-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from aakselrod/transition-to-nydig-oss
Transition to NYDIG-OSS
- Loading branch information
Showing
48 changed files
with
11,240 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
name: Dockerized Tests | ||
|
||
on: | ||
push: | ||
branches: [ "master", "main" ] | ||
pull_request: | ||
branches: [ "**" ] | ||
|
||
jobs: | ||
all-tests: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Check out repository code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Run tests in docker container | ||
run: make docker-test-all |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
name: golangci-lint | ||
|
||
on: | ||
push: | ||
tags: [ "v*" ] | ||
branches: [ "master", "main" ] | ||
pull_request: | ||
branches: [ "**" ] | ||
|
||
jobs: | ||
golangci: | ||
name: lint | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/setup-go@v3 | ||
with: | ||
go-version: 1.20.3 | ||
- uses: actions/checkout@v3 | ||
- name: install golangci-lint | ||
run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest | ||
- name: run golangci-lint | ||
run: golangci-lint run |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,204 @@ | ||
name: Build Release Artifacts | ||
|
||
on: | ||
push: | ||
tags: | ||
- v* | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
VAULT_IMAGE_NAME: nydig-oss/vault-plugin-lndsigner | ||
GO_VERSION: 1.20.3 | ||
|
||
jobs: | ||
# This job fetches the latest minor revision for each currently supported vault version. | ||
# The output of this job is used to construct the version matrix in the build-docker-vault job. | ||
vault_latest_versions: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
versions: ${{ steps.generate.outputs.versions }} | ||
steps: | ||
- name: "Generate matrix" | ||
id: generate | ||
run: | | ||
VAULT_VERSIONS=`curl https://raw.githubusercontent.com/docker-library/official-images/master/library/vault | grep -Eo '1\.(9|1[0123])\.[0-9]+' | jq --raw-input --raw-output --slurp 'split("\n") | del(.[] | select(. == "")) | tojson'` | ||
echo "versions=$VAULT_VERSIONS" >> "$GITHUB_OUTPUT" | ||
# This job builds the Vault plugin, and pushes it to the GitHub release | ||
build-vault-plugin: | ||
strategy: | ||
matrix: | ||
os: [ "linux" ] | ||
arch: [ "amd64", "arm64" ] | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v3 | ||
with: | ||
go-version: '${{ env.GO_VERSION }}' | ||
|
||
- name: Build plugin | ||
run: GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} CGO_ENABLED=0 go build -buildvcs=false -o "vault-plugin-lndsigner-${{ matrix.os }}-${{ matrix.arch }}" ./cmd/vault-plugin-lndsigner/ | ||
|
||
- name: Create the SHA256 checksum file | ||
run: shasum -a 256 "vault-plugin-lndsigner-${{ matrix.os }}-${{ matrix.arch }}" | cut -d " " -f1 > "vault-plugin-lndsigner-${{ matrix.os }}-${{ matrix.arch }}.SHA256SUM" | ||
|
||
- name: Upload plugin assets to release | ||
uses: ncipollo/release-action@v1 | ||
with: | ||
artifacts: | | ||
vault-plugin-lndsigner-${{ matrix.os }}-${{ matrix.arch }} | ||
vault-plugin-lndsigner-${{ matrix.os }}-${{ matrix.arch }}.SHA256SUM | ||
body: | | ||
## Docker Images | ||
All images are built for both `linux/amd64` and `linux/arm64` architectures. | ||
### lndsignerd | ||
Pre-built docker images for the `lndsignerd` server are available in multiple flavours: | ||
- Debian (Bullseye): `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}` | ||
- Alpine Linux (3.17): `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-alpine` | ||
### vault-plugin-lndsigner | ||
Pre-built extensions of the latest [base Vault images](https://hub.docker.com/_/vault) with `vault-plugin-lndsigner` pre-installed are available here: | ||
[${{ env.REGISTRY }}/${{ env.VAULT_IMAGE_NAME }}](https://github.com/nydig-oss/lndsigner/pkgs/container/vault-plugin-lndsigner) | ||
Note that the images within this package are provided for testing purposes only. Running a Vault image from an untrusted source in production is not recommended. | ||
generateReleaseNotes: true | ||
prerelease: true | ||
allowUpdates: true | ||
|
||
# This job extends the base Vault docker image by pre-installing the lndsigner plugin created | ||
# by the build-vault-plugin job | ||
build-docker-vault: | ||
runs-on: ubuntu-latest | ||
needs: | ||
- vault_latest_versions | ||
- build-vault-plugin | ||
strategy: | ||
matrix: | ||
vault_version: ${{ fromJSON(needs.vault_latest_versions.outputs.versions) }} | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v2 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
|
||
- name: Login to GHCR | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: "Extract metadata (tags, labels) for Docker" | ||
id: meta | ||
uses: docker/metadata-action@v4 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.VAULT_IMAGE_NAME }} | ||
tags: | | ||
type=ref,event=tag | ||
flavor: | | ||
prefix=${{ matrix.vault_version }}-lndsigner- | ||
latest=${{ startsWith(matrix.vault_version, '1.12') }} | ||
labels: | | ||
org.opencontainers.image.title=Vault (with lndsigner) | ||
org.opencontainers.image.description=The base Hashicorp Vault image (library/vault), with the lndsigner plugin pre-installed. | ||
org.opencontainers.image.vendor=Hashicorp (Vault), NYDIG (lndsigner) | ||
org.opencontainers.image.source=https://github.com/nydig-oss/lndsigner | ||
org.opencontainers.image.version=${{ github.ref_name }} | ||
org.opencontainers.image.licenses=(MPL-2.0 AND MIT) | ||
org.opencontainers.image.base.name=docker.io/library/vault:${{ matrix.vault_version }} | ||
- name: Build the Docker image | ||
uses: docker/build-push-action@v3 | ||
with: | ||
context: . | ||
file: Dockerfile.vault | ||
platforms: linux/amd64,linux/arm64 | ||
build-args: | | ||
VAULT_VER=${{ matrix.vault_version }} | ||
VAULT_SIGNER_PLUGIN_VER=${{ github.ref_name }} | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
push: true | ||
|
||
# This job builds the lndsigner server image | ||
build-docker-lndsigner: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v2 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
|
||
- name: Login to GHCR | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Build the Docker image | ||
uses: docker/build-push-action@v3 | ||
with: | ||
context: . | ||
target: release-builder | ||
platforms: linux/amd64,linux/arm64 | ||
|
||
- name: "Debian: Extract metadata (tags, labels) for Docker" | ||
id: debian_meta | ||
uses: docker/metadata-action@v4 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
tags: | | ||
type=ref,event=tag | ||
type=sha | ||
flavor: | | ||
latest=auto | ||
- name: "Debian: Push Docker image" | ||
uses: docker/build-push-action@v3 | ||
with: | ||
context: . | ||
push: true | ||
tags: ${{ steps.debian_meta.outputs.tags }} | ||
labels: ${{ steps.debian_meta.outputs.labels }} | ||
platforms: linux/amd64,linux/arm64 | ||
target: debian | ||
|
||
- name: "Alpine: Extract metadata (tags, labels) for Docker" | ||
id: alpine_meta | ||
uses: docker/metadata-action@v4 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
tags: | | ||
type=ref,event=tag | ||
type=sha | ||
flavor: | | ||
suffix=-alpine | ||
- name: "Alpine: Push Docker image" | ||
uses: docker/build-push-action@v3 | ||
with: | ||
context: . | ||
push: true | ||
tags: ${{ steps.alpine_meta.outputs.tags }} | ||
labels: ${{ steps.alpine_meta.outputs.labels }} | ||
platforms: linux/amd64,linux/arm64 | ||
target: alpine |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# Binaries for programs and plugins | ||
*.exe | ||
*.exe~ | ||
*.dll | ||
*.so | ||
*.dylib | ||
|
||
# Test binary, built with `go test -c` | ||
*.test | ||
|
||
# Output of the go coverage tool, specifically when used with LiteIDE | ||
*.out | ||
|
||
# Dependency directories (remove the comment below to include it) | ||
# vendor/ | ||
|
||
# vim | ||
*.swp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
ARG gover=1.20.3 | ||
|
||
# Build a release binary | ||
|
||
FROM golang:$gover AS release-builder | ||
|
||
COPY . /go/src/github.com/nydig-oss/lndsigner | ||
|
||
RUN cd /go/src/github.com/nydig-oss/lndsigner \ | ||
&& CGO_ENABLED=0 go install -buildvcs=false \ | ||
github.com/nydig-oss/lndsigner/cmd/... | ||
|
||
### Build an Alpine image | ||
FROM alpine:3.17 as alpine | ||
|
||
# Update CA certs | ||
RUN apk add --no-cache ca-certificates && rm -rf /var/cache/apk/* | ||
|
||
# Copy over app binary | ||
COPY --from=release-builder /go/bin/lndsignerd /usr/bin/lndsignerd | ||
|
||
# Add a user | ||
RUN mkdir -p /app && adduser -D lndsignerd && chown -R lndsignerd /app | ||
USER lndsignerd | ||
|
||
WORKDIR /app/ | ||
|
||
CMD [ "/usr/bin/lndsignerd" ] | ||
|
||
### Build a Debian image | ||
FROM debian:bullseye-slim as debian | ||
|
||
# Update CA certs | ||
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/* | ||
|
||
# Copy over app binary | ||
COPY --from=release-builder /go/bin/lndsignerd /usr/bin/lndsignerd | ||
|
||
# Add a user | ||
RUN mkdir -p /app && adduser --disabled-login lndsignerd && chown -R lndsignerd /app | ||
USER lndsignerd | ||
|
||
WORKDIR /app | ||
|
||
CMD [ "/usr/bin/lndsignerd" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
ARG gover=1.20.3 | ||
|
||
FROM golang:$gover | ||
|
||
ARG goplatform | ||
ARG cplatform | ||
ARG lnd | ||
ARG bitcoind | ||
ARG vault | ||
|
||
RUN apt update && apt-get install -y zip | ||
|
||
RUN cd /root && \ | ||
wget https://bitcoincore.org/bin/bitcoin-core-$bitcoind/bitcoin-${bitcoind}-${cplatform}-linux-gnu.tar.gz && \ | ||
tar xfz bitcoin-$bitcoind-$cplatform-linux-gnu.tar.gz && \ | ||
mv bitcoin-$bitcoind/bin/* /usr/local/bin/ && \ | ||
wget https://github.com/lightningnetwork/lnd/releases/download/$lnd/lnd-linux-$goplatform-$lnd.tar.gz && \ | ||
tar xfz lnd-linux-$goplatform-$lnd.tar.gz && \ | ||
mv lnd-linux-$goplatform-$lnd/* /usr/local/bin/ && \ | ||
wget https://releases.hashicorp.com/vault/$vault/vault_${vault}_linux_${goplatform}.zip && \ | ||
unzip vault_${vault}_linux_${goplatform}.zip && \ | ||
mv vault /usr/local/bin/ && \ | ||
go install github.com/go-delve/delve/cmd/dlv@latest && \ | ||
git config --global --add safe.directory /app && \ | ||
echo "export PATH='$PATH:/usr/local/go/bin:/root/go/bin'" >> .bashrc | ||
|
||
VOLUME [ "/app" ] | ||
|
||
WORKDIR /app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
ARG VAULT_VER=1.11.7 | ||
|
||
FROM library/vault:${VAULT_VER} | ||
ARG TARGETARCH | ||
ARG VAULT_SIGNER_PLUGIN_VER | ||
|
||
ADD https://github.com/nydig-oss/lndsigner/releases/download/${VAULT_SIGNER_PLUGIN_VER}/vault-plugin-lndsigner-linux-${TARGETARCH} /vault/plugins/vault-plugin-lndsigner | ||
ADD https://github.com/nydig-oss/lndsigner/releases/download/${VAULT_SIGNER_PLUGIN_VER}/vault-plugin-lndsigner-linux-${TARGETARCH}.SHA256SUM /vault/plugins/vault-plugin-lndsigner.SHA256SUM | ||
ADD LICENSE /vault/plugins/vault-plugin-lndsigner.LICENSE | ||
|
||
RUN \ | ||
chown -R vault:vault /vault/plugins \ | ||
&& chmod +x /vault/plugins/vault-plugin-lndsigner \ | ||
&& setcap cap_ipc_lock=+ep /vault/plugins/vault-plugin-lndsigner |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
Copyright (C) 2013-2017 The btcsuite developers | ||
Copyright (C) 2015-2016 The Decred developers | ||
Copyright (C) 2015-2022 Lightning Labs and The Lightning Network Developers | ||
Copyright (C) 2022 Bottlepay and The Lightning Network Developers | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in | ||
all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
THE SOFTWARE. |
Oops, something went wrong.