Skip to content

Commit

Permalink
Fix CI: Update SSRC repo + use ARTIFACTORY_CLOUD_TOKEN in apt+squid
Browse files Browse the repository at this point in the history
  • Loading branch information
pentestiing committed Jul 12, 2024
1 parent 5a7ef3f commit db25631
Show file tree
Hide file tree
Showing 6 changed files with 57 additions and 6 deletions.
8 changes: 5 additions & 3 deletions .github/workflows/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,20 +24,22 @@ jobs:
ROS: 1
ROS_DISTRO: ${{ matrix.ros2_distro }}
PACKAGE_NAME: mesh_com
ARTIFACTORY_CLOUD_TOKEN: ${{ secrets.ARTIFACTORY_CLOUD_TOKEN }}
run: |
set -eux
mkdir bin
pushd mesh_com
./build.sh ../bin/
popd
- uses: jfrog/setup-jfrog-cli@v2
- uses: jfrog/setup-jfrog-cli@v4
env:
JF_ARTIFACTORY_1: ${{ secrets.ARTIFACTORY_CLOUD_TOKEN }}
JF_URL: https://artifactory.ssrcdevops.tii.ae
JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_CLOUD_TOKEN }}

- name: Upload to Artifactory
env:
ARTIFACTORY_REPO: ssrc-deb-public-local
ARTIFACTORY_REPO: debian-public-local
DISTRIBUTION: focal
COMPONENT: fog-sw
ARCHITECTURE: amd64
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/tii-mesh-com.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ jobs:
uses: docker/build-push-action@v5
with:
context: .
build-args: |
"ARTIFACTORY_CLOUD_TOKEN=${{ secrets.ARTIFACTORY_CLOUD_TOKEN }}"
platforms: linux/amd64,linux/arm64,linux/riscv64
file: ./modules/mesh_com/Dockerfile
push: true
Expand Down
4 changes: 4 additions & 0 deletions build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ iname=${PACKAGE_NAME:=mesh_com}

iversion=${PACKAGE_VERSION:=latest}

artifactory_cloud_token=${ARTIFACTORY_CLOUD_TOKEN:?ARTIFACTORY_CLOUD_TOKEN is not set}

docker build \
--build-arg UID=$(id -u) \
--build-arg GID=$(id -g) \
Expand All @@ -26,6 +28,8 @@ docker build \

docker run \
--rm \
-e ARTIFACTORY_CLOUD_TOKEN="$artifactory_cloud_token" \
-v $(pwd)/common/tools/squid/squid.conf:/squid.conf:ro \
-v $(pwd):/${iname}/sources \
${iname}_build:${iversion} \
modules/mesh_com/package.sh \
Expand Down
27 changes: 27 additions & 0 deletions common/tools/squid/squid.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
http_port 127.0.0.1:3128 ssl-bump \
cert=/etc/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

http_access allow all
cache allow all

sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 4MB

acl step1 at_step SslBump1

ssl_bump peek step1
ssl_bump bump all

acl artifactory dstdomain artifactory.ssrcdevops.tii.ae

request_header_add Authorization "Bearer <token>" artifactory

pid_filename none
logfile_rotate 0

# Debug
# access_log stdio:/dev/fd/1
# cache_log stdio:/dev/fd/2

# Needed to prevent bug in docker
max_filedescriptors 1048576
12 changes: 10 additions & 2 deletions modules/mesh_com/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ FROM --platform=${BUILDPLATFORM:-linux/amd64} ghcr.io/tiiuae/fog-ros-sdk:v3.2.0-
# Must be defined another time after "FROM" keyword.
ARG TARGETARCH

# Needed for apt to authenticate with the custom private repo
ARG ARTIFACTORY_CLOUD_TOKEN
ENV ARTIFACTORY_CLOUD_TOKEN=${ARTIFACTORY_CLOUD_TOKEN}

# SRC_DIR environment variable is defined in the fog-ros-sdk image.
# The same workspace path is used by all ROS2 components.
# See: https://github.com/tiiuae/fog-ros-baseimage/blob/main/Dockerfile.sdk_builder
Expand All @@ -21,8 +25,11 @@ FROM ghcr.io/tiiuae/fog-ros-baseimage:v3.2.0

ENTRYPOINT [ "/entrypoint.sh" ]

RUN apt update \
&& apt install -y --no-install-recommends \
# Squid proxy needed to add Authorization: Bearer <token> header for apt to authenticate with priv repo
RUN sed "s/<token>/${ARTIFACTORY_CLOUD_TOKEN}/" /squid.conf > /etc/squid/squid.conf \
&& service squid start \
&& apt -o acquire::http::proxy='http://127.0.0.1:3128' update \
&& apt -o acquire::http::proxy='http://127.0.0.1:3128' install -y --no-install-recommends \
alfred \
batctl \
iproute2 \
Expand All @@ -32,6 +39,7 @@ RUN apt update \
pcsc-lite \
rfkill \
wpa-supplicant=2.9-r0 \
&& service squid stop \
&& apt clean \
&& rm -rf /var/lib/apt/lists/*

Expand Down
10 changes: 9 additions & 1 deletion modules/mesh_com/Dockerfile.build_env
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,22 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \
ros-${ROS_DISTRO}-ament-pep257 \
batctl \
alfred \
squid-openssl \
&& rm -rf /var/lib/apt/lists/*

RUN mkdir -p /etc/squid/ssl_cert \
&& openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout /etc/squid/ssl_cert/myCA.pem -out /etc/squid/ssl_cert/myCA.pem -batch \
&& openssl x509 -in /etc/squid/ssl_cert/myCA.pem -outform PEM -out /usr/local/share/ca-certificates/squid.crt \
&& update-ca-certificates \
&& mkdir -p /var/lib/squid \
&& /usr/lib/squid/security_file_certgen -c -s /var/lib/squid/ssl_db -M 4MB

RUN groupadd -g $GID builder && \
useradd -m -u $UID -g $GID -g builder builder && \
usermod -aG sudo builder && \
echo 'builder ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

RUN echo "deb [trusted=yes] https://ssrc.jfrog.io/artifactory/ssrc-deb-public-local focal fog-sw" >> /etc/apt/sources.list
RUN echo "deb [trusted=yes] https://artifactory.ssrcdevops.tii.ae/artifactory/debian-public-local focal fog-sw" >> /etc/apt/sources.list

WORKDIR /$PACKAGE_NAME

Expand Down

0 comments on commit db25631

Please sign in to comment.