diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4f9e60f83..9a12a4e02 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -184,11 +184,8 @@ jobs: path: gcs_upload_dir/ retention-days: 1 - docker-compose-test: + build-docker-image: if: ${{ github.event_name == 'push' }} - permissions: - contents: 'read' - id-token: 'write' runs-on: ubuntu-22.04 needs: - build-centos @@ -197,68 +194,106 @@ jobs: - build-windows steps: - uses: actions/checkout@v3 - - name: Start docker-compose stack + - name: Download installers from GitHub artifacts + id: download + uses: actions/download-artifact@v4 + with: + pattern: '*installer*' + path: _installers + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.DOCKER_REPOSITORY }} + - name: Build and export + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile + tags: | + ${{ env.DOCKER_REPOSITORY }}:testing + ${{ steps.meta.outputs.tags }} + outputs: type=docker,dest=/tmp/grr_base_image.tar + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: grr_base_image + path: /tmp/grr_base_image.tar + + + docker-compose-test: + if: ${{ github.event_name == 'push' }} + permissions: + contents: 'read' + id-token: 'write' + runs-on: ubuntu-22.04 + needs: + - build-docker-image + steps: + - uses: actions/checkout@v3 + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: grr_base_image + path: /tmp + - name: Load image + run: | + docker load --input /tmp/grr_base_image.tar + - name: Start docker compose stack shell: bash run: | - docker-compose pull --include-deps - docker-compose up -d + docker compose -f docker-compose.yaml -f docker-compose.testing.yaml up -d --wait - name: Test shell: bash run: | - docker build -f ./Dockerfile . -t grr-testing + docker ps + # docker compose exec linux-client /configs/create_fake_user.sh docker run \ --add-host=host.docker.internal:host-gateway \ -v $(pwd):/github_workspace \ -w /github_workspace \ --entrypoint appveyor/e2e_tests/run_docker_compose_e2e_test.sh \ - grr-testing \ + ${{ env.DOCKER_REPOSITORY }}:testing \ $(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' grr-linux-client) - - name: Stop docker-compose stack + - name: Stop the docker compose stack if: always() shell: bash run: | - docker-compose down --volumes + docker compose down --volumes - build-push-docker-base-image: + push-docker-image: env: REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} + permissions: + contents: 'read' + id-token: 'write' runs-on: ubuntu-22.04 needs: - - docker-compose-test + - build-docker-image # TODO update after test steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Download installers from GitHub artifacts - id: download + - name: Download artifact uses: actions/download-artifact@v4 with: - pattern: '*_installer*' - path: _installers + name: grr_base_image + path: /tmp + - name: Load image + run: | + docker load --input /tmp/grr_base_image.tar - name: Login to GitHub Container registry - # if: ${{ github.event_name == 'push' }} + if: ${{ github.event_name == 'push' }} uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - # if: ${{ github.event_name == 'push' }} - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - - name: Build and push Docker image - # if: ${{ github.event_name == 'push' }} - uses: docker/build-push-action@v5 - with: - context: . - file: Dockerfile - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + - name: Push Docker image + if: ${{ github.event_name == 'push' }} + run: | + # Remove the tag used to identify the image for testing again. + docker rmi ${{ env.DOCKER_REPOSITORY }}:testing + docker push --all-tags ${{ env.DOCKER_REPOSITORY }} upload-artifacts: if: ${{ github.event_name == 'push' }} diff --git a/Dockerfile b/Dockerfile index 570f0cce7..daa77f584 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ # "-component" "admin_ui" # "-config" "/configs/server/grr.server.yaml" -FROM ubuntu:22.04 AS builder +FROM ubuntu:22.04 LABEL maintainer="grr-dev@googlegroups.com" @@ -66,4 +66,4 @@ RUN ${VIRTUAL_ENV}/bin/python grr/proto/makefile.py && \ WORKDIR / -ENTRYPOINT [ "grr_server" ] \ No newline at end of file +ENTRYPOINT [ "grr_server" ] diff --git a/Dockerfile.client b/Dockerfile.client deleted file mode 100644 index 1eb5c4944..000000000 --- a/Dockerfile.client +++ /dev/null @@ -1,25 +0,0 @@ -FROM ghcr.io/google/grr:grr-github-actions-docker - -LABEL maintainer="grr-dev@googlegroups.com" - -ENV TEMPLATE_DIR /client_templates -ENV INSTALLERS_DIR /client_installers - -RUN apt-get update - -RUN useradd -m appveyor2 -RUN echo "[7] [01234] [ts/3] [appveyor2] [pts/3 ] [100.100.10.10 ] [100.100.10.10 ] [Thu Jan 01 00:00:00 1970 UTC]" > wtmp.txt && \ - utmpdump /var/log/wtmp >> wtmp.txt && \ - utmpdump --reverse < wtmp.txt > /var/log/wtmp && \ - utmpdump /var/log/wtmp - -ADD ./docker_config_files/client/ /configs - -RUN grr_client_build repack_multiple \ - --templates ${TEMPLATE_DIR}/*/*.zip \ - --repack_configs /configs/grr.client.yaml \ - --output_dir ${INSTALLERS_DIR} - -RUN dpkg -i ${INSTALLERS_DIR}/grr.client/*.deb - -ENTRYPOINT [ "fleetspeak-client" ] diff --git a/docker-compose.testing.yaml b/docker-compose.testing.yaml new file mode 100644 index 000000000..21f2db3c5 --- /dev/null +++ b/docker-compose.testing.yaml @@ -0,0 +1,13 @@ + +services: + grr-admin-ui: + image: ghcr.io/google/grr:testing + + grr-fleetspeak-frontend: + image: ghcr.io/google/grr:testing + + grr-worker: + image: ghcr.io/google/grr:testing + + linux-client: + image: ghcr.io/google/grr:testing diff --git a/docker-compose.yaml b/docker-compose.yaml index bc70b6f4c..7d128c545 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -26,9 +26,7 @@ services: retries: 10 grr-admin-ui: - build: - dockerfile: Dockerfile - context: . + image: ghcr.io/google/grr:latest container_name: grr-admin-ui hostname: admin-ui restart: always @@ -53,9 +51,7 @@ services: - --verbose grr-fleetspeak-frontend: - build: - dockerfile: Dockerfile - context: . + image: ghcr.io/google/grr:latest container_name: grr-fleetspeak-frontend hostname: grr-fleetspeak-frontend depends_on: @@ -129,9 +125,7 @@ services: ] grr-worker: - build: - dockerfile: Dockerfile - context: . + image: ghcr.io/google/grr:latest container_name: grr-worker volumes: - ./docker_config_files/server/:/configs/ @@ -152,24 +146,22 @@ services: - --verbose linux-client: - build: - dockerfile: Dockerfile.client - context: . + image: ghcr.io/google/grr:latest container_name: grr-linux-client restart: always - depends_on: + depends_on: - db - fleetspeak-frontend volumes: - ./docker_config_files/client/:/configs/ + # Mount the client_installers folder, to preserve + # the repacked templates across restarts. - client_installers:/client_installers tty: true stdin_open: true networks: - server-network - command: - - -config - - /configs/client.config + entrypoint: /configs/init_grr_client.sh volumes: db_data: diff --git a/docker_config_files/client/create_fake_user.sh b/docker_config_files/client/create_fake_user.sh new file mode 100755 index 000000000..201587d0a --- /dev/null +++ b/docker_config_files/client/create_fake_user.sh @@ -0,0 +1,9 @@ + +# End-to-end test require a user on a client, which e.g. sets the +# home directory for file collection. + +useradd -m testuser && +echo "[7] [01234] [ts/3] [testuser] [pts/3 ] [100.100.10.10 ] [100.100.10.10 ] [Thu Jan 01 00:00:00 1970 UTC]" > wtmp.txt && \ + utmpdump /var/log/wtmp >> wtmp.txt && \ + utmpdump --reverse < wtmp.txt > /var/log/wtmp && \ + utmpdump /var/log/wtmp diff --git a/docker_config_files/client/init_grr_client.sh b/docker_config_files/client/init_grr_client.sh new file mode 100755 index 000000000..b1af0cbfb --- /dev/null +++ b/docker_config_files/client/init_grr_client.sh @@ -0,0 +1,30 @@ +#! /bin/bash + +# GRR client docker compose initialization script. +# This script runs when starting the client in the +# docker-compose stack. It repacks the client using the +# provided configuration files and installs the resulting +# debian package if no installers or fleetspeak-client +# binary are found. +# +# This script assumes the client-config files +# (docker_config_files/client) to be mounted at /configs. + +TEMPLATE_DIR="/client_templates" +INSTALLERS_DIR="/client_installers" + + +if [ -z "$(ls -A ${INSTALLERS_DIR})" ]; then + echo "Repack clients" + grr_client_build repack_multiple \ + --templates ${TEMPLATE_DIR}/*/*.zip \ + --repack_configs /configs/grr.client.yaml \ + --output_dir ${INSTALLERS_DIR} +fi + +if ! command -v fleetspeak-client &> /dev/null; then + echo "Install Client from debian package" + dpkg -i ${INSTALLERS_DIR}/grr.client/*.deb +fi + +fleetspeak-client -config /configs/client.config diff --git a/docker_config_files/mysql/.env b/docker_config_files/mysql/.env index 1457d52c7..492af8bc1 100644 --- a/docker_config_files/mysql/.env +++ b/docker_config_files/mysql/.env @@ -9,4 +9,4 @@ FLEETSPEAK_DB_PASSWORD="fleetspeak-password" GRR_DB="grr" GRR_DB_USER="grru" -GRR_DB_PASSWORD="grrp" \ No newline at end of file +GRR_DB_PASSWORD="grrp"