constellation/e2e/malicious-join/BUILD.bazel

load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun")
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push")
load("@rules_pkg//:pkg.bzl", "pkg_tar")
load("//bazel/sh:def.bzl", "sh_template")

go_library(
    name = "malicious-join_lib",
    srcs = ["malicious-join.go"],
    importpath = "github.com/edgelesssys/constellation/v2/e2e/malicious-join",
    visibility = ["//visibility:public"],
    deps = [
        "//internal/attestation/variant",
        "//internal/cloud/cloudprovider",
        "//internal/grpc/dialer",
        "//internal/logger",
        "//joinservice/joinproto",
        "@org_uber_go_zap//zapcore",
    ],
)

go_binary(
    name = "malicious-join_bin",
    embed = [":malicious-join_lib"],
    pure = "on",
    race = "off",
    visibility = ["//visibility:public"],
)

pkg_tar(
    name = "layer",
    srcs = [
        ":malicious-join_bin",
    ],
    mode = "0755",
    remap_paths = {"/malicious-join_bin": "/malicious-join_bin"},
)

oci_image(
    name = "malicious-join_image",
    base = "@distroless_static_linux_amd64",
    entrypoint = ["/malicious-join_bin"],
    tars = [
        ":layer",
    ],
    visibility = ["//visibility:public"],
)

genrule(
    name = "malicious-join-test_repotag",
    srcs = [
        "//bazel/settings:tag",
    ],
    outs = ["repotag.txt"],
    cmd = "echo -n 'ghcr.io/edgelesssys/malicious-join-test:' | cat - $(location //bazel/settings:tag) > $@",
    visibility = ["//visibility:public"],
)

oci_push(
    name = "malicious-join_push",
    image = ":malicious-join_image",
    repotags = ":repotag.txt",
)

sh_template(
    name = "template_job",
    data = [
        "job.yaml",
        ":repotag.txt",
        "@yq_toolchains//:resolved_toolchain",
    ],
    substitutions = {
        "@@REPO_TAG@@": "$(rootpath :repotag.txt)",
        "@@TEMPLATE@@": "$(rootpath :job.yaml)",
        "@@YQ_BIN@@": "$(rootpath @yq_toolchains//:resolved_toolchain)",
    },
    template = "job_template.sh.in",
    visibility = ["//visibility:public"],
)

multirun(
    name = "stamp_and_push",
    commands = [
        ":template_job",
        ":malicious-join_push",
    ],
    visibility = ["//visibility:public"],
)
ci: add malicious join test (#2304) * malicious node join test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add e2e build tag Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add namespaces to job apply Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix image and workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * build instructions in Dockerfile Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only print important flags Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `malicious-join` namespace Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * build with bazel Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * order imports Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * test cases Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * various fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing quotes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update e2e/malicious-join/malicious-join.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update e2e/malicious-join/malicious-join.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * use switch case Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * various fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use workdir Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add required permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove packages: write permission at step Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * login to registry Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix log Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * source base lib Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix sourcing order Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * export after definition Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix script header Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * dont exit after -e flag has been set Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-09-15 11:21:42 -04:00			`load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun")`
			`load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")`
			`load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push")`
			`load("@rules_pkg//:pkg.bzl", "pkg_tar")`
			`load("//bazel/sh:def.bzl", "sh_template")`

			`go_library(`
			`name = "malicious-join_lib",`
			`srcs = ["malicious-join.go"],`
			`importpath = "github.com/edgelesssys/constellation/v2/e2e/malicious-join",`
			`visibility = ["//visibility:public"],`
			`deps = [`
			`"//internal/attestation/variant",`
			`"//internal/cloud/cloudprovider",`
			`"//internal/grpc/dialer",`
			`"//internal/logger",`
			`"//joinservice/joinproto",`
			`"@org_uber_go_zap//zapcore",`
			`],`
			`)`

			`go_binary(`
			`name = "malicious-join_bin",`
			`embed = [":malicious-join_lib"],`
			`pure = "on",`
			`race = "off",`
			`visibility = ["//visibility:public"],`
			`)`

			`pkg_tar(`
			`name = "layer",`
			`srcs = [`
			`":malicious-join_bin",`
			`],`
			`mode = "0755",`
			`remap_paths = {"/malicious-join_bin": "/malicious-join_bin"},`
			`)`

			`oci_image(`
			`name = "malicious-join_image",`
			`base = "@distroless_static_linux_amd64",`
			`entrypoint = ["/malicious-join_bin"],`
			`tars = [`
			`":layer",`
			`],`
			`visibility = ["//visibility:public"],`
			`)`

			`genrule(`
			`name = "malicious-join-test_repotag",`
			`srcs = [`
			`"//bazel/settings:tag",`
			`],`
			`outs = ["repotag.txt"],`
			`cmd = "echo -n 'ghcr.io/edgelesssys/malicious-join-test:' \| cat - $(location //bazel/settings:tag) > $@",`
			`visibility = ["//visibility:public"],`
			`)`

			`oci_push(`
			`name = "malicious-join_push",`
			`image = ":malicious-join_image",`
			`repotags = ":repotag.txt",`
			`)`

			`sh_template(`
			`name = "template_job",`
			`data = [`
			`"job.yaml",`
			`":repotag.txt",`
			`"@yq_toolchains//:resolved_toolchain",`
			`],`
			`substitutions = {`
			`"@@REPO_TAG@@": "$(rootpath :repotag.txt)",`
			`"@@TEMPLATE@@": "$(rootpath :job.yaml)",`
			`"@@YQ_BIN@@": "$(rootpath @yq_toolchains//:resolved_toolchain)",`
			`},`
			`template = "job_template.sh.in",`
			`visibility = ["//visibility:public"],`
			`)`

			`multirun(`
			`name = "stamp_and_push",`
			`commands = [`
			`":template_job",`
			`":malicious-join_push",`
			`],`
			`visibility = ["//visibility:public"],`
			`)`