diff --git a/.github/workflows/trivy-container-scan.yaml b/.github/workflows/trivy-container-scan.yaml new file mode 100644 index 00000000000..b489ced7633 --- /dev/null +++ b/.github/workflows/trivy-container-scan.yaml @@ -0,0 +1,34 @@ +name: trivy-container-image-scan + +on: + push: + pull_request: + # Publish `main` as Docker `latest` image. + branches: + - main + + # Publish `v1.2.3` tags as releases. + tags: + - v* + + +jobs: + + build: + name: Scan cactus-corda-4-8-all-in-one-obligation image + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Build an image from Dockerfile + run: | + DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile -t cactus-corda-4-8-all-in-one-obligation + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.11.2 + with: + image-ref: 'cactus-corda-4-8-all-in-one-obligation' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' diff --git a/tools/docker/corda-all-in-one/corda-v4_8/Dockerfile b/tools/docker/corda-all-in-one/corda-v4_8/Dockerfile index 6ecede406f9..d3a0c7f6ddd 100644 --- a/tools/docker/corda-all-in-one/corda-v4_8/Dockerfile +++ b/tools/docker/corda-all-in-one/corda-v4_8/Dockerfile @@ -2,7 +2,7 @@ FROM docker:20.10.2-dind # cordaVersion=4.8.5 # cordaCoreVersion=4.8.5 -ARG SAMPLES_KOTLIN_SHA=c70f846b6f3d43fe0a35b6583238944843bf9393 +ARG SAMPLES_KOTLIN_SHA=af2e5f794c66878a097cea7f7cf6ec1667d55e75 ARG SAMPLES_KOTLIN_CORDAPP_SUB_DIR_PATH="./Advanced/obligation-cordapp/" ARG CORDA_TOOLS_SHELL_CLI_VERSION=4.8 diff --git a/tools/docker/corda-all-in-one/corda-v4_8/healthcheck.sh b/tools/docker/corda-all-in-one/corda-v4_8/healthcheck.sh new file mode 100755 index 00000000000..ea5b904b8ec --- /dev/null +++ b/tools/docker/corda-all-in-one/corda-v4_8/healthcheck.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +set -e + +if [ "$PARTY_A_WEB_SRV_ENABLED" = "true" ] +then + curl -vv -i -X OPTIONS http://127.0.0.1:10009/web/iou/ +fi + +if [ "$PARTY_B_WEB_SRV_ENABLED" = "true" ] +then + curl -vv -i -X OPTIONS http://127.0.0.1:10012/web/iou/ +fi + +if [ "$PARTY_C_WEB_SRV_ENABLED" = "true" ] +then + curl -vv -i -X OPTIONS http://127.0.0.1:10015/web/iou/ +fi + + +if [ "$PARTY_A_NODE_ENABLED" = "true" ] +then + curl -v 'http://localhost:7005/jolokia/exec/org.apache.activemq.artemis:address=%22rpc.server%22,broker=%22RPC%22,component=addresses,queue=%22rpc.server%22,routing-type=%22multicast%22,subcomponent=queues/countMessages()/' +fi + +if [ "$PARTY_B_NODE_ENABLED" = "true" ] +then + curl -v 'http://localhost:7006/jolokia/exec/org.apache.activemq.artemis:address=%22rpc.server%22,broker=%22RPC%22,component=addresses,queue=%22rpc.server%22,routing-type=%22multicast%22,subcomponent=queues/countMessages()/' +fi + +if [ "$PARTY_C_NODE_ENABLED" = "true" ] +then + curl -v 'http://localhost:7007/jolokia/exec/org.apache.activemq.artemis:address=%22rpc.server%22,broker=%22RPC%22,component=addresses,queue=%22rpc.server%22,routing-type=%22multicast%22,subcomponent=queues/countMessages()/' +fi \ No newline at end of file diff --git a/tools/docker/corda-all-in-one/corda-v4_8/run-notary-node.sh b/tools/docker/corda-all-in-one/corda-v4_8/run-notary-node.sh new file mode 100755 index 00000000000..9d9aa6b234c --- /dev/null +++ b/tools/docker/corda-all-in-one/corda-v4_8/run-notary-node.sh @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +if [ "$NOTARY_NODE_ENABLED" = "true" ] +then + java \ + -Dcapsule.jvm.args="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5008 -javaagent:drivers/jolokia-jvm-1.6.0-agent.jar=port=7008,logHandlerClass=net.corda.node.JolokiaSlf4jAdapter" \ + -Dname=Notary \ + -jar \ + /samples-kotlin/Advanced/obligation-cordapp/build/nodes/Notary/corda.jar +else + sleep infinity +fi diff --git a/tools/docker/corda-all-in-one/corda-v4_8/run-party-a-node.sh b/tools/docker/corda-all-in-one/corda-v4_8/run-party-a-node.sh new file mode 100755 index 00000000000..0078bb8f5b4 --- /dev/null +++ b/tools/docker/corda-all-in-one/corda-v4_8/run-party-a-node.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +if [ "$PARTY_A_NODE_ENABLED" = "true" ] +then + java -Dcapsule.jvm.args="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005 -javaagent:drivers/jolokia-jvm-1.6.0-agent.jar=port=7005,logHandlerClass=net.corda.node.JolokiaSlf4jAdapter" -Dname=ParticipantA -jar /samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantA/corda.jar +else + sleep infinity +fi diff --git a/tools/docker/corda-all-in-one/corda-v4_8/run-party-a-server.sh b/tools/docker/corda-all-in-one/corda-v4_8/run-party-a-server.sh new file mode 100755 index 00000000000..4eb927bbb94 --- /dev/null +++ b/tools/docker/corda-all-in-one/corda-v4_8/run-party-a-server.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +if [ "$PARTY_A_WEB_SRV_ENABLED" = "true" ] +then + ./gradlew runPartyAServer +else + sleep infinity +fi diff --git a/tools/docker/corda-all-in-one/corda-v4_8/run-party-b-node.sh b/tools/docker/corda-all-in-one/corda-v4_8/run-party-b-node.sh new file mode 100755 index 00000000000..a2546ee95ad --- /dev/null +++ b/tools/docker/corda-all-in-one/corda-v4_8/run-party-b-node.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +if [ "$PARTY_B_NODE_ENABLED" = "true" ] +then + java -Dcapsule.jvm.args="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5006 -javaagent:drivers/jolokia-jvm-1.6.0-agent.jar=port=7006,logHandlerClass=net.corda.node.JolokiaSlf4jAdapter" -Dname=ParticipantB -jar /samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantB/corda.jar +else + sleep infinity +fi diff --git a/tools/docker/corda-all-in-one/corda-v4_8/run-party-b-server.sh b/tools/docker/corda-all-in-one/corda-v4_8/run-party-b-server.sh new file mode 100755 index 00000000000..5c441398612 --- /dev/null +++ b/tools/docker/corda-all-in-one/corda-v4_8/run-party-b-server.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +if [ "$PARTY_B_WEB_SRV_ENABLED" = "true" ] +then + ./gradlew runPartyBServer +else + sleep infinity +fi diff --git a/tools/docker/corda-all-in-one/corda-v4_8/run-party-c-node.sh b/tools/docker/corda-all-in-one/corda-v4_8/run-party-c-node.sh new file mode 100755 index 00000000000..8755b78e417 --- /dev/null +++ b/tools/docker/corda-all-in-one/corda-v4_8/run-party-c-node.sh @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +if [ "$PARTY_C_NODE_ENABLED" = "true" ] +then + java \ + -Dcapsule.jvm.args="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5007 -javaagent:drivers/jolokia-jvm-1.6.0-agent.jar=port=7007,logHandlerClass=net.corda.node.JolokiaSlf4jAdapter" \ + -Dname=ParticipantC \ + -jar \ + /samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantC/corda.jar +else + sleep infinity +fi diff --git a/tools/docker/corda-all-in-one/corda-v4_8/run-party-c-server.sh b/tools/docker/corda-all-in-one/corda-v4_8/run-party-c-server.sh new file mode 100755 index 00000000000..f74b84609c4 --- /dev/null +++ b/tools/docker/corda-all-in-one/corda-v4_8/run-party-c-server.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +if [ "$PARTY_C_WEB_SRV_ENABLED" = "true" ] +then + ./gradlew runPartyCServer +else + sleep infinity +fi diff --git a/tools/docker/corda-all-in-one/corda-v4_8/supervisord.conf b/tools/docker/corda-all-in-one/corda-v4_8/supervisord.conf new file mode 100644 index 00000000000..ea1da295bf4 --- /dev/null +++ b/tools/docker/corda-all-in-one/corda-v4_8/supervisord.conf @@ -0,0 +1,108 @@ +[supervisord] +logfile = /var/log/supervisord.log +logfile_maxbytes = 50MB +logfile_backups=10 +loglevel = info + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=http://127.0.0.1:9001 + +[inet_http_server] +port = 0.0.0.0:9001 + +[program:sshd] +command=/usr/sbin/sshd -D -ddd +autostart=true +autorestart=true +stdout_logfile=/var/log/sshd.out.log +stderr_logfile=/var/log/sshd.err.log +# stdout_logfile=/dev/stdout +# stdout_logfile_maxbytes=0 +# stderr_logfile=/dev/stderr +# stderr_logfile_maxbytes=0 + +[program:dockerd] +command=dockerd-entrypoint.sh +autostart=true +autorestart=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:corda-a] +directory=/samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantA/ +command=/run-party-a-node.sh +autostart=true +autorestart=false +exitcodes=0 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:corda-b] +directory=/samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantB +command=/run-party-b-node.sh +autostart=true +autorestart=false +exitcodes=0 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:corda-c] +directory=/samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantC +command=/run-party-c-node.sh +autostart=true +autorestart=false +exitcodes=0 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:corda-n] +directory=/samples-kotlin/Advanced/obligation-cordapp/build/nodes/Notary +command=/run-notary-node.sh +autostart=true +autorestart=false +exitcodes=0 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:corda-run-party-a-server] +directory=/samples-kotlin/Advanced/obligation-cordapp/ +command=/run-party-a-server.sh +autostart=true +autorestart=unexpected +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:corda-run-party-b-server] +directory=/samples-kotlin/Advanced/obligation-cordapp/ +command=/run-party-b-server.sh +autostart=true +autorestart=unexpected +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:corda-run-party-c-server] +directory=/samples-kotlin/Advanced/obligation-cordapp/ +command=/run-party-c-server.sh +autostart=true +autorestart=unexpected +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0