Skip to content

Commit

Permalink
feat: initial commit
Browse files Browse the repository at this point in the history
Signed-off-by: Harald Hoyer <[email protected]>
  • Loading branch information
haraldh committed Oct 25, 2023
0 parents commit 3378dd2
Show file tree
Hide file tree
Showing 27 changed files with 6,478 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Each line is a file pattern followed by one or more owners.
# Owners will be automatically notified about new PRs and
# an owner's approval is required to merge to protected branches.
* @haraldh @thomasknauth
41 changes: 41 additions & 0 deletions .github/workflows/container.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: Container
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]

permissions:
packages: write
contents: read

jobs:
push_to_registry:
name: Build and push containers image to GitHub Packages
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up env
run: echo "repository_owner=${GITHUB_REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
- name: Build and Push Container
uses: docker/build-push-action@v5
with:
tags: |
ghcr.io/${{env.repository_owner}}/${{ github.event.repository.name }}:latest
matterlabsrobot/${{ github.event.repository.name }}:latest
push: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}

40 changes: 40 additions & 0 deletions .github/workflows/go.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# This workflow will build a golang project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go

name: Go

on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]

jobs:

build:
runs-on: ubuntu-latest
steps:
- name: Prep
run: |
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo bash -c 'echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" > /etc/apt/sources.list.d/intel-sgx.list'
sudo apt -o Acquire::Retries=3 update
sudo apt -o Acquire::Retries=3 install -y --no-install-recommends \
libsgx-headers \
libsgx-enclave-common \
libsgx-urts \
libsgx-dcap-quote-verify \
libsgx-dcap-quote-verify-dev
- uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.19

- name: Build
run: go build -v ./...

- name: Test
run: go test -v ./...
72 changes: 72 additions & 0 deletions .github/workflows/nix.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
name: nix

on:
pull_request:
branches: [ "main" ]
paths:
- '**.nix'
- 'go.mod'
- 'go.sum'
- 'flake.lock'
push:
branches: [ "main" ]
paths:
- '**.nix'
- 'go.mod'
- 'go.sum'
- 'flake.lock'

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v23
with:
extra_nix_config: |
access-tokens = github.com=${{ github.token }}
- run: nix flake check -L --show-trace --keep-going

fmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v23
with:
extra_nix_config: |
access-tokens = github.com=${{ github.token }}
- run: nix fmt

build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v23
with:
extra_nix_config: |
access-tokens = github.com=${{ github.token }}
- uses: cachix/cachix-action@v12
continue-on-error: true
with:
name: haraldh
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix build -L .

develop:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v23
with:
extra_nix_config: |
access-tokens = github.com=${{ github.token }}
- uses: cachix/cachix-action@v12
continue-on-error: true
with:
name: haraldh
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix develop -L -c go test ./...
24 changes: 24 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# If you prefer the allow list template instead of the deny list, see community template:
# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
#
# Binaries for programs and plugins
*.exe
*.exe~
*.dll
*.so
*.dylib

# Test binary, built with `go test -c`
*.test

# Output of the go coverage tool, specifically when used with LiteIDE
*.out

# Dependency directories (remove the comment below to include it)
# vendor/

# Go workspace file
go.work

# IDE
/.idea
53 changes: 53 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
FROM docker.io/ubuntu:20.04 AS pluginbuilder

ARG VERSION=1.20.4
ARG CGO_ENABLED=1
ARG BUILD_TAGS="default"
ENV JOBS=2
RUN set -eux; \
DEBIAN_FRONTEND=noninteractive apt-get update -y; \
DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl; \
:

RUN set -eux; \
curl -fsSLo /usr/share/keyrings/intel.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key; \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" > /etc/apt/sources.list.d/intel-sgx.list; \
DEBIAN_FRONTEND=noninteractive apt-get update; \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
build-essential \
cmake \
rsync \
pkg-config \
libssl-dev \
libcurl4-openssl-dev \
libprotobuf-dev \
protobuf-compiler \
clang \
libsgx-headers \
libsgx-dcap-quote-verify-dev \
; \
:

RUN mkdir /goroot && mkdir /go
RUN curl https://storage.googleapis.com/golang/go${VERSION}.linux-amd64.tar.gz \
| tar xvzf - -C /goroot --strip-components=1
ENV GOPATH /go
ENV GOROOT /goroot
ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH

WORKDIR /

RUN --mount=type=cache,target=/root/.cache --mount=type=cache,target=/go --mount=type=bind,target=/data \
set -eux; \
mkdir -p /go/src/github.com/matter-labs/vault-auth-tee; \
cd /go/src/github.com/matter-labs/vault-auth-tee; \
rsync -a --delete-after /data/ ./ ; \
CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -o vault-auth-tee; \
mkdir -p /opt/vault/plugins; \
cp vault-auth-tee /opt/vault/plugins/vault-auth-tee; \
:

FROM scratch
WORKDIR /opt/vault/plugins

COPY --from=pluginbuilder /opt/vault/plugins/vault-auth-tee /opt/vault/plugins/vault-auth-tee
Loading

0 comments on commit 3378dd2

Please sign in to comment.