Try arm again

adfoster-r7 · Feb 9, 2024 · b4db5d2 · b4db5d2
1 parent 2573230
commit b4db5d2
Show file tree

Hide file tree

Showing 2 changed files with 134 additions and 69 deletions.
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
@@ -25,48 +25,107 @@ on:
       - '*'
 
 jobs:
-  # docker_arm:
-  #   runs-on: ${{ matrix.os }}
-  #   timeout-minutes: 180
+  # Unlike the other builds which have the working directory of metasploit-omnibus at the top level
+  # This job creates its clones two projects into child paths:
+  #  .
+  #  ├── metasploit-omnibus
+  #  └── metasploit-framework
+  #
+  docker_arm:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 180
 
-  #   strategy:
-  #     fail-fast: false
-  #     matrix:
-  #       os:
-  #         - ubuntu-latest
-  #       # From: 'ls ./docker/'
-  #       image_name:
-  #         - debian-aarch64
-  #         - debian-armv7
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+        # From: 'ls ./docker/'
+        docker:
+          # Skipped as not working
+          # - { dockerfile: 'debian-aarch64', previousImage: '' }
+          - { name: 'debian-armv7', previousDockerhubImage: 'rapid7/msf-debian-armv7-omnibus:2020_03' }
+
+    name: ${{ matrix.os }} - ${{ matrix.docker.name }}
+    steps:
+      - name: Checkout omnibus
+        uses: actions/checkout@v4
+        with:
+          path: metasploit-omnibus
 
-  #   name: ${{ matrix.os }} - ${{ matrix.image_name }}
-  #   steps:
-  #     - name: Checkout code
-  #       uses: actions/checkout@v4
+      - uses: dorny/paths-filter@4067d885736b84de7c414f582ac45897079b0a78
+        id: changes
+        with:
+          filters: |
+            docker:
+              - 'docker/fake_path_to_reuse_old_build/**'
+          working-directory: metasploit-omnibus
 
-  #     - name: Set the docker build metadata
-  #       run: |
-  #         export BUILD_DATE=$(date "+%Y_%m")
-  #         echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV"
-  #         echo "BUILD_TAG=rapid7/${IMAGE_NAME}-omnibus:${BUILD_DATE}" >> "$GITHUB_ENV"
-  #       env:
-  #         IMAGE_NAME: ${{ matrix.image_name }}
+      # Set the env vars for either a new build, or a previously successful build
+      - name: Set docker build metadata
+        run: |
+          export BUILD_DATE=$(date "+%Y_%m")
+          echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV"
+          if test "${NEW_BUILD_REQUIRED}" = 'true'; then
+            echo 'New build required'
+            echo "DOCKER_IMAGE=rapid7/${DOCKER_NAME}-omnibus:${BUILD_DATE}" >> "$GITHUB_ENV"
+          else
+            echo 'Reusing old image'
+            echo "DOCKER_IMAGE=${PREVIOUS_DOCKERHUB_IMAGE}" >> "$GITHUB_ENV"
+          fi
+        env:
+          HAS_BUILD: ${{ steps.changes.outputs.docker }}
+          DOCKER_NAME: ${{ matrix.docker.name }}
+          PREVIOUS_DOCKERHUB_IMAGE: ${{ matrix.docker.previousDockerhubImage }}
 
-  #     - name: Build Docker image
-  #       run: |
-  #         /bin/bash -x -c "docker build --tag ${BUILD_TAG} -f ./docker/${IMAGE_NAME}/Dockerfile ./docker/${IMAGE_NAME}"
-  #       env:
-  #         IMAGE_NAME: ${{ matrix.image_name }}
+      - name: Build Docker image
+        if: steps.changes.outputs.docker == 'true'
+        run: |
+          /bin/bash -x -c "cd metasploit-omnibus && docker build --tag ${DOCKER_IMAGE} -f ./docker/${DOCKER_NAME}/Dockerfile ./docker/${DOCKER_NAME}"
+        env:
+          DOCKER_NAME: ${{ matrix.docker.name }}
 
-  #     # Checkout again - but with the submodules enabled to start a real build
-  #     - name: Checkout submodules
-  #       uses: actions/checkout@v4
-  #       with:
-  #         submodules: true
+      # Checkout again - but with the submodules enabled to start a real build
+      - name: Checkout omnibus and submodules
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          path: metasploit-omnibus
 
-  #     - name: Run omnibus
-  #       run: |
-  #         /bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${BUILD_TAG} /bin/bash -l -c 'make'"
+      # Checkout again - but with the submodules enabled to start a real build
+      - name: Checkout metasploit-framework code
+        uses: actions/checkout@v4
+        with:
+          repository: rapid7/metasploit-framework
+          path: metasploit-framework
+
+      - name: Run omnibus
+        run: |
+          echo "Building new image from ${DOCKER_IMAGE}"
+          mkdir metasploit-omnibus/certs
+          curl -L -o metasploit-omnibus/certs/ca-certificates.crt https://curl.haxx.se/ca/cacert.pem
+          cat > Dockerfile_temp <<EOF
+          FROM ${DOCKER_IMAGE}
+          RUN ["cross-build-start"]
+          COPY metasploit-omnibus /metasploit-omnibus
+          COPY metasploit-framework /metasploit-framework
+          RUN bash -l -c "cd /metasploit-omnibus && make"
+          RUN ["cross-build-end"]
+          EOF
+          cat > Dockerfile_temp.dockerignore <<EOF
+          *
+          !metasploit-omnibus
+          !metasploit-framework
+          EOF
+
+          export TEMP_DOCKER_IMAGE=${DOCKER_IMAGE}-build-artifacts
+          docker build --no-cache --rm --tag ${TEMP_DOCKER_IMAGE} --file Dockerfile_temp .
+
+          # Create the temp image and copy out the build assets
+          id=$(docker create ${TEMP_DOCKER_IMAGE})
+          docker cp $id:/metasploit-omnibus/pkg metasploit-omnibus
+          docker rm -v $id
+          docker rmi ${TEMP_DOCKER_IMAGE}
 
   # docker_intel:
   #   runs-on: ${{ matrix.os }}
@@ -120,42 +179,42 @@ jobs:
   #       run: |
   #         /bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${BUILD_TAG} /bin/bash -l -c 'make'"
 
-  osx:
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 180
+  # osx:
+  #   runs-on: ${{ matrix.os }}
+  #   timeout-minutes: 180
 
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-          - macos-11
-        ruby:
-          - 3.0.6
+  #   strategy:
+  #     fail-fast: false
+  #     matrix:
+  #       os:
+  #         - macos-11
+  #       ruby:
+  #         - 3.0.6
 
-    name: ${{ matrix.os }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
+  #   name: ${{ matrix.os }}
+  #   steps:
+  #     - name: Checkout code
+  #       uses: actions/checkout@v4
 
-      - name: Checkout submodules
-        uses: actions/checkout@v4
-        with:
-          submodules: true
+  #     - name: Checkout submodules
+  #       uses: actions/checkout@v4
+  #       with:
+  #         submodules: true
 
-      - name: Setup Ruby
-        env:
-          BUNDLE_FORCE_RUBY_PLATFORM: true
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: ${{ matrix.ruby }}
-          bundler-cache: true
-          cache-version: 4
+  #     - name: Setup Ruby
+  #       env:
+  #         BUNDLE_FORCE_RUBY_PLATFORM: true
+  #       uses: ruby/setup-ruby@v1
+  #       with:
+  #         ruby-version: ${{ matrix.ruby }}
+  #         bundler-cache: true
+  #         cache-version: 4
 
-      - name: Run omnibus
-        run: |
-          sudo mkdir -p /var/cache/omnibus
-          sudo mkdir -p /opt/metasploit-framework
-          sudo chown `whoami` /var/cache/omnibus
-          sudo chown `whoami` /opt/metasploit-framework
+  #     - name: Run omnibus
+  #       run: |
+  #         sudo mkdir -p /var/cache/omnibus
+  #         sudo mkdir -p /opt/metasploit-framework
+  #         sudo chown `whoami` /var/cache/omnibus
+  #         sudo chown `whoami` /opt/metasploit-framework
 
-          make
+  #         make
diff --git a/Makefile b/Makefile
@@ -2,6 +2,12 @@
 
 .PHONY: all
 all:
+	# TODO: Should be conditional
+	export SSL_CERT_FILE=/metasploit-omnibus/certs/ca-certificates.crt;
+
+	# Ensure consistent bundler versions
+	gem install bundler -v 2.2.3
+
 	# install omnibus' dependencies
 	bundle install
 	bundle binstubs --all