add Dockerfile

2024-10-20 00:13:57 +03:00
parent 783ea59226
commit 59043dcca4
4 changed files with 132 additions and 18 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1 @@
+/target
--- a/.gitea/workflows/docker.yml
+++ b/.gitea/workflows/docker.yml
@@ -0,0 +1,77 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - master
+  workflow_dispatch:
+
+permissions:
+  packages: write
+  contents: read
+
+jobs:
+  test:
+    runs-on: cth-ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: false
+          tags: gitea.b4tman.ru/${{ gitea.repository }}:test
+  push:
+    needs: test
+    runs-on: cth-ubuntu-latest
+    if: github.event_name != 'pull_request'
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            gitea.b4tman.ru/${{ gitea.repository }}
+          flavor: |
+            latest=${{ github.ref == 'refs/heads/master' }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to gitea
+        uses: docker/login-action@v3
+        with:
+          registry: gitea.b4tman.ru
+          username: ${{ gitea.repository_owner }}
+          password: ${{ secrets.PKGS_TOKEN }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
--- a/20
+++ b/20
@@ -0,0 +1,20 @@
+FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef
+WORKDIR /app
+
+FROM chef AS planner
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+FROM chef AS builder
+COPY --from=planner /app/recipe.json recipe.json
+RUN cargo chef cook --release --recipe-path recipe.json
+COPY . .
+RUN cargo build --release
+
+FROM debian:12-slim AS runtime
+ARG SSL_PKG="openssl"
+
+RUN apt update && apt install -y $SSL_PKG
+WORKDIR /app
+COPY --from=builder /app/target/release/peazyrsa /usr/local/bin
+ENTRYPOINT ["/usr/local/bin/peazyrsa"]
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,7 +2,11 @@ use anyhow::{anyhow, Context, Result};
 use clap::Parser;
 use encoding::{label::encoding_from_whatwg_label, EncoderTrap};
 use regex::Regex;
-use std::{collections::BTreeMap, path::{Path, PathBuf}, pin::Pin};
+use std::{
+    collections::BTreeMap,
+    path::{Path, PathBuf},
+    pin::Pin,
+};
 use tokio::{
    fs::{self, File},
    io::{AsyncBufReadExt, BufReader},
@@ -81,7 +85,10 @@ async fn is_file_exist(filepath: &PathBuf) -> bool {
 }

 async fn read_file<'a, S, P>(filepath: P, encoding: S) -> Result<String>
-where S: AsRef<str> + std::cmp::PartialEq<&'a str>, P: AsRef<Path> {
+where
+    S: AsRef<str> + std::cmp::PartialEq<&'a str>,
+    P: AsRef<Path>,
+{
    let filepath = PathBuf::from(filepath.as_ref());
    if encoding == "utf8" {
        return Ok(fs::read_to_string(filepath).await?);
@@ -283,12 +290,18 @@ impl Certs {
        }

        let status = Command::new("openssl")
-            .raw_arg(format!(
-                "req -nodes -new -keyout {} -out {} -config {} -batch",
+            .args(&[
+                "req",
+                "-nodes",
+                "-new",
+                "-keyout",
                &self.key_file.to_str().unwrap(),
+                "-out",
                &self.req_file.to_str().unwrap(),
-                &self.openssl_cnf.to_str().unwrap()
-            ))
+                "-config",
+                &self.openssl_cnf.to_str().unwrap(),
+                "-batch",
+            ])
            .current_dir(&self.base_dir)
            .envs(&self.vars)
            .status()
@@ -313,13 +326,18 @@ impl Certs {
        }

        let status = Command::new("openssl")
-            .raw_arg(format!(
-                "ca -days {} -out {} -in {} -config {} -batch",
-                self.req_days,
+            .args(&[
+                "ca",
+                "-days",
+                format!("{}", self.req_days).as_str(),
+                "-out",
                &self.cert_file.to_str().unwrap(),
+                "-in",
                &self.req_file.to_str().unwrap(),
-                &self.openssl_cnf.to_str().unwrap()
-            ))
+                "-config",
+                &self.openssl_cnf.to_str().unwrap(),
+                "-batch",
+            ])
            .current_dir(&self.base_dir)
            .envs(&self.vars)
            .status()
@@ -327,7 +345,7 @@ impl Certs {

        match status.success() {
            true => Ok(()),
-            false => Err(anyhow!("openssl ca execution failed")),
+            false => Err(anyhow!("ssl ca execution failed")),
        }
    }

@@ -343,12 +361,10 @@ impl Certs {
            self.template_file.clone(),
            self.ca_file.clone(),
            self.cert_file.clone(),
-            self.key_file.clone()
+            self.key_file.clone(),
        );
        let enc = self.encoding.clone();
-        let (enc1, enc2, enc3, enc4) = (
-            enc.clone(), enc.clone(), enc.clone(), enc.clone()
-        );
+        let (enc1, enc2, enc3, enc4) = (enc.clone(), enc.clone(), enc.clone(), enc.clone());

        if let (Ok(Ok(template)), Ok(Ok(ca)), Ok(Ok(cert)), Ok(Ok(key))) = tokio::join!(
            tokio::spawn(read_file(template_file, enc1)),