diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f1524a6..047b097 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -7,6 +7,15 @@ permissions: pull-requests: write jobs: + derivates: + name: Lookup derivates + runs-on: ubuntu-22.04 + outputs: + matrix: ${{ env.derivates }} + steps: + - uses: actions/checkout@v4 + - name: Lookup derivates + run: echo "derivates=$(make _derivates)" >> "$GITHUB_ENV" markdown: name: markdown runs-on: ubuntu-22.04 @@ -14,7 +23,7 @@ jobs: - uses: actions/checkout@v4 - name: Run markdownlint uses: DavidAnson/markdownlint-cli2-action@v16 - dockerfile: + base_dockerfile: name: dockerfile runs-on: ubuntu-22.04 steps: @@ -23,6 +32,21 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: trusted-registries: docker.io,ghcr.io + dockerfile: + name: dockerfile + runs-on: ubuntu-22.04 + needs: derivates + strategy: + fail-fast: false + matrix: + derivate: ${{ fromJSON(needs.derivates.outputs.matrix) }} + steps: + - uses: actions/checkout@v4 + - name: Run hadolint (${{ matrix.derivate }}) + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: ${{ matrix.derivate }}.dockerfile + trusted-registries: docker.io,ghcr.io shell-scripts: name: shell scripts runs-on: ubuntu-22.04 diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 8a4698f..ccf3e03 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -6,12 +6,23 @@ permissions: contents: read jobs: + derivates: + name: Lookup derivates + runs-on: ubuntu-22.04 + outputs: + matrix: ${{ env.derivates }} + steps: + - uses: actions/checkout@v4 + - name: Lookup derivates + run: echo "derivates=$(make _derivates)" >> "$GITHUB_ENV" build: name: HTTPS Proxy runs-on: ubuntu-22.04 + needs: derivates strategy: fail-fast: false matrix: + derivate: ${{ fromJSON(needs.derivates.outputs.matrix) }} platform: [linux/arm64, linux/amd64] steps: - uses: actions/checkout@v4 @@ -20,21 +31,37 @@ jobs: - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@master - - name: Build HTTPS proxy (${{ matrix.platform }}) + - name: Build HTTPS base proxy (${{ matrix.platform }}) uses: docker/build-push-action@v6 with: file: "Dockerfile" builder: ${{ steps.buildx.outputs.name }} - context: . + context: context/base + platforms: ${{ matrix.platform }} + labels: | + org.opencontainers.image.title=HTTPS base proxy + org.opencontainers.image.description=Docker image for HTTPS base proxy + org.opencontainers.image.source=https://github.com/${{ github.repository }} + org.opencontainers.image.version=base-${{ github.sha }} + org.opencontainers.image.revision=${{ github.sha }} + tags: | + ghcr.io/${{ github.repository }}:base + load: true + - name: Build HTTPS ${{ matrix.derivate }} proxy (${{ matrix.platform }}) + uses: docker/build-push-action@v6 + with: + file: "${{ matrix.derivate }}.dockerfile" + builder: ${{ steps.buildx.outputs.name }} + context: context/derivate/${{ matrix.derivate }} platforms: ${{ matrix.platform }} labels: | - org.opencontainers.image.title=HTTPS proxy - org.opencontainers.image.description=Docker image for HTTPS proxy + org.opencontainers.image.title=HTTPS ${{ matrix.derivate }} proxy + org.opencontainers.image.description=Docker image for HTTPS ${{ matrix.derivate }} proxy org.opencontainers.image.source=https://github.com/${{ github.repository }} - org.opencontainers.image.version=${{ github.sha }} + org.opencontainers.image.version=${{ matrix.derivate }}-${{ github.sha }} org.opencontainers.image.revision=${{ github.sha }} tags: | - ghcr.io/${{ github.repository }}:latest + ghcr.io/${{ github.repository }}:${{ matrix.derivate }} load: ${{ (matrix.platform == 'linux/amd64') }} - uses: e1himself/goss-installation-action@v1.2.1 if: ${{ (matrix.platform == 'linux/amd64') }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fd1c21b..8c863e2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,11 +12,25 @@ permissions: packages: write jobs: + derivates: + name: Lookup derivates + runs-on: ubuntu-22.04 + outputs: + matrix: ${{ env.derivates }} + steps: + - uses: actions/checkout@v4 + - name: Lookup derivates + run: echo "derivates=$(make _derivates)" >> "$GITHUB_ENV" build: name: HTTPS proxy runs-on: ubuntu-22.04 if: >- ${{ github.event.workflow_run.conclusion == 'success' }} + needs: derivates + strategy: + fail-fast: false + matrix: + derivate: ${{ fromJSON(needs.derivates.outputs.matrix) }} steps: - uses: actions/checkout@v4 - name: Set up QEMU @@ -30,19 +44,36 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.PAT_TOKEN }} - - name: Build HTTPS proxy + - name: Build HTTPS base proxy + uses: docker/build-push-action@v6 + with: + file: "Dockerfile" + builder: ${{ steps.buildx.outputs.name }} + push: true + context: context/base + platforms: linux/amd64,linux/arm64 + labels: | + org.opencontainers.image.title=HTTPS base proxy + org.opencontainers.image.description=Docker image for HTTPS base proxy + org.opencontainers.image.source=https://github.com/${{ github.repository }} + org.opencontainers.image.version=base-${{ github.sha }} + org.opencontainers.image.revision=${{ github.sha }} + tags: | + ghcr.io/${{ github.repository }}:base + load: true + - name: Build HTTPS ${{ matrix.derivate }} proxy uses: docker/build-push-action@v6 with: file: "Dockerfile" builder: ${{ steps.buildx.outputs.name }} push: true - context: . + context: context/derivate/${{ matrix.derivate }} platforms: linux/amd64,linux/arm64 labels: | - org.opencontainers.image.title=HTTPS proxy - org.opencontainers.image.description=Docker image for HTTPS proxy + org.opencontainers.image.title=HTTPS ${{ matrix.derivate }} proxy + org.opencontainers.image.description=Docker image for HTTPS ${{ matrix.derivate }} proxy org.opencontainers.image.source=https://github.com/${{ github.repository }} - org.opencontainers.image.version=${{ github.sha }} + org.opencontainers.image.version=${{ matrix.derivate }}-${{ github.sha }} org.opencontainers.image.revision=${{ github.sha }} tags: | - ghcr.io/${{ github.repository }}:latest + ghcr.io/${{ github.repository }}:${{ matrix.derivate }} diff --git a/Dockerfile b/Dockerfile index ef33463..e99a838 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM nginx:1.27.0-alpine3.19-slim@sha256:66943ac4a1ca7f111097d3c656939dfe8ae2bc8314bb45d6d80419c5fb25e304 -COPY context/ / +COPY / / RUN apk add --no-cache \ bash=~5 \ @@ -11,11 +11,6 @@ RUN apk add --no-cache \ ARG workdir=/var/www WORKDIR "${workdir}" -ENV NGINX_FASTCGI_PASS_HOST php -ENV NGINX_FASTCGI_PASS_PORT 9000 -ENV NGINX_LISTEN 80 -ENV PROFILE drupal - SHELL ["/bin/ash", "-eo", "pipefail", "-c"] ENTRYPOINT [ "/sbin/tini", "--", "/usr/local/bin/entrypoint" ] diff --git a/Makefile b/Makefile index 019f939..955446d 100644 --- a/Makefile +++ b/Makefile @@ -1,18 +1,26 @@ PLATFORMS=$(shell docker version --format '{{.Server.Os}}/{{.Server.Arch}}') +DERIVATIVES=$(shell ls context/derived) -.DEFAULT_GOAL := build +.DEFAULT_GOAL := all .PHONY: all build clean help _platforms test all: PLATFORMS=linux/amd64,linux/arm64 +all: $(DERIVATIVES) ## Build Docker images for all derivatives help: ## Display a list of the public targets @grep -E -h "^[a-z]+:.*##" $(MAKEFILE_LIST) | sed -e 's/\(.*\):.*## *\(.*\)/\1|\2/' | column -s '|' -t +_derivates: ## Output platforms as JSON list + @echo $(DERIVATIVES) | jq --compact-output --raw-input 'split(" ") | map(select(. != ""))' + _platforms: ## Output platforms as JSON list @echo $(PLATFORMS) | jq --compact-output --raw-input 'split(",") | map(select(. != ""))' -build: ## Build Docker image for the HTTPS proxy - docker buildx build --platform=$(PLATFORMS) --file Dockerfile --tag ghcr.io/reload/https-proxy:latest --load . +base: + docker build --platform=$(PLATFORMS) --file Dockerfile --tag ghcr.io/reload/https-proxy:$@ --load context/base + +$(DERIVATIVES): base ## Build Docker image for derivative + docker build --platform=$(PLATFORMS) --file $@.dockerfile --tag ghcr.io/reload/https-proxy:$@ --load context/derived/$@ test: - dgoss run -e PROFILE=none ghcr.io/reload/https-proxy:latest + dgoss run ghcr.io/reload/https-proxy:base diff --git a/context/etc/cert.cfg.template b/context/base/etc/cert.cfg.template similarity index 100% rename from context/etc/cert.cfg.template rename to context/base/etc/cert.cfg.template diff --git a/context/etc/entrypoint.d/certs.sh b/context/base/etc/entrypoint.d/10-certs.sh similarity index 92% rename from context/etc/entrypoint.d/certs.sh rename to context/base/etc/entrypoint.d/10-certs.sh index ddf490f..cfd9136 100755 --- a/context/etc/entrypoint.d/certs.sh +++ b/context/base/etc/entrypoint.d/10-certs.sh @@ -33,3 +33,6 @@ certtool --generate-certificate --load-request /tmp/request.pem --load-ca-certif cp "${CA_CERT}" /usr/local/share/ca-certificates/ /usr/sbin/update-ca-certificates + +mkdir -p /etc/nginx/include.d +envsubst /etc/nginx/include.d/ssl.conf diff --git a/context/base/etc/ssl.conf.template b/context/base/etc/ssl.conf.template new file mode 100644 index 0000000..d45ebbb --- /dev/null +++ b/context/base/etc/ssl.conf.template @@ -0,0 +1,5 @@ + listen 443 ssl; + listen [::]:443 ssl; + server_name "${FIRST_VIRTUAL_HOST}"; + ssl_certificate /cert/${FIRST_VIRTUAL_HOST}.crt; + ssl_certificate_key /cert/${FIRST_VIRTUAL_HOST}.key; diff --git a/context/usr/local/bin/entrypoint b/context/base/usr/local/bin/entrypoint similarity index 100% rename from context/usr/local/bin/entrypoint rename to context/base/usr/local/bin/entrypoint diff --git a/context/etc/nginx/profiles/drupal.conf.template b/context/derived/drupal/etc/nginx/templates/default.conf.template similarity index 88% rename from context/etc/nginx/profiles/drupal.conf.template rename to context/derived/drupal/etc/nginx/templates/default.conf.template index 3bc426e..8821848 100644 --- a/context/etc/nginx/profiles/drupal.conf.template +++ b/context/derived/drupal/etc/nginx/templates/default.conf.template @@ -3,12 +3,8 @@ # and https://blog.john-pfeiffer.com/drupal-with-docker-compose-and-nginx-and-php-fpm-and-mariadb/ server { - listen 443 ssl; - listen [::]:443 ssl; - server_name "${FIRST_VIRTUAL_HOST}"; - ssl_certificate /cert/${FIRST_VIRTUAL_HOST}.crt; - ssl_certificate_key /cert/${FIRST_VIRTUAL_HOST}.key; - + include include.d/ssl.conf; + root /var/www/web; disable_symlinks off; diff --git a/context/etc/entrypoint.d/profile.sh b/context/etc/entrypoint.d/profile.sh deleted file mode 100755 index 35e2ef2..0000000 --- a/context/etc/entrypoint.d/profile.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -if [ -r "/etc/nginx/profiles/${PROFILE}.conf.template" ]; then - ln -s "/etc/nginx/profiles/${PROFILE}.conf.template" "/etc/nginx/templates/${PROFILE}.conf.template" -fi diff --git a/drupal.dockerfile b/drupal.dockerfile new file mode 100644 index 0000000..6937c4e --- /dev/null +++ b/drupal.dockerfile @@ -0,0 +1,6 @@ +FROM ghcr.io/reload/https-proxy:base + +COPY / / + +ENV NGINX_FASTCGI_PASS_HOST php +ENV NGINX_FASTCGI_PASS_PORT 9000