diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..31e68cc --- /dev/null +++ b/Dockerfile @@ -0,0 +1,19 @@ +FROM mcr.microsoft.com/ccf/app/dev:4.0.1-sgx + +RUN apt update && \ + apt install -y \ + python3.8 \ + python3-pip + +RUN apt install -y perl + +RUN python3.8 -m pip install pip --upgrade + +# Install CCF Python package to procure cose_signing +RUN pip install ccf==4.* || exit 1 + +COPY set_member.json /opt/ccf_sgx/bin/ +COPY entrypoint.sh actions/deploy/entrypoint.sh + +RUN ["chmod", "+x", "/actions/deploy/entrypoint.sh"] +ENTRYPOINT ["/actions/deploy/entrypoint.sh"] \ No newline at end of file diff --git a/README.md b/README.md index 0482f8d..7c13c8c 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,41 @@ -# azure-managedccf-activate-member-action -A GitHub action to add and activate a member in a Managed CCF instance. +# Action for deployment of applications to CCF + +This GitHub action is designed to automate deployment of an application to a CCF network. + +--- + +## Pre-reqs + +These action require 2 secrets to be stored in GitHub. + +- MEMBERCERT - The certificate that has access to the network, which will be used to sign the transactions for CCF. + +- MEMBERKEY - The private key associated with the MEMBERCERT. + +--- + +## Example workflow: Sample + +``` +on: [push] + +jobs: + ccf-deploy: + runs-on: ubuntu-latest + name: Deploy CCF application + env: + CCF_URL: '/' + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: CCF deploy + uses: msftsettiy/azure-managedccf-deploy-app-action@v0.1.0-alpha + id: deploy + env: + CERTD: ${{ secrets.MEMBERCERT }} + KEYD: ${{ secrets.MEMBERKEY }} + with: + application: '' + - name: Get the proposal id + run: echo "The proposal id is ${{ steps.deploy.outputs.proposal }}" +``` \ No newline at end of file diff --git a/action.yaml b/action.yaml new file mode 100644 index 0000000..999fbe5 --- /dev/null +++ b/action.yaml @@ -0,0 +1,19 @@ +# action.yaml +name: 'CCF add member' +author: 'Microsoft' +description: 'Automated the addition of a member to a Managaed CCF instance' +branding: + icon: 'package' + color: 'blue' +inputs: + new_member_cert: + description: 'The public certificate of the new member being added' + required: true +outputs: + proposal: + description: 'The proposal id for the proposal to add the member' +runs: + using: 'docker' + image: 'Dockerfile' + args: + - ${{ inputs.new_member_cert }} \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..918c9e7 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +cp $1 /opt/ccf_sgx/bin/new_member_cert + +# CERTD and KEYD represents an active member identity in the Managed CCF instance +echo "$CERTD" > /opt/ccf_sgx/bin/cert +echo "$KEYD" > /opt/ccf_sgx/bin/key + +cd /opt/ccf_sgx/bin + +# Generate a temp file name +temp_file=`cat /dev/urandom | tr -cd 'a-f0-9' | head -c 32` + +# Replace the '\n' with literal '\n' character +awk '{printf "%s\\n", $0}' new_member_cert > $temp_file + +# Replace the __MEMBER_CERTIFICATE__ placeholder in the proposal with the actual member certificate +export MEMBER_CERT = $(cat $temp_file) +perl -p -i -e 's/__MEMBER_CERTIFICATE__/$ENV{MEMBER_CERT}/g' set_member.json + +# Add the member +curl ${CCF_URL}/gov/ack/update_state_digest -X POST -k --key key --cert cert > request.json +content=$(ccf_cose_sign1 --ccf-gov-msg-type ack --ccf-gov-msg-created_at `date -Is` --signing-key key --signing-cert cert --content set_member.json | curl ${CCF_URL}/gov/ack -k -H "content-type: application/cose" --data-binary @-) +proposal=$(echo "${content}" | jq '.proposal_id') +echo "proposal=$proposal" >> $GITHUB_OUTPUT \ No newline at end of file diff --git a/set_member.json b/set_member.json new file mode 100644 index 0000000..6e8bfa9 --- /dev/null +++ b/set_member.json @@ -0,0 +1,10 @@ +{ + "actions": [ + { + "name": "set_member", + "args": { + "cert": "__MEMBER_CERTIFICATE__" + } + } + ] + } \ No newline at end of file