From f1a6368ae80d97bdc6e2bf96bdb4c7fd6f36a650 Mon Sep 17 00:00:00 2001
From: Jozef Kralik <jozef.kralik@plgd.dev>
Date: Fri, 2 Feb 2024 07:39:56 +0000
Subject: [PATCH] publish bridge-device docker image

---
 .github/workflows/build-publish-cfg.yaml     |  6 ------
 .github/workflows/build-publish.yaml         |  4 ++--
 .gitignore                                   |  4 ++--
 Makefile                                     | 14 ++++++-------
 bridge/Dockerfile                            | 22 ++++++++++++++++++++
 cmd/{ocfbridge => bridge-device}/config.go   |  0
 cmd/{ocfbridge => bridge-device}/config.yaml |  0
 cmd/{ocfbridge => bridge-device}/main.go     |  0
 test/{ocfbridge => bridge-device}/main.go    |  0
 tools/docker/patches/shrink_tls_conn.patch   | 16 ++++++++++++++
 10 files changed, 49 insertions(+), 17 deletions(-)
 create mode 100644 bridge/Dockerfile
 rename cmd/{ocfbridge => bridge-device}/config.go (100%)
 rename cmd/{ocfbridge => bridge-device}/config.yaml (100%)
 rename cmd/{ocfbridge => bridge-device}/main.go (100%)
 rename test/{ocfbridge => bridge-device}/main.go (100%)
 create mode 100644 tools/docker/patches/shrink_tls_conn.patch

diff --git a/.github/workflows/build-publish-cfg.yaml b/.github/workflows/build-publish-cfg.yaml
index f6ef7d66..55d3a423 100644
--- a/.github/workflows/build-publish-cfg.yaml
+++ b/.github/workflows/build-publish-cfg.yaml
@@ -12,10 +12,6 @@ on:
         description: Name of the container
         type: string
         required: true
-      directory:
-        description: Directory of service
-        type: string
-        required: true
       file:
         description: Dockerfile to build
         type: string
@@ -102,7 +98,6 @@ jobs:
           platforms: linux/amd64,linux/arm64
           builder: ${{ steps.buildx.outputs.name }}
           build-args: |
-            DIRECTORY=${{ inputs.directory }}
             NAME=${{ inputs.name }}
             COMMIT_DATE=${{ steps.build-args.outputs.commit_date }}
             SHORT_COMMIT=${{ steps.build-args.outputs.short_commit }}
@@ -123,7 +118,6 @@ jobs:
           platforms: linux/amd64,linux/arm64
           builder: ${{ steps.buildx.outputs.name }}
           build-args: |
-            DIRECTORY=${{ inputs.directory }}
             NAME=${{ inputs.name }}
             COMMIT_DATE=${{ steps.build-args.outputs.commit_date }}
             SHORT_COMMIT=${{ steps.build-args.outputs.short_commit }}
diff --git a/.github/workflows/build-publish.yaml b/.github/workflows/build-publish.yaml
index fab8eb10..c28cf518 100644
--- a/.github/workflows/build-publish.yaml
+++ b/.github/workflows/build-publish.yaml
@@ -27,11 +27,11 @@ jobs:
       matrix:
         include:
           - name: test-cloud-server
-            directory: test/cloud-server
             file: test/cloud-server/Dockerfile
+          - name: bridge-device
+            file: bridge-device/Dockerfile
     uses: ./.github/workflows/build-publish-cfg.yaml
     with:
       name: ${{ matrix.name }}
-      directory: ${{ matrix.directory }}
       file: ${{ matrix.file }}
 
diff --git a/.gitignore b/.gitignore
index 9390dc34..bcada047 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,6 @@ vendor/
 .vscode/
 .tmp/
 debug
-cmd/ocfbridge/ocfbridge
+cmd/bridge-device/bridge-device
 cmd/ocfclient/ocfclient
-test/ocfbridge/ocfbridge
+test/bridge-device/bridge-device
diff --git a/Makefile b/Makefile
index 573aab19..65f9ca67 100644
--- a/Makefile
+++ b/Makefile
@@ -143,13 +143,13 @@ test-bridge:
 	# start device
 	rm -rf $(TMP_PATH)/bridge || :
 	mkdir -p $(TMP_PATH)/bridge
-	go build -C ./test/ocfbridge -cover -o ./ocfbridge
-	pkill -KILL ocfbridge || :
+	go build -C ./test/bridge-device -cover -o ./bridge-device
+	pkill -KILL bridge-device || :
 	CLOUD_SID=$(CLOUD_SID) CA_POOL=$(TMP_PATH)/data/certs/root_ca.crt \
 	CERT_FILE=$(TMP_PATH)/data/certs/external/coap-gateway.crt \
 	KEY_FILE=$(TMP_PATH)/data/certs/external/coap-gateway.key \
 	GOCOVERDIR=$(TMP_PATH)/bridge \
-		./test/ocfbridge/ocfbridge &
+		./test/bridge-device/bridge-device &
 
 	# run tests
 	docker run \
@@ -168,9 +168,9 @@ test-bridge:
 		$(HUB_TEST_DEVICE_IMAGE)
 
 	# stop device
-	pkill -TERM ocfbridge || :
-	while pgrep -x ocfbridge > /dev/null; do \
-		echo "waiting for ocfbridge to exit"; \
+	pkill -TERM bridge-device || :
+	while pgrep -x bridge-device > /dev/null; do \
+		echo "waiting for bridge-device to exit"; \
 		sleep 1; \
 	done
 	go tool covdata textfmt -i=$(TMP_PATH)/bridge -o $(TMP_PATH)/bridge.coverage.txt
@@ -179,7 +179,7 @@ clean:
 	docker rm -f devsim-net-host || :
 	docker rm -f hub-device-tests-environment || :
 	docker rm -f hub-device-tests || :
-	pkill -KILL ocfbridge || :
+	pkill -KILL bridge-device || :
 	sudo rm -rf .tmp/*
 
 .PHONY: build-testcontainer build certificates clean env test unit-test
diff --git a/bridge/Dockerfile b/bridge/Dockerfile
new file mode 100644
index 00000000..0c31d882
--- /dev/null
+++ b/bridge/Dockerfile
@@ -0,0 +1,22 @@
+# syntax=docker/dockerfile:1
+FROM golang:1.20.13-alpine AS build
+RUN apk add --no-cache curl git build-base
+WORKDIR $GOPATH/src/github.com/plgd-dev/device
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+RUN ( cd /usr/local/go && patch -p1 < $GOPATH/src/github.com/plgd-dev/device/tools/docker/patches/shrink_tls_conn.patch )
+WORKDIR $GOPATH/src/github.com/plgd-dev/device
+RUN CGO_ENABLED=0 go build -o /go/bin/bridge-device ./cmd/bridge-device
+
+FROM alpine:3.19 AS security-provider
+RUN apk add -U --no-cache ca-certificates
+RUN addgroup -S nonroot \
+    && adduser -S nonroot -G nonroot
+
+FROM scratch AS service
+COPY --from=security-provider /etc/passwd /etc/passwd
+COPY --from=security-provider /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=build /go/bin/bridge-device /usr/local/bin/bridge-device
+USER nonroot
+ENTRYPOINT [ "/usr/local/bin/bridge-device" ]
diff --git a/cmd/ocfbridge/config.go b/cmd/bridge-device/config.go
similarity index 100%
rename from cmd/ocfbridge/config.go
rename to cmd/bridge-device/config.go
diff --git a/cmd/ocfbridge/config.yaml b/cmd/bridge-device/config.yaml
similarity index 100%
rename from cmd/ocfbridge/config.yaml
rename to cmd/bridge-device/config.yaml
diff --git a/cmd/ocfbridge/main.go b/cmd/bridge-device/main.go
similarity index 100%
rename from cmd/ocfbridge/main.go
rename to cmd/bridge-device/main.go
diff --git a/test/ocfbridge/main.go b/test/bridge-device/main.go
similarity index 100%
rename from test/ocfbridge/main.go
rename to test/bridge-device/main.go
diff --git a/tools/docker/patches/shrink_tls_conn.patch b/tools/docker/patches/shrink_tls_conn.patch
new file mode 100644
index 00000000..3334a466
--- /dev/null
+++ b/tools/docker/patches/shrink_tls_conn.patch
@@ -0,0 +1,16 @@
+diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
+index 969f357834..63dff2b93e 100644
+--- a/src/crypto/tls/conn.go
++++ b/src/crypto/tls/conn.go
+@@ -789,6 +789,11 @@ func (r *atLeastReader) Read(p []byte) (int, error) {
+ // at least n bytes or else returns an error.
+ func (c *Conn) readFromUntil(r io.Reader, n int) error {
+ 	if c.rawInput.Len() >= n {
++		if c.rawInput.Len() < bytes.MinRead && c.rawInput.Cap() > 4*bytes.MinRead {
++			p := c.rawInput.Bytes()
++			c.rawInput = *bytes.NewBuffer(make([]byte, len(p), bytes.MinRead))
++			copy(c.rawInput.Bytes(), p)
++		}
+ 		return nil
+ 	}
+ 	needs := n - c.rawInput.Len()