diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 8a4698f..a608f68 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -6,12 +6,23 @@ permissions: contents: read jobs: + derivates: + name: Lookup derivates + runs-on: ubuntu-22.04 + outputs: + matrix: ${{ env.derivates }} + steps: + - uses: actions/checkout@v4 + - name: Lookup derivates + run: echo "derivates=$(make _derivates)" >> "$GITHUB_ENV" build: name: HTTPS Proxy runs-on: ubuntu-22.04 + needs: derivates strategy: fail-fast: false matrix: + derivate: ${{ fromJSON(needs.derivates.outputs.matrix) }} platform: [linux/arm64, linux/amd64] steps: - uses: actions/checkout@v4 @@ -20,21 +31,22 @@ jobs: - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@master - - name: Build HTTPS proxy (${{ matrix.platform }}) + - name: Build HTTPS ${{ matrix.derivate }} proxy (${{ matrix.platform }}) uses: docker/build-push-action@v6 with: - file: "Dockerfile" + file: "${{ matrix.derivate }}.dockerfile" + target: ${{ matrix.derivate }} builder: ${{ steps.buildx.outputs.name }} - context: . + context: context/${{ matrix.derivate }} platforms: ${{ matrix.platform }} labels: | - org.opencontainers.image.title=HTTPS proxy - org.opencontainers.image.description=Docker image for HTTPS proxy + org.opencontainers.image.title=HTTPS ${{ matrix.derivate }} proxy + org.opencontainers.image.description=Docker image for HTTPS ${{ matrix.derivate }} proxy org.opencontainers.image.source=https://github.com/${{ github.repository }} - org.opencontainers.image.version=${{ github.sha }} + org.opencontainers.image.version=${{ matrix.derivate }}-${{ github.sha }} org.opencontainers.image.revision=${{ github.sha }} tags: | - ghcr.io/${{ github.repository }}:latest + ghcr.io/${{ github.repository }}:${{ matrix.derivate }} load: ${{ (matrix.platform == 'linux/amd64') }} - uses: e1himself/goss-installation-action@v1.2.1 if: ${{ (matrix.platform == 'linux/amd64') }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fd1c21b..0da2409 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,11 +12,25 @@ permissions: packages: write jobs: + derivates: + name: Lookup derivates + runs-on: ubuntu-22.04 + outputs: + matrix: ${{ env.derivates }} + steps: + - uses: actions/checkout@v4 + - name: Lookup derivates + run: echo "derivates=$(make _derivates)" >> "$GITHUB_ENV" build: name: HTTPS proxy runs-on: ubuntu-22.04 if: >- ${{ github.event.workflow_run.conclusion == 'success' }} + needs: derivates + strategy: + fail-fast: false + matrix: + derivate: ${{ fromJSON(needs.derivates.outputs.matrix) }} steps: - uses: actions/checkout@v4 - name: Set up QEMU @@ -30,19 +44,20 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.PAT_TOKEN }} - - name: Build HTTPS proxy + - name: Build HTTPS ${{ matrix.derivate }} proxy uses: docker/build-push-action@v6 with: file: "Dockerfile" + target: ${{ matrix.derivate }} builder: ${{ steps.buildx.outputs.name }} push: true - context: . + context: context/${{ matrix.derivate }} platforms: linux/amd64,linux/arm64 labels: | - org.opencontainers.image.title=HTTPS proxy - org.opencontainers.image.description=Docker image for HTTPS proxy + org.opencontainers.image.title=HTTPS ${{ matrix.derivate }} proxy + org.opencontainers.image.description=Docker image for HTTPS ${{ matrix.derivate }} proxy org.opencontainers.image.source=https://github.com/${{ github.repository }} - org.opencontainers.image.version=${{ github.sha }} + org.opencontainers.image.version=${{ matrix.derivate }}-${{ github.sha }} org.opencontainers.image.revision=${{ github.sha }} tags: | - ghcr.io/${{ github.repository }}:latest + ghcr.io/${{ github.repository }}:${{ matrix.derivate }} diff --git a/Dockerfile b/Dockerfile index ef33463..5316cf0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,9 @@ -FROM nginx:1.27.0-alpine3.19-slim@sha256:66943ac4a1ca7f111097d3c656939dfe8ae2bc8314bb45d6d80419c5fb25e304 +## +# Base +## +FROM nginx:1.27.0-alpine3.19-slim@sha256:66943ac4a1ca7f111097d3c656939dfe8ae2bc8314bb45d6d80419c5fb25e304 AS base -COPY context/ / +COPY /base / RUN apk add --no-cache \ bash=~5 \ @@ -11,12 +14,17 @@ RUN apk add --no-cache \ ARG workdir=/var/www WORKDIR "${workdir}" -ENV NGINX_FASTCGI_PASS_HOST php -ENV NGINX_FASTCGI_PASS_PORT 9000 -ENV NGINX_LISTEN 80 -ENV PROFILE drupal - SHELL ["/bin/ash", "-eo", "pipefail", "-c"] ENTRYPOINT [ "/sbin/tini", "--", "/usr/local/bin/entrypoint" ] CMD [ "nginx", "-g", "daemon off;" ] + +## +# Drupal +## +FROM base AS drupal + +COPY /derived/drupal / + +ENV NGINX_FASTCGI_PASS_HOST php +ENV NGINX_FASTCGI_PASS_PORT 9000 diff --git a/Makefile b/Makefile index 019f939..3c398b2 100644 --- a/Makefile +++ b/Makefile @@ -1,18 +1,22 @@ -PLATFORMS=$(shell docker version --format '{{.Server.Os}}/{{.Server.Arch}}') +PLATFORM=$(shell docker version --format '{{.Server.Os}}/{{.Server.Arch}}') +DERIVATIVES=$(shell ls context) -.DEFAULT_GOAL := build +.DEFAULT_GOAL := all .PHONY: all build clean help _platforms test -all: PLATFORMS=linux/amd64,linux/arm64 +all: $(DERIVATIVES) ## Build Docker images for all derivatives help: ## Display a list of the public targets @grep -E -h "^[a-z]+:.*##" $(MAKEFILE_LIST) | sed -e 's/\(.*\):.*## *\(.*\)/\1|\2/' | column -s '|' -t +_derivates: ## Output platforms as JSON list + @echo $(DERIVATIVES) | jq --compact-output --raw-input 'split(" ") | map(select(. != ""))' + _platforms: ## Output platforms as JSON list @echo $(PLATFORMS) | jq --compact-output --raw-input 'split(",") | map(select(. != ""))' -build: ## Build Docker image for the HTTPS proxy - docker buildx build --platform=$(PLATFORMS) --file Dockerfile --tag ghcr.io/reload/https-proxy:latest --load . +$(DERIVATIVES): ## Build Docker image for derivative + docker buildx build --target $@ --platform=$(PLATFORM) --file Dockerfile --tag ghcr.io/reload/https-proxy:$@ --load context test: - dgoss run -e PROFILE=none ghcr.io/reload/https-proxy:latest + dgoss run ghcr.io/reload/https-proxy:base diff --git a/context/etc/cert.cfg.template b/context/base/etc/cert.cfg.template similarity index 100% rename from context/etc/cert.cfg.template rename to context/base/etc/cert.cfg.template diff --git a/context/etc/entrypoint.d/certs.sh b/context/base/etc/entrypoint.d/10-certs.sh similarity index 92% rename from context/etc/entrypoint.d/certs.sh rename to context/base/etc/entrypoint.d/10-certs.sh index ddf490f..cfd9136 100755 --- a/context/etc/entrypoint.d/certs.sh +++ b/context/base/etc/entrypoint.d/10-certs.sh @@ -33,3 +33,6 @@ certtool --generate-certificate --load-request /tmp/request.pem --load-ca-certif cp "${CA_CERT}" /usr/local/share/ca-certificates/ /usr/sbin/update-ca-certificates + +mkdir -p /etc/nginx/include.d +envsubst /etc/nginx/include.d/ssl.conf diff --git a/context/base/etc/ssl.conf.template b/context/base/etc/ssl.conf.template new file mode 100644 index 0000000..d45ebbb --- /dev/null +++ b/context/base/etc/ssl.conf.template @@ -0,0 +1,5 @@ + listen 443 ssl; + listen [::]:443 ssl; + server_name "${FIRST_VIRTUAL_HOST}"; + ssl_certificate /cert/${FIRST_VIRTUAL_HOST}.crt; + ssl_certificate_key /cert/${FIRST_VIRTUAL_HOST}.key; diff --git a/context/usr/local/bin/entrypoint b/context/base/usr/local/bin/entrypoint similarity index 100% rename from context/usr/local/bin/entrypoint rename to context/base/usr/local/bin/entrypoint diff --git a/context/etc/nginx/profiles/drupal.conf.template b/context/drupal/etc/nginx/templates/default.conf.template similarity index 88% rename from context/etc/nginx/profiles/drupal.conf.template rename to context/drupal/etc/nginx/templates/default.conf.template index 3bc426e..8821848 100644 --- a/context/etc/nginx/profiles/drupal.conf.template +++ b/context/drupal/etc/nginx/templates/default.conf.template @@ -3,12 +3,8 @@ # and https://blog.john-pfeiffer.com/drupal-with-docker-compose-and-nginx-and-php-fpm-and-mariadb/ server { - listen 443 ssl; - listen [::]:443 ssl; - server_name "${FIRST_VIRTUAL_HOST}"; - ssl_certificate /cert/${FIRST_VIRTUAL_HOST}.crt; - ssl_certificate_key /cert/${FIRST_VIRTUAL_HOST}.key; - + include include.d/ssl.conf; + root /var/www/web; disable_symlinks off; diff --git a/context/etc/entrypoint.d/profile.sh b/context/etc/entrypoint.d/profile.sh deleted file mode 100755 index 35e2ef2..0000000 --- a/context/etc/entrypoint.d/profile.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -if [ -r "/etc/nginx/profiles/${PROFILE}.conf.template" ]; then - ln -s "/etc/nginx/profiles/${PROFILE}.conf.template" "/etc/nginx/templates/${PROFILE}.conf.template" -fi