From ba8f5624f5e28e58d00aacb0b429d2a0229f280b Mon Sep 17 00:00:00 2001 From: Susanne Westphal Date: Mon, 22 Jan 2024 22:18:50 +0000 Subject: [PATCH] docker image artifact --- .github/workflows/build.yml | 98 ++++++++++++------- Dockerfile | 2 +- Dockerfile.client | 20 +--- docker-compose.testing.yaml | 13 +++ docker-compose.yaml | 18 ++-- .../client/create_fake_user.sh | 7 ++ docker_config_files/client/init_grr_client.sh | 25 +++++ 7 files changed, 118 insertions(+), 65 deletions(-) create mode 100644 docker-compose.testing.yaml create mode 100755 docker_config_files/client/create_fake_user.sh create mode 100755 docker_config_files/client/init_grr_client.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4f9e60f83..7a231ff34 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -184,11 +184,8 @@ jobs: path: gcs_upload_dir/ retention-days: 1 - docker-compose-test: + build-docker-image: if: ${{ github.event_name == 'push' }} - permissions: - contents: 'read' - id-token: 'write' runs-on: ubuntu-22.04 needs: - build-centos @@ -197,21 +194,66 @@ jobs: - build-windows steps: - uses: actions/checkout@v3 + - name: Download installers from GitHub artifacts + id: download + uses: actions/download-artifact@v4 + with: + pattern: '*_installer*' + path: _installers + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.DOCKER_REPOSITORY }} + - name: Build and export + uses: docker/build-push-action@v5 + with: + context: . + tags: | + ${{ env.DOCKER_REPOSITORY }}:testing + ${{ steps.meta.outputs.tags }} + outputs: type=docker,dest=/tmp/grr_base_image.tar + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: grr_base_image + path: /tmp/grr_base_image.tar + + + docker-compose-test: + if: ${{ github.event_name == 'push' }} + permissions: + contents: 'read' + id-token: 'write' + runs-on: ubuntu-22.04 + needs: + - build-docker-image + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: grr_base_image + path: /tmp + - name: Load image + run: | + docker load --input /tmp/grr_base_image.tar + docker image ls -a - name: Start docker-compose stack shell: bash run: | - docker-compose pull --include-deps - docker-compose up -d + docker-compose up -f docker-compose.yaml -f docker-compose.testing.yaml -d - name: Test shell: bash run: | - docker build -f ./Dockerfile . -t grr-testing + docker-compose exec linux-client /configs/create_fake_user.sh docker run \ --add-host=host.docker.internal:host-gateway \ -v $(pwd):/github_workspace \ -w /github_workspace \ --entrypoint appveyor/e2e_tests/run_docker_compose_e2e_test.sh \ - grr-testing \ + ${{ env.DOCKER_REPOSITORY }}:testing \ $(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' grr-linux-client) - name: Stop docker-compose stack if: always() @@ -219,22 +261,25 @@ jobs: run: | docker-compose down --volumes - build-push-docker-base-image: + push-docker-image: env: REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} + permissions: + contents: 'read' + id-token: 'write' runs-on: ubuntu-22.04 needs: - docker-compose-test steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Download installers from GitHub artifacts - id: download + - name: Download artifact uses: actions/download-artifact@v4 with: - pattern: '*_installer*' - path: _installers + name: grr_base_image + path: /tmp + - name: Load image + run: | + docker load --input /tmp/grr_base_image.tar + docker image ls -a - name: Login to GitHub Container registry # if: ${{ github.event_name == 'push' }} uses: docker/login-action@v3 @@ -242,23 +287,10 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - # if: ${{ github.event_name == 'push' }} - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - - name: Build and push Docker image - # if: ${{ github.event_name == 'push' }} - uses: docker/build-push-action@v5 - with: - context: . - file: Dockerfile - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + - name: Push Docker image + if: ${{ github.event_name == 'push' }} + run: | + docker push --all-tags ${{ env.DOCKER_REPOSITORY }} upload-artifacts: if: ${{ github.event_name == 'push' }} diff --git a/Dockerfile b/Dockerfile index 570f0cce7..186a50f99 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ # "-component" "admin_ui" # "-config" "/configs/server/grr.server.yaml" -FROM ubuntu:22.04 AS builder +FROM ubuntu:22.04 LABEL maintainer="grr-dev@googlegroups.com" diff --git a/Dockerfile.client b/Dockerfile.client index 1eb5c4944..6a7fbd196 100644 --- a/Dockerfile.client +++ b/Dockerfile.client @@ -1,25 +1,7 @@ -FROM ghcr.io/google/grr:grr-github-actions-docker -LABEL maintainer="grr-dev@googlegroups.com" -ENV TEMPLATE_DIR /client_templates -ENV INSTALLERS_DIR /client_installers -RUN apt-get update + -RUN useradd -m appveyor2 -RUN echo "[7] [01234] [ts/3] [appveyor2] [pts/3 ] [100.100.10.10 ] [100.100.10.10 ] [Thu Jan 01 00:00:00 1970 UTC]" > wtmp.txt && \ - utmpdump /var/log/wtmp >> wtmp.txt && \ - utmpdump --reverse < wtmp.txt > /var/log/wtmp && \ - utmpdump /var/log/wtmp -ADD ./docker_config_files/client/ /configs -RUN grr_client_build repack_multiple \ - --templates ${TEMPLATE_DIR}/*/*.zip \ - --repack_configs /configs/grr.client.yaml \ - --output_dir ${INSTALLERS_DIR} - -RUN dpkg -i ${INSTALLERS_DIR}/grr.client/*.deb - -ENTRYPOINT [ "fleetspeak-client" ] diff --git a/docker-compose.testing.yaml b/docker-compose.testing.yaml new file mode 100644 index 000000000..b0e38abf4 --- /dev/null +++ b/docker-compose.testing.yaml @@ -0,0 +1,13 @@ + +services: + grr-admin-ui: + image: ghcr.io/google/grr:testing + + grr-fleetspeak-frontend: + build: ghcr.io/google/grr:testing + + grr-worker: + build: ghcr.io/google/grr:testing + + linux-client: + build: ghcr.io/google/grr:testing diff --git a/docker-compose.yaml b/docker-compose.yaml index bc70b6f4c..cc05b122d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -26,9 +26,7 @@ services: retries: 10 grr-admin-ui: - build: - dockerfile: Dockerfile - context: . + image: ghcr.io/google/grr:latest container_name: grr-admin-ui hostname: admin-ui restart: always @@ -53,9 +51,7 @@ services: - --verbose grr-fleetspeak-frontend: - build: - dockerfile: Dockerfile - context: . + image: ghcr.io/google/grr:latest container_name: grr-fleetspeak-frontend hostname: grr-fleetspeak-frontend depends_on: @@ -129,9 +125,7 @@ services: ] grr-worker: - build: - dockerfile: Dockerfile - context: . + image: ghcr.io/google/grr:latest container_name: grr-worker volumes: - ./docker_config_files/server/:/configs/ @@ -162,14 +156,14 @@ services: - fleetspeak-frontend volumes: - ./docker_config_files/client/:/configs/ + # Mount the client_installers folder, to preserve + # the repacked templates across restarts. - client_installers:/client_installers tty: true stdin_open: true networks: - server-network - command: - - -config - - /configs/client.config + entrypoint: /configs/init_grr_client.sh volumes: db_data: diff --git a/docker_config_files/client/create_fake_user.sh b/docker_config_files/client/create_fake_user.sh new file mode 100755 index 000000000..a340e16fc --- /dev/null +++ b/docker_config_files/client/create_fake_user.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +useradd -m testuser && +echo "[7] [01234] [ts/3] [testuser] [pts/3 ] [100.100.10.10 ] [100.100.10.10 ] [Thu Jan 01 00:00:00 1970 UTC]" > wtmp.txt && \ + utmpdump /var/log/wtmp >> wtmp.txt && \ + utmpdump --reverse < wtmp.txt > /var/log/wtmp && \ + utmpdump /var/log/wtmp \ No newline at end of file diff --git a/docker_config_files/client/init_grr_client.sh b/docker_config_files/client/init_grr_client.sh new file mode 100755 index 000000000..a7907dd2e --- /dev/null +++ b/docker_config_files/client/init_grr_client.sh @@ -0,0 +1,25 @@ +#! /bin/bash + +# GRR client docker compose initialization script. +# This script runs once when starting the client in the +# docker-compose stack for the first time. It repacks +# the client using the provided configuration files +# and installs the resulting debian package. +# +# This script assumes the client-config files +# (docker_config_files/client) to be mounted at /configs. + +TEMPLATE_DIR="/client_templates" +INSTALLERS_DIR="/client_installers" + + +if [ -z "$(ls -A ${INSTALLERS_DIR})" ]; then + grr_client_build repack_multiple \ + --templates ${TEMPLATE_DIR}/*/*.zip \ + --repack_configs /configs/grr.client.yaml \ + --output_dir ${INSTALLERS_DIR} + + dpkg -i ${INSTALLERS_DIR}/grr.client/*.deb +fi + +fleetspeak-client -config /configs/client.config