forked from spiffe/spire
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* New Makefile - toolchain is automatically installed/updated (no setup step) - explicit protobuf generation - explicit plugin/service/hostservice stub generation - explicit mock generation - deprecates build.sh - cleans up and simplifies developer Docker image management - moves travis specific steps into .travis/ scripts
- Loading branch information
Showing
87 changed files
with
1,722 additions
and
886 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
# Ignore build tools and cache | ||
.build-* | ||
.build* | ||
.cache | ||
bin/ | ||
releases/ | ||
artifacts/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,6 +5,7 @@ | |
.tmp | ||
*.swp | ||
*.log | ||
/bin | ||
/vendor | ||
/test_results | ||
/artifacts | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
run: | ||
# timeout for analysis, e.g. 30s, 5m, default is 1m | ||
deadline: 5m | ||
deadline: 10m | ||
|
||
skip-dirs: | ||
- testdata$ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/bash | ||
|
||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
|
||
TAG="$(git describe --abbrev=0 2>/dev/null || true)" | ||
ALWAYS="$(git describe --always || true)" | ||
if [ "$TAG" == "$ALWAYS" ]; then | ||
make -C "${DIR}/.." TAG="${TAG}" OUTDIR=./releases artifact | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/bin/bash | ||
|
||
set -e | ||
|
||
REPODIR=$(git rev-parse --show-toplevel) | ||
|
||
COVERPROFILE= | ||
if [ -n "${COVERALLS_TOKEN}" ]; then | ||
COVERPROFILE=profile.cov | ||
go get github.com/mattn/[email protected] | ||
fi | ||
|
||
make -C "${REPODIR}" COVERPROFILE="${COVERPROFILE}" test | ||
|
||
if [ -n "${COVERALLS_TOKEN}" ]; then | ||
"$(go env GOPATH)"/bin/goveralls -service=travis-ci | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,57 +25,39 @@ Since go modules are used, this repository can live in any folder on your local | |
|
||
A Makefile is provided for common actions. | ||
|
||
* `make all` - installs 3rd-party dependencies, build all binaries, and run all tests | ||
* `make` - builds all binaries | ||
* `make cmd/spire-agent` - builds one binary | ||
* `make test` - runs all tests | ||
* `make all` - builds all binaries, lints code, and runs all unit tests | ||
* `make bin/spire-server` - builds SPIRE server | ||
* `make bin/spire-agent` - builds SPIRE agent | ||
* `make images` - builds SPIRE docker images | ||
* `make test` - runs unit tests | ||
|
||
**Other Makefile targets** | ||
See `make help` for other targets | ||
|
||
* `vendor` - Make vendored copy of dependencies using go mod | ||
* `race-test` - run `go test -race` | ||
* `clean` - cleans `vendor` directory | ||
* `distclean` - removes caches in addition to `make clean` | ||
* `utils` - installs gRPC related development utilities | ||
* `protobuf` - regenerates the gRPC pb.go and README_pb.md files | ||
* `protobuf_verify` - checks that the checked-in generated code is up-to-date | ||
* `help` - shows makefile targets and description | ||
The Makefile takes care of installing the required toolchain as needed. The | ||
toolchain and other build related files are cached under the `.build` folder | ||
(ignored by git). | ||
|
||
## Development in Docker | ||
|
||
You can either build Spire on your host or in a Ubuntu docker container. In both cases you will use | ||
the same Makefile commands. | ||
You can either build SPIRE on your host or in a Ubuntu docker container. In | ||
both cases you will use the same Makefile commands. | ||
|
||
To run in a docker container set the environment variable `SPIRE_DEV_HOST` to `docker` like so: | ||
To build SPIRE within a container, first build the development image: | ||
|
||
``` | ||
$ export SPIRE_DEV_HOST=docker | ||
$ make dev-image | ||
``` | ||
|
||
To set up the build container and run bash within it: | ||
Then launch a shell inside of development container: | ||
|
||
``` | ||
$ make container | ||
$ make cmd | ||
$ make dev-shell | ||
``` | ||
|
||
Because the docker container shares `$GOPATH/pkg/mod` you will not have to re-install the go dependencies every time you run the container. | ||
|
||
## CI | ||
|
||
The script `build.sh` manages the CI build process, implementing several unique steps and sanity | ||
checks. It is also used to bootstrap the Go environment in the Docker container. | ||
|
||
* `setup` - download and install necessary build tools into the directory `.build-<os>-<arch>` | ||
* `protobuf` - calls `make protobuf` and regenerates the gRPC pb.go and README_pb.md files | ||
* `protobuf_verify` - calls `make protobuf_verify` and checks that the checked-in generated code is up-to-date | ||
* `distclean` - calls `make distclean` and removes the directory `.build-<os>-<arch>` | ||
* `artifact` - generate a `.tgz` containing all of the SPIFFE binaries | ||
* `test` - when called from within a Travis-CI build, runs coverage tests in addition to the | ||
regular tests | ||
* `utils` - calls `make utils` and installs additional packages for the CI build | ||
* `eval $(build.sh env)` - configure GOPATH, GOROOT and PATH to use the private build tool directory | ||
|
||
Because the docker container shares the `.build` cache and `$GOPATH/pkg/mod` | ||
you will not have to re-install the toolchain or go dependencies every time you | ||
run the container. | ||
|
||
# Conventions | ||
|
||
|
@@ -200,4 +182,4 @@ before sending a pull request. From the project root: | |
ln -s .githooks/pre-commit .git/hooks/pre-commit | ||
``` | ||
# Reporting security vulnerabilities | ||
If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at [email protected]. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively. | ||
If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at [email protected]. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,44 @@ | ||
FROM ubuntu:xenial | ||
# Build stage | ||
ARG goversion | ||
FROM golang:${goversion}-alpine as builder | ||
RUN apk add build-base git mercurial | ||
ADD go.mod /spire/go.mod | ||
ADD proto/spire/go.mod /spire/proto/spire/go.mod | ||
RUN cd /spire && go mod download | ||
ADD . /spire | ||
WORKDIR /spire | ||
RUN make build | ||
|
||
RUN apt-get update && apt-get -y install \ | ||
curl unzip git build-essential ca-certificates | ||
# Common base | ||
FROM alpine AS spire-base | ||
RUN apk --no-cache add dumb-init | ||
RUN apk --no-cache add ca-certificates | ||
RUN mkdir -p /opt/spire/bin | ||
|
||
COPY build.sh /root/ | ||
ENV BUILD_DIR=/root/build | ||
RUN /root/build.sh setup | ||
# SPIRE Server | ||
FROM spire-base AS spire-server | ||
COPY --from=builder /spire/bin/spire-server /opt/spire/bin/spire-server | ||
WORKDIR /opt/spire | ||
ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/spire-server", "run"] | ||
CMD [] | ||
|
||
ENV GOPATH=/root/go | ||
ENV GOROOT=/root/build | ||
ENV GOBIN=$GOPATH/bin/linux_amd64 | ||
ENV PATH=$GOROOT/bin:$GOBIN:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | ||
RUN mkdir /root/go | ||
WORKDIR /root/spire | ||
# SPIRE Agent | ||
FROM spire-base AS spire-agent | ||
COPY --from=builder /spire/bin/spire-agent /opt/spire/bin/spire-agent | ||
WORKDIR /opt/spire | ||
ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/spire-agent", "run"] | ||
CMD [] | ||
|
||
# K8S Workload Registrar | ||
FROM spire-base AS k8s-workload-registrar | ||
COPY --from=builder /spire/bin/k8s-workload-registrar /opt/spire/bin/k8s-workload-registrar | ||
WORKDIR /opt/spire | ||
ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/k8s-workload-registrar"] | ||
CMD [] | ||
|
||
# OIDC Discovery Provider | ||
FROM spire-base AS oidc-discovery-provider | ||
COPY --from=builder /spire/bin/oidc-discovery-provider /opt/spire/bin/oidc-discovery-provider | ||
WORKDIR /opt/spire | ||
ENTRYPOINT ["/usr/bin/dumb-init", "/opt/spire/bin/oidc-discovery-provider"] | ||
CMD [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
FROM ubuntu:xenial | ||
|
||
RUN apt-get update && apt-get -y install \ | ||
curl unzip git build-essential ca-certificates | ||
|
||
WORKDIR /spire |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.