From be50c52625f37017b674ceb428a56ec912eaa6c2 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Mon, 3 Jul 2023 10:08:41 -0400 Subject: [PATCH 1/6] update http/https (#12) --- .github/workflows/docker-image.yml | 2 +- README.md | 4 ++-- docs/conf.py | 2 +- docs/methods.rst | 14 +++++++------- examples/ansible.yaml | 2 +- examples/ci-config.yaml | 2 +- examples/ci-filetransfer-config.yaml | 2 +- examples/filetransfer-config-single-file.yaml | 2 +- examples/filetransfer-config.yaml | 2 +- examples/full-suite-disconnected.yaml | 2 +- examples/full-suite-with-skew.yaml | 2 +- examples/full-suite.yaml | 2 +- examples/imageLoad-config.yaml | 2 +- examples/kube-play-config.yaml | 2 +- examples/readme-config.yaml | 2 +- examples/systemd-autoupdate.yaml | 2 +- examples/systemd-config-single-file.yaml | 2 +- examples/systemd-config.yaml | 2 +- examples/systemd-enable.yaml | 2 +- examples/systemd-restart.yaml | 2 +- 20 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 794d2645..1689cf03 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1670,7 +1670,7 @@ jobs: - name: set values relating to the current env run: | - sed -i 's| url: http://github.com/containers/fetchit| url: http://github.com/${{ github.repository }}|g' /home/runner/work/fetchit/fetchit/main/examples/ci-config.yaml + sed -i 's| url: https://github.com/containers/fetchit| url: https://github.com/${{ github.repository }}|g' /home/runner/work/fetchit/fetchit/main/examples/ci-config.yaml sed -i 's| branch: ci| branch: "{{ github.ref }}"|g' /home/runner/work/fetchit/fetchit/main/examples/ci-config.yaml - name: Start fetchit diff --git a/README.md b/README.md index 962d3658..317c911f 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ This example can be found in [./examples/readme-config.yaml](examples/readme-con ``` targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit branch: main fileTransfer: - name: ft-ex @@ -106,7 +106,7 @@ The container will be started and will run in the background. To view the logs: ``` podman logs -f fetchit -git clone http://github.com/containers/fetchit main --recursive +git clone https://github.com/containers/fetchit main --recursive Creating podman container from ./fetchit/examples/raw/example.json Trying to pull docker.io/mmumshad/simple-webapp-color:latest... Getting image source signatures diff --git a/docs/conf.py b/docs/conf.py index d05369bf..4a28de14 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -102,7 +102,7 @@ # to template names. # # This is required for the alabaster theme -# refs: http://alabaster.readthedocs.io/en/latest/installation.html#sidebars +# refs: https://alabaster.readthedocs.io/en/latest/installation.html#sidebars html_sidebars = { '**': [ 'relations.html', # needs 'show_related': True theme option to display diff --git a/docs/methods.rst b/docs/methods.rst index 44bbf66d..1a8c7069 100644 --- a/docs/methods.rst +++ b/docs/methods.rst @@ -90,7 +90,7 @@ An example of using a PAT token is shown below. gitAuth: pat: CHANGEME targetConfigs: - - url: http://github.com/containers/fetchit + - url: https://github.com/containers/fetchit branch: main raw: - name: raw-ex @@ -135,7 +135,7 @@ An example of using username/password is shown below. username: bob password: bobpassword targetConfigs: - - url: http://github.com/containers/fetchit + - url: https://github.com/containers/fetchit branch: main raw: - name: raw-ex @@ -160,7 +160,7 @@ In the examples directory, there is an Ansible playbook that is used to install .. code-block:: yaml targetConfigs: - - url: http://github.com/containers/fetchit + - url: https://github.com/containers/fetchit branch: main ansible: - name: ans-ex @@ -177,7 +177,7 @@ The RawTarget method will launch containers based upon their definition in a JSO .. code-block:: yaml targetConfigs: - - url: http://github.com/containers/fetchit + - url: https://github.com/containers/fetchit branch: main raw: - name: raw-ex @@ -226,7 +226,7 @@ SystemdTarget is a method that will place, enable, and restart systemd unit file .. code-block:: yaml targetConfigs: - - url: http://github.com/containers/fetchit + - url: https://github.com/containers/fetchit branch: main systemd: - name: sysd-ex @@ -242,7 +242,7 @@ The File Transfer method will copy files from the container to the host. This me .. code-block:: yaml targetConfigs: - - url: http://github.com/containers/fetchit + - url: https://github.com/containers/fetchit filetransfer: - name: ft-ex targetPath: examples/filetransfer @@ -259,7 +259,7 @@ The KubeTarget method will launch a container based upon a Kubernetes pod manife .. code-block:: yaml targetConfigs: - - url: http://github.com/containers/fetchit + - url: https://github.com/containers/fetchit kube: - name: kube-ex targetPath: examples/kube diff --git a/examples/ansible.yaml b/examples/ansible.yaml index 7b0779f1..915d8ea6 100644 --- a/examples/ansible.yaml +++ b/examples/ansible.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit ansible: - name: ansible targetPath: examples/ansible diff --git a/examples/ci-config.yaml b/examples/ci-config.yaml index 6f83b8c8..a7d590a1 100644 --- a/examples/ci-config.yaml +++ b/examples/ci-config.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit raw: - name: raw targetPath: examples/raw diff --git a/examples/ci-filetransfer-config.yaml b/examples/ci-filetransfer-config.yaml index fe17541d..cc69dbc4 100644 --- a/examples/ci-filetransfer-config.yaml +++ b/examples/ci-filetransfer-config.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit filetransfer: - name: ft-example targetPath: examples/filetransfer diff --git a/examples/filetransfer-config-single-file.yaml b/examples/filetransfer-config-single-file.yaml index 0fd3f527..85544966 100644 --- a/examples/filetransfer-config-single-file.yaml +++ b/examples/filetransfer-config-single-file.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit filetransfer: - name: ft-ex targetPath: examples/filetransfer diff --git a/examples/filetransfer-config.yaml b/examples/filetransfer-config.yaml index 5bfe84a7..5cc94d3d 100644 --- a/examples/filetransfer-config.yaml +++ b/examples/filetransfer-config.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit filetransfer: - name: ft-ex targetPath: examples/filetransfer diff --git a/examples/full-suite-disconnected.yaml b/examples/full-suite-disconnected.yaml index 4e3655e7..7ee78d3f 100644 --- a/examples/full-suite-disconnected.yaml +++ b/examples/full-suite-disconnected.yaml @@ -1,6 +1,6 @@ targetConfigs: - disconnected: true - url: http://localhost:9000/fetchit.zip + url: https://localhost:9000/fetchit.zip raw: - name: raw-ex targetPath: examples/raw diff --git a/examples/full-suite-with-skew.yaml b/examples/full-suite-with-skew.yaml index 0ded2002..48707c5f 100644 --- a/examples/full-suite-with-skew.yaml +++ b/examples/full-suite-with-skew.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit raw: - name: raw-ex targetPath: examples/raw diff --git a/examples/full-suite.yaml b/examples/full-suite.yaml index f8b56b45..a6cc154f 100644 --- a/examples/full-suite.yaml +++ b/examples/full-suite.yaml @@ -3,7 +3,7 @@ prune: Volumes: false schedule: "*/1 * * * *" targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit raw: - name: raw-ex targetPath: examples/raw diff --git a/examples/imageLoad-config.yaml b/examples/imageLoad-config.yaml index 8e095e13..0e322d0b 100644 --- a/examples/imageLoad-config.yaml +++ b/examples/imageLoad-config.yaml @@ -1,6 +1,6 @@ images: - name: httpd-ex - url: http://localhost:8080/httpd.tar + url: https://localhost:8080/httpd.tar schedule: "*/1 * * * *" targetConfigs: - url: https://github.com/containers/fetchit diff --git a/examples/kube-play-config.yaml b/examples/kube-play-config.yaml index f973dff4..b63f20a1 100644 --- a/examples/kube-play-config.yaml +++ b/examples/kube-play-config.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit kube: - name: kube-ex targetPath: examples/kube diff --git a/examples/readme-config.yaml b/examples/readme-config.yaml index fc6b25c9..995e6efb 100644 --- a/examples/readme-config.yaml +++ b/examples/readme-config.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit branch: main filetransfer: - name: ft-ex diff --git a/examples/systemd-autoupdate.yaml b/examples/systemd-autoupdate.yaml index 38978b69..4941bbf2 100644 --- a/examples/systemd-autoupdate.yaml +++ b/examples/systemd-autoupdate.yaml @@ -1,7 +1,7 @@ podmanAutoUpdate: root: true targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit systemd: - name: sysd-ex targetPath: examples/systemd diff --git a/examples/systemd-config-single-file.yaml b/examples/systemd-config-single-file.yaml index c4e3401d..a3a9eb1c 100644 --- a/examples/systemd-config-single-file.yaml +++ b/examples/systemd-config-single-file.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit systemd: - name: sysd-ex targetPath: examples/systemd diff --git a/examples/systemd-config.yaml b/examples/systemd-config.yaml index c4e3401d..a3a9eb1c 100644 --- a/examples/systemd-config.yaml +++ b/examples/systemd-config.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit systemd: - name: sysd-ex targetPath: examples/systemd diff --git a/examples/systemd-enable.yaml b/examples/systemd-enable.yaml index 62320899..b5b24601 100644 --- a/examples/systemd-enable.yaml +++ b/examples/systemd-enable.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit systemd: - name: httpd-root targetPath: examples/systemd diff --git a/examples/systemd-restart.yaml b/examples/systemd-restart.yaml index c55c4357..8561d940 100644 --- a/examples/systemd-restart.yaml +++ b/examples/systemd-restart.yaml @@ -1,5 +1,5 @@ targetConfigs: -- url: http://github.com/containers/fetchit +- url: https://github.com/containers/fetchit systemd: - name: sysd-ex targetPath: examples/systemd From 9caac530a63d7ed759f2ee939ba03bb444d6c75f Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Fri, 10 Nov 2023 14:52:56 -0500 Subject: [PATCH 2/6] should return ssh testing --- .github/workflows/docker-image.yml | 68 ++++++++++++++++++++++++++++++ pkg/engine/raw.go | 1 + 2 files changed, 69 insertions(+) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 1689cf03..25da967f 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1227,6 +1227,74 @@ jobs: - name: list packages run: timeout 150 bash -c -- 'z=0 ; until [ $z -ge 1 ]; do z=$(sudo apt list --installed | grep zsh | wc -l); done' + ssh-validate: + runs-on: ubuntu-latest + needs: [ build, pull-and-archive ] + steps: + - uses: actions/checkout@v2 + + - name: pull in podman + uses: actions/download-artifact@v1 + with: + name: podman-bins + path: bin + + - name: replace + run: | + chmod +x bin/podman + sudo mv bin/podman /usr/bin/podman + - name: Enable the podman socket + run: sudo systemctl enable --now podman.socket + + - name: pull artifact + uses: actions/download-artifact@v1 + with: + name: fetchit-image + path: /tmp + + - name: pull artifact + uses: actions/download-artifact@v1 + with: + name: colors + path: /tmp + + - name: Load the image + run: sudo podman load -i /tmp/fetchit.tar + + - name: Load the image + run: sudo podman load -i /tmp/colors.tar + + - name: tag the image + run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest + + - name: generate ssh assets + run: | + mkdir ~/.ssh + echo "${{secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa + ssh-keyscan github.com > ~/.ssh/known_hosts + mkdir ~/.fetchit + mv ~/.ssh ~/.fetchit/ + cp ./examples/ssh-config.yaml ~/.fetchit/config.yaml + - name: Start fetchit + run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v /home/runner/.fetchit:/opt/mount -v /home/runnner/.ssh:/opt/mount/.ssh -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest + + - name: List fetchit files + run: sudo ls -la ~/.fetchit + + - name: List ssh files + run: sudo ls -la ~/.fetchit/.ssh + + - name: check for file + run: timeout 150 bash -c "until [ -f /tmp/hello.txt ]; do sleep 2; done" + + - name: check for file + run: timeout 150 bash -c "until [ -f /tmp/anotherfile.txt ]; do sleep 2; done" + + - name: Logs + if: always() + run: sudo podman logs fetchit + + systemd-validate-exact-file: runs-on: ubuntu-latest needs: [ build , pull-and-archive ] diff --git a/pkg/engine/raw.go b/pkg/engine/raw.go index 2da8cdbe..29550f0a 100644 --- a/pkg/engine/raw.go +++ b/pkg/engine/raw.go @@ -44,6 +44,7 @@ func (r *Raw) GetKind() string { "Range": 0, "Protocol": ""}] "CapAdd": [] +"Network": "private" "CapDrop": [] } */ From e39c83d5848496a7fbf2ab0b2968b43b28006aec Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Fri, 10 Nov 2023 14:52:56 -0500 Subject: [PATCH 3/6] should return ssh testing --- .github/workflows/docker-image.yml | 68 ++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 1689cf03..25da967f 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1227,6 +1227,74 @@ jobs: - name: list packages run: timeout 150 bash -c -- 'z=0 ; until [ $z -ge 1 ]; do z=$(sudo apt list --installed | grep zsh | wc -l); done' + ssh-validate: + runs-on: ubuntu-latest + needs: [ build, pull-and-archive ] + steps: + - uses: actions/checkout@v2 + + - name: pull in podman + uses: actions/download-artifact@v1 + with: + name: podman-bins + path: bin + + - name: replace + run: | + chmod +x bin/podman + sudo mv bin/podman /usr/bin/podman + - name: Enable the podman socket + run: sudo systemctl enable --now podman.socket + + - name: pull artifact + uses: actions/download-artifact@v1 + with: + name: fetchit-image + path: /tmp + + - name: pull artifact + uses: actions/download-artifact@v1 + with: + name: colors + path: /tmp + + - name: Load the image + run: sudo podman load -i /tmp/fetchit.tar + + - name: Load the image + run: sudo podman load -i /tmp/colors.tar + + - name: tag the image + run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest + + - name: generate ssh assets + run: | + mkdir ~/.ssh + echo "${{secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa + ssh-keyscan github.com > ~/.ssh/known_hosts + mkdir ~/.fetchit + mv ~/.ssh ~/.fetchit/ + cp ./examples/ssh-config.yaml ~/.fetchit/config.yaml + - name: Start fetchit + run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v /home/runner/.fetchit:/opt/mount -v /home/runnner/.ssh:/opt/mount/.ssh -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest + + - name: List fetchit files + run: sudo ls -la ~/.fetchit + + - name: List ssh files + run: sudo ls -la ~/.fetchit/.ssh + + - name: check for file + run: timeout 150 bash -c "until [ -f /tmp/hello.txt ]; do sleep 2; done" + + - name: check for file + run: timeout 150 bash -c "until [ -f /tmp/anotherfile.txt ]; do sleep 2; done" + + - name: Logs + if: always() + run: sudo podman logs fetchit + + systemd-validate-exact-file: runs-on: ubuntu-latest needs: [ build , pull-and-archive ] From 34faefb8ba02109f0e1ba2df88bfaefa0dfe605a Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Fri, 10 Nov 2023 14:56:28 -0500 Subject: [PATCH 4/6] Update raw.go --- pkg/engine/raw.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/engine/raw.go b/pkg/engine/raw.go index 29550f0a..2da8cdbe 100644 --- a/pkg/engine/raw.go +++ b/pkg/engine/raw.go @@ -44,7 +44,6 @@ func (r *Raw) GetKind() string { "Range": 0, "Protocol": ""}] "CapAdd": [] -"Network": "private" "CapDrop": [] } */ From 50fbbc141b7589c76ab3ab611caefa9be41a16b9 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Fri, 10 Nov 2023 15:02:52 -0500 Subject: [PATCH 5/6] set path Signed-off-by: Ryan Cook --- .github/workflows/docker-image.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 25da967f..065f9206 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1272,8 +1272,9 @@ jobs: mkdir ~/.ssh echo "${{secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa ssh-keyscan github.com > ~/.ssh/known_hosts + chmod 600 ~/.ssh/id_rsa mkdir ~/.fetchit - mv ~/.ssh ~/.fetchit/ + cp -rp ~/.ssh ~/.fetchit/ cp ./examples/ssh-config.yaml ~/.fetchit/config.yaml - name: Start fetchit run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v /home/runner/.fetchit:/opt/mount -v /home/runnner/.ssh:/opt/mount/.ssh -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest From 91f555f90568d4516bb6abec0e7082d1948afd95 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Fri, 10 Nov 2023 15:06:52 -0500 Subject: [PATCH 6/6] try for home var Signed-off-by: Ryan Cook --- .github/workflows/docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 065f9206..a66260bc 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1277,7 +1277,7 @@ jobs: cp -rp ~/.ssh ~/.fetchit/ cp ./examples/ssh-config.yaml ~/.fetchit/config.yaml - name: Start fetchit - run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v /home/runner/.fetchit:/opt/mount -v /home/runnner/.ssh:/opt/mount/.ssh -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest + run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v /home/runner/.fetchit:/opt/mount -v ~/.ssh:/opt/mount/.ssh -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest - name: List fetchit files run: sudo ls -la ~/.fetchit