publish bridge-device docker image

plgd-dev · Feb 2, 2024 · 9e994f5 · 9e994f5
1 parent a553654
commit 9e994f5
Show file tree

Hide file tree

Showing 10 changed files with 49 additions and 17 deletions.
diff --git a/.github/workflows/build-publish-cfg.yaml b/.github/workflows/build-publish-cfg.yaml
@@ -12,10 +12,6 @@ on:
         description: Name of the container
         type: string
         required: true
-      directory:
-        description: Directory of service
-        type: string
-        required: true
       file:
         description: Dockerfile to build
         type: string
@@ -102,7 +98,6 @@ jobs:
           platforms: linux/amd64,linux/arm64
           builder: ${{ steps.buildx.outputs.name }}
           build-args: |
-            DIRECTORY=${{ inputs.directory }}
             NAME=${{ inputs.name }}
             COMMIT_DATE=${{ steps.build-args.outputs.commit_date }}
             SHORT_COMMIT=${{ steps.build-args.outputs.short_commit }}
@@ -123,7 +118,6 @@ jobs:
           platforms: linux/amd64,linux/arm64
           builder: ${{ steps.buildx.outputs.name }}
           build-args: |
-            DIRECTORY=${{ inputs.directory }}
             NAME=${{ inputs.name }}
             COMMIT_DATE=${{ steps.build-args.outputs.commit_date }}
             SHORT_COMMIT=${{ steps.build-args.outputs.short_commit }}

diff --git a/.github/workflows/build-publish.yaml b/.github/workflows/build-publish.yaml
@@ -27,11 +27,11 @@ jobs:
       matrix:
         include:
           - name: test-cloud-server
-            directory: test/cloud-server
             file: test/cloud-server/Dockerfile
+          - name: bridge-device
+            file: bridge/Dockerfile
     uses: ./.github/workflows/build-publish-cfg.yaml
     with:
       name: ${{ matrix.name }}
-      directory: ${{ matrix.directory }}
       file: ${{ matrix.file }}
 
diff --git a/.gitignore b/.gitignore
@@ -12,6 +12,6 @@ vendor/
 .vscode/
 .tmp/
 debug
-cmd/ocfbridge/ocfbridge
+cmd/bridge-device/bridge-device
 cmd/ocfclient/ocfclient
-test/ocfbridge/ocfbridge
+test/bridge-device/bridge-device
diff --git a/Makefile b/Makefile
@@ -143,13 +143,13 @@ test-bridge:
 	# start device
 	rm -rf $(TMP_PATH)/bridge || :
 	mkdir -p $(TMP_PATH)/bridge
-	go build -C ./test/ocfbridge -cover -o ./ocfbridge
-	pkill -KILL ocfbridge || :
+	go build -C ./test/bridge-device -cover -o ./bridge-device
+	pkill -KILL bridge-device || :
 	CLOUD_SID=$(CLOUD_SID) CA_POOL=$(TMP_PATH)/data/certs/root_ca.crt \
 	CERT_FILE=$(TMP_PATH)/data/certs/external/coap-gateway.crt \
 	KEY_FILE=$(TMP_PATH)/data/certs/external/coap-gateway.key \
 	GOCOVERDIR=$(TMP_PATH)/bridge \
-		./test/ocfbridge/ocfbridge &
+		./test/bridge-device/bridge-device &
 
 	# run tests
 	docker run \
@@ -168,9 +168,9 @@ test-bridge:
 		$(HUB_TEST_DEVICE_IMAGE)
 
 	# stop device
-	pkill -TERM ocfbridge || :
-	while pgrep -x ocfbridge > /dev/null; do \
-		echo "waiting for ocfbridge to exit"; \
+	pkill -TERM bridge-device || :
+	while pgrep -x bridge-device > /dev/null; do \
+		echo "waiting for bridge-device to exit"; \
 		sleep 1; \
 	done
 	go tool covdata textfmt -i=$(TMP_PATH)/bridge -o $(TMP_PATH)/bridge.coverage.txt
@@ -179,7 +179,7 @@ clean:
 	docker rm -f devsim-net-host || :
 	docker rm -f hub-device-tests-environment || :
 	docker rm -f hub-device-tests || :
-	pkill -KILL ocfbridge || :
+	pkill -KILL bridge-device || :
 	sudo rm -rf .tmp/*
 
 .PHONY: build-testcontainer build certificates clean env test unit-test
diff --git a/bridge/Dockerfile b/bridge/Dockerfile
@@ -0,0 +1,22 @@
+# syntax=docker/dockerfile:1
+FROM golang:1.20.13-alpine AS build
+RUN apk add --no-cache curl git build-base
+WORKDIR $GOPATH/src/github.com/plgd-dev/device
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+RUN ( cd /usr/local/go && patch -p1 < $GOPATH/src/github.com/plgd-dev/device/tools/docker/patches/shrink_tls_conn.patch )
+WORKDIR $GOPATH/src/github.com/plgd-dev/device
+RUN CGO_ENABLED=0 go build -o /go/bin/bridge-device ./cmd/bridge-device
+
+FROM alpine:3.19 AS security-provider
+RUN apk add -U --no-cache ca-certificates
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+FROM scratch AS service
+COPY --from=security-provider /etc/passwd /etc/passwd
+COPY --from=security-provider /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=build /go/bin/bridge-device /usr/local/bin/bridge-device
+USER nonroot
+ENTRYPOINT [ "/usr/local/bin/bridge-device" ]
diff --git a/cmd/ocfbridge/config.go → cmd/bridge-device/config.go b/cmd/ocfbridge/config.go → cmd/bridge-device/config.go
diff --git a/cmd/ocfbridge/config.yaml → cmd/bridge-device/config.yaml b/cmd/ocfbridge/config.yaml → cmd/bridge-device/config.yaml
diff --git a/cmd/ocfbridge/main.go → cmd/bridge-device/main.go b/cmd/ocfbridge/main.go → cmd/bridge-device/main.go
diff --git a/test/ocfbridge/main.go → test/bridge-device/main.go b/test/ocfbridge/main.go → test/bridge-device/main.go
diff --git a/tools/docker/patches/shrink_tls_conn.patch b/tools/docker/patches/shrink_tls_conn.patch
@@ -0,0 +1,16 @@
+diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
+index 969f357834..63dff2b93e 100644
+--- a/src/crypto/tls/conn.go
++++ b/src/crypto/tls/conn.go
+@@ -789,6 +789,11 @@ func (r *atLeastReader) Read(p []byte) (int, error) {
+ // at least n bytes or else returns an error.
+ func (c *Conn) readFromUntil(r io.Reader, n int) error {
+ 	if c.rawInput.Len() >= n {
++		if c.rawInput.Len() < bytes.MinRead && c.rawInput.Cap() > 4*bytes.MinRead {
++			p := c.rawInput.Bytes()
++			c.rawInput = *bytes.NewBuffer(make([]byte, len(p), bytes.MinRead))
++			copy(c.rawInput.Bytes(), p)
++		}
+ 		return nil
+ 	}
+ 	needs := n - c.rawInput.Len()