feat(packages): Add NeuVector Manager and CLI

Signed-off-by: RJ Sampson <rj.sampson@chainguard.dev>
wolfi-dev · Apr 9, 2024 · 4886d5c · 4886d5c
1 parent 97c040c
commit 4886d5c
Showing 1 changed file with 102 additions and 0 deletions.
diff --git a/neuvector-manager-5.3.yaml b/neuvector-manager-5.3.yaml
@@ -0,0 +1,102 @@
+package:
+  name: neuvector-manager-5.3
+  version: 5.3.2
+  epoch: 0
+  description: NeuVector Security Center Admin Console.
+  copyright:
+    - license: Apache-2.0
+  dependencies:
+    provides:
+      - neuvector-manager=${{package.full-version}}
+    runtime:
+      - openjdk-11-default-jvm
+
+environment:
+  environment:
+    JAVA_OPTS: "-Xms2g -Xmx3g"
+  contents:
+    packages:
+      - busybox
+      - openjdk-11
+      - openjdk-11-default-jvm
+      - py3-pip
+      - python3
+      - sbt
+      - wget
+      - zip
+
+pipeline:
+  - uses: git-checkout
+    with:
+      expected-commit: 67402fe784d6e6ec362cd04116b0d5929d247767
+      repository: https://github.com/neuvector/manager
+      tag: v${{package.version}}
+
+  - runs: |
+      # Build and compress JAR
+      sbt admin/assembly
+      zip -d admin/target/scala-2.11/admin-assembly-1.0.jar rest-management-private-classpath\*
+
+      # Unfortunately, a lot of things are hardcoded to /usr/local/...
+      mkdir -p ${{targets.contextdir}}/usr/local/bin
+      install -Dm755 admin/target/scala-2.11/admin-assembly-1.0.jar ${{targets.contextdir}}/usr/local/bin/
+      install -Dm755 scripts/* ${{targets.contextdir}}/usr/local/bin/
+
+      # Retrieve certs
+      mkdir -p ${{targets.contextdir}}/etc/neuvector/certs
+      wget https://raw.githubusercontent.com/neuvector/manifests/main/build/share/etc/neuvector/certs/ssl-cert.key -P ${{targets.contextdir}}/etc/neuvector/certs/
+      wget https://raw.githubusercontent.com/neuvector/manifests/main/build/share/etc/neuvector/certs/ssl-cert.pem -P ${{targets.contextdir}}/etc/neuvector/certs/
+
+  - uses: strip
+
+subpackages:
+  - name: ${{package.name}}-cli
+    description: NeuVector Manager CLI
+    dependencies:
+      provides:
+        - neuvector-manager-cli=${{package.full-version}}
+      runtime:
+        - py3-click
+        - py3-requests
+        - py3-six
+        - py3-urllib3
+        - python-3.12-base
+        - supervisor
+    pipeline:
+      - runs: |
+          # Setup virtual environment
+          python3 -m venv .venv --system-site-packages
+          .venv/bin/pip install -I cmd2 prettytable --no-compile
+
+          # Remove pip from venv
+          .venv/bin/pip uninstall --yes pip
+
+          # Upstream places this at /. Let's put it in /usr/share/...
+          mkdir -p ${{targets.contextdir}}/usr/share/neuvector-manager-cli
+          mv .venv ${{targets.contextdir}}/usr/share/neuvector-manager-cli/
+
+          # Install CLI
+          mkdir -p ${{targets.contextdir}}/usr/local/bin
+          install -Dm755 cli/cli.py ${{targets.contextdir}}/usr/share/neuvector-manager-cli/.venv/bin/cli
+          ln -sf /usr/share/neuvector-manager-cli/.venv/bin/cli ${{targets.contextdir}}/usr/local/bin/cli
+          mv cli/prog ${{targets.contextdir}}/usr/share/neuvector-manager-cli/.venv/bin/
+
+          # Use Python provided by venv
+          sed -i "s|bin/python3|share/neuvector-manager-cli/.venv/bin/python3|g" ${{targets.contextdir}}/usr/share/neuvector-manager-cli/.venv/bin/cli
+    test:
+      pipeline:
+        - runs: |
+            cli -h
+
+test:
+  pipeline:
+    - runs: |
+        java -jar /usr/local/bin/admin-assembly-1.0.jar & sleep 2; kill $!
+
+update:
+  enabled: true
+  github:
+    identifier: neuvector/manager
+    strip-prefix: v
+    tag-filter: v5.3.
+    use-tag: true