diff --git a/.gitignore b/.gitignore index f8009eb..961d0b5 100644 --- a/.gitignore +++ b/.gitignore @@ -15,5 +15,14 @@ # vendor/ -#intellij -.idea/ \ No newline at end of file +#IDEs +.idea/ +/.zed +/.vscode + +#binary +/containers/general/general + +# logs +/build_scripts/code_signing/code_signing.log +venv/ diff --git a/build_scripts/code_signing/client.py b/build_scripts/code_signing/client.py new file mode 100755 index 0000000..157e614 --- /dev/null +++ b/build_scripts/code_signing/client.py @@ -0,0 +1,350 @@ +#!/usr/bin/env -S uv run --script +# /// script +# requires-python = ">=3.10" +# dependencies = [ +# "google-cloud-pubsub", +# "google", +# "google-cloud-storage", +# ] +# /// +import argparse +import base64 +import enum +import json +import logging +import os +import shutil +import sys +import tempfile +import time +import uuid +from dataclasses import asdict, dataclass + +from google.api_core.exceptions import NotFound # type: ignore +from google.cloud import pubsub_v1 # type: ignore +from google.oauth2.service_account import Credentials # type: ignore +from lc_py.lc_config import JSONConfig # nopep8 +from lc_py.lc_gsifile import LCGSIFile # nopep8 +from lc_py.lc_py_utils import LcUtil # nopep8 + +DEF_SIGN_TIMEOUT = (20 * 60) + + +class SignFileType(enum.Enum): + SENSOR_ARCHIVE = 1 + PACKAGE_ARCHIVE = 2 + HLK_ARCHIVE = 3 + + +@dataclass +class SigningRequest: + file_type: int + unsigned_uri: str + signed_uri: str + + +class InvalidArgumentError(Exception): + pass + + +class SigningPublisher: + + def __init__(self, project: str, topic: str, bucket_name: str, key: str) -> None: + self.project = project + self.topic = topic + self.key = key + self.bucket_name = bucket_name + self.creds = Credentials.from_service_account_file(key) # type: ignore + + def __enter__(self) -> 'SigningPublisher': + # Code to run when entering the context + logging.info(f"authenticating using {self.key}") + self.pub = pubsub_v1.PublisherClient( # type: ignore + credentials=self.creds) # type: ignore + return self + + def __exit__(self, exc_type, exc_value, traceback): # type: ignore + pass + + def sign_archive(self, sign_type: SignFileType, input: str, output: str, timeout: float) -> None: + + logging.info(f"Input file: {input}") + logging.info(f"Output file: {output}") + + # upload file to a bucket + gsi = LCGSIFile(self.key) + + uuid_str = str(uuid.uuid4()) + + file_name = f"lc_sensor_{uuid_str}.zip" + + try: + + uri = gsi.upload(input, self.bucket_name, file_name) + + signed_uri = uri + ".signed" + + req = SigningRequest(sign_type.value, uri, signed_uri) + + message_json = json.dumps(asdict(req)) + message = base64.b64encode(message_json.encode("utf-8")) + + topic_path = self.pub.topic_path(self.project, # type: ignore + self.topic) + future = self.pub.publish(topic_path, message) # type: ignore + + msg_id = future.result() # type: ignore + + logging.info(f"message id: {msg_id}") + + # wait for the signed file to appear + cur_ts = time.time() + end_ts = cur_ts + timeout + + while cur_ts < end_ts: + + try: + gsi.download_uri(signed_uri, output) + gsi.delete_uri(signed_uri) + break + except NotFound: + pass + + time.sleep(5) + cur_ts = time.time() + + rem_secs = end_ts - cur_ts + + logging.info(f"timeout={rem_secs:.2f}") + + if cur_ts > end_ts: + raise TimeoutError(f"Unable to sign {input} in time") + + finally: + gsi.delete(self.bucket_name, file_name) + + def sign(self, sign_type: SignFileType, input: str, output: str, timeout: float) -> None: + + if input.endswith(".zip"): + self.sign_archive(sign_type, input, output, timeout) + return + + with tempfile.TemporaryDirectory(prefix="sign_file_") as td: + + input_fn = os.path.basename(input) + + tmp_bin = os.path.join(td, "bin") + os.mkdir(tmp_bin) + + unsigned_input = os.path.join(tmp_bin, input_fn) + shutil.copy2(input, unsigned_input) + + tmp_zip = os.path.join(td, "bin.zip") + + LcUtil.zip(tmp_bin, tmp_zip, include_root=False) + + self.sign_archive(sign_type, tmp_zip, tmp_zip, timeout) + + signed_bin = os.path.join(td, "signed_bin") + os.mkdir(signed_bin) + + LcUtil.unzip(tmp_zip, signed_bin) + + signed_output = os.path.join(signed_bin, input_fn) + + shutil.copy2(signed_output, output) + + def sign_macos(self, input: str, entitlements: str, output: str, timeout: float) -> None: + + with tempfile.TemporaryDirectory(prefix="macos_sign_") as td: + + input_fn = os.path.basename(input) + bin_file = os.path.join(td, input_fn) + shutil.copy2(input, bin_file) + + entitlements_dir = os.path.join(td, "entitlements") + os.mkdir(entitlements_dir) + + e_file = os.path.join(entitlements_dir, f"{input_fn}.plist") + shutil.copy2(entitlements, e_file) + + e_zip = os.path.join(td, "entitlements.zip") + + LcUtil.zip(entitlements_dir, e_zip) + + shutil.rmtree(entitlements_dir) + + with tempfile.TemporaryDirectory(prefix="unsigned") as unsigned: + + sign_package = os.path.join(unsigned, "package.zip") + + LcUtil.zip(td, sign_package, include_root=False) + + # this may take a while + self.sign(SignFileType.SENSOR_ARCHIVE, + sign_package, + sign_package, + timeout) + + # unzip and extract the signed file + LcUtil.unzip(sign_package, td) + + # return the signed / notarized file + shutil.copy2(bin_file, output) + + +def main() -> int: + + status = 1 + + parser = argparse.ArgumentParser() + + script_root = os.path.abspath(os.path.dirname(sys.argv[0])) + config_file = os.path.join(script_root, "config.json") + + config = JSONConfig(config_file) + + def_topic = config.get("/pub/topic") + def_bucket = config.get("/pub/bucket") + def_project = config.get("/project") + + parser.add_argument("-k", + "--key", + type=str, + help="Google service account key file") + + parser.add_argument("--base64-key", + type=str, + help="Base64 encoded key") + + parser.add_argument("-v", + "--verbose", + action="store_true", + help="log to stdout") + + parser.add_argument("-i", + "--input", + type=str, + required=True, + help="/path/to/lc_sensor.zip") + + parser.add_argument("-o", + "--output", + type=str, + help="/path/to/lc_sensor_signed.zip") + + parser.add_argument("-p", + "--project", + type=str, + default=def_project, + help=f"Google sub project. Default: {def_project}") + + parser.add_argument("-t", + "--topic", + type=str, + default=def_topic, + help=f"Topic. Default: {def_topic}") + + parser.add_argument("-b", + "--bucket", + type=str, + default=def_bucket, + help=f"Bucket name. Default: {def_bucket}") + + parser.add_argument("--timeout", + type=float, + default=DEF_SIGN_TIMEOUT, + help=f"Signing timeout. Default: {DEF_SIGN_TIMEOUT}") + + parser.add_argument("--sign-type", + type=str, + default="sensor", + choices=["sensor", "package", "hlk"], + help="Type of signing") + + parser.add_argument("-e", + "--entitlements-file", + type=str, + help="/path/to/entitlements.plist") + + args = parser.parse_args() + + try: + LcUtil.init_logging("code_signing.log", args.verbose) + + args.input = os.path.abspath(args.input) + + if args.output is None: + args.output = args.input + + print("Signing Publisher:") + LcUtil.printkv("Input File", args.input) + LcUtil.printkv("Input File Size", LcUtil.file_size_fmt(args.input)) + LcUtil.printkv("Input File Hash", LcUtil.md5_file(args.input)) + LcUtil.printkv("Signing Type", args.sign_type) + + if args.key is not None: + LcUtil.printkv("Google SA Key File", args.key) + elif args.base64_key is not None: + LcUtil.printkv("Google SA Key String", + args.base64_key[:30] + "...") + else: + raise InvalidArgumentError("--key or --key--string is missing") + + LcUtil.printkv("Project", args.project) + LcUtil.printkv("Topic", args.topic) + LcUtil.printkv("Bucket Name", args.bucket) + LcUtil.printkv("Signing timeout", args.timeout) + + if args.entitlements_file is not None: + LcUtil.printkv("Entitlements", args.entitlements_file) + + with tempfile.TemporaryDirectory(prefix="pub_client_") as td: + + if args.key is not None: + key_file = args.key + else: + key_file = os.path.join(td, "key.json") + LcUtil.b64_to_file(args.base64_key, key_file) + + if args.sign_type == "sensor": + sign_type = SignFileType.SENSOR_ARCHIVE + elif args.sign_type == "package": + sign_type = SignFileType.PACKAGE_ARCHIVE + elif args.sign_type == "hlk": + sign_type = SignFileType.HLK_ARCHIVE + else: + raise NotImplementedError() + + with SigningPublisher(args.project, + args.topic, + args.bucket, + key_file) as pub: + + if args.entitlements_file is None: + pub.sign(sign_type, args.input, args.output, args.timeout) + else: + pub.sign_macos(args.input, + args.entitlements_file, + args.output, + args.timeout) + + LcUtil.printkv("Output File", args.output) + LcUtil.printkv("Output File Size", LcUtil.file_size_fmt(args.output)) + LcUtil.printkv("Output File Hash", LcUtil.md5_file(args.output)) + + status = 0 + except InvalidArgumentError as e: + print(e) + except KeyboardInterrupt: + pass + + return status + + +if __name__ == '__main__': + + status = main() + + if 0 != status: + sys.exit(status) diff --git a/build_scripts/code_signing/config.json b/build_scripts/code_signing/config.json new file mode 100644 index 0000000..1ee9389 --- /dev/null +++ b/build_scripts/code_signing/config.json @@ -0,0 +1,7 @@ +{ + "project": "lc-developers", + "pub": { + "topic": "lc-sensor-signing", + "bucket": "lc-sensor-unsigned" + } +} diff --git a/build_scripts/code_signing/entitlements/general.plist b/build_scripts/code_signing/entitlements/general.plist new file mode 100644 index 0000000..01f07d9 --- /dev/null +++ b/build_scripts/code_signing/entitlements/general.plist @@ -0,0 +1,8 @@ + + + + + com.apple.security.cs.debugger + + + diff --git a/build_scripts/code_signing/lc_py/__init__.py b/build_scripts/code_signing/lc_py/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/build_scripts/code_signing/lc_py/lc_config.py b/build_scripts/code_signing/lc_py/lc_config.py new file mode 100644 index 0000000..9bfa3e5 --- /dev/null +++ b/build_scripts/code_signing/lc_py/lc_config.py @@ -0,0 +1,127 @@ +import json +import os +import sys +from typing import Any, TypeVar + +T = TypeVar('T') + + +class JSONConfig: + + def __init__(self, file_path: str | None = None) -> None: + + if file_path is None: + script_root = os.path.abspath(os.path.dirname(sys.argv[0])) + file_path = os.path.join(script_root, "config.json") + + self.file_path = file_path + + if os.path.exists(file_path): + with open(file_path) as f: + self.config = json.load(f) + else: + self.config: dict[Any, Any] = {} + + def __sync(self) -> None: + + with open(self.file_path, "w+") as f: + f.write(json.dumps(self.config, indent=4)) + + def __get_node(self, path: str) -> Any | None: + + cur_node = self.config + + for k in path.split("/")[1:]: + + if k in cur_node: + cur_node = cur_node[k] + else: + return None + + return cur_node + + def __str__(self) -> str: + return self.file_path + + ############################################################################ + # PUBLIC + ############################################################################ + ########################################## + # GET + ########################################## + + def get(self, path: str, default: Any | None = None) -> Any: + + v = self.__get_node(path) + + if v is not None: + return v + + if default is not None: + return default + + raise KeyError(f"{path} was not found") + + def get_bool(self, path: str, default: bool | None = None) -> bool: + + v = self.get(path, default) + + if isinstance(v, bool): + return v + + raise ValueError(f"{v} is not a int") + + def get_int(self, path: str, default: int | None = None) -> int: + + v = self.get(path, default) + + if isinstance(v, int): + return v + + raise ValueError(f"{v} is not a int") + + def get_str(self, path: str, default: str | None = None) -> str: + + v = self.get(path, default) + + if isinstance(v, str): + return v + + raise ValueError(f"{v} is not a str") + + def get_float(self, path: str, default: float | None = None) -> float: + + v = self.get(path, default) + + if isinstance(v, float): + return v + + raise ValueError(f"{v} is not a float") + + def get_list(self, path: str, default: list[T] | None) -> list[T]: + + v = self.get(path, default) + + if isinstance(v, list): + return v # type: ignore + + raise ValueError(f"{v} is not a list") + + ########################################## + # SET + ########################################## + + def set(self, path: str, value: Any | None) -> None: + + cur_node = self.config + + path_list = path.split("/")[1:] + + for k in path_list[:-1]: + + if k not in cur_node: + cur_node[k] = {} + cur_node = cur_node[k] + + cur_node[path_list[-1]] = value + self.__sync() diff --git a/build_scripts/code_signing/lc_py/lc_gsifile.py b/build_scripts/code_signing/lc_py/lc_gsifile.py new file mode 100644 index 0000000..747459b --- /dev/null +++ b/build_scripts/code_signing/lc_py/lc_gsifile.py @@ -0,0 +1,94 @@ +import os +import shutil +import logging +import tempfile +from dataclasses import dataclass + +from google.oauth2.service_account import Credentials # type: ignore +from google.cloud import storage # type: ignore +from google.api_core.exceptions import NotFound # type: ignore + + +@dataclass +class GSIParts: + bucket_name: str + object_name: str + + +class LCGSIFile: + + def __init__(self, key: str) -> None: + self.creds = Credentials.from_service_account_file(key) # type: ignore + + def __split_uri(self, gsi: str) -> GSIParts: + + bucket_name = gsi.split("/")[2] + object_name = "/".join(gsi.split("/")[3:]) + + return GSIParts(bucket_name, object_name) + + def delete(self, bucket_name: str, object_name: str) -> None: + + client = storage.Client(credentials=self.creds) # type: ignore + + logging.info(f"deleting {object_name}") + + bucket = client.bucket(bucket_name) # type: ignore + blob = bucket.blob(object_name) # type: ignore + + try: + blob.delete() # type: ignore + except NotFound: + pass + + def delete_uri(self, uri: str) -> None: + + parts = self.__split_uri(uri) + self.delete(parts.bucket_name, parts.object_name) + + def download_uri(self, uri: str, file_path: str) -> None: + + parts = self.__split_uri(uri) + self.download(parts.bucket_name, parts.object_name, file_path) + + def download(self, bucket_name: str, object_name: str, file_path: str) -> None: + + client = storage.Client(credentials=self.creds) # type: ignore + + bucket = client.bucket(bucket_name) # type: ignore + blob = bucket.blob(object_name) # type: ignore + + # + # using a temp file because blob.download_to_filename overwrites + # the file immediately even when it fails to do so. + # + # it was creating 0 byte files :shrug: + # + with tempfile.TemporaryDirectory(prefix="gsi_storage_") as td: + + out_file = os.path.join(td, "download.bin") + + logging.info(f"downloading {object_name} to {file_path}") + blob.download_to_filename(out_file) # type: ignore + + # it worked. it's not safe to write + shutil.move(out_file, file_path) + + def upload(self, file_path: str, bucket_name: str, object_name: str) -> str: + + logging.info(f"Uploading {file_path} to {bucket_name}/{object_name}") + + client = storage.Client(credentials=self.creds) # type: ignore + + bucket = client.bucket(bucket_name) # type: ignore + blob = bucket.blob(object_name) # type: ignore + + blob.upload_from_filename(file_path) # type: ignore + + return f"gs://{bucket_name}/{object_name}" + + def upload_uri(self, file_path: str, uri: str) -> None: + + parts = self.__split_uri(uri) + + self.upload(file_path, parts.bucket_name, parts.object_name) diff --git a/build_scripts/code_signing/lc_py/lc_py_utils.py b/build_scripts/code_signing/lc_py/lc_py_utils.py new file mode 100644 index 0000000..78d2105 --- /dev/null +++ b/build_scripts/code_signing/lc_py/lc_py_utils.py @@ -0,0 +1,250 @@ +import base64 +import glob +import hashlib +import logging +import os +import platform +import subprocess +import sys +import tarfile +import zipfile +from typing import Any + + +class LcUtil: + + @staticmethod + def printkv(k: str, v: object) -> None: + k = f"{k}:" + print(f" {k:30}{v}") + + @staticmethod + def unzip(archive: str, output_dir: str) -> None: + + with zipfile.ZipFile(archive, "r") as z: + for info in z.infolist(): + z.extract(info, output_dir) + + attr = info.external_attr >> 16 + + if 0 != attr: + extracted_path = os.path.join(output_dir, info.filename) + + if True == os.path.isfile(extracted_path): + os.chmod(extracted_path, attr) + + @staticmethod + def zip(directory: str, out_file: str, include_root: bool = True) -> None: + + if True == include_root: + rel_dir = os.path.dirname(directory) + else: + rel_dir = directory + + with zipfile.ZipFile(out_file, 'w', zipfile.ZIP_DEFLATED) as z: + + for root, _, files in os.walk(directory): + for file in files: + file_path = os.path.join(root, file) + rel = os.path.relpath(file_path, rel_dir) + z.write(file_path, rel) + + @staticmethod + def tar(directory: str, out_file: str, include_root: bool = True) -> None: + + if True == include_root: + rel_dir = os.path.dirname(directory) + else: + rel_dir = directory + + with tarfile.open(out_file, "w:gz") as t: + for root, _, files in os.walk(directory): + for file in files: + file_path = os.path.join(root, file) + rel = os.path.relpath(file_path, rel_dir) + t.add(file_path, rel) + + @staticmethod + def exec(cmd_line: str, + cwd: str | None = None, + env: dict[str, Any] | None = None, + check: bool = True, + capture_stdout: bool = True, + stdin_data: str | None = None) -> tuple[int, str, str]: + + ret = 1 + out_str = "" + out_err = "" + + env_copy = os.environ.copy() + + if env is not None: + env_copy |= env + + if stdin_data is not None: + stdin = subprocess.PIPE + else: + stdin = None + + if True == capture_stdout: + p = subprocess.Popen(cmd_line, + shell=True, + text=True, + env=env_copy, + stdin=stdin, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + cwd=cwd) + + else: + p = subprocess.Popen(cmd_line, + shell=True, + text=True, + stdin=stdin, + env=env_copy, + cwd=cwd) + + try: + + if stdin_data is not None: + pass + + out_str, out_err = p.communicate(input=stdin_data) + + ret = p.returncode + + if True == check and 0 != ret: + raise AssertionError(cmd_line, ret, out_str, out_err) + finally: + p.wait() + + return ret, out_str, out_err + + @staticmethod + def size_fmt(num: float, suffix: str = "B") -> str: + for unit in ("", "Ki", "Mi", "Gi", "Ti", "Pi", "Ei", "Zi"): + if abs(num) < 1024.0: + return f"{num:3.1f} {unit}{suffix}" + num /= 1024.0 + return f"{num:.1f} Yi{suffix}" + + @staticmethod + def time_fmt(seconds: float) -> str: + if seconds < 60: + return f"{seconds} seconds" + elif seconds < 3600: + return f"{seconds / 60:.2f} minutes" + elif seconds < 86400: + return f"{seconds / 3600:.2f} hours" + else: + return f"{seconds / 86400:.2f} days" + + @staticmethod + def file_size_fmt(file_path: str) -> str: + return LcUtil.size_fmt(os.stat(file_path).st_size) + + @staticmethod + def md5_file(file_path: str) -> str: + hasher = hashlib.md5() + + with open(file_path, 'rb') as f: + + while True: + chunk = f.read(8 * 1024) + if b'' == chunk: + break + hasher.update(chunk) + + return hasher.hexdigest() + + @staticmethod + def get_local_lc_arch() -> str: + + arch = platform.machine() + + if "x86_64" == arch or "AMD64" == arch: + return "x64" + if "arm64" == arch: + return "arm64" + if "aarch64" == arch: + return "arm64" + + raise NotImplementedError(f"Missing implementation for {arch}") + + @staticmethod + def get_local_lc_plat() -> str: + + plat = sys.platform + + if "win32" == plat: + return "win" + if "darwin" == plat: + return "osx" + if "linux" == plat: + return "linux" + + raise NotImplementedError(f"Missing implementation for {plat}") + + @staticmethod + def b64_to_file(b64_string: str, file_path: str) -> None: + with open(file_path, "wb+") as f: + f.write(base64.b64decode(b64_string)) + + @staticmethod + def init_logging(log_file_path: str, verbose: bool = False): + + formatter = logging.Formatter( + '%(asctime)-18s - %(levelname)s - %(message)s') + + logger = logging.getLogger() + logger.setLevel(logging.INFO) + + file_handler = logging.FileHandler(log_file_path) + file_handler.setLevel(logging.INFO) + file_handler.setFormatter(formatter) + logger.addHandler(file_handler) + + if verbose: + console_handler = logging.StreamHandler() + console_handler.setLevel(logging.INFO) + console_handler.setFormatter(formatter) + logger.addHandler(console_handler) + + @staticmethod + def clock_pache_path() -> str: + + cur_root = os.path.dirname(sys.argv[0]) + clock_cache: str | None = None + + root_name = os.path.abspath(os.sep) + + # find the root dir first + while cur_root != root_name: + + cur_dir_cache = os.path.join(cur_root, ".clock") + + if True == os.path.isdir(cur_dir_cache): + clock_cache = cur_dir_cache + break + + cur_root = os.path.join(cur_root, os.pardir) + cur_root = os.path.abspath(cur_root) + + if clock_cache is None: + raise FileNotFoundError("couldn't find .clock cache directory") + + return clock_cache + + @staticmethod + def find_in_clock_cache(file_name: str) -> list[str]: + + cwd_file_path = os.path.join(os.getcwd(), file_name) + + if os.path.exists(cwd_file_path): + return [cwd_file_path] + + clock_cache = LcUtil.clock_pache_path() + + files_patt = os.path.join(clock_cache, "**", file_name) + + return glob.glob(files_patt, recursive=True) diff --git a/build_scripts/code_signing/requirements.txt b/build_scripts/code_signing/requirements.txt new file mode 100644 index 0000000..47eee24 --- /dev/null +++ b/build_scripts/code_signing/requirements.txt @@ -0,0 +1,3 @@ +google-cloud-pubsub +google +google-cloud-storage \ No newline at end of file diff --git a/cloudbuild_general.yaml b/cloudbuild_general.yaml index c75e227..853bde0 100644 --- a/cloudbuild_general.yaml +++ b/cloudbuild_general.yaml @@ -1,139 +1,314 @@ steps: -# Adapters - - name: 'golang:1.24-bullseye' - id: run-tests - args: ['go', 'test', './...', '-v'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_linux_64', './containers/general'] - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_windows_64.exe', './containers/general'] - env: - - 'GOOS=windows' - - 'GOARCH=amd64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_macos_64', './containers/general'] - env: - - 'GOOS=darwin' - - 'GOARCH=amd64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_macos_arm64', './containers/general'] - env: - - 'GOOS=darwin' - - 'GOARCH=arm64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_linux_arm', './containers/general'] - env: - - 'GOOS=linux' - - 'GOARCH=arm' - - 'GOARM=5' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_linux_arm64', './containers/general'] - env: - - 'GOOS=linux' - - 'GOARCH=arm64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_solaris_amd64', './containers/general'] - env: - - 'GOOS=solaris' - - 'GOARCH=amd64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_aix_ppc64', './containers/general'] - env: - - 'GOOS=aix' - - 'GOARCH=ppc64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_freebsd_64', './containers/general'] - env: - - 'GOOS=freebsd' - - 'GOARCH=amd64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_netbsd_64', './containers/general'] - env: - - 'GOOS=netbsd' - - 'GOARCH=amd64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_adapter_openbsd_64', './containers/general'] - env: - - 'GOOS=openbsd' - - 'GOARCH=amd64' - waitFor: ['run-tests'] + # Adapters + - name: "golang:1.24-bullseye" + id: run-tests + args: ["go", "test", "./...", "-v"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_linux_64", + "./containers/general", + ] + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_windows_64.exe", + "./containers/general", + ] + env: + - "GOOS=windows" + - "GOARCH=amd64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_macos_64", + "./containers/general", + ] + env: + - "GOOS=darwin" + - "GOARCH=amd64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_macos_arm64", + "./containers/general", + ] + env: + - "GOOS=darwin" + - "GOARCH=arm64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_linux_arm", + "./containers/general", + ] + env: + - "GOOS=linux" + - "GOARCH=arm" + - "GOARM=5" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_linux_arm64", + "./containers/general", + ] + env: + - "GOOS=linux" + - "GOARCH=arm64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_solaris_amd64", + "./containers/general", + ] + env: + - "GOOS=solaris" + - "GOARCH=amd64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_aix_ppc64", + "./containers/general", + ] + env: + - "GOOS=aix" + - "GOARCH=ppc64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_freebsd_64", + "./containers/general", + ] + env: + - "GOOS=freebsd" + - "GOARCH=amd64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_netbsd_64", + "./containers/general", + ] + env: + - "GOOS=netbsd" + - "GOARCH=amd64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_openbsd_64", + "./containers/general", + ] + env: + - "GOOS=openbsd" + - "GOARCH=amd64" + waitFor: ["run-tests"] - -# Connectivity Tester - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_linux_64', './containers/connectivity'] - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_windows_64.exe', './containers/connectivity'] - env: - - 'GOOS=windows' - - 'GOARCH=amd64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_macos_64', './containers/connectivity'] - env: - - 'GOOS=darwin' - - 'GOARCH=amd64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_macos_arm64', './containers/connectivity'] - env: - - 'GOOS=darwin' - - 'GOARCH=arm64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_linux_arm', './containers/connectivity'] - env: - - 'GOOS=linux' - - 'GOARCH=arm' - - 'GOARM=5' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_linux_arm64', './containers/connectivity'] - env: - - 'GOOS=linux' - - 'GOARCH=arm64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_solaris_amd64', './containers/general'] - env: - - 'GOOS=solaris' - - 'GOARCH=amd64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_aix_ppc64', './containers/connectivity'] - env: - - 'GOOS=aix' - - 'GOARCH=ppc64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_freebsd_64', './containers/connectivity'] - env: - - 'GOOS=freebsd' - - 'GOARCH=amd64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_netbsd_64', './containers/connectivity'] - env: - - 'GOOS=netbsd' - - 'GOARCH=amd64' - waitFor: ['run-tests'] - - name: 'golang:1.24-bullseye' - args: ['go', 'build', '-v', '-o', 'lc_connectivity_openbsd_64', './containers/connectivity'] - env: - - 'GOOS=openbsd' - - 'GOARCH=amd64' - waitFor: ['run-tests'] + # Connectivity Tester + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_linux_64", + "./containers/connectivity", + ] + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_windows_64.exe", + "./containers/connectivity", + ] + env: + - "GOOS=windows" + - "GOARCH=amd64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_macos_64", + "./containers/connectivity", + ] + env: + - "GOOS=darwin" + - "GOARCH=amd64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_macos_arm64", + "./containers/connectivity", + ] + env: + - "GOOS=darwin" + - "GOARCH=arm64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_linux_arm", + "./containers/connectivity", + ] + env: + - "GOOS=linux" + - "GOARCH=arm" + - "GOARM=5" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_linux_arm64", + "./containers/connectivity", + ] + env: + - "GOOS=linux" + - "GOARCH=arm64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_solaris_amd64", + "./containers/general", + ] + env: + - "GOOS=solaris" + - "GOARCH=amd64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_aix_ppc64", + "./containers/connectivity", + ] + env: + - "GOOS=aix" + - "GOARCH=ppc64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_freebsd_64", + "./containers/connectivity", + ] + env: + - "GOOS=freebsd" + - "GOARCH=amd64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_netbsd_64", + "./containers/connectivity", + ] + env: + - "GOOS=netbsd" + - "GOARCH=amd64" + waitFor: ["run-tests"] + - name: "golang:1.24-bullseye" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_openbsd_64", + "./containers/connectivity", + ] + env: + - "GOOS=openbsd" + - "GOARCH=amd64" + waitFor: ["run-tests"] options: - machineType: 'N1_HIGHCPU_32' + machineType: "N1_HIGHCPU_32" timeout: 30m diff --git a/cloudbuild_release.yaml b/cloudbuild_release.yaml index 976a681..ef553d7 100644 --- a/cloudbuild_release.yaml +++ b/cloudbuild_release.yaml @@ -1,227 +1,492 @@ steps: -- name: 'gcr.io/cloud-builders/gcloud' - entrypoint: 'bash' - id: get-github-keys - args: ['-c', 'echo $$SSH_KEY > /workspace/id_rsa'] - secretEnv: ['SSH_KEY'] -- name: 'gcr.io/cloud-builders/docker' - id: build-docker-general - entrypoint: 'bash' - args: ['-c', 'docker build -f ./containers/general/Dockerfile -t refractionpoint/lc-adapter:$TAG_NAME -t gcr.io/$PROJECT_ID/github.com/refractionpoint/usp-adapters/lc-adapter:$TAG_NAME -t refractionpoint/lc-adapter:latest .'] - waitFor: ['get-github-keys'] -- name: 'gcr.io/cloud-builders/docker' - id: build-docker-zeek - entrypoint: 'bash' - args: ['-c', 'cd ./containers/zeek/ && docker build -f ./Dockerfile -t refractionpoint/lc-adapter-zeek:$TAG_NAME -t refractionpoint/lc-adapter-zeek:latest .'] - waitFor: ['get-github-keys'] -- name: 'gcr.io/cloud-builders/docker' - id: build-docker-zeek-extract - entrypoint: 'bash' - args: ['-c', 'cd ./containers/zeek_extract/ && docker build -f ./Dockerfile -t refractionpoint/lc-adapter-zeek-extract:$TAG_NAME -t refractionpoint/lc-adapter-zeek-extract:latest .'] - waitFor: ['get-github-keys'] -- name: 'gcr.io/cloud-builders/docker' - id: build-docker-k8s-pods - entrypoint: 'bash' - args: ['-c', 'cd ./containers/k8s_pods/ && docker build -f ./Dockerfile -t refractionpoint/lc-adapter-k8s-pods:$TAG_NAME -t refractionpoint/lc-adapter-k8s-pods:latest .'] - waitFor: ['get-github-keys'] + - name: "gcr.io/cloud-builders/gcloud" + entrypoint: "bash" + id: get-github-keys + args: ["-c", "echo $$SSH_KEY > /workspace/id_rsa"] + secretEnv: ["SSH_KEY"] + - name: "gcr.io/cloud-builders/docker" + id: build-docker-general + entrypoint: "bash" + args: + [ + "-c", + "docker build -f ./containers/general/Dockerfile -t refractionpoint/lc-adapter:$TAG_NAME -t gcr.io/$PROJECT_ID/github.com/refractionpoint/usp-adapters/lc-adapter:$TAG_NAME -t refractionpoint/lc-adapter:latest .", + ] + waitFor: ["get-github-keys"] + - name: "gcr.io/cloud-builders/docker" + id: build-docker-zeek + entrypoint: "bash" + args: + [ + "-c", + "cd ./containers/zeek/ && docker build -f ./Dockerfile -t refractionpoint/lc-adapter-zeek:$TAG_NAME -t refractionpoint/lc-adapter-zeek:latest .", + ] + waitFor: ["get-github-keys"] + - name: "gcr.io/cloud-builders/docker" + id: build-docker-zeek-extract + entrypoint: "bash" + args: + [ + "-c", + "cd ./containers/zeek_extract/ && docker build -f ./Dockerfile -t refractionpoint/lc-adapter-zeek-extract:$TAG_NAME -t refractionpoint/lc-adapter-zeek-extract:latest .", + ] + waitFor: ["get-github-keys"] + - name: "gcr.io/cloud-builders/docker" + id: build-docker-k8s-pods + entrypoint: "bash" + args: + [ + "-c", + "cd ./containers/k8s_pods/ && docker build -f ./Dockerfile -t refractionpoint/lc-adapter-k8s-pods:$TAG_NAME -t refractionpoint/lc-adapter-k8s-pods:latest .", + ] + waitFor: ["get-github-keys"] -# Adapters -- name: 'golang:1.24-bullseye' - id: build-linux64 - args: ['go', 'build', '-v', '-o', 'lc_adapter_linux_64_$TAG_NAME', './containers/general'] - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-win64 - args: ['go', 'build', '-v', '-o', 'lc_adapter_windows_64_$TAG_NAME.exe', './containers/general'] - env: - - 'GOOS=windows' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-macos64 - args: ['go', 'build', '-v', '-o', 'lc_adapter_macos_64_$TAG_NAME', './containers/general'] - env: - - 'GOOS=darwin' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-macosarm64 - args: ['go', 'build', '-v', '-o', 'lc_adapter_macos_arm64_$TAG_NAME', './containers/general'] - env: - - 'GOOS=darwin' - - 'GOARCH=arm64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-linuxarm - args: ['go', 'build', '-v', '-o', 'lc_adapter_linux_arm_$TAG_NAME', './containers/general'] - env: - - 'GOOS=linux' - - 'GOARCH=arm' - - 'GOARM=5' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-linuxarm64 - args: ['go', 'build', '-v', '-o', 'lc_adapter_linux_arm64_$TAG_NAME', './containers/general'] - env: - - 'GOOS=linux' - - 'GOARCH=arm64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-solarisamd64 - args: ['go', 'build', '-v', '-o', 'lc_adapter_solaris_amd64_$TAG_NAME', './containers/general'] - env: - - 'GOOS=solaris' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-aixppc64 - args: ['go', 'build', '-v', '-o', 'lc_adapter_aix_ppc64_$TAG_NAME', './containers/general'] - env: - - 'GOOS=aix' - - 'GOARCH=ppc64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: 'build-freebsdamd64' - args: ['go', 'build', '-v', '-o', 'lc_adapter_freebsd_64_$TAG_NAME', './containers/general'] - env: - - 'GOOS=freebsd' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: 'build-netbsdamd64' - args: ['go', 'build', '-v', '-o', 'lc_adapter_netbsd_64_$TAG_NAME', './containers/general'] - env: - - 'GOOS=netbsd' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: 'build-openbsdamd64' - args: ['go', 'build', '-v', '-o', 'lc_adapter_openbsd_64_$TAG_NAME', './containers/general'] - env: - - 'GOOS=openbsd' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] + # Adapters + - name: "golang:1.24-bullseye" + id: build-linux64 + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_linux_64_$TAG_NAME", + "./containers/general", + ] + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-win64 + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_windows_64_$TAG_NAME.exe", + "./containers/general", + ] + env: + - "GOOS=windows" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-macos64 + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_macos_64_$TAG_NAME", + "./containers/general", + ] + env: + - "GOOS=darwin" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-macosarm64 + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_macos_arm64_$TAG_NAME", + "./containers/general", + ] + env: + - "GOOS=darwin" + - "GOARCH=arm64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-linuxarm + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_linux_arm_$TAG_NAME", + "./containers/general", + ] + env: + - "GOOS=linux" + - "GOARCH=arm" + - "GOARM=5" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-linuxarm64 + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_linux_arm64_$TAG_NAME", + "./containers/general", + ] + env: + - "GOOS=linux" + - "GOARCH=arm64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-solarisamd64 + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_solaris_amd64_$TAG_NAME", + "./containers/general", + ] + env: + - "GOOS=solaris" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-aixppc64 + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_aix_ppc64_$TAG_NAME", + "./containers/general", + ] + env: + - "GOOS=aix" + - "GOARCH=ppc64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: "build-freebsdamd64" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_freebsd_64_$TAG_NAME", + "./containers/general", + ] + env: + - "GOOS=freebsd" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: "build-netbsdamd64" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_netbsd_64_$TAG_NAME", + "./containers/general", + ] + env: + - "GOOS=netbsd" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: "build-openbsdamd64" + args: + [ + "go", + "build", + "-v", + "-o", + "lc_adapter_openbsd_64_$TAG_NAME", + "./containers/general", + ] + env: + - "GOOS=openbsd" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] -# Connectivity Tester -- name: 'golang:1.24-bullseye' - id: build-linux64-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_linux_64_$TAG_NAME', './containers/connectivity'] - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-win64-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_windows_64_$TAG_NAME.exe', './containers/connectivity'] - env: - - 'GOOS=windows' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-macos64-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_macos_64_$TAG_NAME', './containers/connectivity'] - env: - - 'GOOS=darwin' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-macosarm64-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_macos_arm64_$TAG_NAME', './containers/connectivity'] - env: - - 'GOOS=darwin' - - 'GOARCH=arm64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-linuxarm-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_linux_arm_$TAG_NAME', './containers/connectivity'] - env: - - 'GOOS=linux' - - 'GOARCH=arm' - - 'GOARM=5' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-linuxarm64-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_linux_arm64_$TAG_NAME', './containers/connectivity'] - env: - - 'GOOS=linux' - - 'GOARCH=arm64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-solarisamd64-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_solaris_amd64_$TAG_NAME', './containers/connectivity'] - env: - - 'GOOS=solaris' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-aixppc64-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_aix_ppc64_$TAG_NAME', './containers/connectivity'] - env: - - 'GOOS=aix' - - 'GOARCH=ppc64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-freebsdamd64-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_freebsd_64_$TAG_NAME', './containers/connectivity'] - env: - - 'GOOS=freebsd' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-netbsdamd64-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_netbsd_64_$TAG_NAME', './containers/connectivity'] - env: - - 'GOOS=netbsd' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] -- name: 'golang:1.24-bullseye' - id: build-openbsdamd64-connectivity - args: ['go', 'build', '-v', '-o', 'lc_connectivity_openbsd_64_$TAG_NAME', './containers/connectivity'] - env: - - 'GOOS=openbsd' - - 'GOARCH=amd64' - waitFor: ['get-github-keys'] + # Connectivity Tester + - name: "golang:1.24-bullseye" + id: build-linux64-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_linux_64_$TAG_NAME", + "./containers/connectivity", + ] + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-win64-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_windows_64_$TAG_NAME.exe", + "./containers/connectivity", + ] + env: + - "GOOS=windows" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-macos64-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_macos_64_$TAG_NAME", + "./containers/connectivity", + ] + env: + - "GOOS=darwin" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-macosarm64-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_macos_arm64_$TAG_NAME", + "./containers/connectivity", + ] + env: + - "GOOS=darwin" + - "GOARCH=arm64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-linuxarm-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_linux_arm_$TAG_NAME", + "./containers/connectivity", + ] + env: + - "GOOS=linux" + - "GOARCH=arm" + - "GOARM=5" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-linuxarm64-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_linux_arm64_$TAG_NAME", + "./containers/connectivity", + ] + env: + - "GOOS=linux" + - "GOARCH=arm64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-solarisamd64-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_solaris_amd64_$TAG_NAME", + "./containers/connectivity", + ] + env: + - "GOOS=solaris" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-aixppc64-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_aix_ppc64_$TAG_NAME", + "./containers/connectivity", + ] + env: + - "GOOS=aix" + - "GOARCH=ppc64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-freebsdamd64-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_freebsd_64_$TAG_NAME", + "./containers/connectivity", + ] + env: + - "GOOS=freebsd" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-netbsdamd64-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_netbsd_64_$TAG_NAME", + "./containers/connectivity", + ] + env: + - "GOOS=netbsd" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] + - name: "golang:1.24-bullseye" + id: build-openbsdamd64-connectivity + args: + [ + "go", + "build", + "-v", + "-o", + "lc_connectivity_openbsd_64_$TAG_NAME", + "./containers/connectivity", + ] + env: + - "GOOS=openbsd" + - "GOARCH=amd64" + waitFor: ["get-github-keys"] -# Stage binaries -- name: 'gcr.io/cloud-builders/gsutil' - id: copy-binary-adapters - args: ['cp', './lc_adapter_*', 'gs://limacharlie-io/installers/'] - waitFor: ['build-linux64', 'build-win64', 'build-macos64', 'build-macosarm64', 'build-linuxarm', 'build-linuxarm64', 'build-solarisamd64', 'build-aixppc64', 'build-freebsdamd64', 'build-netbsdamd64', 'build-openbsdamd64'] -- name: 'gcr.io/cloud-builders/gsutil' - id: copy-binary-connectivity - args: ['cp', './lc_connectivity_*', 'gs://limacharlie-io/installers/'] - waitFor: ['build-linux64-connectivity', 'build-win64-connectivity', 'build-macos64-connectivity', 'build-macosarm64-connectivity', 'build-linuxarm-connectivity', 'build-linuxarm64-connectivity', 'build-solarisamd64-connectivity', 'build-aixppc64-connectivity', 'build-freebsdamd64-connectivity', 'build-netbsdamd64-connectivity', 'build-openbsdamd64-connectivity'] -- name: 'gcr.io/cloud-builders/docker' - id: copy-docker-adapter-general - entrypoint: 'bash' - args: ['-c', 'docker login --username=$$USERNAME --password=$$PASSWORD && docker push refractionpoint/lc-adapter:$TAG_NAME && docker push refractionpoint/lc-adapter:latest'] - secretEnv: ['USERNAME', 'PASSWORD'] - waitFor: ['build-docker-general'] -- name: 'gcr.io/cloud-builders/docker' - id: copy-docker-adapter-zeek - entrypoint: 'bash' - args: ['-c', 'docker login --username=$$USERNAME --password=$$PASSWORD && docker push refractionpoint/lc-adapter-zeek:$TAG_NAME && docker push refractionpoint/lc-adapter-zeek:latest'] - secretEnv: ['USERNAME', 'PASSWORD'] - waitFor: ['build-docker-zeek'] -- name: 'gcr.io/cloud-builders/docker' - id: copy-docker-adapter-zeek-extract - entrypoint: 'bash' - args: ['-c', 'docker login --username=$$USERNAME --password=$$PASSWORD && docker push refractionpoint/lc-adapter-zeek-extract:$TAG_NAME && docker push refractionpoint/lc-adapter-zeek-extract:latest'] - secretEnv: ['USERNAME', 'PASSWORD'] - waitFor: ['build-docker-zeek-extract'] -- name: 'gcr.io/cloud-builders/docker' - id: copy-docker-adapter-k8s-pods - entrypoint: 'bash' - args: ['-c', 'docker login --username=$$USERNAME --password=$$PASSWORD && docker push refractionpoint/lc-adapter-k8s-pods:$TAG_NAME && docker push refractionpoint/lc-adapter-k8s-pods:latest'] - secretEnv: ['USERNAME', 'PASSWORD'] - waitFor: ['build-docker-k8s-pods'] + # Sign macOS binaries + - name: "python:3.12-slim" + id: sign-macos64 + entrypoint: "bash" + args: + [ + "-c", + "pip install -r ./build_scripts/code_signing/requirements.txt && python ./build_scripts/code_signing/client.py --timeout 120 --base64-key ${_CODE_SIGNING_KEY} -i /workspace/lc_adapter_macos_64_$TAG_NAME -e ./entitlements/general.plist", + ] + waitFor: ["build-macos64"] + - name: "python:3.12-slim" + id: sign-macosarm64 + entrypoint: "bash" + args: + [ + "-c", + "pip install -r ./build_scripts/code_signing/requirements.txt && python ./build_scripts/code_signing/client.py --timeout 120 --base64-key ${_CODE_SIGNING_KEY} -i /workspace/lc_adapter_macos_arm64_$TAG_NAME -e ./entitlements/general.plist", + ] + waitFor: ["build-macosarm64"] + + # Sign Windows binaries + - name: "python:3.12-slim" + id: sign-win64 + entrypoint: "bash" + args: + [ + "-c", + "pip install -r ./build_scripts/code_signing/requirements.txt && python ./build_scripts/code_signing/client.py --timeout 120 --base64-key ${_CODE_SIGNING_KEY} -i /workspace/lc_adapter_windows_64_$TAG_NAME.exe", + ] + waitFor: ["build-win64"] + + # Stage binaries + - name: "gcr.io/cloud-builders/gsutil" + id: copy-binary-adapters + args: ["cp", "./lc_adapter_*", "gs://limacharlie-io/installers/"] + waitFor: + [ + "build-linux64", + "sign-win64", + "sign-macos64", + "sign-macosarm64", + "build-linuxarm", + "build-linuxarm64", + "build-solarisamd64", + "build-aixppc64", + "build-freebsdamd64", + "build-netbsdamd64", + "build-openbsdamd64", + ] + - name: "gcr.io/cloud-builders/gsutil" + id: copy-binary-connectivity + args: ["cp", "./lc_connectivity_*", "gs://limacharlie-io/installers/"] + waitFor: + [ + "build-linux64-connectivity", + "build-win64-connectivity", + "build-macos64-connectivity", + "build-macosarm64-connectivity", + "build-linuxarm-connectivity", + "build-linuxarm64-connectivity", + "build-solarisamd64-connectivity", + "build-aixppc64-connectivity", + "build-freebsdamd64-connectivity", + "build-netbsdamd64-connectivity", + "build-openbsdamd64-connectivity", + ] + - name: "gcr.io/cloud-builders/docker" + id: copy-docker-adapter-general + entrypoint: "bash" + args: + [ + "-c", + "docker login --username=$$USERNAME --password=$$PASSWORD && docker push refractionpoint/lc-adapter:$TAG_NAME && docker push refractionpoint/lc-adapter:latest", + ] + secretEnv: ["USERNAME", "PASSWORD"] + waitFor: ["build-docker-general"] + - name: "gcr.io/cloud-builders/docker" + id: copy-docker-adapter-zeek + entrypoint: "bash" + args: + [ + "-c", + "docker login --username=$$USERNAME --password=$$PASSWORD && docker push refractionpoint/lc-adapter-zeek:$TAG_NAME && docker push refractionpoint/lc-adapter-zeek:latest", + ] + secretEnv: ["USERNAME", "PASSWORD"] + waitFor: ["build-docker-zeek"] + - name: "gcr.io/cloud-builders/docker" + id: copy-docker-adapter-zeek-extract + entrypoint: "bash" + args: + [ + "-c", + "docker login --username=$$USERNAME --password=$$PASSWORD && docker push refractionpoint/lc-adapter-zeek-extract:$TAG_NAME && docker push refractionpoint/lc-adapter-zeek-extract:latest", + ] + secretEnv: ["USERNAME", "PASSWORD"] + waitFor: ["build-docker-zeek-extract"] + - name: "gcr.io/cloud-builders/docker" + id: copy-docker-adapter-k8s-pods + entrypoint: "bash" + args: + [ + "-c", + "docker login --username=$$USERNAME --password=$$PASSWORD && docker push refractionpoint/lc-adapter-k8s-pods:$TAG_NAME && docker push refractionpoint/lc-adapter-k8s-pods:latest", + ] + secretEnv: ["USERNAME", "PASSWORD"] + waitFor: ["build-docker-k8s-pods"] images: - - gcr.io/$PROJECT_ID/github.com/refractionpoint/usp-adapters/lc-adapter:$TAG_NAME + - gcr.io/$PROJECT_ID/github.com/refractionpoint/usp-adapters/lc-adapter:$TAG_NAME availableSecrets: - secretManager: - - versionName: projects/${PROJECT_ID}/secrets/DOCKERHUB/versions/latest - env: 'PASSWORD' - - versionName: projects/${PROJECT_ID}/secrets/DOCKERHUB_USERNAME/versions/latest - env: 'USERNAME' - - versionName: projects/${PROJECT_ID}/secrets/GITHUB-DEPS-ACCESS/versions/latest - env: 'SSH_KEY' + secretManager: + - versionName: projects/${PROJECT_ID}/secrets/DOCKERHUB/versions/latest + env: "PASSWORD" + - versionName: projects/${PROJECT_ID}/secrets/DOCKERHUB_USERNAME/versions/latest + env: "USERNAME" + - versionName: projects/${PROJECT_ID}/secrets/GITHUB-DEPS-ACCESS/versions/latest + env: "SSH_KEY" options: - machineType: 'N1_HIGHCPU_32' -timeout: 30m \ No newline at end of file + machineType: "N1_HIGHCPU_32" +timeout: 45m