diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index eab73733..24765aff 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -24,6 +24,7 @@ jobs: ROS: 1 ROS_DISTRO: ${{ matrix.ros2_distro }} PACKAGE_NAME: mesh_com + ARTIFACTORY_CLOUD_TOKEN: ${{ secrets.ARTIFACTORY_CLOUD_TOKEN }} run: | set -eux mkdir bin @@ -31,13 +32,14 @@ jobs: ./build.sh ../bin/ popd - - uses: jfrog/setup-jfrog-cli@v2 + - uses: jfrog/setup-jfrog-cli@v4 env: - JF_ARTIFACTORY_1: ${{ secrets.ARTIFACTORY_CLOUD_TOKEN }} + JF_URL: https://artifactory.ssrcdevops.tii.ae + JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_CLOUD_TOKEN }} - name: Upload to Artifactory env: - ARTIFACTORY_REPO: ssrc-deb-public-local + ARTIFACTORY_REPO: debian-public-local DISTRIBUTION: focal COMPONENT: fog-sw ARCHITECTURE: amd64 diff --git a/.github/workflows/tii-mesh-com.yaml b/.github/workflows/tii-mesh-com.yaml.to-fix similarity index 93% rename from .github/workflows/tii-mesh-com.yaml rename to .github/workflows/tii-mesh-com.yaml.to-fix index 856317d4..9d77adc3 100644 --- a/.github/workflows/tii-mesh-com.yaml +++ b/.github/workflows/tii-mesh-com.yaml.to-fix @@ -56,6 +56,8 @@ jobs: uses: docker/build-push-action@v5 with: context: . + build-args: | + "ARTIFACTORY_CLOUD_TOKEN=${{ secrets.ARTIFACTORY_CLOUD_TOKEN }}" platforms: linux/amd64,linux/arm64,linux/riscv64 file: ./modules/mesh_com/Dockerfile push: true diff --git a/build.sh b/build.sh index 526aa45c..88c8c978 100755 --- a/build.sh +++ b/build.sh @@ -16,6 +16,8 @@ iname=${PACKAGE_NAME:=mesh_com} iversion=${PACKAGE_VERSION:=latest} +artifactory_cloud_token=${ARTIFACTORY_CLOUD_TOKEN:?ARTIFACTORY_CLOUD_TOKEN is not set} + docker build \ --build-arg UID=$(id -u) \ --build-arg GID=$(id -g) \ diff --git a/common/tools/squid/squid.conf b/common/tools/squid/squid.conf new file mode 100644 index 00000000..07d357db --- /dev/null +++ b/common/tools/squid/squid.conf @@ -0,0 +1,27 @@ +http_port 127.0.0.1:3128 ssl-bump \ + cert=/etc/squid/ssl_cert/myCA.pem \ + generate-host-certificates=on dynamic_cert_mem_cache_size=4MB + +http_access allow all +cache allow all + +sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 4MB + +acl step1 at_step SslBump1 + +ssl_bump peek step1 +ssl_bump bump all + +acl artifactory dstdomain artifactory.ssrcdevops.tii.ae + +request_header_add Authorization "Bearer " artifactory + +pid_filename none +logfile_rotate 0 + +# Debug +# access_log stdio:/dev/fd/1 +# cache_log stdio:/dev/fd/2 + +# Needed to prevent bug in docker +max_filedescriptors 1048576 diff --git a/modules/mesh_com/Dockerfile b/modules/mesh_com/Dockerfile index 4b11fd4f..cd0be10c 100644 --- a/modules/mesh_com/Dockerfile +++ b/modules/mesh_com/Dockerfile @@ -4,6 +4,10 @@ FROM --platform=${BUILDPLATFORM:-linux/amd64} ghcr.io/tiiuae/fog-ros-sdk:v3.2.0- # Must be defined another time after "FROM" keyword. ARG TARGETARCH +# Needed for apt to authenticate with the custom private repo +ARG ARTIFACTORY_CLOUD_TOKEN +ENV ARTIFACTORY_CLOUD_TOKEN=${ARTIFACTORY_CLOUD_TOKEN} + # SRC_DIR environment variable is defined in the fog-ros-sdk image. # The same workspace path is used by all ROS2 components. # See: https://github.com/tiiuae/fog-ros-baseimage/blob/main/Dockerfile.sdk_builder @@ -22,7 +26,24 @@ FROM ghcr.io/tiiuae/fog-ros-baseimage:v3.2.0 ENTRYPOINT [ "/entrypoint.sh" ] RUN apt update \ - && apt install -y --no-install-recommends \ + && apt install -y --no-install-recommends squid-openssl \ + && apt clean \ + && rm -rf /var/lib/apt/lists/* \ + && mkdir -p /etc/squid/ssl_cert \ + && openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout /etc/squid/ssl_cert/myCA.pem -out /etc/squid/ssl_cert/myCA.pem -batch \ + && openssl x509 -in /etc/squid/ssl_cert/myCA.pem -outform PEM -out /usr/local/share/ca-certificates/squid.crt \ + && update-ca-certificates \ + && mkdir -p /var/lib/squid \ + && /usr/lib/squid/security_file_certgen -c -s /var/lib/squid/ssl_db -M 4MB + +COPY common/tools/squid/ /etc/squid/ + +# Squid proxy needed to add Authorization: Bearer header for apt to authenticate with priv repo +RUN echo "deb [trusted=yes] https://artifactory.ssrcdevops.tii.ae/artifactory/debian-public-local focal fog-sw" >> /etc/apt/sources.list \ + && sed -i "s//$ARTIFACTORY_CLOUD_TOKEN/" /etc/squid/squid.conf \ + && squid \ + && apt -o "acquire::http::proxy=http://127.0.0.1:3128" update \ + && apt -o "acquire::http::proxy=http://127.0.0.1:3128" install -y --no-install-recommends \ alfred \ batctl \ iproute2 \ @@ -32,7 +53,9 @@ RUN apt update \ pcsc-lite \ rfkill \ wpa-supplicant=2.9-r0 \ + && pkill squid \ && apt clean \ + && rm /etc/squid/squid.conf \ && rm -rf /var/lib/apt/lists/* COPY modules/mesh_com/entrypoint.sh /entrypoint.sh diff --git a/modules/mesh_com/Dockerfile.build_env b/modules/mesh_com/Dockerfile.build_env index 51ec466b..fd846fa5 100644 --- a/modules/mesh_com/Dockerfile.build_env +++ b/modules/mesh_com/Dockerfile.build_env @@ -9,17 +9,18 @@ ARG COMMIT_ID ARG GIT_VER ARG PACKAGE_NAME # Install build dependencies -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - curl \ - python3-bloom \ - fakeroot \ - dh-make \ - dh-python \ - python3-pytest \ - ros-${ROS_DISTRO}-ament-flake8 \ - ros-${ROS_DISTRO}-ament-pep257 \ - batctl \ - alfred \ +RUN apt update \ + && apt install -y --no-install-recommends \ + curl \ + python3-bloom \ + fakeroot \ + dh-make \ + dh-python \ + python3-pytest \ + ros-${ROS_DISTRO}-ament-flake8 \ + ros-${ROS_DISTRO}-ament-pep257 \ + batctl \ + alfred \ && rm -rf /var/lib/apt/lists/* RUN groupadd -g $GID builder && \ @@ -27,8 +28,6 @@ RUN groupadd -g $GID builder && \ usermod -aG sudo builder && \ echo 'builder ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers -RUN echo "deb [trusted=yes] https://ssrc.jfrog.io/artifactory/ssrc-deb-public-local focal fog-sw" >> /etc/apt/sources.list - WORKDIR /$PACKAGE_NAME RUN chown -R builder:builder /$PACKAGE_NAME