Skip to content

Commit

Permalink
feat: add rock (#7)
Browse files Browse the repository at this point in the history
  • Loading branch information
gruyaume authored Feb 1, 2024
1 parent 5e57cdc commit 68c8b7f
Show file tree
Hide file tree
Showing 7 changed files with 151 additions and 3 deletions.
17 changes: 17 additions & 0 deletions .github/workflows/build-rock.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Build ROCK

on:
workflow_call:

jobs:
build-rock:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: canonical/craft-actions/rockcraft-pack@main
id: rockcraft
- uses: actions/upload-artifact@v4
with:
name: rock
path: ${{ steps.rockcraft.outputs.rock }}
13 changes: 13 additions & 0 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,16 @@ jobs:

- name: Unit tests
run: go test -cover ./...

rock-build:
uses: ./.github/workflows/build-rock.yaml

rock-scan:
if: github.ref_name == 'main'
needs: rock-build
uses: ./.github/workflows/scan-rock.yaml

publish:
if: github.ref_name == 'main'
needs: [rock-build]
uses: ./.github/workflows/publish-rock.yaml
39 changes: 39 additions & 0 deletions .github/workflows/publish-rock.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: Publish ROCK

on:
workflow_call:

jobs:
publish-rock:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Install skopeo
run: |
sudo snap install --devmode --channel edge skopeo
- uses: actions/download-artifact@v4
with:
name: rock

- name: Import and push to github package
run: |
image_name="$(yq '.name' rockcraft.yaml)"
version="$(yq '.version' rockcraft.yaml)"
rock_file=$(ls *.rock | tail -n 1)
sudo skopeo \
--insecure-policy \
copy \
oci-archive:"${rock_file}" \
docker-daemon:"ghcr.io/dot-5g/${image_name}:${version}"
docker tag ghcr.io/dot-5g/${image_name}:${version} ghcr.io/dot-5g/${image_name}:latest
docker push ghcr.io/dot-5g/${image_name}:${version}
docker push ghcr.io/dot-5g/${image_name}:latest
48 changes: 48 additions & 0 deletions .github/workflows/scan-rock.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: Scan

on:
workflow_call:

jobs:
scan:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Install skopeo
run: |
sudo snap install --devmode --channel edge skopeo
- name: Install yq
run: |
sudo snap install yq
- uses: actions/download-artifact@v4
with:
name: rock

- name: Import
run: |
image_name="$(yq '.name' rockcraft.yaml)"
echo "image_name=${image_name}" >> $GITHUB_ENV
version="$(yq '.version' rockcraft.yaml)"
echo "version=${version}" >> $GITHUB_ENV
rock_file=$(ls *.rock | tail -n 1)
sudo skopeo \
--insecure-policy \
copy \
oci-archive:"${rock_file}" \
docker-daemon:"ghcr.io/dot-5g/${image_name}:${version}"
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "ghcr.io/dot-5g/${{env.image_name}}:${{env.version}}"
format: "sarif"
output: "trivy-results.sarif"

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"
9 changes: 9 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,12 @@ go test ./...
```bash
golangci-lint run ./...
```

## Container image

```bash
rockcraft pack -v
version=$(yq '.version' rockcraft.yaml)
sudo skopeo --insecure-policy copy oci-archive:sepp_${version}_amd64.rock docker-daemon:sepp:${version}
docker run sepp:${version}
```
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ An open source implementation of the 5G Security Edge Protection Proxy (SEPP) th

## Usage

```bash
go build cmd/sepp/main.go
./main --config=config.yaml
```console
docker pull ghcr.io/dot-5g/sepp:latest
docker run -it ghcr.io/dot-5g/sepp:latest
```

## Reference
Expand Down
22 changes: 22 additions & 0 deletions rockcraft.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: sepp
base: bare
build-base: [email protected]
version: '0.1'
summary: An open source implementation of the 5G Security Edge Protection Proxy
description: |
An open source implementation of the 5G Security Edge Protection Proxy (SEPP)
that uses the TLS Security Capability to handle the forwarding of Network Functions'
HTTP/2 messages.
license: Apache-2.0
platforms:
amd64:

parts:
sepp:
source: .
plugin: go
build-snaps:
- go/1.21/stable
stage-packages:
- ca-certificates_data
- libc6_libs

0 comments on commit 68c8b7f

Please sign in to comment.