diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 241b5eedfff..5a7722c020f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -40,6 +40,7 @@ You must install: 1. [Google Cloud SDK](https://cloud.google.com/sdk) 1. [Hugo](https://gohugo.io/installation/) 1. [Terraform](https://developer.hashicorp.com/terraform/downloads) +1. [Node JS](https://nodejs.org/) >= 18.17.x Then you can set up the development environment by cloning the OSV repo and installing the Pipfile dependencies. @@ -101,16 +102,13 @@ $ make run-appengine #### API -Running a local instance of the API server requires service account credentials. - -You will need to download a service account key for -`esp-test@oss-vdb.iam.gserviceaccount.com` from -. -Keep this safe. +Running a local instance of the API server requires the path to application +default credentials. The is required so that the ESP container has credentials +to download API configuration. ```shell $ gcloud auth login --update-adc -$ make SERVICE_ACCOUNT=/path/to/service_account.json run-api-server +$ make run-api-server ``` ## Contributing data diff --git a/Makefile b/Makefile index a2417d885b4..df9b4ad1194 100644 --- a/Makefile +++ b/Makefile @@ -41,8 +41,9 @@ run-appengine-staging: cd gcp/appengine && pipenv sync && GOOGLE_CLOUD_PROJECT=oss-vdb-test pipenv run python main.py run-api-server: - test $(SERVICE_ACCOUNT) || (echo "SERVICE_ACCOUNT variable not set"; exit 1) - cd gcp/api && pipenv sync && GOOGLE_CLOUD_PROJECT=oss-vdb pipenv run python test_server.py $(SERVICE_ACCOUNT) + test $(HOME)/.config/gcloud/application_default_credentials.json || (echo "GCP Application Default Credentials not set."; exit 1) + cd gcp/api && docker build -f Dockerfile.esp -t osv/esp:latest . + cd gcp/api && pipenv sync && GOOGLE_CLOUD_PROJECT=oss-vdb pipenv run python test_server.py $(HOME)/.config/gcloud/application_default_credentials.json # TODO: API integration tests. all-tests: lib-tests worker-tests importer-tests appengine-tests vulnfeed-tests diff --git a/gcp/api/Dockerfile.esp b/gcp/api/Dockerfile.esp new file mode 100644 index 00000000000..ffdbdb646aa --- /dev/null +++ b/gcp/api/Dockerfile.esp @@ -0,0 +1,24 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/endpoints-release/endpoints-runtime:2 + +USER root + +# Context: https://github.com/mhart/alpine-node/issues/48#issuecomment-370171836 +# The UID needs to be set to 1000 in order to map files without permission issues. +RUN addgroup -g 1000 -S osv && \ + adduser --no-create-home -u 1000 -S osv -G osv + +USER osv diff --git a/gcp/api/test_server.py b/gcp/api/test_server.py index d461346f12f..c9f9f46edab 100644 --- a/gcp/api/test_server.py +++ b/gcp/api/test_server.py @@ -92,9 +92,11 @@ def start_esp(port, backend_port, service_account_path, log_path): if os.getenv('CLOUDBUILD'): network = '--network=cloudbuild' host = get_ip() + docker_image = 'gcr.io/endpoints-release/endpoints-runtime:2' else: network = '--network=host' host = 'localhost' + docker_image = 'osv/esp:latest' # Stop existing osv-esp processes that weren't killed properly. subprocess.run(['docker', 'stop', 'osv-esp'], check=False) @@ -107,9 +109,9 @@ def start_esp(port, backend_port, service_account_path, log_path): network, '--rm', '-v', - f'{service_account_dir}:/esp', + f'{service_account_dir}:/esp:ro', f'--publish={port}', - 'gcr.io/endpoints-release/endpoints-runtime:2', + f'{docker_image}', '--disable_tracing', '--service=api-test.osv.dev', '--rollout_strategy=managed',