Github Action Pipeline For ChainCode Builder

.github/workflows/image-build-pr.yaml

@@ -0,0 +1,62 @@
+#
+# Copyright contributors to the Hyperledger Fabric Operator project
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# 	  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: Chaincode Builder Image Build and Checks
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+env:
+  GO_VER: 1.24.3
+  GOPROXY: "https://proxy.golang.org,direct" # Bypass all proxies to avoid TLS issues
+  GO111MODULE: on # Ensure module-aware mode
+  GOPATH: /opt/go
+jobs:
+  build-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up go
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ env.GO_VER }}
+      - name: Ensure Go is in PATH
+        run: |
+           echo "GOPATH: $GOPATH"
+           echo "PATH: $PATH"
+      - name: Check Go version
+        run: |
+          echo "*********************Go version:***************************"
+          go version
+          echo "************************************************************"
+      - name: unit-tests
+        run: go test `go list ./... | grep -v integration`
+      - name: checks
+        run: |
+           echo "*********************Running checks*************************"
+           chmod +x scripts/*
+           make checks
+      - name: gosec
+        run: make gosec
+      - name: build
+        run: make image
+

.github/workflows/image.build.yml

@@ -0,0 +1,16 @@
+name: Build and Push Chaincode Builder image
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Push
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
+          make image image-push

.gitignore

@@ -3,4 +3,5 @@ build/
 .env
 golang_copyright.txt
 shell_copyright.txt
-launch.json
+launch.json
+.DS_Store

Dockerfile

@@ -0,0 +1,64 @@
+#
+# Copyright contributors to the Hyperledger Fabric Operations Console project
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# 	  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+ARG ARCH
+ARG GO_VER
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal as builder
+ARG GO_VER
+ARG ARCH
+# gcc required for cgo
+RUN microdnf install -y make gcc tar gzip gcc-c++ && microdnf clean all
+RUN echo "GO_VER=${GO_VER}" && echo "ARCH=${ARCH}"
+RUN test -n "$GO_VER" && test -n "$ARCH" || (echo "GO_VER or ARCH not set!" && exit 1)
+
+RUN curl -sSL https://go.dev/dl/go${GO_VER}.linux-${ARCH}.tar.gz | tar zxf - -C /usr/local
+
+ENV PATH="/usr/local/go/bin:$PATH"
+COPY . /go/src/github.ibm.com/fabric/fabric-chaincode-builder
+WORKDIR /go/src/github.ibm.com/fabric/fabric-chaincode-builder
+RUN GOOS=linux GOARCH=$(go env GOARCH) go build -o build/fabric-chaincode-builder ./cmd/ibp-builder
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal
+ARG IBP_VER
+ARG BUILD_ID
+ARG BUILD_DATE
+
+
+ENV BUILDER=/usr/local/bin/fabric-chaincode-builder \
+    USER_UID=1001 \
+    USER_NAME=fabric-chaincode-builder \
+    CLIENT_TIMEOUT=5m \
+    FILE_SERVER_LISTEN_IP=0.0.0.0 \
+    FILE_SERVER_LISTEN_PORT=22222 \
+    SHARED_VOLUME_PATH=/data \
+    SIDECAR_LISTEN_ADDRESS=0.0.0.0:11111
+
+RUN microdnf update -y
+RUN microdnf install -y shadow-utils iputils
+RUN groupadd -g 7051 ibp-user \
+    && useradd -u 7051 -g ibp-user -s /bin/bash ibp-user \
+    && microdnf remove -y shadow-utils \
+    && microdnf clean -y all;
+
+COPY --from=builder /go/src/github.ibm.com/fabric/fabric-chaincode-builder/build/fabric-chaincode-builder ${BUILDER}
+COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+
+USER ibp-user
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD [ "sh", "-c", "fabric-chaincode-builder --kubeconfig \"${KUBECONFIG}\" --kubeNamespace \"${KUBE_NAMESPACE}\" --clientTimeout \"${CLIENT_TIMEOUT}\" --peerID \"${PEER_ID}\" --sharedVolumePath \"${SHARED_VOLUME_PATH}\" --fileServerListenAddress \"${FILE_SERVER_LISTEN_IP}:${FILE_SERVER_LISTEN_PORT}\" --sidecarListenAddress \"${SIDECAR_LISTEN_ADDRESS}\" --fileServerBaseURL \"${FILE_SERVER_BASE_URL}\"" ]

Makefile

@@ -0,0 +1,70 @@
+#
+# Copyright contributors to the Hyperledger Fabric Operator project
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# 	  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+IMAGE ?= ghcr.io/hyperledger-labs/fabric-chaincode-builder
+TAG ?= $(shell git rev-parse --short HEAD)
+ARCH ?= $(shell go env GOARCH)
+BRANCH ?= $(shell git branch --show-current)
+DOCKER_IMAGE_REPO ?= ghcr.io
+REGISTRY ?= $(DOCKER_IMAGE_REPO)/ibp-golang
+GO_VER ?= 1.24.3
+BUILD_DATE = $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
+GOOS ?= $(shell go env GOOS)
+
+
+BUILD_ARGS=--build-arg ARCH=$(ARCH)
+BUILD_ARGS+=--build-arg REGISTRY=$(REGISTRY)
+BUILD_ARGS+=--build-arg BUILD_ID=$(TAG)
+BUILD_ARGS+=--build-arg BUILD_DATE=$(BUILD_DATE)
+BUILD_ARGS+=--build-arg GO_VER=$(GO_VER)
+
+
+.PHONY: build login
+
+int-tests:
+	@ginkgo -v ./integration
+
+build:
+	GOOS=$(GOOS) GOARCH=$(ARCH) go build -o build/fabric-chaincode-builder ./cmd/ibp-builder
+	GOOS=$(GOOS) GOARCH=$(ARCH) go build -o build/fabric-chaincode-builder-client ./cmd/ibp-builder-client
+
+image: ## Builds a x86 based image
+	@go mod vendor
+	docker build --rm . -f Dockerfile $(BUILD_ARGS) -t $(IMAGE):$(TAG)-$(ARCH)
+	docker tag $(IMAGE):$(TAG)-$(ARCH) $(IMAGE):latest-$(ARCH)
+
+image-nologin:
+	@go mod vendor
+	docker build --rm . -f Dockerfile $(BUILD_ARGS) -t $(IMAGE):$(TAG)-$(ARCH)
+	docker tag $(IMAGE):$(TAG)-$(ARCH) $(IMAGE):latest-$(ARCH)
+image-push: 
+	docker push $(IMAGE):$(TAG)-$(ARCH)
+
+unit-tests:
+	go test `go list ./... | grep -v integration`
+
+gosec:
+	@scripts/go-sec.sh
+
+checks: license
+	@scripts/checks
+
+.PHONY: license
+license:
+	@scripts/check-license.sh

scripts/check-license.sh

@@ -0,0 +1,138 @@
+#!/bin/bash
+#
+# Copyright contributors to the Hyperledger Fabric Operations Console project
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# 	  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+cat << EOB > golang_copyright.txt
+/*
+ * Copyright contributors to the Hyperledger Fabric Operations Console project
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * 	  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+EOB
+
+cat << EOB > shell_copyright.txt
+#
+# Copyright contributors to the Hyperledger Fabric Operations Console project
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# 	  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+EOB
+
+function filterGeneratedFiles {
+    for f in $@; do
+        head -n5 $f | grep -qE 'Code generated by.*DO NOT EDIT' || echo $f
+    done
+}
+
+function filterExcludedFiles {
+  CHECK=`echo "$CHECK" \
+		| grep -v "^\.build/" \
+		| grep -v "^\.git/" \
+		| grep -v "^\.gitignore" \
+		| grep -v "\.json$" \
+		| grep -v "\.pem$" \
+		| grep -v "\.crt$" \
+		| grep -v "\.txt$" \
+		| grep -v "\.md$" \
+		| grep -v "_sk$" \
+		| grep -v "\.key$" \
+		| grep -v "\.gen\.go$" \
+		| grep -v "tools/" \
+		| grep -v "testdata/" \
+		| grep -v "vendor/" \
+		| grep -v "go.mod" \
+		| grep -v "go.sum" \
+		| grep -v .secrets.baseline \
+		| grep -v .pre-commit-config.yaml \
+		| sort -u`
+
+  CHECK=$(filterGeneratedFiles "$CHECK")
+}
+
+CHECK=$(git diff --name-only --diff-filter=ACMRTUXB HEAD)
+filterExcludedFiles
+if [[ -z "$CHECK" ]]; then
+  CHECK=$(git diff-tree --no-commit-id --name-only --diff-filter=ACMRTUXB -r "HEAD^..HEAD")
+  filterExcludedFiles
+fi
+
+if [[ -z "$CHECK" ]]; then
+   echo "All files are excluded from having license headers"
+   exit 0
+fi
+
+missing=`echo "$CHECK" | xargs ls -d 2>/dev/null | xargs grep -L "SPDX-License-Identifier: Apache-2.0"`
+if [[ -z "$missing" ]]; then
+   echo "All files have SPDX-License-Identifier: Apache-2.0"
+   exit 0
+fi
+
+TMPFILE="./tmpfile"
+
+for FILE in ${missing}; do
+	EXT="${FILE##*.}"
+	echo "Adding copyright notice to $FILE"
+	if [ "${EXT}" = "go" ]; then
+		cat golang_copyright.txt ${FILE} > ${TMPFILE}
+		cat ${TMPFILE} > ${FILE}
+		rm -f ${TMPFILE}
+		echo "	${FILE} copyright notice added"
+	elif [ "${EXT}" = "yaml" ]; then
+		cat shell_copyright.txt ${FILE} > ${TMPFILE}
+		cat ${TMPFILE} > ${FILE}
+		rm -f ${TMPFILE}
+		echo "	${FILE} copyright notice added"
+	elif [ "${EXT}" = "sh" ]; then
+		cat shell_copyright.txt ${FILE} > ${TMPFILE}
+		cat ${TMPFILE} > ${FILE}
+		rm -f ${TMPFILE}
+		echo "	${FILE} copyright notice added"
+	else
+		echo "invalid file extension"
+	fi
+done
+
+rm golang_copyright.txt shell_copyright.txt
+
+exit 0