From 03a0601d6784d494bd5543dd4a4876d96acc28bd Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 17 Feb 2022 22:47:55 +0800 Subject: [PATCH 1/2] chore: update readme --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index b4dd7b40..4ecfea5f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,29 @@ # Lagoon SSH Portal +[![Release](https://github.com/uselagoon/lagoon-ssh-portal/actions/workflows/release.yaml/badge.svg)](https://github.com/uselagoon/lagoon-ssh-portal/actions/workflows/release.yaml) +[![Coverage](https://coveralls.io/repos/github/uselagoon/lagoon-ssh-portal/badge.svg?branch=main)](https://coveralls.io/github/uselagoon/lagoon-ssh-portal?branch=main) +[![Go Report Card](https://goreportcard.com/badge/github.com/uselagoon/lagoon-ssh-portal)](https://goreportcard.com/report/github.com/uselagoon/lagoon-ssh-portal) + This is an experimental cluster-local SSH service for [Lagoon](https://github.com/uselagoon/lagoon). + +## Architecture + +This git repository comprises two services: `service-api`, and `ssh-portal`. +These two services communicate over a backend messaging system. +Currently the message system used is [NATS](https://nats.io/). + +### Service API + +`service-api` is part of Lagoon Core, and serves requests from other Lagoon components such as the SSH portal, which may be in a remote cluster. + +`service-api` is explicitly _not_ a public API and makes no guarantees about compatiblity. +It is _only_ designed to cater to the requirements of other internal Lagoon services. + +### SSH Portal + +`ssh-portal` is part of Lagoon Remote, and implements an SSH server which connects incoming SSH sessions with pods running in the cluster. +To perform authentication it communicates back to `service-api` running in Lagoon Core, which responds with a true/false if the SSH key is valid for the requested Lagoon environment. + +`ssh-portal` implements shell access with service and container selection [as described in the Lagoon documentation](https://docs.lagoon.sh/using-lagoon-advanced/ssh/#ssh-into-a-pod), but it does not implement token generation. + +Unlike the existing Lagoon SSH service, `ssh-portal` _only_ provides access to Lagoon environments running in the local cluster. From 5afbd579892814e982c37652e2f2314eea1199ed Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 17 Feb 2022 22:48:14 +0800 Subject: [PATCH 2/2] chore: add test coverage to CI --- .github/workflows/coverage.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/coverage.yaml diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml new file mode 100644 index 00000000..f1fff83c --- /dev/null +++ b/.github/workflows/coverage.yaml @@ -0,0 +1,33 @@ +name: Coverage +on: + push: + branches: + - main + +jobs: + coverage: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + - name: Configure git + run: | + git config --global user.name "$GITHUB_ACTOR" + git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Set up go + uses: actions/setup-go@v2 + with: + go-version: "^1.16" + - name: Install Dependencies + run: sudo apt-get update && sudo apt-get -u install libpcsclite-dev + - name: Calculate coverage + run: | + go test -v -covermode=count -coverprofile=coverage.out.raw -coverpkg=./... ./... + grep -v mock_ coverage.out.raw > coverage.out + - name: Convert coverage to lcov + uses: jandelgado/gcov2lcov-action@v1.0.8 + - name: Coveralls + uses: coverallsapp/github-action@1.1.3 + with: + github-token: ${{ secrets.github_token }} + path-to-lcov: coverage.lcov