Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add a snap for notary #67

Merged
merged 3 commits into from
Sep 9, 2024
Merged

feat: add a snap for notary #67

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6a798cc
feat: add notary snap
gruyaume Sep 6, 2024
109cd9b
chore: add snap related CI workflows
gruyaume Sep 6, 2024
c201ffa
chore: remove file we have in double
gruyaume Sep 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions .github/workflows/build-snap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Build Snap

on:
workflow_call:

jobs:
build-snap:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4

- name: Build snap
uses: snapcore/action-build@v1
id: build

- name: Upload locally built snap artifact
if: ${{ github.ref_name == 'main' }}
uses: actions/upload-artifact@v4
with:
name: snap
path: ${{ steps.build.outputs.snap }}
25 changes: 16 additions & 9 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,28 +11,35 @@ on:
jobs:
unit-test-frontend:
uses: ./.github/workflows/test-frontend.yaml
build-nextjs:
nextjs-build:
uses: ./.github/workflows/build-frontend.yaml
unit-test-notary:
needs: [build-nextjs]
go-unit-test:
needs: [nextjs-build]
uses: ./.github/workflows/test-notary.yaml
go-vet:
needs: [build-nextjs]
needs: [nextjs-build]
uses: ./.github/workflows/go-vet.yaml
go-lint:
needs: [build-nextjs]
needs: [nextjs-build]
uses: ./.github/workflows/go-lint.yaml
build-notary:
needs: [build-nextjs]
go-build:
needs: [nextjs-build]
uses: ./.github/workflows/build-notary.yaml
rock-build:
needs: [build-notary, unit-test-notary, go-vet, go-lint]
needs: [go-build, go-unit-test, go-vet, go-lint]
uses: ./.github/workflows/build-rock.yaml
rock-scan:
if: github.ref_name == 'main'
needs: [rock-build]
uses: ./.github/workflows/scan-rock.yaml
publish:
rock-publish:
if: github.ref_name == 'main'
needs: [rock-build]
uses: ./.github/workflows/publish-rock.yaml
snap-build:
needs: [go-build, go-unit-test, go-vet, go-lint]
uses: ./.github/workflows/build-snap.yaml
snap-publish:
if: github.ref_name == 'main'
needs: [snap-build]
uses: ./.github/workflows/publish-snap.yaml
32 changes: 32 additions & 0 deletions .github/workflows/publish-snap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Publish Snap

on:
workflow_call:

jobs:
publish-snap:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4

- name: Downloads locally built snap artifact
uses: actions/download-artifact@v4
id: download
with:
name: snap

- name: Determine snap file name
id: find-snap
run: |
SNAP_FILE=$(ls *.snap)
echo "Found snap file: $SNAP_FILE"
echo "snap_file=${SNAP_FILE}" >>$GITHUB_OUTPUT

- name: Publish snap
uses: snapcore/[email protected]
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
if: ${{ github.ref_name == 'main' }}
with:
snap: ${{ steps.find-snap.outputs.snap_file }}
release: edge
19 changes: 19 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,25 @@ pebble_notifications: true

## Installation

### From Snap

Install the snap:
```bash
sudo snap install notary
```

Generate (or copy) a certificate and private key to the following location:
```bash
sudo openssl req -newkey rsa:2048 -nodes -keyout /var/snap/notary/common/key.pem -x509 -days 1 -out /var/snap/notary/common/cert.pem -subj "/CN=example.com"
```

Start the service:
```bash
sudo snap start notary.notaryd
```

Navigate to `https://localhost:3000` to access the Notary UI.

### From OCI Image

```bash
Expand Down
5 changes: 5 additions & 0 deletions service/bin/notaryd-start
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/bash

set -ex

"$SNAP"/bin/notary -config "$SNAP_COMMON"/notary.yaml
5 changes: 5 additions & 0 deletions service/notary.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
key_path: "/var/snap/notary/common/key.pem"
cert_path: "/var/snap/notary/common/cert.pem"
db_path: "/var/snap/notary/common/certs.db"
port: 3000
pebble_notifications: false
4 changes: 4 additions & 0 deletions snap/hooks/install
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/sh -e

# Create Notary config file
cp "$SNAP/notary.yaml" "$SNAP_COMMON/notary.yaml"
41 changes: 41 additions & 0 deletions snap/snapcraft.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: notary
base: core24
version: '0.0.3'
summary: Notary is a certificate management tool.
description: Notary is a certificate management tool.

grade: stable
confinement: strict

apps:
notary:
command: bin/notary
plugs:
- network
- network-bind
- home
notaryd:
daemon: simple
install-mode: disable
command: bin/notaryd-start
refresh-mode: endure
plugs:
- network
- network-bind

parts:
notary:
plugin: go
source: .
source-type: local
build-snaps:
- go/1.22/stable
- node/20/stable
override-build: |
npm install --prefix ui
npm run build --prefix ui
craftctl default

service-files:
plugin: dump
source: service
Loading