diff --git a/.github/auto-label.yml b/.github/auto-label.yml index 781abca7e1..4de3ba668f 100644 --- a/.github/auto-label.yml +++ b/.github/auto-label.yml @@ -323,6 +323,9 @@ vendor/spacectl: vendor/spotctl: - any: ["vendor/spotctl/**"] all: ["!bin/**", "!tasks/**"] +vendor/sshm: +- any: ["vendor/sshm/**"] + all: ["!bin/**", "!tasks/**"] vendor/stern: - any: ["vendor/stern/**"] all: ["!bin/**", "!tasks/**"] diff --git a/.github/workflows/auto-update-packages.yml b/.github/workflows/auto-update-packages.yml index a8ea82c095..2cd7027ead 100644 --- a/.github/workflows/auto-update-packages.yml +++ b/.github/workflows/auto-update-packages.yml @@ -111,6 +111,7 @@ jobs: - sops - spacectl - spotctl + - sshm - stern - sudosh - teleport diff --git a/.github/workflows/sshm.yml b/.github/workflows/sshm.yml new file mode 100644 index 0000000000..3c15031f6e --- /dev/null +++ b/.github/workflows/sshm.yml @@ -0,0 +1,222 @@ +# +# This workflow was created automatically from the `package-template.yml` by running `make -C .github workflows` +# DO NOT EDIT THIS WORKFLOW, changes will be lost on the next update. +# + +name: "sshm" +on: + push: + branches: + - master + + paths: + - apk/** + - deb/** + - rpm/** + - tasks/** + - vendor/sshm/** + - .github/workflows/sshm.yml + + + pull_request: + types: [opened, synchronize, reopened] + paths: + - apk/** + - deb/** + - rpm/** + - tasks/** + - vendor/sshm/** + - .github/workflows/sshm.yml + +jobs: + matrix: + if: github.event_name != 'schedule' + runs-on: ubuntu-latest + outputs: + package-enabled: ${{ steps.info.outputs.package_enabled }} + package-matrix: ${{steps.info.outputs.package_matrix}} + apk-enabled: ${{ steps.info.outputs.package_enabled == 'true' && steps.info.outputs.apk_package_enabled == 'true' }} + steps: + - uses: actions/checkout@v2 + + - name: Export package build matrix + shell: bash + id: info + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + echo setting ouputs + make -C vendor/sshm info/github + echo + echo outputs set + make -C vendor/sshm info/github | sed s'/::set-output name=//' | sed 's/::/=/' + + + # Build for alpine linux + # Kept separate because it is old and slightly different than the other package builds + alpine: + needs: matrix + if: github.event_name != 'schedule' && needs.matrix.outputs.apk-enabled != 'false' + runs-on: ubuntu-latest + strategy: + matrix: + # These versions must be strings. E.g. Otherwise `3.10` -> `3.1` + alpine: + # Now that we are just building 1 binary for all distributions, we do not + # need to track which distribution we are building on. + - 'alpine' + env: + APK_KEY_RSA: "${{ secrets.APK_KEY_RSA }}" + APK_PACKAGES_PATH: ${{github.workspace}}/artifacts/${{matrix.alpine}} + PACKAGER: ops@cloudposse.com + PACKAGER_PRIVKEY: /dev/shm/ops@cloudposse.com.rsa + PACKAGER_PUBKEY: ${{github.workspace}}/artifacts/ops@cloudposse.com.rsa.pub + + container: cloudposse/packages-apkbuild:${{matrix.alpine}} + steps: + # Checkout the packages repo so we can build the packages as a monorepo + - name: "Checkout source code at current commit" + uses: actions/checkout@v2 + + # Export the apk keys as files from secrets + - name: "Export keys" + run: "make -C .github/ export" + + # Build the alpine packages for the matrix version of alpine + - name: "Build alpine packages" + run: "make -C vendor/${{github.workflow}} apk" + + # Verify the packages were built or error + - name: "List packages" + run: 'find ${APK_PACKAGES_PATH} -type f -name \*.apk | xargs --no-run-if-empty ls -l | grep .' + + # Export the artifact filename including path + # Path must be relative to workdir for Cloudsmith action to be able to find it + - name: "Set output path to artifact" + id: artifact + shell: bash + run: | + artifact=$(find artifacts/${{matrix.alpine}} -type f -name \*.apk) + echo "::set-output name=path::$artifact" + echo "set output path=$artifact" + echo creating '"pip"' cache directory for Cloudsmith + mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory + + + # Determine which package organization we should use (e.g. dev or prod) + - name: "Determine package repo" + shell: bash + id: repo + run: | + if [[ ${GITHUB_REF} == 'refs/heads/master' ]]; then + echo "::set-output name=org::${{github.repository_owner}}" + else + echo "::set-output name=org::${{github.repository_owner}}-dev" + fi + env: + GITHUB_REF: ${{ github.ref }} + + # Publish the artifacts + - name: "Push artifact to package repository" + uses: cloudsmith-io/action@v0.5.1 + with: + api-key: ${{ secrets.CLOUDSMITH_API_KEY }} + command: 'push' + format: 'alpine' + owner: '${{steps.repo.outputs.org}}' # Your Cloudsmith account name or org name (namespace) + repo: 'packages' # Your Cloudsmith Repository name (slug) + distro: 'alpine' # Your Distribution (i.e debian, ubuntu, alpine) + release: 'any-version' # Use "any-version" if your package is compatible with more than one version of alpine linux + republish: 'true' # Needed if version is not changing + file: '${{steps.artifact.outputs.path}}' # Package filename (including path) + no-wait-for-sync: 'true' # Skip the waiting for package synchronisation (i.e. upload only) + + # Build packages with fpm package manager + package: + needs: matrix + # Should not be needed, but without these conditions, this job would fail with an error if the matrix is [] + # and would run with package-type empty if matrix is ["apk"] + if: > + github.event_name != 'schedule' && needs.matrix.outputs.package-enabled != 'false' + && needs.matrix.outputs.package-matrix != '[]' && needs.matrix.outputs.package-matrix != '["apk"]' + + runs-on: ubuntu-latest + strategy: + matrix: + package-type: ${{ fromJSON(needs.matrix.outputs.package-matrix) }} + exclude: + - package-type: 'apk' + env: + # We are in a bit of a bind here because of how GitHub actions work as of 2020-11-19 + # Although the "workspace" is mounted to the container, it is not mounted + # at `/github/workspace` or ${{github.workspace}}, although through some + # mechanism, an environment variable whose value starts with ${{github.workspace}} + # will have ${{github.workspace}} replaced with the correct mount point. + # + # We need an absolute path for the package build system, since every build happens + # in a different directory, but because the mount point changes, we also + # need a path relative to the initial working directory to communicate between + # the package building container and the cloudsmith action. + PACKAGES_PATH: ${{github.workspace}}/artifacts/${{matrix.package-type}}/any-version + PACKAGE_RELPATH: artifacts/${{matrix.package-type}}/any-version + + # Unfortunately, there is no reasonable way to configure the docker image tag based on the package-type + container: cloudposse/packages-${{matrix.package-type}}build:latest + steps: + # Checkout the packages repo so we can build the packages as a monorepo + - name: "Checkout source code at current commit" + uses: actions/checkout@v2 + + # Build the packages for the matrix version + - name: "Build ${{matrix.package-type}} packages" + shell: bash + run: | + echo Current directory is $(pwd) + [[ $PACKAGES_PATH =~ ^$(pwd) ]] || { echo Package dir \"$PACKAGES_PATH\" not beneath workdir \"$(pwd)\" >&2; exit 1; } + make -C vendor/${{github.workflow}} ${{matrix.package-type}} + + # Export the artifact filename including path + - name: "Set output path to artifact" + id: artifact + shell: bash + run: | + [[ -n $PACKAGE_RELPATH ]] || { echo Error: PACKAGE_RELPATH is not set >&2; exit 1; } + packages=($(find ${PACKAGE_RELPATH} -type f -name \*.${{matrix.package-type}})) + echo List packages found: + printf "%s\n" "${packages[@]}" | xargs --no-run-if-empty ls -l + echo Error if not exactly 1 package found + (( ${#packages[@]} == 1 )) || { echo "Error: other than 1 package found (${#packages[@]})" >&2; exit 1; } + + echo "setting output name=path::$packages" + echo "::set-output name=path::$packages" + + echo creating '"pip"' cache directory for Cloudsmith + mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory + + # Determine which package organization we should use (e.g. dev or prod) + - name: "Determine package repo" + shell: bash + id: repo + run: | + if [[ ${GITHUB_REF} == 'refs/heads/master' ]]; then + echo "::set-output name=org::${{github.repository_owner}}" + else + echo "::set-output name=org::${{github.repository_owner}}-dev" + fi + env: + GITHUB_REF: ${{ github.ref }} + + # Publish the artifacts + - name: "Push artifact to package repository" + uses: cloudsmith-io/action@v0.5.1 + with: + api-key: ${{ secrets.CLOUDSMITH_API_KEY }} + command: 'push' + format: '${{matrix.package-type}}' + owner: '${{steps.repo.outputs.org}}' # Your Cloudsmith account name or org name (namespace) + repo: 'packages' # Your Cloudsmith Repository name (slug) + distro: 'any-distro' # Use "any-distro" since our package is compatible with more than more distribution + release: 'any-version' # Use "any-version" since our package is compatible with more than more version + republish: 'true' # Needed if version is not changing + file: '${{steps.artifact.outputs.path}}' # Package filename (including path) + no-wait-for-sync: 'true' # Skip the waiting for package synchronisation (i.e. upload only) diff --git a/.gitignore b/.gitignore index 57059f866d..2562b7dbff 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ build-harness *.iml *.rsa* artifacts/ +*.swp # bin/vert is a binary automatically downloaded and should not be checked in /bin/vert diff --git a/README.md b/README.md index 6e3e4161e7..551c96175c 100644 --- a/README.md +++ b/README.md @@ -384,6 +384,7 @@ Here are some solutions to several common problems that may occur when adding a [![sops](https://github.com/cloudposse/packages/workflows/sops/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Asops) | 3.7.1 | Secrets management stinks, use some sops! [![spacectl](https://github.com/cloudposse/packages/workflows/spacectl/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Aspacectl) | 0.7.0 | [Spacelift.io](https://spacelift.io/) client and CLI [![spotctl](https://github.com/cloudposse/packages/workflows/spotctl/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Aspotctl) | 0.20.0 | A unified CLI to manage your [Spot](https://spot.io/) resources. +[![sshm](https://github.com/cloudposse/packages/workflows/sshm/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Asshm) | 1.2.2 | Easy connect on EC2 instances thanks to AWS System Manager Agent [![stern](https://github.com/cloudposse/packages/workflows/stern/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Astern) | 1.11.0 | ⎈ Multi pod and container log tailing for Kubernetes [![sudosh](https://github.com/cloudposse/packages/workflows/sudosh/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Asudosh) | 0.3.0 | Shell wrapper to run a login shell with `sudo` as the current user for the purpose of audit logging [![teleport](https://github.com/cloudposse/packages/workflows/teleport/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Ateleport) | 6.2.7 | Secure Access for Developers that doesn't get in the way. diff --git a/docs/badges.md b/docs/badges.md index 35f0dc022b..c8adb3773a 100644 --- a/docs/badges.md +++ b/docs/badges.md @@ -97,6 +97,7 @@ [![sops](https://github.com/cloudposse/packages/workflows/sops/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Asops) | 3.7.1 | Secrets management stinks, use some sops! [![spacectl](https://github.com/cloudposse/packages/workflows/spacectl/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Aspacectl) | 0.7.0 | [Spacelift.io](https://spacelift.io/) client and CLI [![spotctl](https://github.com/cloudposse/packages/workflows/spotctl/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Aspotctl) | 0.20.0 | A unified CLI to manage your [Spot](https://spot.io/) resources. +[![sshm](https://github.com/cloudposse/packages/workflows/sshm/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Asshm) | 1.2.2 | Easy connect on EC2 instances thanks to AWS System Manager Agent [![stern](https://github.com/cloudposse/packages/workflows/stern/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Astern) | 1.11.0 | ⎈ Multi pod and container log tailing for Kubernetes [![sudosh](https://github.com/cloudposse/packages/workflows/sudosh/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Asudosh) | 0.3.0 | Shell wrapper to run a login shell with `sudo` as the current user for the purpose of audit logging [![teleport](https://github.com/cloudposse/packages/workflows/teleport/badge.svg?branch=master)](https://github.com/cloudposse/packages/actions?query=workflow%3Ateleport) | 6.2.7 | Secure Access for Developers that doesn't get in the way. diff --git a/docs/targets.md b/docs/targets.md index 892e83fdbb..211e227f8c 100644 --- a/docs/targets.md +++ b/docs/targets.md @@ -102,6 +102,7 @@ slack-notifier 0.3.0 Command line utility to send messages with sops 3.7.1 Secrets management stinks, use some sops! spacectl 0.7.0 [Spacelift.io](https://spacelift.io/) client and CLI spotctl 0.20.0 A unified CLI to manage your [Spot](https://spot.io/) resources. +sshm 1.2.2 Easy connect on EC2 instances thanks to AWS System Manager Agent stern 1.11.0 ⎈ Multi pod and container log tailing for Kubernetes sudosh 0.3.0 Shell wrapper to run a login shell with `sudo` as the current user for the purpose of audit logging teleport 6.2.7 Secure Access for Developers that doesn't get in the way. diff --git a/vendor/sshm/DESCRIPTION b/vendor/sshm/DESCRIPTION new file mode 100644 index 0000000000..726befd1de --- /dev/null +++ b/vendor/sshm/DESCRIPTION @@ -0,0 +1 @@ +Easy connect on EC2 instances thanks to AWS System Manager Agent diff --git a/vendor/sshm/LICENSE b/vendor/sshm/LICENSE new file mode 100644 index 0000000000..a22a2da24d --- /dev/null +++ b/vendor/sshm/LICENSE @@ -0,0 +1 @@ +MIT diff --git a/vendor/sshm/Makefile b/vendor/sshm/Makefile new file mode 100644 index 0000000000..7f89c162fc --- /dev/null +++ b/vendor/sshm/Makefile @@ -0,0 +1,23 @@ +SHELL := /bin/bash + +# Package details +export VENDOR ?= claranet +export APK_BUILD_TEMPLATE ?= APKBUILD.github-binary +export PACKAGE_NAME ?= sshm +export PACKAGE_REPO_NAME ?= sshm +# upper cases the first letter of the OS +export PACKAGE_OS ?= $(shell echo "$(OS)" | cut -c1 | tr '[:lower:]' '[:upper:]')$(shell echo "$(OS)" | cut -c2-) +export PACKAGE_ARCH_amd64 ?= x86_64 +export PACKAGE_ARCH ?= ${PACKAGE_ARCH_${ARCH}} +# https://github.com/claranet/sshm/releases/download/1.2.2/sshm_1.2.2_Linux_x86_64.tar.gz +export DOWNLOAD_URL ?= $(PACKAGE_REPO_URL)/releases/download/$(PACKAGE_VERSION)/$(PACKAGE_NAME)_$(PACKAGE_VERSION)_$(PACKAGE_OS)_$(PACKAGE_ARCH).tar.gz +export CHECK_COMMAND_ARGUMENTS ?= --version +export CHECK_COMMAND_ENV ?= HOME=./ + +include ../../tasks/Makefile.vendor_includes + +install: + $(call download_binary) + +test: + HOME=/tmp $(PACKAGE_EXE) --version diff --git a/vendor/sshm/RELEASE b/vendor/sshm/RELEASE new file mode 100644 index 0000000000..573541ac97 --- /dev/null +++ b/vendor/sshm/RELEASE @@ -0,0 +1 @@ +0 diff --git a/vendor/sshm/VERSION b/vendor/sshm/VERSION new file mode 100644 index 0000000000..23aa839063 --- /dev/null +++ b/vendor/sshm/VERSION @@ -0,0 +1 @@ +1.2.2