diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 37a3b67..17401e5 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -11,7 +11,7 @@ jobs: with: fetch-depth: '0' - name: Bump version and push tag - uses: anothrNick/github-tag-action@1.61.0 + uses: anothrNick/github-tag-action@1.67.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} WITH_V: true diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index da6ba51..9ea451d 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -18,15 +18,13 @@ on: types: [released] jobs: movai-base-noetic: - uses: MOV-AI/.github/.github/workflows/docker-workflow.yml@v1 + uses: MOV-AI/.github/.github/workflows/docker-workflow.yml@v2 with: docker_file: docker/noetic/Dockerfile docker_image: devops/movai-base-noetic public: true public_image: ce/movai-base-noetic - github_ref: ${{ github.ref }} deploy: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/tags/v')}} - version: ${GITHUB_REF##*/} push_latest: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/tags/v') }} snyk_check: true platforms: linux/amd64, linux/arm/v7, linux/arm64 @@ -35,17 +33,17 @@ jobs: registry_password: ${{ secrets.PORTUS_APP_TOKEN }} pub_registry_user: ${{ secrets.PORTUS_APP_USER }} pub_registry_password: ${{ secrets.PORTUS_APP_TOKEN }} + github_registry_user: ${{ secrets.RAISE_BOT_COMMIT_USER }} + github_registry_password: ${{ secrets.RAISE_BOT_COMMIT_PASSWORD }} snyk_token: ${{ secrets.SNYK_TOKEN }} movai-base-bionic: - uses: MOV-AI/.github/.github/workflows/docker-workflow.yml@v1 + uses: MOV-AI/.github/.github/workflows/docker-workflow.yml@v2 with: docker_file: docker/melodic/Dockerfile-rosfree docker_image: devops/movai-base-bionic public: true public_image: ce/movai-base-bionic - github_ref: ${{ github.ref }} deploy: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/tags/v')}} - version: ${GITHUB_REF##*/} push_latest: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/tags/v') }} snyk_check: true platforms: linux/amd64, linux/arm/v7, linux/arm64 @@ -54,17 +52,17 @@ jobs: registry_password: ${{ secrets.PORTUS_APP_TOKEN }} pub_registry_user: ${{ secrets.PORTUS_APP_USER }} pub_registry_password: ${{ secrets.PORTUS_APP_TOKEN }} + github_registry_user: ${{ secrets.RAISE_BOT_COMMIT_USER }} + github_registry_password: ${{ secrets.RAISE_BOT_COMMIT_PASSWORD }} snyk_token: ${{ secrets.SNYK_TOKEN }} movai-base-focal: - uses: MOV-AI/.github/.github/workflows/docker-workflow.yml@v1 + uses: MOV-AI/.github/.github/workflows/docker-workflow.yml@v2 with: docker_file: docker/noetic/Dockerfile-rosfree docker_image: devops/movai-base-focal public: true public_image: ce/movai-base-focal - github_ref: ${{ github.ref }} deploy: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/tags/v')}} - version: ${GITHUB_REF##*/} push_latest: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/tags/v') }} snyk_check: true platforms: linux/amd64, linux/arm/v7, linux/arm64 @@ -73,4 +71,6 @@ jobs: registry_password: ${{ secrets.PORTUS_APP_TOKEN }} pub_registry_user: ${{ secrets.PORTUS_APP_USER }} pub_registry_password: ${{ secrets.PORTUS_APP_TOKEN }} + github_registry_user: ${{ secrets.RAISE_BOT_COMMIT_USER }} + github_registry_password: ${{ secrets.RAISE_BOT_COMMIT_PASSWORD }} snyk_token: ${{ secrets.SNYK_TOKEN }} diff --git a/docker/noetic/Dockerfile b/docker/noetic/Dockerfile index 19c1381..b856820 100644 --- a/docker/noetic/Dockerfile +++ b/docker/noetic/Dockerfile @@ -9,6 +9,7 @@ LABEL maintainer="devops@mov.ai" ARG USER_ID=1000 ARG ROS_VERSION="noetic" ARG HEALTH_NODE_URL="http://health-node:8081" +ARG APT_REPOSITORY="https://artifacts.aws.cloud.mov.ai/repository" ### Environment config ENV MOVAI_HOME="/opt/mov.ai" \ @@ -37,13 +38,28 @@ COPY files/movai-entrypoint.sh /usr/local/bin/movai-entrypoint.sh # Install base packages COPY files/packages.bash /tmp/packages.bash COPY docker/$ROS_VERSION/packages.apt /tmp/packages.apt + +# Install requirements for ppa certificates registration SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt update &&\ + apt-get install -y curl gnupg --no-install-recommends + +COPY files/apt/movai-ubuntu-archive-proxy.list /etc/apt/sources.list.d/movai-ubuntu-archive-proxy.list +COPY files/apt/movai-ubuntu-ports-proxy.list /etc/apt/sources.list.d/movai-ubuntu-ports-proxy.list +COPY files/apt/movai-ubuntu-security-proxy.list /etc/apt/sources.list.d/movai-ubuntu-security-proxy.list +SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN find /etc/apt/sources.list.d/ -type f -name 'ros*.list' -exec rm {} \; &&\ echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections &&\ - apt-get update && apt-get upgrade -y && apt-get install -y curl --no-install-recommends &&\ curl -fsSL https://raw.githubusercontent.com/ros/rosdistro/master/ros.key | gpg --dearmor -o /usr/share/keyrings/ros.key &&\ echo "deb [signed-by=/usr/share/keyrings/ros.key] https://artifacts.aws.cloud.mov.ai/repository/ppa-proxy-ros focal main" | tee /etc/apt/sources.list.d/movai-ros.list > /dev/null &&\ + mv /etc/apt/sources.list /etc/apt/sources.list.bck &&\ + touch /etc/apt/sources.list &&\ + curl -fsSL $APT_REPOSITORY/movai-applications/gpg | apt-key add - &&\ + if [ "$(uname -m)" = "x86_64" ] ; then rm /etc/apt/sources.list.d/movai-ubuntu-ports-proxy.list ; fi &&\ + if [ "$(uname -m)" = "aarch64" ] || [ "$(uname -m)" = "armv7l" ] ; then rm /etc/apt/sources.list.d/movai-ubuntu-archive* && rm /etc/apt/sources.list.d/movai-ubuntu-security* ; fi &&\ + apt-get update && apt-get upgrade -y &&\ /usr/local/bin/install-packages.sh &&\ apt-get clean &&\ rm -rf /var/lib/apt/lists/* &&\ diff --git a/docker/noetic/Dockerfile-rosfree b/docker/noetic/Dockerfile-rosfree index 73842de..c0a4576 100644 --- a/docker/noetic/Dockerfile-rosfree +++ b/docker/noetic/Dockerfile-rosfree @@ -8,6 +8,7 @@ LABEL maintainer="devops@mov.ai" # Arguments ARG USER_ID=1000 ARG HEALTH_NODE_URL="http://health-node:8081" +ARG APT_REPOSITORY="https://artifacts.aws.cloud.mov.ai/repository" ### Environment config ENV MOVAI_HOME="/opt/mov.ai" \ @@ -35,11 +36,25 @@ COPY --chown=movai:movai files/deploy.sh /usr/local/bin/deploy.sh COPY files/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh COPY files/movai-entrypoint.sh /usr/local/bin/movai-entrypoint.sh -# Install base packages COPY files/packages.bash /tmp/packages.bash COPY docker/$ROS_VERSION/packages.apt /tmp/packages.apt + +# Install requirements for ppa certificates registration +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ + apt-get update &&\ + apt-get install -y curl gnupg ca-certificates --no-install-recommends + +COPY files/apt/movai-ubuntu-archive-proxy.list /etc/apt/sources.list.d/movai-ubuntu-archive-proxy.list +COPY files/apt/movai-ubuntu-ports-proxy.list /etc/apt/sources.list.d/movai-ubuntu-ports-proxy.list +COPY files/apt/movai-ubuntu-security-proxy.list /etc/apt/sources.list.d/movai-ubuntu-security-proxy.list + SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ +RUN mv /etc/apt/sources.list /etc/apt/sources.list.bck &&\ + touch /etc/apt/sources.list &&\ + curl -fsSL $APT_REPOSITORY/movai-applications/gpg | apt-key add - &&\ + if [ "$(uname -m)" = "x86_64" ] ; then rm /etc/apt/sources.list.d/movai-ubuntu-ports-proxy.list ; fi &&\ + if [ "$(uname -m)" = "aarch64" ] || [ "$(uname -m)" = "armv7l" ] ; then rm /etc/apt/sources.list.d/movai-ubuntu-archive* && rm /etc/apt/sources.list.d/movai-ubuntu-security* ; fi &&\ apt-get update && apt-get upgrade -y &&\ /usr/local/bin/install-packages.sh &&\ apt-get clean &&\ diff --git a/files/apt/movai-ubuntu-archive-proxy.list b/files/apt/movai-ubuntu-archive-proxy.list new file mode 100644 index 0000000..5de7207 --- /dev/null +++ b/files/apt/movai-ubuntu-archive-proxy.list @@ -0,0 +1,14 @@ +# Add focal proxy +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal focal universe +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal focal multiverse +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal focal main +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal focal restricted +# Add focal-updates proxy +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal-updates focal-updates universe +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal-updates focal-updates multiverse +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal-updates focal-updates main +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal-updates focal-updates restricted +# Add focal-backports proxy +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal-backports focal-backports universe +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal-backports focal-backports multiverse +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-archive-focal-backports focal-backports main \ No newline at end of file diff --git a/files/apt/movai-ubuntu-ports-proxy.list b/files/apt/movai-ubuntu-ports-proxy.list new file mode 100644 index 0000000..f006fd3 --- /dev/null +++ b/files/apt/movai-ubuntu-ports-proxy.list @@ -0,0 +1,18 @@ +# Add ports focal proxy +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal focal universe +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal focal multiverse +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal focal main +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal focal restricted +# Add ports focal-updates proxy +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal-updates focal-updates main +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal-updates focal-updates multiverse +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal-updates focal-updates universe +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal-updates focal-updates restricted +# Add ports focal-backports proxy +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal-backports focal-backports universe +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal-backports focal-backports main +# Add ports focal-security proxy +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal-security focal-security main +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal-security focal-security multiverse +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal-security focal-security universe +deb [arch=arm64,armhf] https://artifacts.aws.cloud.mov.ai/repository/ppa-ports-focal-security focal-security restricted diff --git a/files/apt/movai-ubuntu-security-proxy.list b/files/apt/movai-ubuntu-security-proxy.list new file mode 100644 index 0000000..b12e1c0 --- /dev/null +++ b/files/apt/movai-ubuntu-security-proxy.list @@ -0,0 +1,4 @@ +# Add focal security proxy +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-security-focal focal-security main restricted +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-security-focal focal-security universe +deb [arch=amd64] https://artifacts.aws.cloud.mov.ai/repository/ppa-security-focal focal-security multiverse diff --git a/files/install-packages.sh b/files/install-packages.sh index fbe997e..fa57548 100755 --- a/files/install-packages.sh +++ b/files/install-packages.sh @@ -20,6 +20,11 @@ set -eo pipefail # Install apt dependencies PACKAGE_FILE=/tmp/packages.apt +PACKAGES_SCRIPT=/tmp/packages.bash + +# If there is a package script, install packages then clean up +[ -f ${PACKAGES_SCRIPT} ] && { chmod 700 ${PACKAGES_SCRIPT}; ${PACKAGES_SCRIPT}; rm --preserve-root ${PACKAGES_SCRIPT}; } + # If there is a package definition file, install packages then clean up if [ -f ${PACKAGE_FILE} ]; then @@ -46,11 +51,5 @@ PIP_REQUIREMENTS=/tmp/requirements.txt rm --preserve-root ${PIP_REQUIREMENTS}; } -PACKAGES_SCRIPT=/tmp/packages.bash - -# If there is a package script, install packages then clean up -[ -f ${PACKAGES_SCRIPT} ] && { chmod 700 ${PACKAGES_SCRIPT}; ${PACKAGES_SCRIPT}; rm --preserve-root ${PACKAGES_SCRIPT}; } - - printf "Cleaning up ...\n" rm -rf /tmp/* diff --git a/files/packages.bash b/files/packages.bash index 5737c0f..ffe7b2e 100755 --- a/files/packages.bash +++ b/files/packages.bash @@ -27,7 +27,20 @@ SUDO_COMMANDS=( # Setup available sudo commands for user movai adduser movai sudo +mkdir -p /etc/sudoers.d touch /etc/sudoers.d/movai for SUDO_COMMAND in ${SUDO_COMMANDS[@]}; do echo "%sudo ALL=(ALL) NOPASSWD:SETENV: ${SUDO_COMMAND}" >> /etc/sudoers.d/movai done + +{ + echo "Package: *" + echo "Pin: origin artifacts.cloud.mov.ai" + echo "Pin-Priority: 1001" +} >> /etc/apt/preferences.d/movai + +{ + echo "Package: *" + echo "Pin: origin artifacts.aws.cloud.mov.ai" + echo "Pin-Priority: 1001" +} >> /etc/apt/preferences.d/movai-ros