Add support for gdk-build

Author: rawalexe

.gitignore

@@ -1,2 +1,5 @@
 build/
 .cache/
+# GDK
+zip-build/
+greengrass-build/

README.md

@@ -12,7 +12,9 @@ HTTPS, RDP, and VNC.
 1. [Build localproxy](docs/localproxy.md)
 2. [Build the component](docs/BUILD.md)
 3. [Set up AWS permissions](docs/deployment.md#prerequisites)
-4. [Deploy to your device](docs/deployment.md#local-deployment)
+4. Deploy to your device:
+   - [Local deployment](docs/deployment.md#local-deployment)
+   - [GDK deployment](docs/gdk.md) (recommended)
 5. [Create and use tunnels](docs/usage.md)
 
 ## Configuration

docs/BUILD.md

@@ -51,11 +51,21 @@ Or use the build script:
 ### Test Standalone
 
 ```sh
-./build/bin/secure-tunnel --help
+./build/bin/aws-greengrass-secure-tunnel --help
 ```
 
 ## Component Structure
 
+### For GDK deployment (recommended)
+
+Use the [GDK CLI](../docs/gdk.md) to build and publish:
+
+```sh
+gdk component build
+./gdk-build.sh
+gdk component publish
+```
+
 ### For local deployment
 
 For Greengrass Local deployment, create this directory hierarchy:
@@ -65,7 +75,7 @@ components
 ├── artifacts
 │   └── aws.greengrass.SecureTunneling
 │       └── 1.0.0
-│           ├── secure-tunnel
+│           ├── aws-greengrass-secure-tunnel
 │           └── localproxy
 └── recipes
     └── aws.greengrass.SecureTunneling-2.0.0.yaml
@@ -77,12 +87,12 @@ For Greengrass Cloud deployment, create a zip file with this structure:
 
 ```
 aws.greengrass.SecureTunneling-2.0.0.zip
-├── secure-tunnel
+├── aws-greengrass-secure-tunnel
 └── localproxy
 ```
 
 and then you can upload the zip to a S3 bucket.
 
-- `secure-tunnel`: Built binary from `./build/bin`
+- `aws-greengrass-secure-tunnel`: Built binary from `./build/bin`
 - `localproxy`: Binary from [localproxy.md](localproxy.md)
 - Recipe: Component configuration file

docs/deployment.md

@@ -79,8 +79,8 @@ journalctl -afu 'ggl.*'
 
 ## Cloud Deployment
 
-1. Use `recipe-all.yaml` (or `recipe.yaml` for architecture-specific builds) to
-   create a private component
+1. Use `recipe-prod.yaml` (gdk-cli to create and publish component) to create a
+   private component
 2. Create a new deployment in AWS IoT Greengrass
 3. Deploy to target devices
 

docs/gdk.md

@@ -0,0 +1,80 @@
+# GDK Deployment
+
+This guide covers deploying the component using the Greengrass Development Kit
+(GDK).
+
+## Prerequisites
+
+- [GDK CLI](https://github.com/aws-greengrass/aws-greengrass-gdk-cli) installed
+- AWS credentials configured
+- S3 bucket for component artifacts
+- Built binaries (see [BUILD.md](BUILD.md))
+
+Install GDK:
+
+```sh
+pip3 install git+https://github.com/aws-greengrass/aws-greengrass-gdk-cli.git@v1.6.0
+```
+
+## Configuration
+
+Edit `gdk-config.json`:
+
+```json
+{
+  "component": {
+    "aws.greengrass.SecureTunneling": {
+      "publish": {
+        "bucket": "your-bucket-name",
+        "region": "us-east-1"
+      }
+    }
+  }
+}
+```
+
+## Build
+
+Build the component and create the artifact zip:
+
+```sh
+gdk component build
+./gdk-build.sh
+```
+
+## Publish
+
+Upload to S3 and create the component version:
+
+```sh
+gdk component publish
+```
+
+## Deploy
+
+Create a deployment:
+
+```sh
+gdk component list  # Verify component is published
+```
+
+Then deploy via AWS Console or CLI:
+
+```sh
+aws greengrassv2 create-deployment \
+  --target-arn "arn:aws:iot:REGION:ACCOUNT:thing/THING_NAME" \
+  --components '{
+    "aws.greengrass.SecureTunneling": {
+      "componentVersion": "2.0.0"
+    }
+  }'
+```
+
+## Local Testing
+
+Test locally before publishing:
+
+```sh
+gdk test-e2e build
+gdk test-e2e run
+```

recipe-prod.yaml docs/recipe-prod.yamlrecipe-prod.yaml renamed to docs/recipe-prod.yaml

@@ -0,0 +1,34 @@
+#!/bin/bash
+set -e
+
+# Get version
+VERSION=$(cat version | tr -d '\n')
+
+# Check for localproxy
+if [ ! -f run/localproxy ]; then
+    echo "Error: run/localproxy not found. Please build localproxy first."
+    exit 1
+fi
+
+# Create artifact directory
+mkdir -p greengrass-build/artifacts/aws.greengrass.SecureTunneling/NEXT_PATCH
+
+# Copy binaries
+cp build/bin/aws-greengrass-secure-tunnel greengrass-build/artifacts/aws.greengrass.SecureTunneling/NEXT_PATCH/
+cp run/localproxy greengrass-build/artifacts/aws.greengrass.SecureTunneling/NEXT_PATCH/
+
+# Create zip
+cd greengrass-build/artifacts/aws.greengrass.SecureTunneling/NEXT_PATCH
+zip aws.greengrass.SecureTunneling.zip aws-greengrass-secure-tunnel localproxy
+rm aws-greengrass-secure-tunnel localproxy
+cd ../../../..
+
+# Generate recipe
+sed -e "s/{COMPONENT_NAME}/aws.greengrass.SecureTunneling/g" \
+    -e "s/{COMPONENT_VERSION}/$VERSION/g" \
+    -e "s|BUCKET_NAME|$(jq -r '.component."aws.greengrass.SecureTunneling".publish.bucket' gdk-config.json)|g" \
+    -e "s|COMPONENT_NAME|aws.greengrass.SecureTunneling|g" \
+    -e "s|COMPONENT_VERSION|$VERSION|g" \
+    recipe.yaml > greengrass-build/recipes/recipe.yaml
+
+echo "Build complete: greengrass-build/artifacts/aws.greengrass.SecureTunneling/NEXT_PATCH/aws.greengrass.SecureTunneling.zip"

gdk-build.sh

@@ -0,0 +1,21 @@
+{
+  "component": {
+    "aws.greengrass.SecureTunneling": {
+      "author": "AWS",
+      "version": "NEXT_PATCH",
+      "build": {
+        "build_system": "custom",
+        "custom_build_command": [
+          "bash",
+          "-c",
+          "cmake -B build -DCMAKE_BUILD_TYPE=MinSizeRel && make -C build -j$(nproc) && ./gdk-build.sh"
+        ]
+      },
+      "publish": {
+        "bucket": "BUCKET_NAME",
+        "region": "us-east-1"
+      }
+    }
+  },
+  "gdk_version": "1.6.0"
+}

gdk-config.json

@@ -0,0 +1,35 @@
+---
+RecipeFormatVersion: "2020-01-25"
+ComponentName: "{COMPONENT_NAME}"
+ComponentVersion: "{COMPONENT_VERSION}"
+ComponentType: "aws.greengrass.generic"
+ComponentDescription:
+  "Enables AWS IoT Secure Tunneling connections that you can use to establish
+  secure bidirectional communications with Greengrass core devices that are
+  behind restricted firewalls."
+ComponentPublisher: "AWS"
+ComponentConfiguration:
+  DefaultConfiguration:
+    maxConcurrentTunnels: 20
+    tunnelTimeoutSeconds: 43200
+    accessControl:
+      aws.greengrass.ipc.mqttproxy:
+        "aws.greengrass.SecureTunneling:mqttproxy:1":
+          policyDescription: "Access to tunnel notification pubsub topic"
+          operations:
+            - "aws.greengrass#SubscribeToIoTCore"
+          resources:
+            - "$aws/things/+/tunnels/notify"
+Manifests:
+  - Platform:
+      os: "linux"
+      runtime: "*"
+    Lifecycle:
+      run: |
+        {artifacts:decompressedPath}/aws.greengrass.SecureTunneling/aws-greengrass-secure-tunnel --thing-name {iot:thingName} --max-tunnels {configuration:/maxConcurrentTunnels} --timeout {configuration:/tunnelTimeoutSeconds} --artifact-path {artifacts:decompressedPath}/aws.greengrass.SecureTunneling/
+    Artifacts:
+      - URI: "s3://BUCKET_NAME/COMPONENT_NAME/COMPONENT_VERSION/aws.greengrass.SecureTunneling.zip"
+        Unarchive: "ZIP"
+        Permission:
+          Read: "OWNER"
+          Execute: "OWNER"