feat: add fips support for install script (#50)

Signed-off-by: Nianyu Shen <[email protected]>
spectrocloud · Dec 16, 2024 · 01ed869 · 01ed869
1 parent 5345d53
commit 01ed869
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 6 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -38,7 +38,5 @@ jobs:
           echo $(git describe --exact-match --tags || echo "v0.0.0-$(git rev-parse --short=8 HEAD)") > VERSION
           echo "version=$(head -n 1 VERSION)" >> $GITHUB_OUTPUT
       - name: Build artifacts
-        env:
-          VERSION: ${{ steps.version.outputs.version }}
         run: |
-          earthly --ci --output +release
+          earthly --ci --output +release --VERSION=${{ steps.version.outputs.version }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -33,7 +33,15 @@ jobs:
           use-cache: true
       - name: Build artifacts
         run: |
-          earthly --ci --output +release --VERSION ${{ github.ref_name }}
+          set -x
+          earthly --ci --output +release \
+            --VERSION=${{ github.ref_name }}
+      - name: Build FIPS artifacts
+        run: |
+          set -x
+          earthly --ci --output +release-fips \
+            --VERSION=${{ github.ref_name }} \
+            --SPECTRO_PUB_REPO=us-docker.pkg.dev/palette-images-fips
       - name: Upload release artifacts
         uses: softprops/action-gh-release@v2
         if: ${{ startsWith(github.ref, 'refs/tags/') }}

diff --git a/Earthfile b/Earthfile
@@ -19,6 +19,19 @@ release:
 
     BUILD +install-script
 
+release-fips:
+    BUILD +package-tar \
+        --PLATFORM=linux \
+        --ARCH=amd64 \
+        --FIPS=true
+
+    BUILD +palette-agent \
+        --PLATFORM=linux \
+        --ARCH=amd64 \
+        --FIPS=true
+
+    BUILD +install-script \
+        --FIPS=true
 ubuntu:
     FROM ${UBUNTU_IMAGE}
     RUN apt-get update && apt-get install -y systemctl gettext-base
@@ -34,6 +47,7 @@ stylus-image:
 palette-agent:
     FROM +ubuntu
 
+    ARG FIPS=false
     ARG PE_VERSION=$(head -n 1 PE_VERSION)
     ARG PLATFORM=linux
     ARG ARCH=amd64
@@ -43,16 +57,26 @@ palette-agent:
     COPY (+stylus-image/opt/spectrocloud/bin/palette-agent --PLATFORM=${PLATFORM} --ARCH=${ARCH} --STYLUS_IMAGE=${STYLUS_IMAGE}) /workdir/
     RUN chmod +x /workdir/palette-agent
 
-    SAVE ARTIFACT /workdir/palette-agent AS LOCAL ./build/palette-agent-${PLATFORM}-${ARCH}
+    LET BIN_NAME=palette-agent-${PLATFORM}-${ARCH}
+    IF $FIPS
+        SET BIN_NAME=palette-agent-fips-${PLATFORM}-${ARCH}
+    END
+
+    SAVE ARTIFACT /workdir/palette-agent AS LOCAL ./build/${BIN_NAME}
 
 package-tar:
     FROM +ubuntu
 
+    ARG FIPS=false
     ARG PE_VERSION=$(head -n 1 PE_VERSION)
     ARG PLATFORM=linux
     ARG ARCH=amd64
     ARG STYLUS_IMAGE=${SPECTRO_PUB_REPO}/edge/stylus-agent-mode-${PLATFORM}-${ARCH}:${PE_VERSION}
-    ARG TAR_NAME=agent-mode-${PLATFORM}-${ARCH}
+    IF $FIPS
+        ARG TAR_NAME=agent-mode-fips-${PLATFORM}-${ARCH}
+    ELSE
+        ARG TAR_NAME=agent-mode-${PLATFORM}-${ARCH}
+    END
 
     WORKDIR /workdir/var/lib/spectro
     COPY (+stylus-image/ --PLATFORM=${PLATFORM} --ARCH=${ARCH} --STYLUS_IMAGE=${STYLUS_IMAGE}) /workdir/var/lib/spectro/stylus

diff --git a/README.md b/README.md
@@ -40,6 +40,12 @@ curl -Ls https://github.com/spectrocloud/agent-mode/releases/latest/download/pal
 curl -Ls https://github.com/spectrocloud/agent-mode/releases/latest/download/palette-agent-install.sh | VERSION=v4.5.0 bash
 ```
 
+## FIPS
+
+```bash
+curl -Ls https://github.com/spectrocloud/agent-mode/releases/latest/download/palette-agent-install-fips.sh | bash
+```
+
 ## Userdata
 
 Refer to [Palette Agent Parameters Documentation](https://docs.spectrocloud.com/clusters/edge/edge-configuration/installer-reference/#palette-agent-parameters) for more details.