add Dockerfile
This commit is contained in:
parent
783ea59226
commit
59043dcca4
1
.dockerignore
Normal file
1
.dockerignore
Normal file
@ -0,0 +1 @@
|
|||||||
|
/target
|
77
.gitea/workflows/docker.yml
Normal file
77
.gitea/workflows/docker.yml
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
name: Docker Image CI
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
tags:
|
||||||
|
- v*
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
packages: write
|
||||||
|
contents: read
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
test:
|
||||||
|
runs-on: cth-ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v3
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
|
- name: Build image
|
||||||
|
uses: docker/build-push-action@v4
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
push: false
|
||||||
|
tags: gitea.b4tman.ru/${{ gitea.repository }}:test
|
||||||
|
push:
|
||||||
|
needs: test
|
||||||
|
runs-on: cth-ubuntu-latest
|
||||||
|
if: github.event_name != 'pull_request'
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Docker meta
|
||||||
|
id: meta
|
||||||
|
uses: docker/metadata-action@v5
|
||||||
|
with:
|
||||||
|
images: |
|
||||||
|
gitea.b4tman.ru/${{ gitea.repository }}
|
||||||
|
flavor: |
|
||||||
|
latest=${{ github.ref == 'refs/heads/master' }}
|
||||||
|
tags: |
|
||||||
|
type=ref,event=branch
|
||||||
|
type=ref,event=pr
|
||||||
|
type=semver,pattern={{version}}
|
||||||
|
type=semver,pattern={{major}}.{{minor}}
|
||||||
|
|
||||||
|
- name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v3
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
|
- name: Login to gitea
|
||||||
|
uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
registry: gitea.b4tman.ru
|
||||||
|
username: ${{ gitea.repository_owner }}
|
||||||
|
password: ${{ secrets.PKGS_TOKEN }}
|
||||||
|
|
||||||
|
- name: Build and push image
|
||||||
|
uses: docker/build-push-action@v4
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
push: true
|
||||||
|
platforms: linux/amd64,linux/arm64
|
||||||
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
|
labels: ${{ steps.meta.outputs.labels }}
|
20
Dockerfile
Normal file
20
Dockerfile
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
FROM chef AS planner
|
||||||
|
COPY . .
|
||||||
|
RUN cargo chef prepare --recipe-path recipe.json
|
||||||
|
|
||||||
|
FROM chef AS builder
|
||||||
|
COPY --from=planner /app/recipe.json recipe.json
|
||||||
|
RUN cargo chef cook --release --recipe-path recipe.json
|
||||||
|
COPY . .
|
||||||
|
RUN cargo build --release
|
||||||
|
|
||||||
|
FROM debian:12-slim AS runtime
|
||||||
|
ARG SSL_PKG="openssl"
|
||||||
|
|
||||||
|
RUN apt update && apt install -y $SSL_PKG
|
||||||
|
WORKDIR /app
|
||||||
|
COPY --from=builder /app/target/release/peazyrsa /usr/local/bin
|
||||||
|
ENTRYPOINT ["/usr/local/bin/peazyrsa"]
|
52
src/main.rs
52
src/main.rs
@ -2,7 +2,11 @@ use anyhow::{anyhow, Context, Result};
|
|||||||
use clap::Parser;
|
use clap::Parser;
|
||||||
use encoding::{label::encoding_from_whatwg_label, EncoderTrap};
|
use encoding::{label::encoding_from_whatwg_label, EncoderTrap};
|
||||||
use regex::Regex;
|
use regex::Regex;
|
||||||
use std::{collections::BTreeMap, path::{Path, PathBuf}, pin::Pin};
|
use std::{
|
||||||
|
collections::BTreeMap,
|
||||||
|
path::{Path, PathBuf},
|
||||||
|
pin::Pin,
|
||||||
|
};
|
||||||
use tokio::{
|
use tokio::{
|
||||||
fs::{self, File},
|
fs::{self, File},
|
||||||
io::{AsyncBufReadExt, BufReader},
|
io::{AsyncBufReadExt, BufReader},
|
||||||
@ -80,8 +84,11 @@ async fn is_file_exist(filepath: &PathBuf) -> bool {
|
|||||||
true
|
true
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn read_file<'a, S, P>(filepath: P, encoding: S) -> Result<String>
|
async fn read_file<'a, S, P>(filepath: P, encoding: S) -> Result<String>
|
||||||
where S: AsRef<str> + std::cmp::PartialEq<&'a str>, P: AsRef<Path> {
|
where
|
||||||
|
S: AsRef<str> + std::cmp::PartialEq<&'a str>,
|
||||||
|
P: AsRef<Path>,
|
||||||
|
{
|
||||||
let filepath = PathBuf::from(filepath.as_ref());
|
let filepath = PathBuf::from(filepath.as_ref());
|
||||||
if encoding == "utf8" {
|
if encoding == "utf8" {
|
||||||
return Ok(fs::read_to_string(filepath).await?);
|
return Ok(fs::read_to_string(filepath).await?);
|
||||||
@ -283,12 +290,18 @@ impl Certs {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let status = Command::new("openssl")
|
let status = Command::new("openssl")
|
||||||
.raw_arg(format!(
|
.args(&[
|
||||||
"req -nodes -new -keyout {} -out {} -config {} -batch",
|
"req",
|
||||||
|
"-nodes",
|
||||||
|
"-new",
|
||||||
|
"-keyout",
|
||||||
&self.key_file.to_str().unwrap(),
|
&self.key_file.to_str().unwrap(),
|
||||||
|
"-out",
|
||||||
&self.req_file.to_str().unwrap(),
|
&self.req_file.to_str().unwrap(),
|
||||||
&self.openssl_cnf.to_str().unwrap()
|
"-config",
|
||||||
))
|
&self.openssl_cnf.to_str().unwrap(),
|
||||||
|
"-batch",
|
||||||
|
])
|
||||||
.current_dir(&self.base_dir)
|
.current_dir(&self.base_dir)
|
||||||
.envs(&self.vars)
|
.envs(&self.vars)
|
||||||
.status()
|
.status()
|
||||||
@ -313,13 +326,18 @@ impl Certs {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let status = Command::new("openssl")
|
let status = Command::new("openssl")
|
||||||
.raw_arg(format!(
|
.args(&[
|
||||||
"ca -days {} -out {} -in {} -config {} -batch",
|
"ca",
|
||||||
self.req_days,
|
"-days",
|
||||||
|
format!("{}", self.req_days).as_str(),
|
||||||
|
"-out",
|
||||||
&self.cert_file.to_str().unwrap(),
|
&self.cert_file.to_str().unwrap(),
|
||||||
|
"-in",
|
||||||
&self.req_file.to_str().unwrap(),
|
&self.req_file.to_str().unwrap(),
|
||||||
&self.openssl_cnf.to_str().unwrap()
|
"-config",
|
||||||
))
|
&self.openssl_cnf.to_str().unwrap(),
|
||||||
|
"-batch",
|
||||||
|
])
|
||||||
.current_dir(&self.base_dir)
|
.current_dir(&self.base_dir)
|
||||||
.envs(&self.vars)
|
.envs(&self.vars)
|
||||||
.status()
|
.status()
|
||||||
@ -327,7 +345,7 @@ impl Certs {
|
|||||||
|
|
||||||
match status.success() {
|
match status.success() {
|
||||||
true => Ok(()),
|
true => Ok(()),
|
||||||
false => Err(anyhow!("openssl ca execution failed")),
|
false => Err(anyhow!("ssl ca execution failed")),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -343,12 +361,10 @@ impl Certs {
|
|||||||
self.template_file.clone(),
|
self.template_file.clone(),
|
||||||
self.ca_file.clone(),
|
self.ca_file.clone(),
|
||||||
self.cert_file.clone(),
|
self.cert_file.clone(),
|
||||||
self.key_file.clone()
|
self.key_file.clone(),
|
||||||
);
|
);
|
||||||
let enc = self.encoding.clone();
|
let enc = self.encoding.clone();
|
||||||
let (enc1, enc2, enc3, enc4) = (
|
let (enc1, enc2, enc3, enc4) = (enc.clone(), enc.clone(), enc.clone(), enc.clone());
|
||||||
enc.clone(), enc.clone(), enc.clone(), enc.clone()
|
|
||||||
);
|
|
||||||
|
|
||||||
if let (Ok(Ok(template)), Ok(Ok(ca)), Ok(Ok(cert)), Ok(Ok(key))) = tokio::join!(
|
if let (Ok(Ok(template)), Ok(Ok(ca)), Ok(Ok(cert)), Ok(Ok(key))) = tokio::join!(
|
||||||
tokio::spawn(read_file(template_file, enc1)),
|
tokio::spawn(read_file(template_file, enc1)),
|
||||||
@ -370,7 +386,7 @@ impl Certs {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[tokio::main(flavor="current_thread")]
|
#[tokio::main(flavor = "current_thread")]
|
||||||
async fn main() -> Result<()> {
|
async fn main() -> Result<()> {
|
||||||
let args = Args::parse();
|
let args = Args::parse();
|
||||||
let default_directory = ".".to_string();
|
let default_directory = ".".to_string();
|
||||||
|
Loading…
Reference in New Issue
Block a user