Merge pull request private-attribution#1258 from cberkhoff/k8s-docker

Removed keygen from Dockerfile, running docker build on every push

.github/workflows/docker.yml

@@ -2,14 +2,18 @@ name: Publish Helper Image CI
 
 on:
   workflow_dispatch:
+  schedule:
+    # Once monthly at a randomly selected time.
+    - cron: "24 2 3,18 * *"
   push:
+    branches:
+      - main
     paths:
       - "docker/ci/**"
       - ".github/workflows/docker.yml"
-      - "Cargo.toml"
-  schedule:
-    # Once monthly at a randomly selected time.
-    - cron: "24 2 3,18 * *"
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - "ipa-*/src/**/*"
 
 jobs:
   build:
@@ -18,6 +22,17 @@ jobs:
     - name: "Checkout"
       uses: actions/checkout@v4
 
+    - name: Docker meta
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ghcr.io/${{ github.repository }}/ipa-helper
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=sha
+
     - name: "Setup Docker Buildx"
       uses: docker/setup-buildx-action@v2
 
@@ -34,5 +49,6 @@ jobs:
         context: .
         file: ./docker/ci/helper.Dockerfile
         push: true
-        tags: ghcr.io/${{ github.repository }}/ipa-helper:latest
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
         platforms: linux/amd64

README.md

@@ -62,6 +62,36 @@ The first time, it will download the necessary packages (crates) and compile the
 
 If you're just running tests/benchmarks, it will build automatically and you can skip this step.
 
+If you want to get a helper binary, here's an example command showcasing some of the available features:
+
+```
+cargo build --bin helper --features='web-app real-world-infra compact-gate multi-threading disable-metrics stall-detection' --no-default-features --release
+```
+
+### Building IPA as a Docker Image
+
+To build a docker image with IPA helper in it:
+
+```
+docker build -t ipa:latest -f docker/helper.Dockerfile .
+```
+
+Note that if you want to build for a specific platform, different than the one you're using, you need to specify it. For example:
+
+```
+docker build -t ipa:latest --platform=linux/amd64 -f docker/helper.Dockerfile .
+```
+
+### Pushing Docker to ghcr.io
+
+First, follow the instructions [here](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry) to get your Token.
+
+```
+echo $CR_PAT | docker login ghcr.io -u <USER_NAME> --password-stdin
+docker tag <IMAGE_ID> ghcr.io/private-attribution/ipa/ipa-helper:<TAG>
+docker push ghcr.io/private-attribution/ipa/ipa-helper:<TAG>
+```
+
 ### Running tests
 
 To run the test suite, run

docker/helper.Dockerfile

@@ -1,8 +1,7 @@
 # syntax=docker/dockerfile:1
 ARG SOURCES_DIR=/usr/src/ipa
-FROM rust:bullseye as builder
+FROM rust:bullseye AS builder
 ARG SOURCES_DIR
-LABEL maintainer="akoshelev"
 
 # Prepare helper binaries
 WORKDIR "$SOURCES_DIR"
@@ -14,20 +13,8 @@ RUN set -eux; \
 FROM debian:bullseye-slim
 ENV HELPER_BIN_PATH=/usr/local/bin/ipa-helper
 ENV CONF_DIR=/etc/ipa
-ARG IDENTITY
-ARG HOSTNAME
 ARG SOURCES_DIR
 
 RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
-COPY --from=builder ${SOURCES_DIR}/target/release/helper $HELPER_BIN_PATH
 
-# generate certificate/private key for TLS
-# make sure these names are consistent with the ones defined in CliPaths trait: src\cli\paths.rs
-RUN set -eux; \
-    mkdir -p $CONF_DIR/pub; \
-    $HELPER_BIN_PATH keygen \
-    --name $HOSTNAME \
-    --tls-cert $CONF_DIR/pub/h$IDENTITY.pem \
-    --tls-key $CONF_DIR/h$IDENTITY.key \
-    --mk-public-key $CONF_DIR/pub/h${IDENTITY}_mk.pub \
-    --mk-private-key $CONF_DIR/h${IDENTITY}_mk.key
+COPY --from=builder ${SOURCES_DIR}/target/release/helper $HELPER_BIN_PATH

input-data-100.txt

@@ -0,0 +1,100 @@
+600339,534942975307,0,5,0
+96422,191017627906,0,3,0
+507032,117803731851,0,10,0
+17448,304519167044,1,0,4
+224051,12251697120,0,17,0
+572331,534942975307,1,0,1
+204850,534942975307,0,12,0
+572399,865368699047,0,2,0
+595278,865368699047,1,0,4
+457115,191017627906,1,0,4
+279628,534942975307,0,7,0
+100525,925363717604,1,0,5
+565595,925363717604,0,11,0
+567404,865368699047,0,3,0
+140412,304519167044,1,0,5
+329551,925363717604,1,0,1
+524654,314908499604,0,8,0
+240982,850807271120,1,0,5
+603020,117803731851,0,1,0
+272156,865368699047,0,17,0
+227353,12251697120,0,5,0
+265919,925363717604,1,0,1
+547,12251697120,0,2,0
+342491,925363717604,1,0,1
+250600,304519167044,0,6,0
+252290,117803731851,0,18,0
+141260,850807271120,0,6,0
+248451,304519167044,0,16,0
+515699,191017627906,1,0,4
+312537,12251697120,1,0,2
+492188,283283408809,0,13,0
+451766,917537570026,0,7,0
+287218,822386586545,0,11,0
+67235,925363717604,1,0,5
+603886,917537570026,1,0,3
+213895,117803731851,0,11,0
+418303,534942975307,0,10,0
+210243,822386586545,0,9,0
+211179,117803731851,1,0,5
+568874,925363717604,0,0,0
+373535,925363717604,1,0,3
+232675,534942975307,1,0,5
+92636,191017627906,1,0,1
+398372,917537570026,0,6,0
+401827,534942975307,1,0,2
+155515,65168429090,1,0,1
+33026,304519167044,0,17,0
+493183,179797603392,1,0,1
+167758,179797603392,1,0,4
+522471,191017627906,0,11,0
+313610,925363717604,1,0,1
+176225,12251697120,0,16,0
+588107,925363717604,0,13,0
+280600,393203478859,0,10,0
+491601,179797603392,0,4,0
+445133,773905428637,1,0,3
+301999,12251697120,1,0,5
+65750,526858192111,0,19,0
+350976,12251697120,0,9,0
+67867,773905428637,1,0,2
+594037,191017627906,0,11,0
+261995,534942975307,1,0,3
+133066,288854012131,1,0,4
+40015,179797603392,1,0,5
+571126,288854012131,0,10,0
+514451,773905428637,0,8,0
+201640,288854012131,1,0,4
+71935,526858192111,1,0,2
+316596,773905428637,0,6,0
+246923,12251697120,1,0,3
+79789,773905428637,1,0,4
+47468,917537570026,0,17,0
+161925,773905428637,0,9,0
+225460,393203478859,1,0,4
+530756,640580450837,0,4,0
+94219,338037795442,1,0,4
+136211,179797603392,0,0,0
+559897,191017627906,1,0,1
+332026,179797603392,1,0,1
+35911,917537570026,1,0,5
+329450,191017627906,0,4,0
+102812,393203478859,0,11,0
+578374,917537570026,0,15,0
+156477,881719336823,0,0,0
+277455,179797603392,0,7,0
+186143,881719336823,1,0,3
+228562,393203478859,1,0,3
+346392,822386586545,1,0,3
+102532,881719336823,0,1,0
+589048,822386586545,1,0,1
+430856,288854012131,1,0,5
+408260,881719336823,0,16,0
+180588,477090731329,0,16,0
+502918,288854012131,0,7,0
+392616,393203478859,1,0,1
+463878,22654468721,1,0,1
+85787,393203478859,1,0,5
+238574,288854012131,0,4,0
+22862,822386586545,0,19,0
+481629,288854012131,0,3,0

ipa-core/src/net/server/mod.rs

@@ -376,7 +376,7 @@ where
 
         Box::pin(async move {
             let (stream, service) = acceptor.accept(stream, service).await.map_err(|err| {
-                error!("connection error: {err}");
+                error!("[ClientCertRecognizingAcceptor] connection error: {err}");
                 err
             })?;