github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Test building/publishing package

Browse Source
This commit is contained in:
Jamil Bou Kheir
2020-10-30 09:01:56 -05:00
parent 98c27a0611
commit 4f847899fc
14 changed files with 1042 additions and 1320 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
.github/workflows/publish.yml vendored Normal file
View File

@@ -0,0 +1,46 @@
name: Publish
on:
- push
jobs:
build-deb:
runs-on: ubuntu:20.04
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Build packages
run: bash pkg/build.sh
- name: upload package
uses: actions/upload-artifact@v2
with:
name: fireguard_deb
path: fireguard_0.1.0-1_amd64.deb
publish:
runs-on: ubuntu:20.04
needs: build-deb
if: github.event_name == 'push' && (contains(github.ref, 'refs/tags/') || github.ref == 'refs/heads/master')
steps:
- name: Download Built Packages
uses: actions/download-artifact@v2
with:
name: fireguard_deb
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: false
- name: Upload Release Asset
id: upload-release-asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./fireguard_0.1.0-1_amd64.deb
asset_name: fireguard_0.1.0-1_amd64.deb
asset_content_type: application/vnd.debian.binary-package

20
.github/workflows/main.yml → .github/workflows/test.yml vendored
View File

@@ -44,25 +44,9 @@ jobs:
- name: Run Tests and Upload Coverage Report
run: mix coveralls.github --umbrella
# 2. Build VM image
build-vm:
needs: unit-integration-test
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: Build VM Image
# uses: operatehappy/packer-github-action
# with:
# command: build
# arguments: "-color=false -on-error=abort"
# target: artifacts.pkr.json packer.json
run: |
echo `which packer`
echo 'Packer?'
# 3. Functional Test
# 2. Functional Test
functional-test:
needs: build-vm
needs: unit-integration-test
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2

27
Dockerfile.base
View File

@@ -1,27 +0,0 @@
# This is used to build a FireGuard release deb that can be launched on Ubuntu
FROM ubuntu:20.04
RUN apt-get update -q && \
apt-get install -y \
build-essential \
git \
curl \
libssl-dev \
automake \
autoconf \
libncurses5-dev \
unzip \
zlib1g-dev
# Install asdf
RUN adduser --shell /bin/bash --home /build --disabled-password fireguard
ENV PATH="${PATH}:/build/.asdf/shims:/build/.asdf/bin"
USER fireguard
WORKDIR /build
ONBUILD USER fireguard
ONBUILD RUN git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf && \
echo '. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc && \
echo '. $HOME/.asdf/asdf.sh' >> $HOME/.profile

58
Dockerfile.build
View File

@@ -1,58 +0,0 @@
FROM fireguard-base:latest
RUN asdf plugin-add erlang && \
asdf plugin-update erlang && \
asdf plugin-add elixir && \
asdf plugin-update elixir && \
asdf plugin-add nodejs && \
asdf plugin-update nodejs && \
asdf plugin-add python && \
asdf plugin-update python
# asdf-nodejs requires this
RUN bash -c '${ASDF_DATA_DIR:=$HOME/.asdf}/plugins/nodejs/bin/import-release-team-keyring'
COPY .tool-versions ./
RUN asdf install
ENV MIX_ENV=prod
RUN mix local.hex --force && \
mix local.rebar --force
COPY mix.exs mix.lock ./
COPY config config
COPY apps/fg_http/mix.exs ./apps/fg_http/
COPY apps/fg_wall/mix.exs ./apps/fg_wall/
COPY apps/fg_vpn/mix.exs ./apps/fg_vpn/
RUN mix do deps.get, deps.compile
COPY apps/fg_http/assets/package.json apps/fg_http/assets/package-lock.json ./apps/fg_http/assets/
RUN cd apps/fg_http/assets && ls ../../../../ && npm ci --progress=false --no-audit --loglevel=error
COPY apps/fg_http/priv apps/fg_http/priv
COPY apps/fg_http/assets apps/fg_http/assets
RUN npm run --prefix ./apps/fg_http/assets deploy && \
cd apps/fg_http && mix phx.digest
COPY . .
RUN mix release
FROM ubuntu:20.04
RUN mkdir /release
WORKDIR /release
COPY --from=build /build/_build/prod/rel/fireguard .
# build deb

93
ansible/playbook.yml
View File

@@ -13,26 +13,11 @@
- sudo
- git
- curl
- wireguard
- wireguard-tools
- wireguard-dkms
- gnupg
- unzip
- name: Install Postgres
hosts: all
become: yes
tasks:
- name: add postgres repo
shell: |
curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
- name: install postgres
apt:
update_cache: true
install_recommends: no
autoclean: yes
autoremove: yes
name: postgresql-13
- wireguard
- postgresql
- iptables
- name: Configure System
hosts: all
become: yes
@@ -50,53 +35,25 @@
line: 'net.ipv6.conf.all.forwarding = 1'
- name: apply sysctl
shell: sysctl -p
- name: Provision Runtimes
hosts: all
tasks:
- name: install erlang
become: yes
apt:
install_recommends: no
autoclean: yes
autoremove: yes
update_cache: true
deb: https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_23.1-1~ubuntu~focal_amd64.deb
- name: install elixir
shell:
executable: /bin/bash
cmd: |
[ ! -d ~/.asdf ] && git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.8.0
~/.asdf/bin/asdf plugin-add elixir
~/.asdf/bin/asdf install elixir 1.11.1-otp-23
~/.asdf/bin/asdf global elixir 1.11.1-otp-23
~/.asdf/bin/asdf reshim elixir 1.11.1-otp-23
- name: asdf to bashrc
lineinfile:
path: ~/.bashrc
line: '. ~/.asdf/asdf.sh'
- name: asdf completions to bashrc
lineinfile:
path: ~/.bashrc
line: '. ~/.asdf/completions/asdf.bash'
- name: Bootstrap DB
hosts: all
tasks:
- name: generate database url
lineinfile:
create: yes
path: /home/vagrant/.fireguard-rc
line: "DATABASE_URL=ecto://fireguard:{{ lookup('password', '/tmp/postgres_passwd') }}/fireguard"
regexp: "DATABASE_URL"
- name: add fireguard user
shell: |
sudo -i -u postgres psql -c "CREATE ROLE fireguard WITH LOGIN PASSWORD '{{ lookup('password', '/tmp/postgres_passwd') }}';"
sudo -i -u postgres psql -c "CREATE DATABASE fireguard;"
sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fireguard to fireguard;"
- name: Bootstrap App
hosts: all
tasks:
- name: generate secret key base
lineinfile:
path: /home/vagrant/.fireguard-rc
line: "SECRET_KEY_BASE={{ lookup('password', '/tmp/secret_key_base chars=hexdigits length=64') }}"
regexp: "SECRET_KEY_BASE"
# - name: Bootstrap DB
# hosts: all
# tasks:
# - name: generate database url
# lineinfile:
# create: yes
# path: /home/vagrant/.fireguard-rc
# line: "DATABASE_URL=ecto://fireguard:{{ lookup('password', '/tmp/postgres_passwd') }}/fireguard"
# regexp: "DATABASE_URL"
# - name: add fireguard user
# shell: |
# sudo -i -u postgres psql -c "CREATE ROLE fireguard WITH LOGIN PASSWORD '{{ lookup('password', '/tmp/postgres_passwd') }}';"
# sudo -i -u postgres psql -c "CREATE DATABASE fireguard;"
# sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fireguard to fireguard;"
# - name: Bootstrap App
# hosts: all
# tasks:
# - name: generate secret key base
# lineinfile:
# path: /home/vagrant/.fireguard-rc
# line: "SECRET_KEY_BASE={{ lookup('password', '/tmp/secret_key_base chars=hexdigits length=64') }}"
# regexp: "SECRET_KEY_BASE"

1994
apps/fg_http/assets/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

6
apps/fg_http/assets/package.json
View File

@@ -6,9 +6,9 @@
"watch": "webpack --mode development --watch"
},
"dependencies": {
"phoenix": "file:../../deps/phoenix",
"phoenix_html": "file:../../deps/phoenix_html",
"phoenix_live_view": "file:../../deps/phoenix_live_view",
"phoenix": "file:../../../deps/phoenix",
"phoenix_html": "file:../../../deps/phoenix_html",
"phoenix_live_view": "file:../../../deps/phoenix_live_view",
"qrcode": "^1.4.4"
},
"devDependencies": {

1
apps/fg_http/node_modules
View File

@@ -1 +0,0 @@
assets/node_modules

1
apps/fg_http/package-lock.json generated
View File

@@ -1 +0,0 @@
assets/package-lock.json

1
apps/fg_http/package.json
View File

@@ -1 +0,0 @@
assets/package.json

19
mix.exs
View File

@@ -18,19 +18,14 @@ defmodule FireguardUmbrella.MixProject do
"coveralls.html": :test
],
deps: deps(),
default_release: :fireguard,
releases: [
fg_http: [
applications: [fg_http: :permanent],
include_executables_for: [:unix],
cookie: System.get_env("ERL_COOKIE")
],
fg_wall: [
applications: [fg_wall: :permanent],
include_executables_for: [:unix],
cookie: System.get_env("ERL_COOKIE")
],
fg_vpn: [
applications: [fg_vpn: :permanent],
fireguard: [
applications: [
fg_http: :permanent,
fg_wall: :permanent,
fg_vpn: :permanent
],
include_executables_for: [:unix],
cookie: System.get_env("ERL_COOKIE")
]

20
pkg/Dockerfile Normal file
View File

@@ -0,0 +1,20 @@
# This Dockerfile builds release packages
FROM ubuntu:20.04
# Setup to run build script
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update -q && \
apt-get install -y --no-install-recommends \
ca-certificates \
locales && \
apt-get clean && \
rm -rf /tmp/* /var/tmp/*
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
WORKDIR /app
COPY . .
RUN ./pkg/build.sh

65
pkg/build.sh Executable file
View File

@@ -0,0 +1,65 @@
#!/usr/bin/env sh
set -e
export root=`pwd`
apt-get update -q && \
apt-get install -y --no-install-recommends \
build-essential \
git \
curl \
libssl-dev \
automake \
lintian \
dpkg-dev \
gnupg \
autoconf \
libncurses5-dev \
unzip \
zlib1g-dev
git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf
export PATH="${PATH}:/root/.asdf/shims:/root/.asdf/bin"
bash $HOME/.asdf/asdf.sh
# Install project runtimes
asdf plugin-add erlang && \
asdf plugin-update erlang && \
asdf plugin-add elixir && \
asdf plugin-update elixir && \
asdf plugin-add nodejs && \
asdf plugin-update nodejs && \
asdf plugin-add python && \
asdf plugin-update python
bash -c '${ASDF_DATA_DIR:=$HOME/.asdf}/plugins/nodejs/bin/import-release-team-keyring'
asdf install
# Set build env vars
export MIX_ENV=prod
# Install dependencies
mix local.hex --force
mix local.rebar --force
mix do deps.get, deps.compile
# Compile assets
cd $root/apps/fg_http/assets && npm i --progress=false --no-audit --loglevel=error
cd $root/apps/fg_http/assets && npm run deploy && cd .. && mix phx.digest
# Build the release
cd $root && mix release fireguard
# Move release for packaging
mv ./_build/prod/rel/fireguard ./pkg/debian/opt/fireguard
# Smoke test
export DATABASE_URL=ecto://dummy@localhost/dummy
export SECRET_KEY_BASE=dummy
./pkg/debian/opt/fireguard/bin/fireguard eval 'IO.puts "hello world"'
# Build package
cd $root/pkg && dpkg-deb --build debian
mv pkg/debian.deb fireguard_0.1.0-1_amd64.deb
# TODO: This reports too many issues... :-(
# RUN lintian fireguard_0.1.0-1_amd64.deb

11
pkg/debian/DEBIAN/control Normal file
View File

@@ -0,0 +1,11 @@
Package: fireguard
Version: 0.1.0-1
Architecture: amd64
Maintainer: CloudFire, LLC <dpkg@cloudfire.network>
Depends: wireguard (>= 1.0.20200319-1ubuntu1), postgresql-12 (>= 12.4-0ubuntu0.20.04.1), iptables (>= 1.8.4-3ubuntu2)
Section: net
Priority: optional
Homepage: https://cloudfire.network
Description: Web UI + Firewall manager for WireGuard™
Provides a web-based UI that allows you to configure WireGuard VPN tunnels and
set up firewall rules for your devices.