From 51c810a869facd6d7ffd4e7243a5f813da1085d1 Mon Sep 17 00:00:00 2001
From: Joseph Lee <joseph@jc-lab.net>
Date: Wed, 30 Oct 2024 12:11:32 +0900
Subject: [PATCH] driver(kmsp11): v1.6

---
 .github/workflows/publish.yaml | 42 ++++++++++++++++++++++++++++++++++
 copy.sh                        |  5 ++++
 kmsp.Dockerfile                | 19 +++++++++++++++
 3 files changed, 66 insertions(+)
 create mode 100644 .github/workflows/publish.yaml
 create mode 100644 copy.sh
 create mode 100644 kmsp.Dockerfile

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
new file mode 100644
index 0000000..3c49ed4
--- /dev/null
+++ b/.github/workflows/publish.yaml
@@ -0,0 +1,42 @@
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  push_to_registry:
+    name: Push Docker image to gchr.io
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Set Environment Variables
+        run: |
+          echo "runner_arch=$(uname -m)" | tee -a $GITHUB_ENV
+          echo "driver_name=$(perl -n -e '/refs\/tags\/([^-]+)-v(.+)/ && print $1')" | tee -a $GITHUB_ENV
+          echo "driver_version=$(perl -n -e '/refs\/tags\/([^-]+)-v(.+)/ && print $2')" | tee -a $GITHUB_ENV
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.CR_PAT }}
+      - name: Docker meta
+        id: docker_meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/hsm-drivers
+      - name: build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ${{ env.driver_name }}.Dockerfile
+          cache-from: type=gha
+          cache-to: type=gha
+          push: ${{ startsWith(github.ref, 'refs/tags/') }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+
diff --git a/copy.sh b/copy.sh
new file mode 100644
index 0000000..9bd3ca6
--- /dev/null
+++ b/copy.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+mkdir -p ${INSTALL_DIR}/
+cp -rf /opt/pkcs11/* ${INSTALL_DIR}/
+
diff --git a/kmsp.Dockerfile b/kmsp.Dockerfile
new file mode 100644
index 0000000..34a9dda
--- /dev/null
+++ b/kmsp.Dockerfile
@@ -0,0 +1,19 @@
+FROM alpine:3.20 as builder
+
+RUN apk add \
+	ca-certificates wget
+
+
+ARG DEST_DIR=/opt/pkcs11/kmsp/
+RUN wget -O libkmsp11.tar.gz https://github.com/GoogleCloudPlatform/kms-integrations/releases/download/pkcs11-v1.6/libkmsp11-1.6-linux-amd64.tar.gz && \
+    echo "af19692e442750b2e1315cb3fce3eddc5e8e4fa00b4d59b8fb16839658b8c1b8  libkmsp11.tar.gz" | sha256sum -c - && \
+    mkdir -p ${DEST_DIR} && \
+    tar -xf libkmsp11.tar.gz -C ${DEST_DIR} --strip-components=1
+
+COPY copy.sh /
+
+RUN chmod +x /copy.sh
+
+ENV INSTALL_DIR=/opt/pkcs11
+CMD /copy.sh
+