Added and adapted jinja2 templates for tracks with a build container.

Author: MOBergeron

.github/workflows/tests.yml

@@ -160,7 +160,7 @@ jobs:
       - name: Test deployment looping through tracks
         working-directory: test-ctf
         run: |
-          IFS=" " read -r -a tracks <<< "$(python3 -c 'from ctf.utils import get_all_available_tracks,validate_track_can_be_deployed;print(str([t for t in get_all_available_tracks() if validate_track_can_be_deployed(t)]).strip("[]\x27").replace("\x27, \x27"," "))')"
+          IFS=" " read -r -a tracks <<< "$(python3 -c 'from ctf.utils import get_all_available_tracks,validate_track_can_be_deployed;print(str([t.name for t in get_all_available_tracks() if validate_track_can_be_deployed(t)]).strip("[]\x27").replace("\x27, \x27"," "))')"
 
           [ "${#tracks[@]}" -eq 0 ] && exit 1
 

ctf/generate.py

@@ -49,7 +49,7 @@ def generate(
         track
         for track in get_all_available_tracks()
         if validate_track_can_be_deployed(track=track)
-        and (not tracks or track in tracks)
+        and (not tracks or track.name in tracks)
     )
 
     if distinct_tracks:

ctf/new.py

@@ -39,6 +39,13 @@ def new(
             help="If directory already exists, delete it and create it again.",
         ),
     ] = False,
+    with_build_container: Annotated[
+        bool,
+        typer.Option(
+            "--with-build",
+            help="If a build container is required.",
+        ),
+    ] = False,
 ) -> None:
     LOG.info(msg=f"Creating a new track: {name}")
     if not re.match(pattern=r"^[a-z][a-z0-9\-]{0,61}[a-z0-9]$", string=name):
@@ -175,6 +182,7 @@ def new(
             "ipv6": ipv6_address,
             "ipv6_subnet": ipv6_subnet,
             "full_ipv6_address": full_ipv6_address,
+            "with_build": with_build_container,
         }
     )
     with open(
@@ -212,7 +220,9 @@ def new(
     LOG.debug(msg=f"Directory {ansible_directory} created.")
 
     track_template = env.get_template(name=os.path.join(template, "deploy.yaml.j2"))
-    render = track_template.render(data={"name": name})
+    render = track_template.render(
+        data={"name": name, "with_build": with_build_container}
+    )
     with open(
         file=(p := os.path.join(ansible_directory, "deploy.yaml")),
         mode="w",
@@ -222,8 +232,23 @@ def new(
 
     LOG.debug(msg=f"Wrote {p}.")
 
+    if with_build_container:
+        track_template = env.get_template(name=os.path.join("common", "build.yaml.j2"))
+        render = track_template.render(
+            data={"name": name, "with_build": with_build_container}
+        )
+        with open(
+            file=(p := os.path.join(ansible_directory, "build.yaml")),
+            mode="w",
+            encoding="utf-8",
+        ) as f:
+            f.write(render)
+        LOG.debug(msg=f"Wrote {p}.")
+
     track_template = env.get_template(name=os.path.join("common", "inventory.j2"))
-    render = track_template.render(data={"name": name})
+    render = track_template.render(
+        data={"name": name, "with_build": with_build_container}
+    )
     with open(
         file=(p := os.path.join(ansible_directory, "inventory")),
         mode="w",

ctf/templates/init/.deploy/cleanup.yaml

@@ -1,5 +1,5 @@
 - name: Pre-deployment system cleanup
-  hosts: all
+  hosts: all,!build
   order: shuffle
   gather_facts: false
   any_errors_fatal: true

ctf/templates/init/.deploy/common.yaml

@@ -1,5 +1,5 @@
 - name: Pre-deployment Common
-  hosts: all
+  hosts: all,!build
   order: shuffle
   gather_facts: false
   any_errors_fatal: true

ctf/templates/init/.deploy/common/variables.tf

@@ -8,6 +8,12 @@ variable "deploy" {
   type    = string
 }
 
+variable "build_container" {
+  default = false
+  type    = bool
+}
+
+
 locals {
   track = yamldecode(file("${path.module}/../track.yaml"))
 }

ctf/templates/new/apache-php/deploy.yaml.j2

@@ -2,7 +2,7 @@
 
 # Example on how to run stuff on all hosts of the track
 - name: "Install Apache2 and PHP on each host"
-  hosts: "*"
+  hosts: all{% if data.with_build %},!build{% endif %}
   vars_files:
     - ../track.yaml
   tasks:
@@ -16,7 +16,7 @@
         value: "{{ '{{ item.flag }}' }}"
       ansible.builtin.set_fact:
         track_flags: "{{ '{{ track_flags | default({}) | combine({key: value}) }}' }}"
-        
+
     - name: Initial System Upgrade
       ansible.builtin.apt:
         update_cache: true
@@ -57,7 +57,7 @@
 
 # Configure Apache to restart automatically on all hosts
 - name: "Configure Apache2 on each host and restart it"
-  hosts: "*"
+  hosts: all{% if data.with_build %},!build{% endif %}
   tasks:
     - name: Restart Apache2 on failure
       ansible.builtin.replace:
@@ -69,4 +69,13 @@
       ansible.builtin.service:
         name: apache2
         state: restarted
-        
+{% if data.with_build %}
+    # When using a build container, the unarchive module can be used to install the content on the remote.
+    - name: Unarchive the content of the build
+      ansible.builtin.unarchive:
+        src: /tmp/build.tar
+        dest: /tmp/
+        owner: root
+        group: root
+        mode: '0755'
+{% endif %}

ctf/templates/new/common/build.yaml.j2

@@ -0,0 +1,60 @@
+- name: "Build container"
+  hosts: "build-container"
+  vars_files:
+    - ../track.yaml
+  tasks:
+    - name: "Load flags"
+      loop: "{{ '{{ flags }}' }}"
+      vars:
+        key: "{{ '{{ (item.tags).discourse }}' }}"
+        value: "{{ '{{ item.flag }}' }}"
+      ansible.builtin.set_fact:
+        track_flags: "{{ '{{ track_flags | default({}) | combine({key: value}) }}' }}"
+
+    - name: Initial System Upgrade
+      ansible.builtin.apt:
+        update_cache: true
+        install_recommends: false
+        upgrade: full
+
+    # Install tools to compile/build the track
+    - name: Install GCC
+      ansible.builtin.apt:
+        name:
+          - gcc
+        state: present
+
+    # Copy the challenge on the container
+    - name: Create main.c
+      ansible.builtin.copy:
+        dest: /tmp/main.c
+        mode: '0644'
+        owner: root
+        group: root
+        content: |
+          #include <stdio.h>
+
+          int main() {
+            printf("{{ '{{' }} track_flags.{{ data.name | replace("-","_") }}_flag_1 {{ '}}' }} (1/1)");
+            return 0;
+          }
+
+    # Compile the program
+    - name: Build main program
+      ansible.builtin.command: gcc /tmp/main.c -o /tmp/main
+      changed_when: false
+
+    # Create a TAR archive with the compiled program
+    - name: Create archive of build
+      community.general.archive:
+        path: /tmp/main
+        dest: /tmp/build.tar
+        format: tar
+        mode: '0644'
+
+    # Extract the archive from the build container and save it on the local host
+    - name: Fetch archive
+      ansible.builtin.fetch:
+        src: /tmp/build.tar
+        dest: /tmp/
+        flat: true

ctf/templates/new/common/inventory.j2

@@ -15,3 +15,9 @@ all:
     ansible_incus_project: {{ data.name }}
 
     # Add variables if needed here.
+{% if data.with_build %}
+build:
+  hosts:
+    build-container:
+      ansible_incus_host: build-container
+{% endif %}

ctf/templates/new/common/main.tf.j2

@@ -105,15 +105,15 @@ resource "incus_instance" "this" {
     ignore_changes = [running]
   }
 }
-
+{% if data.with_build %}
 # AUTOGENERATED - No need to change this section #
 resource "incus_instance" "build_container" {
   count = var.build_container ? 1 : 0
 
   remote  = var.incus_remote
   project = incus_project.this.name
 
-  name = "build_container"
+  name = "build-container"
 
   image    = "images:ubuntu/24.04"
   profiles = ["default"]
@@ -132,12 +132,24 @@ resource "incus_instance" "build_container" {
       "name"    = "eth0"
     }
   }
+  
+  device {
+    name = "root"
+    type = "disk"
+
+    properties = {
+      "pool" = "default"
+      "path" = "/"
+      # This limit should only be adjusted if you NEED more resources.
+      "size" = "1GiB"
+    }
+  }
 
   lifecycle {
     ignore_changes = [running]
   }
 }
-
+{% endif %}
 # AUTOGENERATED - No need to change this section #
 resource "incus_network_zone_record" "this" {
   remote = var.incus_remote