Compare commits

..

5 Commits

Author SHA1 Message Date
Thomas 64e95f63e0
Update issue templates (#284)
* Update issue templates

* Create package.md
2021-06-19 22:20:03 +12:00
Thomas Hobson 6a368cf66f
ci: ensure README contains all packages in repo (#283) 2021-06-19 21:58:19 +12:00
Thomas Hobson c011f212d4
Merge branch 'master' of github.com:engineer-man/piston 2021-06-19 21:24:51 +12:00
Thomas Hobson 2c5ec5f7ec
Add container customizer (#280) 2021-06-19 21:24:28 +12:00
dc 95f9628abb
Added cobol and raku to the languages list. (#282) 2021-06-19 20:46:51 +12:00
7 changed files with 170 additions and 54 deletions

View File

@ -0,0 +1,10 @@
---
name: Language Request
about: Template for requesting language support
title: Add [insert language name here]
labels: package
assignees: ''
---
Provide links to different compilers/interpreters that could be used to implement this language, and discuss pros/cons of each.

View File

@ -0,0 +1,10 @@
Checklist:
* [ ] The package builds locally with `./piston build-pkg [package] [version]`
* [ ] The package installs with `./piston ppman install [package]=[version]`
* [ ] The package runs the test code with `./piston run [package] -l [version] packages/[package]/[version]/test.*`
* [ ] Package files are placed in the correct directory
* [ ] No old package versions are removed
* [ ] All source files are deleted in the `build.sh` script
* [ ] `metadata.json`'s `language` and `version` fields match the directory path
* [ ] Any extensions the language may use are set as aliases
* [ ] Any alternative names the language is referred to are set as aliases.

View File

@ -1,4 +1,4 @@
name: 'Package Pull Requests' name: "Package Pull Requests"
on: on:
pull_request: pull_request:
@ -8,9 +8,30 @@ on:
- reopened - reopened
- synchronize - synchronize
paths: paths:
- 'packages/**' - "packages/**"
jobs: jobs:
check-pkg:
name: Validate README
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Get list of changed files
uses: lots0logs/gh-action-get-changed-files@2.1.4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Ensure README was updated
run: |
MISSING_LINES=$(comm -23 <(jq 'if .provides then .provides[].language else .language end' -r $(find packages -name "metadata.json" ) | sed -e 's/^/`/g' -e 's/$/`,/g' | sort -u) <(awk '/# Supported Languages/{flag=1; next} /<br>/{flag=0} flag' readme.md | sort -u))
[[ $(echo $MISSING_LINES | wc -c) = "1" ]] && exit 0
echo "README has supported languages missing: "
comm -23 <(jq 'if .provides then .provides[].language else .language end' -r $(find packages -name "metadata.json" ) | sed -e 's/^/`/g' -e 's/$/`,/g' | sort -u) <(awk '/# Supported Languages/{flag=1; next} /<br>/{flag=0} flag' readme.md | sort -u)
exit 1
build-pkg: build-pkg:
name: Check that package builds name: Check that package builds
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -43,7 +64,6 @@ jobs:
name: packages name: packages
path: packages/*.pkg.tar.gz path: packages/*.pkg.tar.gz
test-pkg: test-pkg:
name: Test package name: Test package
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -109,17 +129,8 @@ jobs:
done done
done done
- name: Dump logs - name: Dump logs
if: ${{ always() }} if: ${{ always() }}
run: | run: |
docker logs api docker logs api
docker logs repo docker logs repo

1
builder/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
build

2
builder/Dockerfile Normal file
View File

@ -0,0 +1,2 @@
FROM ghcr.io/engineer-man/piston:latest
ADD . /piston/packages/

61
builder/build.sh Executable file
View File

@ -0,0 +1,61 @@
#!/usr/bin/env bash
# Build a container using the spec file provided
help_msg(){
echo "Usage: $0 [specfile] [tag]"
echo
echo "$1"
exit 1
}
cleanup(){
echo "Exiting..."
docker stop builder_piston_instance && docker rm builder_piston_instance
}
fetch_packages(){
local port=$((5535 + $RANDOM % 60000))
mkdir build
# Start a piston container
docker run \
-v "$PWD/build":'/piston/packages' \
--tmpfs /piston/jobs \
-dit \
-p $port:2000 \
--name builder_piston_instance \
ghcr.io/engineer-man/piston
# Ensure the CLI is installed
cd ../cli
npm i
cd -
# Evalulate the specfile
../cli/index.js -u "http://127.0.0.1:$port" ppman spec $1
}
build_container(){
docker build -t $1 -f "$(dirname $0)/Dockerfile" "$PWD/build"
}
SPEC_FILE=$1
TAG=$2
[ -z "$SPEC_FILE" ] && help_msg "specfile is required"
[ -z "$TAG" ] && help_msg "tag is required"
[ -f "$SPEC_FILE" ] || help_msg "specfile does not exist"
which node || help_msg "nodejs is required"
which npm || help_msg "npm is required"
trap cleanup EXIT
fetch_packages $SPEC_FILE
build_container $TAG
echo "Start your custom piston container with"
echo "$ docker run --tmpfs /piston/jobs -dit -p 2000:2000 $TAG"

View File

@ -37,6 +37,7 @@
</h4> </h4>
--- ---
<br> <br>
# About # About
@ -49,16 +50,19 @@
<br> <br>
It's used in numerous places including: It's used in numerous places including:
* [EMKC Challenges](https://emkc.org/challenges)
* [EMKC Weekly Contests](https://emkc.org/contests) - [EMKC Challenges](https://emkc.org/challenges)
* [Engineer Man Discord Server](https://discord.gg/engineerman) - [EMKC Weekly Contests](https://emkc.org/contests)
* Web IDEs - [Engineer Man Discord Server](https://discord.gg/engineerman)
* 200+ direct integrations - Web IDEs
- 200+ direct integrations
<br> <br>
### Official Extensions ### Official Extensions
The following are approved and endorsed extensions/utilities to the core Piston offering. The following are approved and endorsed extensions/utilities to the core Piston offering.
- [I Run Code](https://github.com/engineer-man/piston-bot), a Discord bot used in 4100+ servers to handle arbitrary code evaluation in Discord. To get this bot in your own server, go here: https://emkc.org/run. - [I Run Code](https://github.com/engineer-man/piston-bot), a Discord bot used in 4100+ servers to handle arbitrary code evaluation in Discord. To get this bot in your own server, go here: https://emkc.org/run.
- [Piston CLI](https://github.com/Shivansh-007/piston-cli), a universal shell supporting code highlighting, files, and interpretation without the need to download a language. - [Piston CLI](https://github.com/Shivansh-007/piston-cli), a universal shell supporting code highlighting, files, and interpretation without the need to download a language.
@ -72,13 +76,15 @@ The following are approved and endorsed extensions/utilities to the core Piston
<br> <br>
When using the public Piston API, use the following two URLs: When using the public Piston API, use the following two URLs:
``` ```
GET https://emkc.org/api/v2/piston/runtimes GET https://emkc.org/api/v2/piston/runtimes
POST https://emkc.org/api/v2/piston/execute POST https://emkc.org/api/v2/piston/execute
``` ```
> Important Note: The Piston API is rate limited to 5 requests per second. If you have a need for more requests than that > Important Note: The Piston API is rate limited to 5 requests per second. If you have a need for more requests than that
and it's for a good cause, please reach out to me (EngineerMan#0001) on [Discord](https://discord.gg/engineerman) > and it's for a good cause, please reach out to me (EngineerMan#0001) on [Discord](https://discord.gg/engineerman)
so we can discuss potentially getting you an unlimited key. > so we can discuss potentially getting you an unlimited key.
<br> <br>
@ -172,11 +178,13 @@ The container exposes an API on port 2000 by default.
This is used by the CLI to carry out running jobs and package management. This is used by the CLI to carry out running jobs and package management.
#### Runtimes Endpoint #### Runtimes Endpoint
`GET /api/v2/runtimes` `GET /api/v2/runtimes`
This endpoint will return the supported languages along with the current version and aliases. To execute This endpoint will return the supported languages along with the current version and aliases. To execute
code for a particular language using the `/api/v2/execute` endpoint, either the name or one of the aliases must code for a particular language using the `/api/v2/execute` endpoint, either the name or one of the aliases must
be provided, along with the version. be provided, along with the version.
Multiple versions of the same language may be present at the same time, and may be selected when running a job. Multiple versions of the same language may be present at the same time, and may be selected when running a job.
```json ```json
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-Type: application/json Content-Type: application/json
@ -201,19 +209,21 @@ Content-Type: application/json
``` ```
#### Execute Endpoint #### Execute Endpoint
`POST /api/v2/execute` `POST /api/v2/execute`
This endpoint requests execution of some arbitrary code. This endpoint requests execution of some arbitrary code.
- `language` (**required**) The language to use for execution, must be a string and must be installed. - `language` (**required**) The language to use for execution, must be a string and must be installed.
- `version` (**required**) The version of the language to use for execution, must be a string containing a SemVer selector for the version or the specific version number to use. - `version` (**required**) The version of the language to use for execution, must be a string containing a SemVer selector for the version or the specific version number to use.
- `files` (**required**) An array of files containing code or other data that should be used for execution. The first file in this array is considered the main file. - `files` (**required**) An array of files containing code or other data that should be used for execution. The first file in this array is considered the main file.
- `files[].name` (*optional*) The name of the file to upload, must be a string containing no path or left out. - `files[].name` (_optional_) The name of the file to upload, must be a string containing no path or left out.
- `files[].content` (**required**) The content of the files to upload, must be a string containing text to write. - `files[].content` (**required**) The content of the files to upload, must be a string containing text to write.
- `stdin` (*optional*) The text to pass as stdin to the program. Must be a string or left out. Defaults to blank string. - `stdin` (_optional_) The text to pass as stdin to the program. Must be a string or left out. Defaults to blank string.
- `args` (*optional*) The arguments to pass to the program. Must be an array or left out. Defaults to `[]`. - `args` (_optional_) The arguments to pass to the program. Must be an array or left out. Defaults to `[]`.
- `compile_timeout` (*optional*) The maximum time allowed for the compile stage to finish before bailing out in milliseconds. Must be a number or left out. Defaults to `10000` (10 seconds). - `compile_timeout` (_optional_) The maximum time allowed for the compile stage to finish before bailing out in milliseconds. Must be a number or left out. Defaults to `10000` (10 seconds).
- `run_timeout` (*optional*) The maximum time allowed for the run stage to finish before bailing out in milliseconds. Must be a number or left out. Defaults to `3000` (3 seconds). - `run_timeout` (_optional_) The maximum time allowed for the run stage to finish before bailing out in milliseconds. Must be a number or left out. Defaults to `3000` (3 seconds).
- `compile_memory_limit` (*optional*) The maximum amount of memory the compile stage is allowed to use in bytes. Must be a number or left out. Defaults to `-1` (no limit) - `compile_memory_limit` (_optional_) The maximum amount of memory the compile stage is allowed to use in bytes. Must be a number or left out. Defaults to `-1` (no limit)
- `run_memory_limit` (*optional*) The maximum amount of memory the run stage is allowed to use in bytes. Must be a number or left out. Defaults to `-1` (no limit) - `run_memory_limit` (_optional_) The maximum amount of memory the run stage is allowed to use in bytes. Must be a number or left out. Defaults to `-1` (no limit)
```json ```json
{ {
@ -226,22 +236,20 @@ This endpoint requests execution of some arbitrary code.
} }
], ],
"stdin": "", "stdin": "",
"args": [ "args": ["1", "2", "3"],
"1",
"2",
"3"
],
"compile_timeout": 10000, "compile_timeout": 10000,
"run_timeout": 3000, "run_timeout": 3000,
"compile_memory_limit": -1, "compile_memory_limit": -1,
"run_memory_limit": -1 "run_memory_limit": -1
} }
``` ```
A typical response upon successful execution will contain 1 or 2 keys `run` and `compile`. A typical response upon successful execution will contain 1 or 2 keys `run` and `compile`.
`compile` will only be present if the language requested requires a compile stage. `compile` will only be present if the language requested requires a compile stage.
Each of these keys has an identical structure, containing both a `stdout` and `stderr` key, which is a string containing the text outputted during the stage into each buffer. Each of these keys has an identical structure, containing both a `stdout` and `stderr` key, which is a string containing the text outputted during the stage into each buffer.
It also contains the `code` and `signal` which was returned from each process. It also contains the `code` and `signal` which was returned from each process.
```json ```json
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-Type: application/json Content-Type: application/json
@ -260,6 +268,7 @@ Content-Type: application/json
``` ```
If a problem exists with the request, a `400` status code is returned and the reason in the `message` key. If a problem exists with the request, a `400` status code is returned and the reason in the `message` key.
```json ```json
HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request
Content-Type: application/json Content-Type: application/json
@ -272,39 +281,45 @@ Content-Type: application/json
<br> <br>
# Supported Languages # Supported Languages
`awk`,
`bash`, `bash`,
`brainfuck`, `brainfuck`,
`c`,
`c++`,
`cjam`, `cjam`,
`clojure`, `clojure`,
`cobol`,
`coffeescript`, `coffeescript`,
`cow`, `cow`,
`crystal`, `crystal`,
`csharp`,
`d`,
`dart`, `dart`,
`dash`, `dash`,
`deno`,
`dotnet`, `dotnet`,
`dragon`, `dragon`,
`elixir`, `elixir`,
`emacs`, `emacs`,
`erlang`, `erlang`,
`gawk`, `fortran`,
`gcc`,
`go`, `go`,
`golfscript`, `golfscript`,
`groovy`, `groovy`,
`haskell`, `haskell`,
`java`, `java`,
`javascript`,
`jelly`, `jelly`,
`julia`, `julia`,
`kotlin`, `kotlin`,
`lisp`, `lisp`,
`lolcode`, `lolcode`,
`lua`, `lua`,
`mono`,
`nasm`, `nasm`,
`nasm64`,
`nim`, `nim`,
`node`,
`ocaml`, `ocaml`,
`octave`,
`osabie`, `osabie`,
`paradoc`, `paradoc`,
`pascal`, `pascal`,
@ -313,7 +328,10 @@ Content-Type: application/json
`ponylang`, `ponylang`,
`prolog`, `prolog`,
`pure`, `pure`,
`pyth`,
`python`, `python`,
`python2`,
`raku`,
`rockstar`, `rockstar`,
`ruby`, `ruby`,
`rust`, `rust`,
@ -336,9 +354,11 @@ The source file is either ran or compiled and ran (in the case of languages like
<br> <br>
# Security # Security
Docker provides a great deal of security out of the box in that it's separate from the system. Docker provides a great deal of security out of the box in that it's separate from the system.
Piston takes additional steps to make it resistant to Piston takes additional steps to make it resistant to
various privilege escalation, denial-of-service, and resource saturation threats. These steps include: various privilege escalation, denial-of-service, and resource saturation threats. These steps include:
- Disabling outgoing network interaction - Disabling outgoing network interaction
- Capping max processes at 256 by default (resists `:(){ :|: &}:;`, `while True: os.fork()`, etc.) - Capping max processes at 256 by default (resists `:(){ :|: &}:;`, `while True: os.fork()`, etc.)
- Capping max files at 2048 (resists various file based attacks) - Capping max files at 2048 (resists various file based attacks)
@ -351,4 +371,5 @@ various privilege escalation, denial-of-service, and resource saturation threats
<br> <br>
# License # License
Piston is licensed under the MIT license. Piston is licensed under the MIT license.