component-signal-sciences.yaml

name: 'Install Signal Sciences WAF'
description: 'This component installs the Fast.ly/SigSci repo, agent, and Apache module.'
schemaVersion: 1.0
parameters:
  - KeyUrl:
      type: string
      default: 'https://apt.signalsciences.net/release/gpgkey'
      description: 'SigSci GPG key url.'
  - KeyFile:
      type: string
      default: 'sigsci-stable-8BE1102F3A280DD7.pub.gpg'
      description: 'Key download file name.'
  - KeyChecksum:
      type: string
      default: '6180cb1762d56eb128f64bde9964dd16c81eb508b9a1762f94b139233e79d02f'
      description: 'Downloaded key SHA256 checksum.'
  - KeyRing:
      type: string
      default: '/etc/apt/keyrings'
      description: 'Local keyring.'
  - RepoUrl:
      type: string
      default: 'https://apt.signalsciences.net/release/ubuntu/'
      description: 'Repository url.'
  - RepoName:
      type: string
      default: 'focal'
      description: 'Respository name.'
  - RepoBranch:
      type: string
      default: 'main'
      description: 'Repository branch.'
  - SourcesListName:
      type: string
      default: 'sigsci-release.list'
      description: 'Sources list file name.'
  - PackageName:
      type: string
      default: 'sigsci-agent'
      description: 'Application package name.'
  - ModuleName:
      type: string
      default: 'sigsci-module-apache'
      description: 'Apache module name.'

phases:
  - name: build
    steps:
      - name: DownloadKey
        action: WebDownload
        onFailure: Abort
        maxAttempts: 3
        timeoutSeconds: 10
        inputs:
          - source: '{{ KeyUrl }}'
            checksum: '{{ KeyChecksum }}'
            algorithm: SHA256
            destination: '{{ KeyFile }}'
      - name: CreateKeyingDirectory
        action: CreateFolder
        onFailure: Ignore
        maxAttempts: 1
        inputs:
          - path: '{{ KeyRing }}'
            owner: root
            group: root
            permissions: '0755'
            overwrite: false
      - name: ConfigureKey
        action: ExecuteBash
        onFailure: Abort
        maxAttempts: 1
        inputs:
          commands:
            - |
              if $(file '{{ build.DownloadKey.inputs[0].destination }}' | grep -q 'PGP public key block Public-Key (old)'); then
                cat '{{ build.DownloadKey.inputs[0].destination }}' | gpg --dearmor > '{{ KeyRing }}/{{ KeyFile }}'
              else
                gpg_conversion=$(mktemp)
                gpg --no-default-keyring --keyring ${gpg_conversion} --import '{{ build.DownloadKey.inputs[0].destination }}'
                gpg --no-default-keyring --keyring ${gpg_conversion} --export --output '{{ KeyRing }}/{{ KeyFile }}'
                rm ${gpg_conversion}
              fi
      - name: ConfigureSourcesList
        action: ExecuteBash
        onFailure: Abort
        maxAttempts: 1
        inputs:
          commands:
            - echo 'deb [signed-by={{ KeyRing }}/{{ KeyFile }}] {{ RepoUrl }} {{ RepoName }} {{ RepoBranch }}' > '/etc/apt/sources.list.d/{{ SourcesListName }}'
      - name: UpdateRepos
        action: ExecuteBash
        onFailure: Abort
        maxAttempts: 1
        inputs:
          commands:
            - apt-get update
      - name: InstallPackage
        action: ExecuteBash
        onFailure: Abort
        maxAttempts: 3
        inputs:
          commands: 
            - apt-get install sigsci-agent
      - name: InstallAgent
        action: ExecuteBash
        onFailure: Abort
        maxAttempts: 3
        inputs:
          commands:
            - apt-get install sigsci-module-apache