Skip to content

Implement security restrictions for payload-apps (#63) #121

Implement security restrictions for payload-apps (#63)

Implement security restrictions for payload-apps (#63) #121

name: spacefx-dev-build-publish
on:
workflow_dispatch:
inputs:
VER_DOCKER_MAX:
description: 'Docker version to install'
required: false
type: string
default: "26.1.3"
push:
branches:
- main
env:
REGISTRY: ghcr.io
FEATURE: microsoft/azure-orbital-space-sdk/spacefx-dev
ARTIFACT_PATH: ./output/spacefx-dev/devcontainer-feature-spacefx-dev.tgz
jobs:
build-publish-feature:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- name: Display Ubuntu version
run: lsb_release -a
- uses: microsoft/azure-orbital-space-sdk-github-actions/composite-actions/initialize@main
with:
env_file: ./env/spacefx.env
GIT_HUB_USER_NAME: ${{ secrets.GIT_HUB_USER_NAME }}
GIT_HUB_USER_TOKEN: ${{ secrets.GIT_HUB_USER_TOKEN }}
SETUP_REPO_URL: ${{ secrets.SETUP_REPO_URL }}
VER_DOCKER_MAX: ${{ inputs.VER_DOCKER_MAX }}
- name: Build and publish devcontainer feature
shell: bash
run: |
echo "Sourcing environment variables..."
source ./env/spacefx.env
# Validate the output directory exists and clean it out if there is content already present
echo "Creating output directory..."
mkdir -p "./output/spacefx-dev"
# Copy the scripts ino the entry point for the devcontainer feature
echo "Copying all files to /var/spacedev..."
./.vscode/copy_to_spacedev.sh --output-dir ./.devcontainer/features/spacefx-dev/azure-orbital-space-sdk-setup
echo "...Cleaning './.devcontainer/features/spacefx-dev/azure-orbital-space-sdk-setup/chart/certs'..."
# Remove the certs that might've been generated
while read -r certFile; do
rm -f "${certFile}"
done < <(find "./.devcontainer/features/spacefx-dev/azure-orbital-space-sdk-setup/certs" -type f ! -name "*.json")
# Build the devcontainer feature
echo "Building the devcontainer feature..."
devcontainer features package --force-clean-output-folder ./.devcontainer/features --output-folder ./output/spacefx-dev
# Push the devcontainer feature tarball to the registry
echo "Pushing the devcontainer feature tarball to the registry..."
oras push ${{ env.REGISTRY }}/${{ env.FEATURE }}:${SPACEFX_VERSION} \
--config /dev/null:application/vnd.devcontainers \
--annotation org.opencontainers.image.source=https://github.com/microsoft/azure-orbital-space-sdk-setup \
${{ env.ARTIFACT_PATH }}:application/vnd.devcontainers.layer.v1+tar