-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
27 changed files
with
6,478 additions
and
0 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# Each line is a file pattern followed by one or more owners. | ||
# Owners will be automatically notified about new PRs and | ||
# an owner's approval is required to merge to protected branches. | ||
* @haraldh @thomasknauth |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
name: Container | ||
on: | ||
push: | ||
branches: [ "main" ] | ||
pull_request: | ||
branches: [ "main" ] | ||
|
||
permissions: | ||
packages: write | ||
contents: read | ||
|
||
jobs: | ||
push_to_registry: | ||
name: Build and push containers image to GitHub Packages | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out the repo | ||
uses: actions/checkout@v4 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Log in to Docker Hub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USER }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.repository_owner }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Set up env | ||
run: echo "repository_owner=${GITHUB_REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | ||
- name: Build and Push Container | ||
uses: docker/build-push-action@v5 | ||
with: | ||
tags: | | ||
ghcr.io/${{env.repository_owner}}/${{ github.event.repository.name }}:latest | ||
matterlabsrobot/${{ github.event.repository.name }}:latest | ||
push: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# This workflow will build a golang project | ||
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go | ||
|
||
name: Go | ||
|
||
on: | ||
push: | ||
branches: [ "main" ] | ||
pull_request: | ||
branches: [ "main" ] | ||
|
||
jobs: | ||
|
||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Prep | ||
run: | | ||
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add - | ||
sudo bash -c 'echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" > /etc/apt/sources.list.d/intel-sgx.list' | ||
sudo apt -o Acquire::Retries=3 update | ||
sudo apt -o Acquire::Retries=3 install -y --no-install-recommends \ | ||
libsgx-headers \ | ||
libsgx-enclave-common \ | ||
libsgx-urts \ | ||
libsgx-dcap-quote-verify \ | ||
libsgx-dcap-quote-verify-dev | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: 1.19 | ||
|
||
- name: Build | ||
run: go build -v ./... | ||
|
||
- name: Test | ||
run: go test -v ./... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
name: nix | ||
|
||
on: | ||
pull_request: | ||
branches: [ "main" ] | ||
paths: | ||
- '**.nix' | ||
- 'go.mod' | ||
- 'go.sum' | ||
- 'flake.lock' | ||
push: | ||
branches: [ "main" ] | ||
paths: | ||
- '**.nix' | ||
- 'go.mod' | ||
- 'go.sum' | ||
- 'flake.lock' | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
check: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v23 | ||
with: | ||
extra_nix_config: | | ||
access-tokens = github.com=${{ github.token }} | ||
- run: nix flake check -L --show-trace --keep-going | ||
|
||
fmt: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v23 | ||
with: | ||
extra_nix_config: | | ||
access-tokens = github.com=${{ github.token }} | ||
- run: nix fmt | ||
|
||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v23 | ||
with: | ||
extra_nix_config: | | ||
access-tokens = github.com=${{ github.token }} | ||
- uses: cachix/cachix-action@v12 | ||
continue-on-error: true | ||
with: | ||
name: haraldh | ||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | ||
- run: nix build -L . | ||
|
||
develop: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v23 | ||
with: | ||
extra_nix_config: | | ||
access-tokens = github.com=${{ github.token }} | ||
- uses: cachix/cachix-action@v12 | ||
continue-on-error: true | ||
with: | ||
name: haraldh | ||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | ||
- run: nix develop -L -c go test ./... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# If you prefer the allow list template instead of the deny list, see community template: | ||
# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore | ||
# | ||
# Binaries for programs and plugins | ||
*.exe | ||
*.exe~ | ||
*.dll | ||
*.so | ||
*.dylib | ||
|
||
# Test binary, built with `go test -c` | ||
*.test | ||
|
||
# Output of the go coverage tool, specifically when used with LiteIDE | ||
*.out | ||
|
||
# Dependency directories (remove the comment below to include it) | ||
# vendor/ | ||
|
||
# Go workspace file | ||
go.work | ||
|
||
# IDE | ||
/.idea |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
FROM docker.io/ubuntu:20.04 AS pluginbuilder | ||
|
||
ARG VERSION=1.20.4 | ||
ARG CGO_ENABLED=1 | ||
ARG BUILD_TAGS="default" | ||
ENV JOBS=2 | ||
RUN set -eux; \ | ||
DEBIAN_FRONTEND=noninteractive apt-get update -y; \ | ||
DEBIAN_FRONTEND=noninteractive apt-get install -y -q curl; \ | ||
: | ||
|
||
RUN set -eux; \ | ||
curl -fsSLo /usr/share/keyrings/intel.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key; \ | ||
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" > /etc/apt/sources.list.d/intel-sgx.list; \ | ||
DEBIAN_FRONTEND=noninteractive apt-get update; \ | ||
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ | ||
build-essential \ | ||
cmake \ | ||
rsync \ | ||
pkg-config \ | ||
libssl-dev \ | ||
libcurl4-openssl-dev \ | ||
libprotobuf-dev \ | ||
protobuf-compiler \ | ||
clang \ | ||
libsgx-headers \ | ||
libsgx-dcap-quote-verify-dev \ | ||
; \ | ||
: | ||
|
||
RUN mkdir /goroot && mkdir /go | ||
RUN curl https://storage.googleapis.com/golang/go${VERSION}.linux-amd64.tar.gz \ | ||
| tar xvzf - -C /goroot --strip-components=1 | ||
ENV GOPATH /go | ||
ENV GOROOT /goroot | ||
ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH | ||
|
||
WORKDIR / | ||
|
||
RUN --mount=type=cache,target=/root/.cache --mount=type=cache,target=/go --mount=type=bind,target=/data \ | ||
set -eux; \ | ||
mkdir -p /go/src/github.com/matter-labs/vault-auth-tee; \ | ||
cd /go/src/github.com/matter-labs/vault-auth-tee; \ | ||
rsync -a --delete-after /data/ ./ ; \ | ||
CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -o vault-auth-tee; \ | ||
mkdir -p /opt/vault/plugins; \ | ||
cp vault-auth-tee /opt/vault/plugins/vault-auth-tee; \ | ||
: | ||
|
||
FROM scratch | ||
WORKDIR /opt/vault/plugins | ||
|
||
COPY --from=pluginbuilder /opt/vault/plugins/vault-auth-tee /opt/vault/plugins/vault-auth-tee |
Oops, something went wrong.