Skip to content

Commit

Permalink
feat: Add Envoy Wasm Filter (#20)
Browse files Browse the repository at this point in the history
Signed-off-by: Anurag Rajawat <anurag@accuknox.com>
  • Loading branch information
anurag-rajawat authored Nov 11, 2024
1 parent 9c607e1 commit f9f0d90
Show file tree
Hide file tree
Showing 19 changed files with 1,182 additions and 8 deletions.
53 changes: 53 additions & 0 deletions .github/workflows/latest-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright 2023 Authors of SentryFlow

name: Latest release
on:
push:
branches:
- main

permissions: read-all

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
files-changed:
name: Find out which files were changed
runs-on: ubuntu-latest
timeout-minutes: 5
outputs:
sentryflow: ${{ steps.filter.outputs.sentryflow}}
envoyfilter: ${{ steps.filter.outputs.envoyfilter}}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3.0.2
id: filter
with:
filters: |
sentryflow:
- 'sentryflow/**'
envoyfilter:
- 'filter/envoy/envoy-wasm-filters/**'
release-sentryflow-image:
needs: [ files-changed ]
if: ${{ github.repository == '5GSEC/sentryflow' && needs.files-changed.outputs.sentryflow == 'true' }}
name: Build and push sentryflow's image
uses: ./.github/workflows/release-image.yaml
with:
WORKING_DIRECTORY: ./sentryflow
NAME: sentryflow
secrets: inherit

release-envoy-filter-image:
needs: [ files-changed ]
if: ${{ github.repository == '5GSEC/sentryflow' && needs.files-changed.outputs.envoyfilter == 'true' }}
name: Build and push envoyfilter's image
uses: ./.github/workflows/release-image.yaml
with:
WORKING_DIRECTORY: ./filter/envoy/envoy-wasm-filters
NAME: sentryflow-httpfilter
secrets: inherit
51 changes: 48 additions & 3 deletions .github/workflows/pr-checks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,24 @@ on:
permissions: read-all

jobs:
files-changed:
name: Find out which files were changed
runs-on: ubuntu-latest
timeout-minutes: 5
outputs:
sentryflow: ${{ steps.filter.outputs.sentryflow}}
envoyfilter: ${{ steps.filter.outputs.envoyfilter}}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3.0.2
id: filter
with:
filters: |
sentryflow:
- 'sentryflow/**'
envoyfilter:
- 'filter/envoy/envoy-wasm-filters/**'
license:
name: License
runs-on: ubuntu-latest
Expand All @@ -29,6 +47,8 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

static-checks:
needs: [ files-changed ]
if: ${{ github.repository == '5GSEC/sentryflow' && needs.files-changed.outputs.sentryflow == 'true' }}
name: Static checks
runs-on: ubuntu-latest
defaults:
Expand All @@ -40,10 +60,10 @@ jobs:
- name: Setup go
uses: actions/setup-go@v5
with:
go-version: '1.22'
go-version: '1.23'

- name: go fmt
run: make fmt
- name: go fmt vet
run: make fmt vet

- name: Lint
uses: golangci/golangci-lint-action@v6
Expand All @@ -54,6 +74,8 @@ jobs:
skip-cache: true # https://github.com/golangci/golangci-lint-action/issues/244#issuecomment-1052197778

build-sentryflow-image:
needs: [ files-changed ]
if: ${{ github.repository == '5GSEC/sentryflow' && needs.files-changed.outputs.sentryflow == 'true' }}
name: Build SentryFlow container image
runs-on: ubuntu-latest
timeout-minutes: 20
Expand All @@ -73,3 +95,26 @@ jobs:
image: "docker.io/5gsec/sentryflow:latest"
severity-cutoff: critical
output-format: sarif

build-envoy-filter-image:
needs: [ files-changed ]
if: ${{ github.repository == '5GSEC/sentryflow' && needs.files-changed.outputs.envoyfilter == 'true' }}
name: Build Envoy WASM Filter container image
runs-on: ubuntu-latest
timeout-minutes: 20
defaults:
run:
working-directory: ./filter/envoy/envoy-wasm-filters
steps:
- name: Checkout source code
uses: actions/checkout@v4

- name: Build image
run: make image

- name: Scan image
uses: anchore/scan-action@v4
with:
image: "docker.io/5gsec/sentryflow-httpfilter:latest"
severity-cutoff: critical
output-format: sarif
62 changes: 62 additions & 0 deletions .github/workflows/release-image.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright 2023 Authors of Nimbus

name: Release image

permissions: read-all

on:
workflow_call:
inputs:
WORKING_DIRECTORY:
description: 'current working directory'
required: true
type: string
NAME:
description: 'app name'
required: true
type: string

jobs:
release-image:
timeout-minutes: 30
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Get tag
id: tag
run: |
if [ ${{ github.ref }} == "refs/heads/main" ]; then
echo "tag=latest" >> $GITHUB_OUTPUT
else
echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
fi
- name: Build image
run: DOCKER_TAG=${{ steps.tag.outputs.tag }} make image
working-directory: ${{ inputs.WORKING_DIRECTORY }}

- name: Scan image
uses: anchore/scan-action@v4
with:
image: 'docker.io/5gsec/${{ inputs.NAME }}:${{ steps.tag.outputs.tag }}'
severity-cutoff: critical
output-format: sarif

- name: Build and push image
working-directory: ${{ inputs.WORKING_DIRECTORY }}
run: DOCKER_TAG=${{ steps.tag.outputs.tag }} make imagex
54 changes: 54 additions & 0 deletions .github/workflows/stable-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright 2024 Authors of SentryFlow

name: Stable release

on:
create:
tags:
- "v*"

permissions: read-all

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
files-changed:
name: Find out which files were changed
runs-on: ubuntu-latest
timeout-minutes: 5
outputs:
sentryflow: ${{ steps.filter.outputs.sentryflow}}
envoyfilter: ${{ steps.filter.outputs.envoyfilter}}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3.0.2
id: filter
with:
filters: |
sentryflow:
- 'sentryflow/**'
envoyfilter:
- 'filter/envoy/envoy-wasm-filters/**'
release-sentryflow-image:
needs: [ files-changed ]
if: ${{ github.repository == '5GSEC/sentryflow' && needs.files-changed.outputs.sentryflow == 'true' }}
name: Build and push sentryflow image
uses: ./.github/workflows/release-image.yaml
with:
WORKING_DIRECTORY: ./sentryflow
NAME: sentryflow
secrets: inherit

release-envoy-filter-image:
needs: [ files-changed ]
if: ${{ github.repository == '5GSEC/sentryflow' && needs.files-changed.outputs.envoyfilter == 'true' }}
name: Build and push envoyfilter's image
uses: ./.github/workflows/release-image.yaml
with:
WORKING_DIRECTORY: filter/envoy/envoy-wasm-filters
NAME: sentryflow-httpfilter
secrets: inherit
6 changes: 3 additions & 3 deletions deployments/sentryflow.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ data:
server:
port: 8081
envoy:
uri: anuragrajawat/httpfilter:v0.1
uri: 5gsec/sentryflow-httpfilter:latest
receivers:
serviceMeshes:
Expand Down Expand Up @@ -96,8 +96,8 @@ spec:
serviceAccountName: sentryflow
containers:
- name: sentryflow
image: docker.io/5gsec/sentryflow:v0.1
imagePullPolicy: IfNotPresent
image: docker.io/5gsec/sentryflow:latest
imagePullPolicy: Always
args:
- --config
- /var/lib/sentryflow/config.yaml
Expand Down
5 changes: 5 additions & 0 deletions filter/envoy/envoy-wasm-filters/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
/target
**/*.rs.bk
bin/
pkg/
wasm-pack.log
Loading

0 comments on commit f9f0d90

Please sign in to comment.