From 760bb0ac8566c38ce8dcf30825ed20b49c2374ec Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Sun, 3 Nov 2024 21:57:49 -0800 Subject: [PATCH] feat: add fips support for install script Signed-off-by: Nianyu Shen --- .github/workflows/build.yaml | 4 +--- .github/workflows/release.yaml | 10 +++++++++- Earthfile | 28 ++++++++++++++++++++++++++-- README.md | 6 ++++++ 4 files changed, 42 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e222003..495d365 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -38,7 +38,5 @@ jobs: echo $(git describe --exact-match --tags || echo "v0.0.0-$(git rev-parse --short=8 HEAD)") > VERSION echo "version=$(head -n 1 VERSION)" >> $GITHUB_OUTPUT - name: Build artifacts - env: - VERSION: ${{ steps.version.outputs.version }} run: | - earthly --ci --output +release + earthly --ci --output +release --VERSION=${{ steps.version.outputs.version }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a811c46..388d4f9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -33,7 +33,15 @@ jobs: use-cache: true - name: Build artifacts run: | - earthly --ci --output +release --VERSION ${{ github.ref_name }} + set -x + earthly --ci --output +release \ + --VERSION=${{ github.ref_name }} + - name: Build FIPS artifacts + run: | + set -x + earthly --ci --output +release-fips \ + --VERSION=${{ github.ref_name }} \ + --SPECTRO_PUB_REPO=us-docker.pkg.dev/palette-images-fips - name: Upload release artifacts uses: softprops/action-gh-release@v2 if: ${{ startsWith(github.ref, 'refs/tags/') }} diff --git a/Earthfile b/Earthfile index f897245..fc654b7 100644 --- a/Earthfile +++ b/Earthfile @@ -19,6 +19,19 @@ release: BUILD +install-script +release-fips: + BUILD +package-tar \ + --PLATFORM=linux \ + --ARCH=amd64 \ + --FIPS=true + + BUILD +palette-agent \ + --PLATFORM=linux \ + --ARCH=amd64 \ + --FIPS=true + + BUILD +install-script \ + --FIPS=true ubuntu: FROM ${UBUNTU_IMAGE} RUN apt-get update && apt-get install -y systemctl gettext-base @@ -34,6 +47,7 @@ stylus-image: palette-agent: FROM +ubuntu + ARG FIPS=false ARG PE_VERSION=$(head -n 1 PE_VERSION) ARG PLATFORM=linux ARG ARCH=amd64 @@ -43,16 +57,26 @@ palette-agent: COPY (+stylus-image/opt/spectrocloud/bin/palette-agent --PLATFORM=${PLATFORM} --ARCH=${ARCH} --STYLUS_IMAGE=${STYLUS_IMAGE}) /workdir/ RUN chmod +x /workdir/palette-agent - SAVE ARTIFACT /workdir/palette-agent AS LOCAL ./build/palette-agent-${PLATFORM}-${ARCH} + LET BIN_NAME=palette-agent-${PLATFORM}-${ARCH} + IF $FIPS + SET BIN_NAME=palette-agent-fips-${PLATFORM}-${ARCH} + END + + SAVE ARTIFACT /workdir/palette-agent AS LOCAL ./build/${BIN_NAME} package-tar: FROM +ubuntu + ARG FIPS=false ARG PE_VERSION=$(head -n 1 PE_VERSION) ARG PLATFORM=linux ARG ARCH=amd64 ARG STYLUS_IMAGE=${SPECTRO_PUB_REPO}/edge/stylus-agent-mode-${PLATFORM}-${ARCH}:${PE_VERSION} - ARG TAR_NAME=agent-mode-${PLATFORM}-${ARCH} + IF $FIPS + ARG TAR_NAME=agent-mode-fips-${PLATFORM}-${ARCH} + ELSE + ARG TAR_NAME=agent-mode-${PLATFORM}-${ARCH} + END WORKDIR /workdir/var/lib/spectro COPY (+stylus-image/ --PLATFORM=${PLATFORM} --ARCH=${ARCH} --STYLUS_IMAGE=${STYLUS_IMAGE}) /workdir/var/lib/spectro/stylus diff --git a/README.md b/README.md index dee94ee..b2429bc 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,12 @@ curl -Ls https://github.com/spectrocloud/agent-mode/releases/latest/download/pal curl -Ls https://github.com/spectrocloud/agent-mode/releases/latest/download/palette-agent-install.sh | VERSION=v4.5.0 bash ``` +## FIPS + +```bash +curl -Ls https://github.com/spectrocloud/agent-mode/releases/latest/download/palette-agent-install-fips.sh | bash +``` + ## Userdata Refer to [Palette Agent Parameters Documentation](https://docs.spectrocloud.com/clusters/edge/edge-configuration/installer-reference/#palette-agent-parameters) for more details.