Fix/last build

.github/workflows/build_all_release.yml

@@ -145,3 +145,16 @@ jobs:
       artifacts: |
         target/x86_64-apple-darwin/release/ckms
         target/x86_64-apple-darwin/release/cosmian_kms_server
+
+  cosmian_vm:
+    needs:
+      - ubuntu-22
+      - rhel9
+    uses: ./.github/workflows/build_and_test_cosmian_vm.yml
+    strategy:
+      matrix:
+        distrib: [ubuntu, rhel]
+    name: ${{ matrix.distrib }} -> GCP KMS Cosmian VM image
+    secrets: inherit
+    with:
+      distrib: ${{ matrix.distrib }}

.github/workflows/build_and_test_cosmian_vm.yml

@@ -29,6 +29,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+      - uses: actions/download-artifact@v3
+
+      - name: List artifacts
+        run: |
+          find ..
 
       - name: Create env variables
         id: env
@@ -106,7 +111,7 @@ jobs:
 
       - name: Download Cosmian VM client
         run: |
-          wget https://package.cosmian.com/cosmian_vm/1.1.0-rc.2/cosmian_vm
+          wget https://package.cosmian.com/cosmian_vm/1.1.0-rc.1/cosmian_vm
 
       - name: Change permissions of binaries
         run: |
@@ -194,19 +199,19 @@ jobs:
     runs-on: ubuntu-22.04
     needs: [build-kms-cosmian-vm-image, test-image]
     permissions:
-      contents: 'read'
-      id-token: 'write'
+      contents: read
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: GCP auth
         uses: google-github-actions/auth@v1
         with:
-          credentials_json: "${{ secrets.GOOGLE_COSMIAN_DEV_CREDENTIALS }}"
+          credentials_json: ${{ secrets.GOOGLE_COSMIAN_DEV_CREDENTIALS }}
 
       - name: Copy image to public project
-        if: startsWith(github.ref, 'refs/tags') && inputs.distrib != 'rhel'
+        if: startsWith(github.ref, 'refs/tags')
         env:
           CI_INSTANCE: ${{ needs.build-kms-cosmian-vm-image.outputs.ci_instance }}
           IMAGE_NAME: ${{ needs.build-kms-cosmian-vm-image.outputs.image_name }}

.github/workflows/main.yml

@@ -41,16 +41,6 @@ jobs:
   python_and_docker:
     uses: ./.github/workflows/build_and_test_docker_image.yml
 
-  cosmian_vm:
-    uses: ./.github/workflows/build_and_test_cosmian_vm.yml
-    strategy:
-      matrix:
-        distrib: [ubuntu, rhel]
-    name: ${{ matrix.distrib }} -> GCP KMS Cosmian VM image
-    secrets: inherit
-    with:
-      distrib: ${{ matrix.distrib }}
-
   public_documentation:
     runs-on: ubuntu-latest
 

.github/workflows/main_release.yml

@@ -53,16 +53,6 @@ jobs:
   python_and_docker:
     uses: ./.github/workflows/build_and_test_docker_image.yml
 
-  cosmian_vm:
-    uses: ./.github/workflows/build_and_test_cosmian_vm.yml
-    strategy:
-      matrix:
-        distrib: [ubuntu, rhel]
-    name: ${{ matrix.distrib }} -> GCP KMS Cosmian VM image
-    secrets: inherit
-    with:
-      distrib: ${{ matrix.distrib }}
-
   ckms_gui:
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags')
@@ -154,7 +144,6 @@ jobs:
       - cargo-doc
       - build
       - python_and_docker
-      - cosmian_vm
       - clean_env_test
     runs-on: [self-hosted, not-sgx]
     env:
@@ -197,6 +186,18 @@ jobs:
         with:
           files: ./*.zip
 
+  cosmian_vm:
+    needs:
+      - release
+    uses: ./.github/workflows/build_and_test_cosmian_vm.yml
+    strategy:
+      matrix:
+        distrib: [ubuntu, rhel]
+    name: ${{ matrix.distrib }} -> GCP KMS Cosmian VM image
+    secrets: inherit
+    with:
+      distrib: ${{ matrix.distrib }}
+
   python_publish:
     name: python publish
     needs:

.github/workflows/standalone_workflow_cosmian_vm.yml

@@ -0,0 +1,51 @@
+---
+name: Manually build and push Cosmian VM images
+
+on: workflow_dispatch
+
+jobs:
+  rhel9:
+    uses: ./.github/workflows/build_rhel9.yml
+    secrets: inherit
+    with:
+      toolchain: nightly-2024-01-09
+      archive-name: rhel9
+      commands: |
+        cargo build --release --bins
+
+        # Check binaries
+        target/release/ckms -h
+        target/release/cosmian_kms_server -h
+      artifacts: |
+        target/release/ckms
+        target/release/cosmian_kms_server
+
+  ubuntu-22:
+    uses: ./.github/workflows/build_generic.yml
+    secrets: inherit
+    with:
+      toolchain: nightly-2024-01-09
+      distribution: ubuntu-22.04
+      archive-name: ubuntu_22_04
+      commands: |
+        cargo build --release --bins
+
+        # Check binaries
+        target/release/ckms -h
+        target/release/cosmian_kms_server -h
+      artifacts: |
+        target/release/ckms
+        target/release/cosmian_kms_server
+
+  cosmian_vm:
+    needs:
+      - ubuntu-22
+      - rhel9
+    uses: ./.github/workflows/build_and_test_cosmian_vm.yml
+    strategy:
+      matrix:
+        distrib: [ubuntu, rhel]
+    name: ${{ matrix.distrib }} -> GCP KMS Cosmian VM image
+    secrets: inherit
+    with:
+      distrib: ${{ matrix.distrib }}

.pre-commit-config.yaml

@@ -145,8 +145,8 @@ repos:
   - repo: https://github.com/cisagov/pre-commit-packer
     rev: v0.0.2
     hooks:
-      - id: packer_validate
       - id: packer_fmt
+      - id: packer_validate
 
   - repo: https://github.com/Cosmian/git-hooks.git
     rev: v1.0.25

packer/gcp-sev-rhel.pkr.hcl

@@ -70,19 +70,19 @@ variable "redhat_source_image_family" {
 }
 
 source "googlecompute" "redhat" {
-  project_id             = var.project_id
-  source_image           = var.redhat_source_image
-  source_image_family    = var.redhat_source_image_family
-  zone                   = var.zone
-  ssh_username           = var.ssh_username
-  ssh_timeout            = var.ssh_timeout
-  image_name             = local.redhat_ami_name
+  project_id              = var.project_id
+  source_image            = var.redhat_source_image
+  source_image_family     = var.redhat_source_image_family
+  zone                    = var.zone
+  ssh_username            = var.ssh_username
+  ssh_timeout             = var.ssh_timeout
+  image_name              = local.redhat_ami_name
   image_guest_os_features = var.image_guest_os_features
-  network                = var.network
-  subnetwork             = var.subnetwork
-  tags                   = var.tags
-  use_os_login           = var.use_os_login
-  wait_to_add_ssh_keys   = var.wait_to_add_ssh_keys
+  network                 = var.network
+  subnetwork              = var.subnetwork
+  tags                    = var.tags
+  use_os_login            = var.use_os_login
+  wait_to_add_ssh_keys    = var.wait_to_add_ssh_keys
 }
 
 build {
@@ -93,10 +93,15 @@ build {
     destination = "/tmp/install_kms_redhat.sh"
   }
 
+  provisioner "file" {
+    source      = "../rhel9/cosmian_kms_server"
+    destination = "/tmp/cosmian_kms"
+  }
+
   provisioner "shell" {
     inline = [
       "chmod +x /tmp/install_kms_redhat.sh",
       "sudo /tmp/install_kms_redhat.sh"
-    ]    
+    ]
   }
 }

packer/gcp-sev-ubuntu.pkr.hcl

@@ -70,19 +70,19 @@ variable "ubuntu_source_image_family" {
 }
 
 source "googlecompute" "ubuntu" {
-  project_id             = var.project_id
-  source_image           = var.ubuntu_source_image
-  source_image_family    = var.ubuntu_source_image_family
-  zone                   = var.zone
-  ssh_username           = var.ssh_username
-  ssh_timeout            = var.ssh_timeout
-  image_name             = local.ubuntu_ami_name
+  project_id              = var.project_id
+  source_image            = var.ubuntu_source_image
+  source_image_family     = var.ubuntu_source_image_family
+  zone                    = var.zone
+  ssh_username            = var.ssh_username
+  ssh_timeout             = var.ssh_timeout
+  image_name              = local.ubuntu_ami_name
   image_guest_os_features = var.image_guest_os_features
-  network                = var.network
-  subnetwork             = var.subnetwork
-  tags                   = var.tags
-  use_os_login           = var.use_os_login
-  wait_to_add_ssh_keys   = var.wait_to_add_ssh_keys
+  network                 = var.network
+  subnetwork              = var.subnetwork
+  tags                    = var.tags
+  use_os_login            = var.use_os_login
+  wait_to_add_ssh_keys    = var.wait_to_add_ssh_keys
 }
 
 build {
@@ -93,10 +93,15 @@ build {
     destination = "/tmp/install_kms_ubuntu.sh"
   }
 
+  provisioner "file" {
+    source      = "../ubuntu_22_04/cosmian_kms_server"
+    destination = "/tmp/cosmian_kms"
+  }
+
   provisioner "shell" {
     inline = [
       "chmod +x /tmp/install_kms_ubuntu.sh",
       "sudo /tmp/install_kms_ubuntu.sh"
-    ]    
+    ]
   }
 }

scripts/install_kms_redhat.sh

@@ -1,16 +1,14 @@
 #!/bin/bash
 
-set +x
+set +xe
 
 # Update packages and install dependencies
-yum update -y && yum install -y unzip nginx
+yum update -y && yum install -y nginx
 
-# Download KMS zip file
-curl -o kms-rhel9.zip https://package.cosmian.com/kms/last_build/rhel9.zip
-# curl -o kms-rhel9.zip https://package.cosmian.com/kms/4.12.0/rhel9.zip
-
-# Extract content and copy the executable
-unzip kms-rhel9.zip && cp rhel9/cosmian_kms_server /usr/local/sbin/cosmian_kms && chmod 755 /usr/local/sbin/cosmian_kms && rm -rf rhel9.zip rhel9/
+# Copy the executable
+mkdir -p /usr/local/sbin/
+mv /tmp/cosmian_kms /usr/local/sbin/cosmian_kms
+chmod 755 /usr/local/sbin/cosmian_kms
 
 # Configure Supervisor
 cat >/etc/supervisord.d/cosmian_kms.ini <<EOF
@@ -41,7 +39,7 @@ app_storage = "data/app"
 EOF
 
 # Configure Nginx
-cat >/etc/nginx/conf.d/default.conf << 'EOF'
+cat >/etc/nginx/conf.d/default.conf <<'EOF'
 server {
         listen 80 default_server;
 

scripts/install_kms_ubuntu.sh

@@ -1,17 +1,16 @@
 #!/bin/bash
 
-set +x
+set +xe
 
 export DEBIAN_FRONTEND=noninteractive
 
 # Update packages and install dependencies
-apt-get update && apt-get install --no-install-recommends -y unzip nginx && apt-get clean && rm -rf /var/lib/apt/lists/*
+apt-get update && apt-get install --no-install-recommends -y nginx && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-# Download KMS zip file
-curl -o kms-ubuntu-22_04.zip https://package.cosmian.com/kms/4.12.0/ubuntu_22_04.zip
-
-# Extract content and copy the executable
-unzip kms-ubuntu-22_04.zip && cp ubuntu_22_04/cosmian_kms_server /usr/local/sbin/cosmian_kms && chmod 755 /usr/local/sbin/cosmian_kms && rm -rf kms-ubuntu-22_04.zip ubuntu_22_04/
+# Copy the executable
+mkdir -p /usr/local/sbin/
+mv /tmp/cosmian_kms /usr/local/sbin/cosmian_kms
+chmod 755 /usr/local/sbin/cosmian_kms
 
 # Configure Supervisor
 cat >/etc/supervisor/conf.d/cosmian_kms.conf <<EOF
@@ -42,7 +41,7 @@ app_storage = "data/app"
 EOF
 
 # Configure Nginx
-cat >/etc/nginx/sites-enabled/default << 'EOF'
+cat >/etc/nginx/sites-enabled/default <<'EOF'
 server {
         listen 80 default_server;