Skip to content

Commit

Permalink
Merge pull request #88 from kfox1111/pages6
Browse files Browse the repository at this point in the history 
Sign rpms and prepare container for state tracking
  • Loading branch information
@kfox1111
kfox1111 authored Feb 2, 2025
2 parents b7bb2e7 + 8e98aa9 commit c63f3d2
Show file tree
Hide file tree
Showing 5 changed files with 105 additions and 6 deletions.
22 changes: 19 additions & 3 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,15 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
- run: |
set -xe
- name: build
env:
RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }}
run: |
set -e
echo "building: {{github.ref_name}}-$(uname -i)"
docker build -t t examples/rpms
printf "%s" "$RPM_GPG_KEY" > /tmp/rpm.priv
docker build --secret "id=gpg,src=/tmp/rpm.priv" -t t examples/rpms
rm -f /tmp/rpm.priv
docker run -i --rm -v /tmp:/tmp t /bin/bash -c 'cp -a /usr/share/nginx/html/packages /tmp'
- name: Archive artifacts
uses: actions/upload-artifact@v4
Expand Down Expand Up @@ -48,6 +53,17 @@ jobs:
with:
name: packages-arm
path: /tmp/packages
- name: Log in to the Container registry
uses: docker/login-action@v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: build-state-image
run: |
set -e
docker build -f examples/rpms/Dockerfile.repos -t ghcr.io/spiffe/spire-examples/pages:latest /tmp/packages
docker push ghcr.io/spiffe/spire-examples/pages:latest
- name: Release Files
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
15 changes: 12 additions & 3 deletions examples/rpms/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@ ARG STEPVER
WORKDIR /tmp

COPY *.spec /tmp
ADD rpm.pub /tmp/rpm.pub
ADD rpmmacros /root/.rpmmacros

RUN \
dnf install -y rpmdevtools rpm-build git make && \
RUN --mount=type=secret,id=gpg \
dnf install -y which rpmdevtools rpm-build rpm-sign git make && \
spectool -g -R spire.spec && \
rpmbuild -ba spire.spec && \
spectool -g -R spiffe-helper.spec && \
Expand All @@ -24,7 +26,14 @@ RUN \
spectool -g -R spire-server-nodeattestor-tpmdirect.spec && \
rpmbuild -ba spire-server-nodeattestor-tpmdirect.spec && \
spectool -g -R spire-agent-nodeattestor-tpmdirect.spec && \
rpmbuild -ba spire-agent-nodeattestor-tpmdirect.spec
rpmbuild -ba spire-agent-nodeattestor-tpmdirect.spec && \
if [ -f /run/secrets/gpg ]; then \
gpg --import /run/secrets/gpg && \
gpg --import rpm.pub && \
rpm --addsign /root/rpmbuild/RPMS/*/*.rpm \
else \
true; \
fi

RUN \
dnf localinstall -y https://github.com/smallstep/cli/releases/download/v${STEPVER}/step-cli-${STEPVER}-1.$(uname -i).rpm && \
Expand Down
20 changes: 20 additions & 0 deletions examples/rpms/Dockerfile.repos
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
FROM docker.io/library/almalinux:9 AS rpm-builder

WORKDIR /tmp

COPY packages/RPMS /tmp/packages/RPMS
COPY packages/DEBS /tmp/packages/DEBS

RUN \
dnf install -y createrepo_c && \
mkdir -p /tmp/packages/RPMS/x86_64/el9 && \
mkdir -p /tmp/packages/RPMS/aarch64/el9 && \
cd /tmp/packages/RPMS/x86_64 && \
createrepo -u https://spiffe.github.io/spire-examples/RPMS/x86_64 -o el9/ . && \
cd /tmp/packages/RPMS/aarch64 && \
createrepo -u https://spiffe.github.io/spire-examples/RPMS/aarch64 -o el9/ .

FROM docker.io/library/nginx:latest
RUN rm -rf /usr/share/nginx/html/*
COPY --from=rpm-builder /tmp/packages/RPMS /usr/share/nginx/html/RPMS
#COPY --from=rpm-builder /tmp/packages/DEBS /usr/share/nginx/html/DEBS
51 changes: 51 additions & 0 deletions examples/rpms/rpm.pub
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGefjVIBEACpBWcQ51kffvULrryaeZNNnOEBzQdEEwoV85YVzTaugzbIYZlh
csF8IpBbEKAclVBbnT27HVdop+OtRJ2qMIxnCc+onWNZwnXDacKzzKOzj4cfZVhM
LecdmPI6vJWJIyF/nnkh5/x+7e7RWAG/+4dxfMKOGQN6ReUFWDpQQxf3XqRYdlV/
/KE25gFqBmn9aoG2C3KjlT6m2cKWySMEGFRkSBDXiY5OaQ99+AJJ0Qhe4t4lcm2Q
e5ow7Y7UbmSHf2Kj9DF8heJQNJWqC8SbdWmBzyxQ9cbTnC3xN7vo1PQgfXZ9xEkI
BZhF4YCen2vbpKuUPRbVXEnOPlehwAAeHLeqm0Au4GIF367rULi6/WR1L1ohFAc/
/55byXoSJX3tvLK3QE546yC1VzGubt0Mb2lHeYlEuuNF+QKxIjSkHg5qoyk40JvB
greij5TBcXSGAYNzTwfm5CgxZmmtcoSSGUR/Gcg7wDSc/FDa2hJ4Aczh5Yn6b2h4
A4dgR7u3tu1z0CVJsPbV70nrjbLK4F/PMiPouyG4STowiCOfz2G+pjsZpqIGENPp
9xkUUt+T4bu4s+0TulLmcZ/evMsYrGVvqBRAf+joJZM9h6/RSOq9y2QHZCTBC0Kd
njxISJ3T/AEA7lWKHt1xE8rdhSKoJeBBUTRLRCVCGivY8YdToT0/sbJvGwARAQAB
tBdTUElSRS1FWEFNUExFUyBQYWNrYWdlc4kCUgQTAQgAPBYhBOCDvv82eL8HHATG
AdNMNfirI2ZFBQJnn41SAhsDBQsJCAcCAyICAQYVCgkICwIEFgIDAQIeBwIXgAAK
CRDTTDX4qyNmRUh6D/43aSnn5beKm26L/rHxMV+rwGu4i7lwSY6jNXvaZueuGpBt
IUiZbD4JFLHO2mCNvq3gbCVlOCT19qBFotQeJBbIXpK0ChMhupXrQQKOSj1qMbIb
lX5c7LPRb08SmMKXsC2pgy8FvdtZb3VVn94UgU4mP13EWcMAztOXAXd9C+QjhsI4
rvv+m1CKnL16/wFpy+gdIJK6K4r7O5UVyM+rOhQArswbfLdOGMxspsR7OLzqghJ4
9IHWHAB+nNsXDgc2yb4OQi80zMf4n5iSuyu4hUTOBwScWamiFyOfvbVKFDwmNUCd
QlO0wwsh7xflXSpi9nHNrCfKWkt7xyKt49gkz905NNaKZBeBtwR6FZ8rN4dDSSbU
ybxamRLLD61WuEGGvCFwkUEUtCAPRYKLDaHnJGK7FNHwhfvyL4D4puWOkIeZYmqS
UbuScNvnRGuYm/ursT6Wh2SkvN/j8oYjf8IP2VUkglbPMeW+gfa1pNrwtg3Ig4Yp
Y+0JwCW5b4ZubupdReTG0uixWWxsTyasnutC0vIY99nto/A+RY2evlbwdwATMDce
sdNVPh3IWOsGO1pd83xJyU8aIU+BiVJZ4lgCHIBO1mKmAyjjmWG6XhhqErkcR2A/
gTwtQe0NuVeA8TYWigQ3gfHXfvVPL/7I45InDuUSHa+Dqa1sldjkEQSEMNMhSbkC
DQRnn41SARAA1uHjcC8y+45h8HV6OHugHbRYKkVUXfROBUpCyQ6JQw0cj7sSdRXY
XGW6Gk485v/PCKm2KdGleNCZAi/nrFnUcqO8enu3jU5fb0A/4PbmfTco08LuP6iw
6dxoSKmALj15sVLw+4rPz3QmdS9op/WimDQ84UTJwCZMUV9knCudhAM4tuVrDfxn
f8OjstOqkjGCY2jaey2hVKu7lUCBQ1r03kLqvPd99my4B+StcnTFmZTR3bNFUsGz
dbHJzStj+fa1omu2Lqh8DCfvAyvHnM43v0s0+FMph9hhgK189bMwUX96QfH3/hr1
07/G8s5PSxaoIQxMNwlIMwFVS683earb0l5DLbWbUFK9/HKrssurwITCbWAPh5z2
wju0VewGXYgAX6+qr4xLUCB/R058Z9px5p4V/+yBWmQzhFgCaORnU1B3R+tapUcD
LhC8khM7sHRL40pToOqPCjPg8YiD16sppeZts2ndLbAatSLtFtgHzYH9+C4GWatM
SYpzmvqNBPYTfq8tVjTWi/R74GgfFHAAguSQyFnG/JhAeVyMWUb0QiYo/ihjjjGZ
u5DxTkd3MgYuy8XRJ4RY1Mw4U4A2z1zTvn3MS/97d0VheJXdDRBts9RpZa7EGmsA
KezlkJ001qCZRn46E4V8u4O6PehgcemClvYpCJjWBt95avAgcheZV8EAEQEAAYkC
NgQYAQgAIBYhBOCDvv82eL8HHATGAdNMNfirI2ZFBQJnn41SAhsMAAoJENNMNfir
I2ZFVFgP/1wc9HbFGfDY9xXIWlZ+Xp02llgJuv3EEvXRV+bsr7baylGzpnzyT+/x
/WAxW+RFp6NiSqxg3QX7NKSDuxYwMcwJO0Gek9k5JmUW2m4f0JGjZUuX+EBG8nlr
YT+ZpObb/pqidbNS0rFR7Nltfs0wM+/a583T/1Iy+7C2DNgP64lProI6ugEVVEhy
SpqTLrm1mGq3cC6Nrd0pO572QiR7IVmaW0LwzWSscHL2c+wyE1ebutxX3uiopy7U
swqww40YphYprZXDYF94mnVUrRBVTeytQ7RvS1MFZkkhYP5I3IKMt1nCaDL6IPAu
alh+CUpQYCjjVPJGBIT+fnLvyiJpHk4xKwVBpN4l4i+rzzWfavEitEQTQPao8h11
ftwgfkqAwhfVqgQLJXeZcST6OoMI8N8TTX1NPepbQPrmiLv1Trs44KtwpW9X4amu
neYNfZjfU7Q0WM64yXKKvZAC2hQOXgkyufe6iQ/rNHsXMwq98f/Q7XElCt1OYS4x
TxwtxbI6AoQm/JxhsI99hA+s/YCWTvwMplqNGDEF9t7DGPv+27qnN4L79miST3lv
kwXmlnDER7rjJRv7bP5x+80/ZGybyzfMCOluE0SAXQbYoXTYISr430YVI2yQ1/47
1402Cky2VgHj+fmI1lHqsz/xLESk5gUG4AKTr0HBPd6AOQ7dGW0u
=mnaT
-----END PGP PUBLIC KEY BLOCK-----
3 changes: 3 additions & 0 deletions examples/rpms/rpmmacros
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
%_signature gpg
%_gpg_name SPIRE-EXAMPLES Packages
%_gpgbin /usr/bin/gpg

0 comments on commit c63f3d2

Please sign in to comment.