From 59043dcca4cb956a4c0f26bc9a76103bbad87fa9 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Sun, 20 Oct 2024 00:13:57 +0300 Subject: [PATCH] add Dockerfile --- .dockerignore | 1 + .gitea/workflows/docker.yml | 77 +++++++++++++++++++++++++++++++++++++ Dockerfile | 20 ++++++++++ src/main.rs | 52 ++++++++++++++++--------- 4 files changed, 132 insertions(+), 18 deletions(-) create mode 100644 .dockerignore create mode 100644 .gitea/workflows/docker.yml create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..ea8c4bf --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +/target diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml new file mode 100644 index 0000000..40a751e --- /dev/null +++ b/.gitea/workflows/docker.yml @@ -0,0 +1,77 @@ +name: Docker Image CI + +on: + push: + branches: + - master + tags: + - v* + pull_request: + branches: + - master + workflow_dispatch: + +permissions: + packages: write + contents: read + +jobs: + test: + runs-on: cth-ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build image + uses: docker/build-push-action@v4 + with: + context: . + push: false + tags: gitea.b4tman.ru/${{ gitea.repository }}:test + push: + needs: test + runs-on: cth-ubuntu-latest + if: github.event_name != 'pull_request' + steps: + - uses: actions/checkout@v4 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + gitea.b4tman.ru/${{ gitea.repository }} + flavor: | + latest=${{ github.ref == 'refs/heads/master' }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to gitea + uses: docker/login-action@v3 + with: + registry: gitea.b4tman.ru + username: ${{ gitea.repository_owner }} + password: ${{ secrets.PKGS_TOKEN }} + + - name: Build and push image + uses: docker/build-push-action@v4 + with: + context: . + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b0679f4 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef +WORKDIR /app + +FROM chef AS planner +COPY . . +RUN cargo chef prepare --recipe-path recipe.json + +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json +RUN cargo chef cook --release --recipe-path recipe.json +COPY . . +RUN cargo build --release + +FROM debian:12-slim AS runtime +ARG SSL_PKG="openssl" + +RUN apt update && apt install -y $SSL_PKG +WORKDIR /app +COPY --from=builder /app/target/release/peazyrsa /usr/local/bin +ENTRYPOINT ["/usr/local/bin/peazyrsa"] diff --git a/src/main.rs b/src/main.rs index b9c0004..31b17d8 100644 --- a/src/main.rs +++ b/src/main.rs @@ -2,7 +2,11 @@ use anyhow::{anyhow, Context, Result}; use clap::Parser; use encoding::{label::encoding_from_whatwg_label, EncoderTrap}; use regex::Regex; -use std::{collections::BTreeMap, path::{Path, PathBuf}, pin::Pin}; +use std::{ + collections::BTreeMap, + path::{Path, PathBuf}, + pin::Pin, +}; use tokio::{ fs::{self, File}, io::{AsyncBufReadExt, BufReader}, @@ -80,8 +84,11 @@ async fn is_file_exist(filepath: &PathBuf) -> bool { true } -async fn read_file<'a, S, P>(filepath: P, encoding: S) -> Result -where S: AsRef + std::cmp::PartialEq<&'a str>, P: AsRef { +async fn read_file<'a, S, P>(filepath: P, encoding: S) -> Result +where + S: AsRef + std::cmp::PartialEq<&'a str>, + P: AsRef, +{ let filepath = PathBuf::from(filepath.as_ref()); if encoding == "utf8" { return Ok(fs::read_to_string(filepath).await?); @@ -283,12 +290,18 @@ impl Certs { } let status = Command::new("openssl") - .raw_arg(format!( - "req -nodes -new -keyout {} -out {} -config {} -batch", + .args(&[ + "req", + "-nodes", + "-new", + "-keyout", &self.key_file.to_str().unwrap(), + "-out", &self.req_file.to_str().unwrap(), - &self.openssl_cnf.to_str().unwrap() - )) + "-config", + &self.openssl_cnf.to_str().unwrap(), + "-batch", + ]) .current_dir(&self.base_dir) .envs(&self.vars) .status() @@ -313,13 +326,18 @@ impl Certs { } let status = Command::new("openssl") - .raw_arg(format!( - "ca -days {} -out {} -in {} -config {} -batch", - self.req_days, + .args(&[ + "ca", + "-days", + format!("{}", self.req_days).as_str(), + "-out", &self.cert_file.to_str().unwrap(), + "-in", &self.req_file.to_str().unwrap(), - &self.openssl_cnf.to_str().unwrap() - )) + "-config", + &self.openssl_cnf.to_str().unwrap(), + "-batch", + ]) .current_dir(&self.base_dir) .envs(&self.vars) .status() @@ -327,7 +345,7 @@ impl Certs { match status.success() { true => Ok(()), - false => Err(anyhow!("openssl ca execution failed")), + false => Err(anyhow!("ssl ca execution failed")), } } @@ -343,12 +361,10 @@ impl Certs { self.template_file.clone(), self.ca_file.clone(), self.cert_file.clone(), - self.key_file.clone() + self.key_file.clone(), ); let enc = self.encoding.clone(); - let (enc1, enc2, enc3, enc4) = ( - enc.clone(), enc.clone(), enc.clone(), enc.clone() - ); + let (enc1, enc2, enc3, enc4) = (enc.clone(), enc.clone(), enc.clone(), enc.clone()); if let (Ok(Ok(template)), Ok(Ok(ca)), Ok(Ok(cert)), Ok(Ok(key))) = tokio::join!( tokio::spawn(read_file(template_file, enc1)), @@ -370,7 +386,7 @@ impl Certs { } } -#[tokio::main(flavor="current_thread")] +#[tokio::main(flavor = "current_thread")] async fn main() -> Result<()> { let args = Args::parse(); let default_directory = ".".to_string();