From dfc338291b473df8d33c65fb2b91dbfda2270581 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 10 Sep 2024 16:38:17 -0400 Subject: [PATCH] add a test for the docker images --- .github/workflows/cpack.yml | 9 +- .github/workflows/promote-downstreams.yml | 17 +- ...iners.yml => publish-container-images.yml} | 40 +++-- .github/workflows/release.yml | 21 +-- .github/workflows/test-deployments.yml | 32 ++++ docker/Dockerfile.base | 58 ------ docker/Dockerfile.linux-cross-build | 45 ----- docker/Dockerfile.linux-native-build | 39 ---- docker/compose.host.yml | 10 ++ docker/compose.intercept.yml | 15 ++ docker/compose.test.yml | 98 ++++++++++ docker/docker-compose.yml | 76 -------- docker/docker.test.bash | 168 ++++++++++++++++++ docker/fetch-github-releases.sh | 83 --------- docker/linux-cross-build.sh | 87 --------- docker/linux-native-build.sh | 45 ----- docker/ziti-edge-tunnel.Dockerfile | 38 ++++ docker/ziti-host-deployment.yaml | 33 ---- ...kerfile.ziti-host => ziti-host.Dockerfile} | 0 docker/ziti-tun-daemonset.yaml | 44 ----- scripts/ziti-builder.sh | 37 ++-- 21 files changed, 430 insertions(+), 565 deletions(-) rename .github/workflows/{publish-containers.yml => publish-container-images.yml} (66%) create mode 100644 .github/workflows/test-deployments.yml delete mode 100644 docker/Dockerfile.base delete mode 100644 docker/Dockerfile.linux-cross-build delete mode 100644 docker/Dockerfile.linux-native-build create mode 100644 docker/compose.host.yml create mode 100644 docker/compose.intercept.yml create mode 100644 docker/compose.test.yml delete mode 100644 docker/docker-compose.yml create mode 100755 docker/docker.test.bash delete mode 100755 docker/fetch-github-releases.sh delete mode 100755 docker/linux-cross-build.sh delete mode 100755 docker/linux-native-build.sh create mode 100644 docker/ziti-edge-tunnel.Dockerfile delete mode 100644 docker/ziti-host-deployment.yaml rename docker/{Dockerfile.ziti-host => ziti-host.Dockerfile} (100%) delete mode 100644 docker/ziti-tun-daemonset.yaml diff --git a/.github/workflows/cpack.yml b/.github/workflows/cpack.yml index 83895c1c..012f04ed 100644 --- a/.github/workflows/cpack.yml +++ b/.github/workflows/cpack.yml @@ -3,8 +3,13 @@ name: CI package on: workflow_dispatch: push: - branches: # ignore push to tags - - '**' + branches: + - main + - release-* + pull_request: + branches: + - main + - release-* paths: - programs/ziti-edge-tunnel/package/* - .github/actions/openziti-tunnel-build-action/* diff --git a/.github/workflows/promote-downstreams.yml b/.github/workflows/promote-downstreams.yml index 9b216389..8f6a0887 100644 --- a/.github/workflows/promote-downstreams.yml +++ b/.github/workflows/promote-downstreams.yml @@ -2,15 +2,14 @@ name: Promote Downstream Releases on: workflow_dispatch: + release: + types: [released] # this release event activity type excludes prereleases # cancel older, redundant runs of same workflow on same branch concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} cancel-in-progress: true -env: - RELEASE_REF: ${{ github.ref}} - jobs: wait_for_release: name: Wait for Release Builds to Succeed @@ -22,7 +21,7 @@ jobs: - name: Wait for all checks on this ref uses: lewagon/wait-on-check-action@v1.3.1 with: - ref: ${{ env.RELEASE_REF }} + ref: ${{ github.ref }} repo-token: ${{ secrets.GITHUB_TOKEN }} # seconds between polling the checks api for job statuses wait-interval: 20 @@ -39,10 +38,12 @@ jobs: - name: Parse Release Version id: parse shell: bash + env: + RELEASE_REF: ${{ github.ref_name }} run: | - if [[ "${RELEASE_REF}" =~ ^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + if [[ "${RELEASE_REF}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "RELEASE_REF=${RELEASE_REF} is a semver release ref" - echo "version=${RELEASE_REF#refs/tags/v}" | tee -a $GITHUB_OUTPUT + echo "version=${RELEASE_REF#v}" | tee -a $GITHUB_OUTPUT else echo "RELEASE_REF=${RELEASE_REF} is not a semver release ref" >&2 exit 1 @@ -83,14 +84,14 @@ jobs: username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }} password: ${{ secrets.DOCKER_HUB_API_TOKEN }} - - name: Tag Latest zti-edge-tunnel + - name: Tag Latest ziti-edge-tunnel shell: bash run: > docker buildx imagetools create --tag ${{ env.ZITI_EDGE_TUNNEL_IMAGE }}:latest ${{ env.ZITI_EDGE_TUNNEL_IMAGE }}:${{ needs.parse_version.outputs.version }} - - name: Tag Latest zti-host + - name: Tag Latest ziti-host shell: bash run: > docker buildx imagetools create --tag diff --git a/.github/workflows/publish-containers.yml b/.github/workflows/publish-container-images.yml similarity index 66% rename from .github/workflows/publish-containers.yml rename to .github/workflows/publish-container-images.yml index 42cbb2ad..56c87a95 100644 --- a/.github/workflows/publish-containers.yml +++ b/.github/workflows/publish-container-images.yml @@ -17,7 +17,7 @@ on: # no need for concurrency group in callable workflows jobs: - publish-containers: + publish-container-images: runs-on: ubuntu-latest env: ZITI_VERSION: ${{ inputs.ziti-version || github.event.inputs.ziti-version }} @@ -30,8 +30,23 @@ jobs: - name: Checkout Workspace uses: actions/checkout@v4 + - name: Download CMake Artifacts + uses: actions/download-artifact@v4 + with: + pattern: linux-* + path: ./downloads + merge_multiple: false # some artifacts have the same name and so can not be aggregated in a single directory + + - name: Unpack CMake Artifacts + shell: bash + run: | + set -x + mkdir -p ./build/{arm64,amd64}/linux/ + unzip -d ./build/arm64/linux/ ./downloads/linux-arm64/ziti-edge-tunnel-Linux_aarch64.zip + unzip -d ./build/amd64/linux/ ./downloads/linux-x64/ziti-edge-tunnel-Linux_x86_64.zip + - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: amd64,arm64 @@ -45,23 +60,23 @@ jobs: username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }} password: ${{ secrets.DOCKER_HUB_API_TOKEN }} - - name: Set up Docker image tags for "run" container + - name: Set up Docker image tags for ziti-edge-tunnel image env: IMAGE_REPO: ${{ env.ZITI_EDGE_TUNNEL_IMAGE }} id: tagprep_run run: echo DOCKER_TAGS="${IMAGE_REPO}:unstable,${IMAGE_REPO}:${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT - - name: Build & Push Multi-Platform Container Image to Hub + - name: Build & Push Multi-Platform ziti-edge-tunnel Container Image uses: docker/build-push-action@v6 with: builder: ${{ steps.buildx.outputs.name }} - context: ${{ github.workspace }}/docker - file: ${{ github.workspace }}/docker/Dockerfile.base + context: ${{ github.workspace }}/ + file: ${{ github.workspace }}/docker/ziti-edge-tunnel.Dockerfile platforms: linux/amd64,linux/arm64 tags: ${{ steps.tagprep_run.outputs.DOCKER_TAGS }} build-args: | - ZITI_VERSION=${{ env.ZITI_VERSION }} - GITHUB_REPO=${{ github.repository }} + ARTIFACTS_DIR=./build + DOCKER_BUILD_DIR=./docker push: true - name: Set up Docker image tags for "run-host" container @@ -70,16 +85,15 @@ jobs: id: tagprep_run_host run: echo DOCKER_TAGS="${IMAGE_REPO}:unstable,${IMAGE_REPO}:${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT - - - name: Build & Push Multi-Platform Container Image to Hub + - name: Build & Push Multi-Platform ziti-host Container Image uses: docker/build-push-action@v6 with: builder: ${{ steps.buildx.outputs.name }} - context: ${{ github.workspace }}/docker - file: ${{ github.workspace }}/docker/Dockerfile.ziti-host + context: ${{ github.workspace }}/ + file: ${{ github.workspace }}/docker/ziti-host.Dockerfile platforms: linux/amd64,linux/arm64 tags: ${{ steps.tagprep_run_host.outputs.DOCKER_TAGS }} build-args: | - ZITI_EDGE_TUNNEL_TAG=${{ env.ZITI_VERSION }} ZITI_EDGE_TUNNEL_IMAGE=${{ env.ZITI_EDGE_TUNNEL_IMAGE }} + ZITI_EDGE_TUNNEL_TAG=${{ env.ZITI_VERSION }} push: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8764a157..f31e786d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,8 @@ jobs: - name: download uses: actions/download-artifact@v4 with: - path: ${{ runner.workspace }}/downloads/ + path: ${{ runner.workspace }}/downloads + merge_multiple: false # some artifacts have the same name and so can not be aggregated in a single directory - name: List Release Artifacts run: ls -horRAS ${{runner.workspace}}/downloads/ @@ -36,10 +37,7 @@ jobs: # token: defaults to github.token fail_on_unmatched_files: true files: | - ${{ runner.workspace }}/downloads/linux-x64-static-libssl/ziti-edge-tunnel-Linux_x86_64.zip - ${{ runner.workspace }}/downloads/linux-arm-static-libssl/ziti-edge-tunnel-Linux_arm.zip - ${{ runner.workspace }}/downloads/macOS-x64/ziti-edge-tunnel-Darwin_x86_64.zip - ${{ runner.workspace }}/downloads/macOS-arm64/ziti-edge-tunnel-Darwin_arm64.zip + ${{ runner.workspace }}/downloads/**/*.zip # These final two steps are only necessary because we prefer a different # release artifact name than is created by CMake, and so we could change @@ -68,22 +66,21 @@ jobs: - name: Get the Version String from Git Tag id: get_version env: - GITHUB_REF: ${{ github.ref }} + RELEASE_REF: ${{ github.ref_name }} run: | - ZITI_VERSION="${GITHUB_REF#refs/*/v}" + ZITI_VERSION="${RELEASE_REF#v}" if [[ "${ZITI_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then - echo "DEBUG: ZITI_VERSION=${ZITI_VERSION}" - echo ZITI_VERSION="${ZITI_VERSION}" >> $GITHUB_OUTPUT + echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT else # fail the job because we could not obtain a valid version string from the Git ref - echo "ERROR: ZITI_VERSION=${ZITI_VERSION} is not a semver" + echo "ERROR: ZITI_VERSION=${ZITI_VERSION} is not a release semver" exit 1 fi - call-publish-containers: + call-publish-container-images: name: Publish Container Images needs: [ release ] - uses: ./.github/workflows/publish-containers.yml + uses: ./.github/workflows/publish-container-images.yml secrets: inherit with: ziti-version: ${{ needs.release.outputs.ZITI_VERSION }} diff --git a/.github/workflows/test-deployments.yml b/.github/workflows/test-deployments.yml new file mode 100644 index 00000000..ce30aebf --- /dev/null +++ b/.github/workflows/test-deployments.yml @@ -0,0 +1,32 @@ +name: Test Deployments +on: + workflow_dispatch: + push: + branches: + - main + - release-v* + pull_request: + branches: + - main + - release-v* + +# cancel older, redundant runs of same workflow on same branch +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + +jobs: + docker-deployments: + name: Test Docker Deployments + runs-on: ubuntu-latest + steps: + - name: Full Checkout to Allow CMake to Find Version with Git + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run the Compose Test Script + shell: bash + run: docker/docker.test.bash + env: + I_AM_ROBOT: 1 diff --git a/docker/Dockerfile.base b/docker/Dockerfile.base deleted file mode 100644 index c127d077..00000000 --- a/docker/Dockerfile.base +++ /dev/null @@ -1,58 +0,0 @@ -# this builds docker.io/openziti/ziti-edge-tunnel -FROM registry.access.redhat.com/ubi8/ubi-minimal as fetch-ziti-artifacts -# This build stage grabs artifacts that are copied into the final image. -# It uses the same base as the final image to maximize docker cache hits. - -ARG ZITI_VERSION - -ARG GITHUB_BASE_URL -ARG GITHUB_REPO - -WORKDIR /tmp - -### Add necessary Red Hat repos and packages -RUN INSTALL_PKGS="curl unzip" && \ - microdnf -y update --setopt=install_weak_deps=0 --setopt=tsflags=nodocs && \ - microdnf -y install --setopt=install_weak_deps=0 --setopt=tsflags=nodocs ${INSTALL_PKGS} - -COPY fetch-github-releases.sh . -RUN bash ./fetch-github-releases.sh ziti-edge-tunnel - -################ -# -# Main Image -# -################ - -FROM registry.access.redhat.com/ubi8/ubi-minimal - -### Required OpenShift Labels -LABEL name="openziti/ziti-edge-tunnel" \ - maintainer="developers@openziti.org" \ - vendor="NetFoundry" \ - summary="OpenZiti Tunneler" \ - description="Configure a proxy and nameserver for OpenZiti Services" - -USER root - -### add licenses to this directory -RUN mkdir -m0755 /licenses -COPY ./LICENSE-Apache /licenses/apache.txt - -### Add necessary Red Hat repos and packages -RUN INSTALL_PKGS="iproute procps shadow-utils jq" && \ - microdnf -y update --setopt=install_weak_deps=0 --setopt=tsflags=nodocs && \ - microdnf -y install --setopt=install_weak_deps=0 --setopt=tsflags=nodocs ${INSTALL_PKGS} - -RUN mkdir -p /usr/local/bin -COPY --from=fetch-ziti-artifacts /tmp/ziti-edge-tunnel /usr/local/bin -COPY ./docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh -RUN mkdir -m0777 /ziti-edge-tunnel -RUN groupadd --system --gid 2171 ziti - -RUN UNINSTALL_PKGS="shadow-utils" && \ - microdnf -y remove ${UNINSTALL_PKGS} - -ENTRYPOINT [ "/docker-entrypoint.sh" ] -CMD [ "run" ] diff --git a/docker/Dockerfile.linux-cross-build b/docker/Dockerfile.linux-cross-build deleted file mode 100644 index 6617a3fa..00000000 --- a/docker/Dockerfile.linux-cross-build +++ /dev/null @@ -1,45 +0,0 @@ -ARG CMAKE_VERSION="3.22.3" -FROM debian:buster-slim -# -# usage -# docker run with top-level of tunneler SDK repo mounted as writeable volume on /mnt - -ARG CMAKE_VERSION -ARG uid=1000 -ARG gid=1000 -ENV TZ=Etc/UTC -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update \ - && apt-get -y install \ - gcc-arm-linux-gnueabihf \ - g++-arm-linux-gnueabihf \ - gcc-aarch64-linux-gnu \ - crossbuild-essential-arm64 \ - crossbuild-essential-armhf \ - build-essential \ - curl \ - doxygen \ - git \ - graphviz \ - libsystemd-dev \ - iproute2 \ - pkg-config \ - python3 \ - zlib1g-dev \ - libssl-dev \ - && rm -rf /var/lib/apt/lists/* - -RUN dpkg --add-architecture arm64 && dpkg --add-architecture armhf -RUN apt-get update \ - && apt-get -y install \ - libssl-dev:arm64 \ - libssl-dev:armhf \ - && rm -rf /var/lib/apt/lists/* - -RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ - && (bash cmake.sh --skip-license --prefix=/usr/local) \ - && rm cmake.sh - -USER ${uid}:${gid} -WORKDIR /mnt/ -ENTRYPOINT ["/mnt/docker/linux-cross-build.sh"] diff --git a/docker/Dockerfile.linux-native-build b/docker/Dockerfile.linux-native-build deleted file mode 100644 index d27db2be..00000000 --- a/docker/Dockerfile.linux-native-build +++ /dev/null @@ -1,39 +0,0 @@ -ARG CMAKE_VERSION="3.22.3" -FROM debian:jessie-slim -# -# (cd ./docker; DOCKER_BUILDKIT=1 docker build --platform arm --file Dockerfile.linux-native-build -t openziti/ziti-edge-tunnel-builder:debian-jessie-arm ./;) -# docker run --rm -it --volume "${PWD}:/mnt" --platform arm openziti/ziti-edge-tunnel-builder:debian-jessie-arm - - -ARG CMAKE_VERSION -ARG uid=1000 -ARG gid=0 -ENV TZ=Etc/UTC -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update \ - && apt-get -y install \ - build-essential \ - curl \ - doxygen \ - git \ - graphviz \ - libsystemd-dev \ - iproute2 \ - pkg-config \ - python3 \ - zlib1g-dev \ - libssl-dev \ - && rm -rf /var/lib/apt/lists/* - -# binary releases are available for x86_64, arm64 -RUN curl -sSfL https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.tar.gz -o cmake.tgz \ - && tar xf cmake.tgz \ - && (cd ./cmake-${CMAKE_VERSION} && ./bootstrap && make && make install) \ - && rm -r ./cmake-${CMAKE_VERSION} - -# the purpose of the uid:gid is to avoid root-owned build output folder -RUN getent group ${gid} &>/dev/null || groupadd --gid ${gid} ziggy -RUN getent passwd ${uid} &>/dev/null || useradd --system --home-dir /mnt --gid ${gid} --uid ${uid} ziggy -USER ${uid}:${gid} -WORKDIR /mnt -ENTRYPOINT ["/mnt/docker/linux-native-build.sh"] diff --git a/docker/compose.host.yml b/docker/compose.host.yml new file mode 100644 index 00000000..a944634a --- /dev/null +++ b/docker/compose.host.yml @@ -0,0 +1,10 @@ +volumes: + ziti-host: + +services: + ziti-host: + image: ${ZITI_HOST_IMAGE:-openziti/ziti-host}:${ZITI_HOST_TAG:-latest} + volumes: + - ziti-host:/ziti-edge-tunnel + environment: + - ZITI_ENROLL_TOKEN diff --git a/docker/compose.intercept.yml b/docker/compose.intercept.yml new file mode 100644 index 00000000..407ac784 --- /dev/null +++ b/docker/compose.intercept.yml @@ -0,0 +1,15 @@ +volumes: + ziti-edge-tunnel: + +services: + ziti-tun: + image: ${ZITI_EDGE_TUNNEL_IMAGE:-openziti/ziti-edge-tunnel}:${ZITI_EDGE_TUNNEL_TAG:-latest} + devices: + - /dev/net/tun:/dev/net/tun + volumes: + - ziti-edge-tunnel:/ziti-edge-tunnel + - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket + environment: + - ZITI_ENROLL_TOKEN # ZITI_IDENTITY_BASENAME=AcmeIdentity ZITI_ENROLL_TOKEN={JWT} docker-compose up ziti-tun + network_mode: host # use the Docker host's network, not the Docker bridge + privileged: true diff --git a/docker/compose.test.yml b/docker/compose.test.yml new file mode 100644 index 00000000..4a477747 --- /dev/null +++ b/docker/compose.test.yml @@ -0,0 +1,98 @@ +services: + httpbin: + image: mccutchen/go-httpbin + expose: + - 8080 + networks: + - quickstart + + ziti-tun: + pull_policy: never + command: run --verbose=4 --dns-ip-range=100.95.255.128/25 + + ziti-host: + pull_policy: never + networks: + - quickstart + command: run-host --verbose=4 + # entrypoint: ["bash", "-x", "/docker-entrypoint.sh"] + + quickstart: + image: ${ZITI_CLI_IMAGE:-docker.io/openziti/ziti-controller}:${ZITI_CLI_TAG:-latest} + networks: + quickstart: + # this allows other containers to use the same external DNS name to reach the quickstart container from within the + # Docker network that clients outside the Docker network use to reach the quickstart container via port forwarding + aliases: + - ${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-controller} + - ${ZITI_ROUTER_ADVERTISED_ADDRESS:-ziti-router} + entrypoint: + - bash + - -euc + - | + ZITI_CMD+=" --ctrl-address ${ZITI_CTRL_ADVERTISED_ADDRESS:-quickstart}"\ + " --ctrl-port ${ZITI_CTRL_ADVERTISED_PORT:-1280}"\ + " --router-address ${ZITI_ROUTER_ADVERTISED_ADDRESS:-${ZITI_CTRL_ADVERTISED_ADDRESS:-quickstart}}"\ + " --router-port ${ZITI_ROUTER_PORT:-3022}"\ + " --password ${ZITI_PWD:-admin}" + echo "DEBUG: run command is: ziti $${@} $${ZITI_CMD}" + exec ziti "$${@}" $${ZITI_CMD} + command: -- edge quickstart --home /home/ziggy/quickstart + user: ${ZIGGY_UID:-1000} + working_dir: /home/ziggy + environment: + HOME: /home/ziggy + PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}" + ZITI_ROUTER_NAME: ${ZITI_ROUTER_NAME:-quickstart-router} + volumes: + # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a + # directory, ZITI_HOME + - ${ZITI_HOME:-ziti_home}:/home/ziggy + ports: + - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_ADVERTISED_PORT:-1280}:${ZITI_CTRL_ADVERTISED_PORT:-1280} + - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022} + expose: + - ${ZITI_CTRL_ADVERTISED_PORT:-1280} + - ${ZITI_ROUTER_PORT:-3022} + depends_on: + quickstart-init: + condition: service_completed_successfully + healthcheck: + test: + - CMD + - ziti + - agent + - stats + interval: 3s + timeout: 3s + retries: 5 + start_period: 30s + + # this service is used to initialize the ziti_home volume by setting the owner to the UID of the user running the + # quickstart container + quickstart-init: + image: busybox + command: chown -Rc ${ZIGGY_UID:-1000} /home/ziggy + user: root + volumes: + # store the quickstart state in a named volume "ziti_home" or store the quickstart state on the Docker host in a + # directory, ZITI_HOME + - ${ZITI_HOME:-ziti_home}:/home/ziggy + + # add a health check for the quickstart network + quickstart-check: + image: busybox + command: echo "Ziti is cooking" + depends_on: + quickstart: + condition: service_healthy + +# define a custom network so that we can also define a DNS alias for the quickstart container +networks: + quickstart: + driver: bridge + +volumes: + # this will not be used if you switch from named volume to bind mount volume + ziti_home: + driver: local diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml deleted file mode 100644 index 0f4fb2b4..00000000 --- a/docker/docker-compose.yml +++ /dev/null @@ -1,76 +0,0 @@ -version: "3.9" - -x-base-service: &base-service - image: openziti/ziti-edge-tunnel - devices: - - /dev/net/tun:/dev/net/tun - volumes: - - .:/ziti-edge-tunnel - - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket - environment: - - ZITI_IDENTITY_BASENAME # inherit when run like this: ZITI_IDENTITY_BASENAME=AcmeIdentity docker-compose up ziti-tun - - ZITI_ENROLL_TOKEN # ZITI_IDENTITY_BASENAME=AcmeIdentity ZITI_ENROLL_TOKEN={JWT} docker-compose up ziti-tun - network_mode: host # use the Docker host's network, not the Docker bridge - privileged: true - -services: - - ziti-tun: # tunneler for one Ziti identity - <<: *base-service - command: - - --verbose=4 - - --dns-ip-range=100.64.64.0/18 - - ziti-tun-dir: # tunneler for all identities in /ziti-edge-tunnel - <<: *base-service - command: - - --verbose=4 - - --dns-ip-range=100.64.64.0/18 - environment: [] # ignore ZITI_IDENTITY_BASENAME and load all identities in same dir - - ziti-test: # docker-compose exec ziti-test bash - <<: *base-service - entrypoint: ["sh", "-c", "while true; do sleep infinity; done"] - - ziti-host: # tunneler for hosting services without providing DNS or IP routes - image: openziti/ziti-host - environment: - - ZITI_IDENTITY_JSON - networks: - - ziti-host - privileged: false # no privileges necessary for run-host mode - - ziti-host-wait: # tunneler for hosting services that waits forever for the identity to become available - image: openziti/ziti-host - environment: - - ZITI_IDENTITY_BASENAME - - ZITI_IDENTITY_WAIT=-1 # optional seconds to wait for identity (or token) to become available, negative value is wait forever - volumes: - - .:/ziti-edge-tunnel - networks: - - ziti-host - privileged: false # no privileges necessary for run-host mode - - ziti-host-dir: # tunneler for hosting services without providing DNS or IP routes - image: openziti/ziti-host - environment: [] # ignore ZITI_IDENTITY_BASENAME and load all identities in dir - volumes: - - .:/ziti-edge-tunnel - networks: - - ziti-host - privileged: false # no privileges necessary for run-host mode - - hello: # http://hello:8000 from bridge network "ziti-host" - image: openziti/hello-world - networks: - - ziti-host - - httpbin: - image: mccutchen/go-httpbin - networks: - - ziti-host - # ports: - # - "127.0.0.1:8080:8080/tcp" - -networks: - ziti-host: diff --git a/docker/docker.test.bash b/docker/docker.test.bash new file mode 100755 index 00000000..87ff0305 --- /dev/null +++ b/docker/docker.test.bash @@ -0,0 +1,168 @@ +#!/usr/bin/env bash + +# exec this script with BASH v4+ on Linux to test the checked-out ziti-tunnel-sdk-c repo's Docker deployments + +set -o errexit +set -o nounset +set -o pipefail +set -o xtrace + +cleanup(){ + if ! (( I_AM_ROBOT )) + then + echo "WARNING: destroying all controller and router state volumes in 30s; set I_AM_ROBOT=1 to suppress this message" >&2 + sleep 30 + fi + docker compose down --volumes --remove-orphans + echo "DEBUG: cleanup complete" +} + +checkCommand() { + if ! command -v "$1" &>/dev/null; then + logError "this script requires command '$1'." + $1 + fi +} + +portcheck(){ + PORT="${1}" + if nc -zv localhost "$PORT" &>/dev/null + then + echo "ERROR: port $PORT is already allocated" >&2 + return 1 + else + echo "DEBUG: port $PORT is available" + return 0 + fi +} + +BASEDIR="$(cd "$(dirname "${0}")" && pwd)" +REPOROOT="$(cd "${BASEDIR}/.." && pwd)" +cd "${REPOROOT}" + +declare -a BINS=(grep docker ./scripts/ziti-builder.sh curl nc jq) +for BIN in "${BINS[@]}"; do + checkCommand "$BIN" +done + +: "${I_AM_ROBOT:=0}" +: "${ZITI_CTRL_ADVERTISED_PORT:=12802}" +: "${ZITI_ROUTER_PORT:=30224}" +# : "${ZIGGY_UID:=$(id -u)}" + +bash -x ./scripts/ziti-builder.sh -p ci-linux-x64-static-libssl +mkdir -p ./build/amd64/linux +cp ./build/programs/ziti-edge-tunnel/Release/ziti-edge-tunnel ./build/amd64/linux/ziti-edge-tunnel + +ZITI_EDGE_TUNNEL_IMAGE="ziti-edge-tunnel" +ZITI_EDGE_TUNNEL_TAG="local" + +docker build \ +--build-arg "DOCKER_BUILD_DIR=./docker" \ +--tag "${ZITI_EDGE_TUNNEL_IMAGE}:${ZITI_EDGE_TUNNEL_TAG}" \ +--file "./docker/ziti-edge-tunnel.Dockerfile" \ +"${PWD}" + +ZITI_HOST_IMAGE="ziti-host" +ZITI_HOST_TAG="local" + +docker build \ +--build-arg "ZITI_EDGE_TUNNEL_IMAGE=${ZITI_EDGE_TUNNEL_IMAGE}" \ +--build-arg "ZITI_EDGE_TUNNEL_TAG=${ZITI_EDGE_TUNNEL_TAG}" \ +--tag "${ZITI_HOST_IMAGE}:${ZITI_HOST_TAG}" \ +--file "./docker/ziti-host.Dockerfile" \ +"${PWD}" + +# also let docker inherit the vars that define the tunneler images +export \ +ZITI_EDGE_TUNNEL_IMAGE \ +ZITI_EDGE_TUNNEL_TAG \ +ZITI_HOST_IMAGE \ +ZITI_HOST_TAG \ + +export COMPOSE_FILE="docker/compose.intercept.yml:docker/compose.host.yml:docker/compose.test.yml" + +cleanup + +# freshen ziti-controller, httpbin, etc. images +docker compose pull + +for PORT in "${ZITI_CTRL_ADVERTISED_PORT}" "${ZITI_ROUTER_PORT}" +do + portcheck "${PORT}" +done + +# configure the quickstart container +export \ +ZITI_CTRL_ADVERTISED_ADDRESS="ziti.127.0.0.1.sslip.io" \ +ZITI_PWD="ziggypw" \ +ZITI_CTRL_ADVERTISED_PORT \ +ZITI_ROUTER_PORT + +# run the check container that waits for a responsive controller agent +docker compose up quickstart-check + +# run the script from heredoc inside the quickstart container after variable interpolation +docker compose exec -T quickstart bash << BASH + +set -o errexit +set -o nounset +set -o pipefail +set -o xtrace + +ziti edge login \ +${ZITI_CTRL_ADVERTISED_ADDRESS}:${ZITI_CTRL_ADVERTISED_PORT} \ +--ca=/home/ziggy/quickstart/pki/root-ca/certs/root-ca.cert \ +--username=admin \ +--password=${ZITI_PWD} \ +--timeout=1 \ +--verbose + +ziti edge create identity "httpbin-client" \ + --jwt-output-file /tmp/httpbin-client.ott.jwt \ + --role-attributes httpbin-clients + +ziti edge create identity "httpbin-host" \ + --jwt-output-file /tmp/httpbin-host.ott.jwt \ + --role-attributes httpbin-hosts + +ziti edge create config "httpbin-intercept-config" intercept.v1 \ + '{"protocols":["tcp"],"addresses":["httpbin.ziti.internal"], "portRanges":[{"low":80, "high":80}]}' + +ziti edge create config "httpbin-host-config" host.v1 \ + '{"protocol":"tcp", "address":"httpbin","port":8080}' + +ziti edge create service "httpbin-service" \ + --configs httpbin-intercept-config,httpbin-host-config \ + --role-attributes test-services + +ziti edge create service-policy "httpbin-bind-policy" Bind \ + --service-roles '#test-services' \ + --identity-roles '#httpbin-hosts' + +ziti edge create service-policy "httpbin-dial-policy" Dial \ + --service-roles '#test-services' \ + --identity-roles '#httpbin-clients' +BASH + +ZITI_ENROLL_TOKEN="$(docker compose exec quickstart cat /tmp/httpbin-host.ott.jwt)" \ +docker compose up ziti-host --detach +docker compose up httpbin --detach + +ZITI_ENROLL_TOKEN="$(docker compose exec quickstart cat /tmp/httpbin-client.ott.jwt)" \ +docker compose up ziti-tun --detach + +ATTEMPTS=5 +DELAY=3 +curl_cmd="curl --fail --max-time 1 --silent --show-error --request POST --header 'Content-Type: application/json' --data '{\"ziti\": \"works\"}' http://httpbin.ziti.internal/post" +until ! ((ATTEMPTS)) || eval "${curl_cmd}" &> /dev/null +do + (( ATTEMPTS-- )) + echo "Waiting for httpbin service" + sleep ${DELAY} +done +eval "${curl_cmd}" | jq .json + +(( I_AM_ROBOT )) || read -p "Press [Enter] to continue..." + +cleanup diff --git a/docker/fetch-github-releases.sh b/docker/fetch-github-releases.sh deleted file mode 100755 index 4cf9d16c..00000000 --- a/docker/fetch-github-releases.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash - -# -# Copyright 2021 NetFoundry Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -set -euo pipefail - -[[ $# -eq 0 ]] && { - echo "ERROR: need the base name of the executable to fetch e.g. \"ziti-edge-tunnel\"." >&2 - exit 1 -} - -echo "Fetching from GitHub." -# defaults -: "${GITHUB_BASE_URL:=https://github.com}" -: "${GITHUB_REPO:="openziti/ziti-tunnel-sdk-c"}" -: "${ZITI_VERSION:="latest"}" - -if [[ "$ZITI_VERSION" == "latest" ]];then - echo "WARN: ZITI_VERSION unspecified, using 'latest'" >&2 -else - # ensure version string begins with 'v' by stripping if present and re-adding - ZITI_VERSION="v${ZITI_VERSION#v}" -fi - -# map host architecture/os to directories that we use in GitHub. -# (our artifact directories seem to align with Docker's TARGETARCH and TARGETOS -# build arguments, which we could rely on if we fully committed to "docker buildx" - see -# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope) -host_arch=$(uname -m) -case "${host_arch}" in -"x86_64") artifact_arch="x86_64";; -"armv7l") artifact_arch="arm";; -"aarch64") artifact_arch="arm64";; -*) echo "ERROR: Ziti binaries do not exist for architecture ${host_arch}"; exit 1;; -esac - -host_os=$(uname -s) -case "${host_os}" in - "Linux") artifact_os="Linux";; - "Darwin") artifact_os="Darwin";; - #"Windows") artifact_os="windows";; # Windows bins do not exist -*) echo "ERROR: ziti binaries do not exist for os ${host_os}"; exit 1;; -esac - -for exe in "${@}"; do - zip="${exe}-${artifact_os}_${artifact_arch}.zip" - case "${ZITI_VERSION}" in - "latest") url="${GITHUB_BASE_URL}/${GITHUB_REPO}/releases/${ZITI_VERSION}/download/${zip}" ;; - *) url="${GITHUB_BASE_URL}/${GITHUB_REPO}/releases/download/${ZITI_VERSION}/${zip}" ;; - esac - - echo "Fetching ${zip} from ${url}" - rm -f "${zip}" "${exe}" - if { command -v curl > /dev/null; } 2>&1; then - curl -fLsS -O "${url}" - elif { command -v wget > /dev/null; } 2>&1; then - wget "${url}" - else - echo "ERROR: need one of curl or wget to fetch the artifact." >&2 - exit 1 - fi - unzip "${zip}" - if [ -f "${exe}" ]; then - chmod 755 "${exe}" - elif [ -f "${exe}.exe" ]; then - chmod 755 "${exe}.exe" - fi - rm -f "${zip}" -done diff --git a/docker/linux-cross-build.sh b/docker/linux-cross-build.sh deleted file mode 100755 index e96789e9..00000000 --- a/docker/linux-cross-build.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/env bash -# -# cross-compile the Linux artifacts for the target architecture on amd64 -# - -set -o pipefail -e -u -set -x - -DIRNAME=$(dirname $0) -REPO_DIR=${DIRNAME}/.. # parent of the top-level dir where this script lives -: ${TARGET:="bundle"} -: ${BUILD_DIST_PACKAGES:="OFF"} -: ${DISABLE_LIBSYSTEMD_FEATURE:="OFF"} - -if (( ${#} )); then - for OPT in ${*}; do - case $OPT in - --package) - TARGET="package" - BUILD_DIST_PACKAGES="ON" - shift - ;; - --no-systemd) - DISABLE_LIBSYSTEMD_FEATURE="ON" - shift - ;; - esac - done -fi - -# if no architectures supplied then default list of three -if (( ${#} )); then - typeset -a JOBS=(${@}) -else - typeset -a JOBS=(amd64 arm64 arm) -fi - -for ARCH in ${JOBS[@]}; do - CMAKE_BUILD_DIR=${REPO_DIR}/build-${ARCH} # adjacent the top-level dir where this script lives - [[ -d ${CMAKE_BUILD_DIR} ]] && rm -rf ${CMAKE_BUILD_DIR} - mkdir ${CMAKE_BUILD_DIR} -# cd ${CMAKE_BUILD_DIR} - case ${ARCH} in - amd64) { cmake \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/default.cmake \ - -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ - -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ - -S ${REPO_DIR} \ - -B ${CMAKE_BUILD_DIR} \ - && cmake \ - --build ${CMAKE_BUILD_DIR} \ - --target ${TARGET} \ - --verbose; - } - ;; - arm64) { cmake \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/Linux-arm64.cmake \ - -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ - -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ - -S ${REPO_DIR} \ - -B ${CMAKE_BUILD_DIR} \ - && cmake \ - --build ${CMAKE_BUILD_DIR} \ - --target ${TARGET} \ - --verbose; - } - ;; - arm) { cmake \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/Linux-arm.cmake \ - -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ - -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ - -S ${REPO_DIR} \ - -B ${CMAKE_BUILD_DIR} \ - && cmake \ - --build ${CMAKE_BUILD_DIR} \ - --target ${TARGET} \ - --verbose; - } - ;; - *) echo "ERROR: invalid architecture '${ARCH}', must be one of amd64, arm, arm64" >&2 - exit 1 - ;; - esac -done diff --git a/docker/linux-native-build.sh b/docker/linux-native-build.sh deleted file mode 100755 index 6b5352f4..00000000 --- a/docker/linux-native-build.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env bash -# -# build the Linux artifacts for the native architecture -# - -set -o pipefail -e -u -set -x - -DIRNAME=$(dirname $0) -REPO_DIR=${DIRNAME}/.. # parent of the top-level dir where this script lives -: ${TARGET:="bundle"} -: ${BUILD_DIST_PACKAGES:="OFF"} -: ${DISABLE_LIBSYSTEMD_FEATURE:="OFF"} - -if (( ${#} )); then - for OPT in ${*}; do - case $OPT in - --package) - TARGET="package" - BUILD_DIST_PACKAGES="ON" - shift - ;; - --no-systemd) - DISABLE_LIBSYSTEMD_FEATURE="ON" - shift - ;; - esac - done -fi - -ARCH=$(dpkg --print-architecture) -CMAKE_BUILD_DIR=${REPO_DIR}/build-${ARCH} # adjacent the top-level dir where this script lives -[[ -d ${CMAKE_BUILD_DIR} ]] && rm -rf ${CMAKE_BUILD_DIR} -mkdir ${CMAKE_BUILD_DIR} -cmake \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/default.cmake \ - -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ - -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ - -S ${REPO_DIR} \ - -B ${CMAKE_BUILD_DIR} \ -&& cmake \ - --build ${CMAKE_BUILD_DIR} \ - --target ${TARGET} \ - --verbose; diff --git a/docker/ziti-edge-tunnel.Dockerfile b/docker/ziti-edge-tunnel.Dockerfile new file mode 100644 index 00000000..eca17ab8 --- /dev/null +++ b/docker/ziti-edge-tunnel.Dockerfile @@ -0,0 +1,38 @@ +FROM registry.access.redhat.com/ubi9/ubi-minimal + +ARG ARTIFACTS_DIR=./build +ARG DOCKER_BUILD_DIR=. +# e.g. linux +ARG TARGETOS +# e.g. arm64 +ARG TARGETARCH + +### Required OpenShift Labels +LABEL name="openziti/ziti-edge-tunnel" \ + maintainer="developers@openziti.org" \ + vendor="NetFoundry" \ + summary="OpenZiti Tunneler" \ + description="Configure a proxy and nameserver for OpenZiti Services" + +USER root + +### add licenses to this directory +RUN mkdir -m0755 /licenses +COPY ${DOCKER_BUILD_DIR}/LICENSE-Apache /licenses/apache.txt + +### Add necessary Red Hat repos and packages +RUN INSTALL_PKGS="iproute procps shadow-utils jq" \ + && microdnf -y update --setopt=install_weak_deps=0 --setopt=tsflags=nodocs \ + && microdnf -y install --setopt=install_weak_deps=0 --setopt=tsflags=nodocs ${INSTALL_PKGS} + +COPY ${ARTIFACTS_DIR}/${TARGETARCH}/${TARGETOS}/ziti-edge-tunnel /usr/local/bin/ +COPY ${DOCKER_BUILD_DIR}/docker-entrypoint.sh / +RUN chmod +x /docker-entrypoint.sh +RUN mkdir -m0777 /ziti-edge-tunnel +RUN groupadd --system --gid 2171 ziti + +RUN UNINSTALL_PKGS="shadow-utils" \ + && microdnf -y remove ${UNINSTALL_PKGS} + +ENTRYPOINT [ "/docker-entrypoint.sh" ] +CMD [ "run" ] diff --git a/docker/ziti-host-deployment.yaml b/docker/ziti-host-deployment.yaml deleted file mode 100644 index 8051c1df..00000000 --- a/docker/ziti-host-deployment.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ziti-host - namespace: default -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: ziti-host - template: - metadata: - labels: - app.kubernetes.io/name: ziti-host - spec: - containers: - - env: - - name: ZITI_IDENTITY_BASENAME - value: ziti-host-identity - image: openziti/ziti-host - name: ziti-host - volumeMounts: - - mountPath: /ziti-edge-tunnel - name: persisted-identity - readOnly: true - volumes: - - name: persisted-identity - secret: - defaultMode: 256 - items: - - key: persisted-identity - path: ziti-host-identity.json - secretName: ziti-host-identity diff --git a/docker/Dockerfile.ziti-host b/docker/ziti-host.Dockerfile similarity index 100% rename from docker/Dockerfile.ziti-host rename to docker/ziti-host.Dockerfile diff --git a/docker/ziti-tun-daemonset.yaml b/docker/ziti-tun-daemonset.yaml deleted file mode 100644 index 06f63a93..00000000 --- a/docker/ziti-tun-daemonset.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: ziti-run-node -spec: - selector: - matchLabels: - app: ziti-edge-tunnel - template: - metadata: - labels: - app: ziti-edge-tunnel - spec: - containers: - - image: openziti/ziti-edge-tunnel - name: ziti-edge-tunnel - env: - - name: ZITI_IDENTITY_BASENAME - value: ziti-identity - volumeMounts: - - name: ziti-enrolled-identity - mountPath: /ziti-edge-tunnel - readOnly: true - - name: system-bus-socket - mountPath: /var/run/dbus/system_bus_socket - securityContext: - privileged: true - args: # [] - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - nodeSelector: - node-role.kubernetes.io/node: worker - restartPolicy: Always - volumes: - - name: ziti-enrolled-identity - secret: # kubectl create secret generic ziti-enrolled-identity --from-file=ziti-enrolled-identity=./myZitiIdentityFile.json - secretName: ziti-enrolled-identity - defaultMode: 0400 - items: - - key: ziti-enrolled-identity - path: ziti-identity.json - - name: system-bus-socket - hostPath: - path: /var/run/dbus/system_bus_socket \ No newline at end of file diff --git a/scripts/ziti-builder.sh b/scripts/ziti-builder.sh index b0a761b2..04fa8d65 100755 --- a/scripts/ziti-builder.sh +++ b/scripts/ziti-builder.sh @@ -19,6 +19,8 @@ REPODIR="$(dirname "${BASEDIR}")" # path to project root is parent of # set in ziti-builder image, but this default allows hacking the script to run # outside the ziti-builder container : "${GIT_CONFIG_GLOBAL:=/tmp/ziti-builder-gitconfig}" +: "${UID:=$(id -u)}" +: "${GID:=$(id -g)}" [[ ${1:-} =~ -h|(--)?help ]] && { echo -e "\nUsage: ${BASENAME} [CMD] [ARGS...]"\ @@ -46,44 +48,39 @@ function set_git_safe_dirs() { } function set_workspace(){ - # let GitHub Actions override the workspace dir - if [[ -n "${GITHUB_WORKSPACE:-}" ]]; then - WORKDIR="${GITHUB_WORKSPACE}" - else - export WORKDIR="/github/workspace" - fi - - # if project is mounted on WORKDIR then build, else restart in container - if [[ -x "${WORKDIR}/${SCRIPTSDIR}/${BASENAME}" ]]; then + WORKSPACE="/workspace" + # if project is mounted then build, else mount and run container + if [[ -x "${WORKSPACE}/${SCRIPTSDIR}/${BASENAME}" ]]; then # container environment defines BUILD_ENVIRONMENT=ziti-builder-docker if [[ "${BUILD_ENVIRONMENT:-}" == "ziti-builder-docker" ]]; then echo "INFO: running in ziti-builder container" - set_git_safe_dirs "${WORKDIR}" + set_git_safe_dirs "${WORKSPACE}" else echo "ERROR: not running in ziti-builder container" >&2 exit 1 fi else - echo -e "INFO: project not mounted on ${WORKDIR}"\ - "\nINFO: re-running in ziti-builder container" + echo -e "INFO: project not mounted on ${WORKSPACE}"\ + "\nINFO: mounting on ziti-builder container" + docker pull "openziti/ziti-builder:${ZITI_BUILDER_TAG:-latest}" set -x eval exec docker run \ --rm \ - --user "${UID}" \ - --volume "${REPODIR}:${WORKDIR}" \ + --user "${UID}:${GID}" \ + --volume "${REPODIR}:${WORKSPACE}" \ "${ZITI_SDK_DIR:+--volume=${ZITI_SDK_DIR}:${ZITI_SDK_DIR}}" \ --platform "linux/amd64" \ - --env "VCPKG_DEFAULT_BINARY_CACHE=${WORKDIR}/.cache" \ + --env "VCPKG_DEFAULT_BINARY_CACHE=${WORKSPACE}/.cache" \ --env "TLSUV_TLSLIB" \ --env "ZITI_SDK_DIR" \ "openziti/ziti-builder:${ZITI_BUILDER_TAG:-latest}" \ - "${WORKDIR}/${SCRIPTSDIR}/${BASENAME}" "${@}" + "${WORKSPACE}/${SCRIPTSDIR}/${BASENAME}" "${@}" fi } function main() { echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM:-}" - echo "INFO: WORKDIR=${PWD}" + echo "INFO: WORKSPACE=${PWD}" echo "INFO: $(git --version)" echo "INFO: GIT_CONFIG_GLOBAL=${GIT_CONFIG_GLOBAL:-}" # use this value to detect whether any options were passed so we can warn if @@ -143,9 +140,9 @@ function main() { ls -lAh ./build/programs/ziti-edge-tunnel/Release/ziti-edge-tunnel } -# set global WORKDIR +# set global WORKSPACE set_workspace "${@}" -# run main() in WORKDIR -cd "${WORKDIR}" +# run main() in WORKSPACE +cd "${WORKSPACE}" main "${@}" \ No newline at end of file