Skip to content

Commit

Permalink
Merge pull request #1 from aakselrod/transition-to-nydig-oss
Browse files Browse the repository at this point in the history
Transition to NYDIG-OSS
  • Loading branch information
aakselrod-nydig authored May 10, 2023
2 parents a11bb4e + e624444 commit 77c97e7
Show file tree
Hide file tree
Showing 48 changed files with 11,240 additions and 1 deletion.
18 changes: 18 additions & 0 deletions .github/workflows/docker-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Dockerized Tests

on:
push:
branches: [ "master", "main" ]
pull_request:
branches: [ "**" ]

jobs:
all-tests:
runs-on: ubuntu-latest

steps:
- name: Check out repository code
uses: actions/checkout@v3

- name: Run tests in docker container
run: make docker-test-all
22 changes: 22 additions & 0 deletions .github/workflows/golangci-lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: golangci-lint

on:
push:
tags: [ "v*" ]
branches: [ "master", "main" ]
pull_request:
branches: [ "**" ]

jobs:
golangci:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.20.3
- uses: actions/checkout@v3
- name: install golangci-lint
run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
- name: run golangci-lint
run: golangci-lint run
204 changes: 204 additions & 0 deletions .github/workflows/release-build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
name: Build Release Artifacts

on:
push:
tags:
- v*

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
VAULT_IMAGE_NAME: nydig-oss/vault-plugin-lndsigner
GO_VERSION: 1.20.3

jobs:
# This job fetches the latest minor revision for each currently supported vault version.
# The output of this job is used to construct the version matrix in the build-docker-vault job.
vault_latest_versions:
runs-on: ubuntu-latest
outputs:
versions: ${{ steps.generate.outputs.versions }}
steps:
- name: "Generate matrix"
id: generate
run: |
VAULT_VERSIONS=`curl https://raw.githubusercontent.com/docker-library/official-images/master/library/vault | grep -Eo '1\.(9|1[0123])\.[0-9]+' | jq --raw-input --raw-output --slurp 'split("\n") | del(.[] | select(. == "")) | tojson'`
echo "versions=$VAULT_VERSIONS" >> "$GITHUB_OUTPUT"
# This job builds the Vault plugin, and pushes it to the GitHub release
build-vault-plugin:
strategy:
matrix:
os: [ "linux" ]
arch: [ "amd64", "arm64" ]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: '${{ env.GO_VERSION }}'

- name: Build plugin
run: GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} CGO_ENABLED=0 go build -buildvcs=false -o "vault-plugin-lndsigner-${{ matrix.os }}-${{ matrix.arch }}" ./cmd/vault-plugin-lndsigner/

- name: Create the SHA256 checksum file
run: shasum -a 256 "vault-plugin-lndsigner-${{ matrix.os }}-${{ matrix.arch }}" | cut -d " " -f1 > "vault-plugin-lndsigner-${{ matrix.os }}-${{ matrix.arch }}.SHA256SUM"

- name: Upload plugin assets to release
uses: ncipollo/release-action@v1
with:
artifacts: |
vault-plugin-lndsigner-${{ matrix.os }}-${{ matrix.arch }}
vault-plugin-lndsigner-${{ matrix.os }}-${{ matrix.arch }}.SHA256SUM
body: |
## Docker Images
All images are built for both `linux/amd64` and `linux/arm64` architectures.
### lndsignerd
Pre-built docker images for the `lndsignerd` server are available in multiple flavours:
- Debian (Bullseye): `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}`
- Alpine Linux (3.17): `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-alpine`
### vault-plugin-lndsigner
Pre-built extensions of the latest [base Vault images](https://hub.docker.com/_/vault) with `vault-plugin-lndsigner` pre-installed are available here:
[${{ env.REGISTRY }}/${{ env.VAULT_IMAGE_NAME }}](https://github.com/nydig-oss/lndsigner/pkgs/container/vault-plugin-lndsigner)
Note that the images within this package are provided for testing purposes only. Running a Vault image from an untrusted source in production is not recommended.
generateReleaseNotes: true
prerelease: true
allowUpdates: true

# This job extends the base Vault docker image by pre-installing the lndsigner plugin created
# by the build-vault-plugin job
build-docker-vault:
runs-on: ubuntu-latest
needs:
- vault_latest_versions
- build-vault-plugin
strategy:
matrix:
vault_version: ${{ fromJSON(needs.vault_latest_versions.outputs.versions) }}
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: "Extract metadata (tags, labels) for Docker"
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.VAULT_IMAGE_NAME }}
tags: |
type=ref,event=tag
flavor: |
prefix=${{ matrix.vault_version }}-lndsigner-
latest=${{ startsWith(matrix.vault_version, '1.12') }}
labels: |
org.opencontainers.image.title=Vault (with lndsigner)
org.opencontainers.image.description=The base Hashicorp Vault image (library/vault), with the lndsigner plugin pre-installed.
org.opencontainers.image.vendor=Hashicorp (Vault), NYDIG (lndsigner)
org.opencontainers.image.source=https://github.com/nydig-oss/lndsigner
org.opencontainers.image.version=${{ github.ref_name }}
org.opencontainers.image.licenses=(MPL-2.0 AND MIT)
org.opencontainers.image.base.name=docker.io/library/vault:${{ matrix.vault_version }}
- name: Build the Docker image
uses: docker/build-push-action@v3
with:
context: .
file: Dockerfile.vault
platforms: linux/amd64,linux/arm64
build-args: |
VAULT_VER=${{ matrix.vault_version }}
VAULT_SIGNER_PLUGIN_VER=${{ github.ref_name }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: true

# This job builds the lndsigner server image
build-docker-lndsigner:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build the Docker image
uses: docker/build-push-action@v3
with:
context: .
target: release-builder
platforms: linux/amd64,linux/arm64

- name: "Debian: Extract metadata (tags, labels) for Docker"
id: debian_meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=tag
type=sha
flavor: |
latest=auto
- name: "Debian: Push Docker image"
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.debian_meta.outputs.tags }}
labels: ${{ steps.debian_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
target: debian

- name: "Alpine: Extract metadata (tags, labels) for Docker"
id: alpine_meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=tag
type=sha
flavor: |
suffix=-alpine
- name: "Alpine: Push Docker image"
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.alpine_meta.outputs.tags }}
labels: ${{ steps.alpine_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
target: alpine
18 changes: 18 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Binaries for programs and plugins
*.exe
*.exe~
*.dll
*.so
*.dylib

# Test binary, built with `go test -c`
*.test

# Output of the go coverage tool, specifically when used with LiteIDE
*.out

# Dependency directories (remove the comment below to include it)
# vendor/

# vim
*.swp
45 changes: 45 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
ARG gover=1.20.3

# Build a release binary

FROM golang:$gover AS release-builder

COPY . /go/src/github.com/nydig-oss/lndsigner

RUN cd /go/src/github.com/nydig-oss/lndsigner \
&& CGO_ENABLED=0 go install -buildvcs=false \
github.com/nydig-oss/lndsigner/cmd/...

### Build an Alpine image
FROM alpine:3.17 as alpine

# Update CA certs
RUN apk add --no-cache ca-certificates && rm -rf /var/cache/apk/*

# Copy over app binary
COPY --from=release-builder /go/bin/lndsignerd /usr/bin/lndsignerd

# Add a user
RUN mkdir -p /app && adduser -D lndsignerd && chown -R lndsignerd /app
USER lndsignerd

WORKDIR /app/

CMD [ "/usr/bin/lndsignerd" ]

### Build a Debian image
FROM debian:bullseye-slim as debian

# Update CA certs
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*

# Copy over app binary
COPY --from=release-builder /go/bin/lndsignerd /usr/bin/lndsignerd

# Add a user
RUN mkdir -p /app && adduser --disabled-login lndsignerd && chown -R lndsignerd /app
USER lndsignerd

WORKDIR /app

CMD [ "/usr/bin/lndsignerd" ]
29 changes: 29 additions & 0 deletions Dockerfile.dev
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
ARG gover=1.20.3

FROM golang:$gover

ARG goplatform
ARG cplatform
ARG lnd
ARG bitcoind
ARG vault

RUN apt update && apt-get install -y zip

RUN cd /root && \
wget https://bitcoincore.org/bin/bitcoin-core-$bitcoind/bitcoin-${bitcoind}-${cplatform}-linux-gnu.tar.gz && \
tar xfz bitcoin-$bitcoind-$cplatform-linux-gnu.tar.gz && \
mv bitcoin-$bitcoind/bin/* /usr/local/bin/ && \
wget https://github.com/lightningnetwork/lnd/releases/download/$lnd/lnd-linux-$goplatform-$lnd.tar.gz && \
tar xfz lnd-linux-$goplatform-$lnd.tar.gz && \
mv lnd-linux-$goplatform-$lnd/* /usr/local/bin/ && \
wget https://releases.hashicorp.com/vault/$vault/vault_${vault}_linux_${goplatform}.zip && \
unzip vault_${vault}_linux_${goplatform}.zip && \
mv vault /usr/local/bin/ && \
go install github.com/go-delve/delve/cmd/dlv@latest && \
git config --global --add safe.directory /app && \
echo "export PATH='$PATH:/usr/local/go/bin:/root/go/bin'" >> .bashrc

VOLUME [ "/app" ]

WORKDIR /app
14 changes: 14 additions & 0 deletions Dockerfile.vault
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
ARG VAULT_VER=1.11.7

FROM library/vault:${VAULT_VER}
ARG TARGETARCH
ARG VAULT_SIGNER_PLUGIN_VER

ADD https://github.com/nydig-oss/lndsigner/releases/download/${VAULT_SIGNER_PLUGIN_VER}/vault-plugin-lndsigner-linux-${TARGETARCH} /vault/plugins/vault-plugin-lndsigner
ADD https://github.com/nydig-oss/lndsigner/releases/download/${VAULT_SIGNER_PLUGIN_VER}/vault-plugin-lndsigner-linux-${TARGETARCH}.SHA256SUM /vault/plugins/vault-plugin-lndsigner.SHA256SUM
ADD LICENSE /vault/plugins/vault-plugin-lndsigner.LICENSE

RUN \
chown -R vault:vault /vault/plugins \
&& chmod +x /vault/plugins/vault-plugin-lndsigner \
&& setcap cap_ipc_lock=+ep /vault/plugins/vault-plugin-lndsigner
22 changes: 22 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
Copyright (C) 2013-2017 The btcsuite developers
Copyright (C) 2015-2016 The Decred developers
Copyright (C) 2015-2022 Lightning Labs and The Lightning Network Developers
Copyright (C) 2022 Bottlepay and The Lightning Network Developers

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
Loading

0 comments on commit 77c97e7

Please sign in to comment.