpm package layouts will be different - and potentially _should already_ be different.
@@ -61,6 +67,11 @@ void CreateLinuxPackages(string runtimeId)
                 FileSystemTasks.EnsureExistingDirectory(debBuildDir / "output");
 
                 var packagingScriptsDirectory = RootDirectory / "linux-packages" / "packaging-scripts";
+
+                // if we aren't signing, use the unsigned scripts
+                if (!SignLinuxPackages)
+                    packagingScriptsDirectory /= "unsigned";
+
                 packagingScriptsDirectory.GlobFiles("*")
                     .ForEach(x => FileSystemTasks.CopyFileToDirectory(x, debBuildDir / "scripts"));
 
@@ -121,6 +132,14 @@ void CreateLinuxPackages(string runtimeId)
         .DependsOn(PackDebianPackage)
         .DependsOn(PackRedHatPackage);
 
+    [PublicAPI]
+    Target PackLinuxUnsigned => _ => _
+        .Description("Packages all the Linux targets without signing the packages.")
+        .DependsOn(PackDebianPackage)
+        .DependsOn(PackRedHatPackage)
+        .OnlyWhenStatic(() => IsLocalBuild)
+        .OnlyWhenStatic(() => !SignLinuxPackages);
+
     [PublicAPI]
     Target PackWindowsZips => _ => _
         .Description("Packs the Windows .zip files containing the published binaries.")
@@ -159,7 +178,7 @@ void PackWindowsInstallers(MSBuildTargetPlatform platform, AbsolutePath wixNuget
                 var installerDirectory = BuildDirectory / "Installer";
                 FileSystemTasks.EnsureExistingDirectory(installerDirectory);
                 FileSystemTasks.EnsureCleanDirectory(installerDirectory);
-                
+
                 if (framework != NetCore)
                 {
                     (BuildDirectory / "Tentacle" / framework / "win").GlobFiles("*")
@@ -250,7 +269,7 @@ void BuildMsiInstallerForPlatform(MSBuildTargetPlatform platform, AbsolutePath w
             if (wixNugetInstalledPackage == null) throw new Exception("Failed to find wix nuget package path");
 
             FileSystemTasks.EnsureExistingDirectory(ArtifactsDirectory / "msi");
-            
+
             PackWindowsInstallers(MSBuildTargetPlatform.x64, wixNugetInstalledPackage.Directory, NetFramework, "NetFramework");
             PackWindowsInstallers(MSBuildTargetPlatform.x86, wixNugetInstalledPackage.Directory, NetFramework, "NetFramework");
 
@@ -361,7 +380,7 @@ string ConstructRedHatPackageFilename(string packageName, string architecture)
 
             FileSystemTasks.CopyFile(BuildDirectory / "Octopus.Tentacle.Upgrader" / NetCore / "win-x86" / "Octopus.Tentacle.Upgrader.exe", workingDirectory / "Octopus.Tentacle.Upgrader-net6.0-win-x86.exe");
             FileSystemTasks.CopyFile(BuildDirectory / "Octopus.Tentacle.Upgrader" / NetCore / "win-x64" / "Octopus.Tentacle.Upgrader.exe", workingDirectory / "Octopus.Tentacle.Upgrader-net6.0-win-x64.exe");
-            
+
             var octopusTentacleUpgraderDirectory = BuildDirectory / "Octopus.Tentacle.Upgrader" / NetFramework / "win";
             octopusTentacleUpgraderDirectory.GlobFiles("*").ForEach(x => FileSystemTasks.CopyFileToDirectory(x, workingDirectory));
             FileSystemTasks.CopyFile(ArtifactsDirectory / "deb" / debAmd64PackageFilename, workingDirectory / debAmd64PackageFilename);
@@ -371,7 +390,7 @@ string ConstructRedHatPackageFilename(string packageName, string architecture)
             FileSystemTasks.CopyFile(ArtifactsDirectory / "rpm" / rpmArm32PackageFilename, workingDirectory / rpmArm32PackageFilename);
             FileSystemTasks.CopyFile(ArtifactsDirectory / "rpm" / rpmx64PackageFilename, workingDirectory / rpmx64PackageFilename);
 
-            foreach (var framework in new[] {NetFramework, NetCore})
+            foreach (var framework in new[] { NetFramework, NetCore })
             {
                 foreach (var runtimeId in RuntimeIds)
                 {