feat: add machine charm config

.github/workflows/deploy.yaml

@@ -11,7 +11,7 @@ env:
   ROCKCRAFT_ENABLE_EXPERIMENTAL_EXTENSIONS: true
 
 jobs:
-  pack-charm:
+  pack-k8s-charm:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
@@ -25,15 +25,37 @@ jobs:
 
       - name: Pack charm
         run: |
-          cd charm
+          cd k8s-charm
           charmcraft pack -v --project-dir ./
 
       - name: Upload charm
         uses: actions/upload-artifact@v4
         with:
           name: ubuntu-security-api-charm
-          path: ./charm/*.charm
+          path: ./k8s-charm/*.charm
 
+  pack-machine-charm:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Setup LXD
+        uses: canonical/setup-lxd@main
+
+      - name: Setup Charmcraft
+        run: sudo snap install charmcraft --classic --channel=latest/edge
+
+      - name: Pack charm
+        run: |
+          cd machine-charm
+          charmcraft pack -v --project-dir ./
+
+      - name: Upload charm
+        uses: actions/upload-artifact@v4
+        with:
+          name: ubuntu-security-api-charm
+          path: ./machine-charm/*.charm
   pack-rock:
     runs-on: ubuntu-latest
     steps:

.github/workflows/download-artifacts.yaml

@@ -0,0 +1,70 @@
+name: Download Artifacts
+
+on:
+  push:
+    branches:
+      - airgapped-charm
+  schedule:
+    - cron: '0 * * * *'
+  workflow_dispatch:
+
+jobs:
+  generate-and-upload-artifacts:
+    runs-on:
+      [self-hosted, self-hosted-linux-amd64-jammy-private-endpoint-medium]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          python3 -m pip install --upgrade pip
+          pip install beautifulsoup4 requests
+
+      - name: Run artifact generation script
+        run: python3 scripts/download-artifacts.py --dest "$PWD"
+
+      - name: Upload apt news
+        uses: actions/upload-artifact@v4
+        with:
+          name: apt-news
+          path: apt_news.tar.gz
+          retention-days: 1
+          if-no-files-found: error
+
+      - name: Upload CVE data
+        uses: actions/upload-artifact@v4
+        with:
+          name: oval-notices-data
+          path: oval_notices.tar.gz
+          retention-days: 1
+          if-no-files-found: error
+
+      - name: Create database dump
+        env:
+          DATABASE_URI: ${{ secrets.DATABASE_URI }}
+        run: |
+          # Install PostgreSQL client
+          sudo apt-get update && sudo apt-get install --no-install-recommends -y postgresql-client
+          echo "Creating database dump..."
+          if [ -z "$DATABASE_URI" ]; then echo "DATABASE_URI not set"; exit 1; fi
+          pg_dump "$DATABASE_URI" -Fc | gzip > database_dump.sql.gz
+          echo "Database dump created."
+
+      - name: Upload database dump
+        uses: actions/upload-artifact@v4
+        with:
+          name: database-dump
+          path: database_dump.sql.gz
+          retention-days: 1
+          if-no-files-found: error
+
+concurrency:
+  group: download-artifacts
+  cancel-in-progress: true

.gitignore

@@ -48,6 +48,7 @@ _site/
 *.*.map
 *.charm
 *.rock
+*.tar.gz
 
 # [env] Local environment settings
 .docker-project

README.md

@@ -4,6 +4,8 @@ API functions under ubuntu.com for querying CVEs and security notices.
 
 <!-- To check the API documentation go to https://ubuntu.com/security/api/docs. -->
 
+For deploying this API as a Juju machine charm, see the [machine-charm README](machine-charm/README.md).
+
 ## Local development
 
 The simplest way to run the API locally is using [the dotrun snap](https://github.com/canonical-web-and-design/dotrun):
@@ -120,4 +122,34 @@ You'll get a 302 link which you should open to grant authorization, as well as a
 To use the token, pass the following header: 
 ```bash
 curl -v -H "Auth-Type: oauth" -H "Authorization: Bearer <Auth-Token>" -X PUT --data @<file_path> http://0.0.0.0:8030/security/updates/cves.json
-```
+```
+
+## Downloading artifacts
+
+The `scripts/download-artifacts.py` script downloads the latest apt news and OVAL notices from their respective sources and packages them as `.tar.gz` files.
+
+### Dependencies
+
+This script requires the `beautifulsoup4` package:
+
+```bash
+pip install beautifulsoup4
+```
+
+### Usage
+
+```bash
+python scripts/download-artifacts.py --dest /path/to/destination
+```
+
+By default, files are downloaded to `/tmp/`. The script will:
+
+1. Download the latest apt news from the [Ubuntu MOTD API](https://motd.ubuntu.com/aptnews.json) and save it as `apt_news.tar.gz`
+2. Download all OVAL notices from the [Canonical security metadata service](https://security-metadata.canonical.com/oval/) and package them into `oval_notices.tar.gz`
+
+### Environment variables
+
+| Variable | Default | Description |
+| --- | --- | --- |
+| `APT_MOTD_URL` | `https://motd.ubuntu.com/aptnews.json` | URL for the apt news JSON endpoint |
+| `OVAL_NEWS_URL` | `https://security-metadata.canonical.com` | Base URL for the OVAL notices XML endpoint |