diff --git a/.github/workflows/ci-master-pr.yml b/.github/workflows/ci-master-pr.yml index 82bba86..a79391b 100644 --- a/.github/workflows/ci-master-pr.yml +++ b/.github/workflows/ci-master-pr.yml @@ -754,6 +754,126 @@ jobs: rm -rf /tmp/.buildx-cache mv /tmp/.buildx-cache-new /tmp/.buildx-cache + build-v3-0-9: + runs-on: ubuntu-latest + env: + VARIANT: v3.0.9 + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Display system info (linux) + run: | + set -e + hostname + whoami + cat /etc/*release + lscpu + free + df -h + pwd + docker info + docker version + + # See: https://github.com/docker/build-push-action/blob/v2.6.1/docs/advanced/cache.md#github-cache + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ env.VARIANT }}-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-${{ env.VARIANT }}- + ${{ runner.os }}-buildx- + + # This step generates the docker tags + - name: Prepare + id: prep + run: | + set -e + + # Get ref, i.e. from refs/heads/, or from refs/tags/. E.g. 'master' or 'v0.0.0' + REF=$( echo "${GITHUB_REF}" | rev | cut -d '/' -f 1 | rev ) + + # Get short commit hash E.g. 'abc0123' + SHA=$( echo "${GITHUB_SHA}" | cut -c1-7 ) + + # Generate docker image tags + # E.g. 'v0.0.0-' and 'v0.0.0-abc0123-' + # E.g. 'master-' and 'master-abc0123-' + REF_VARIANT="${REF}-${VARIANT}" + REF_SHA_VARIANT="${REF}-${SHA}-${VARIANT}" + + # Pass variables to next step + echo "VARIANT_BUILD_DIR=$VARIANT_BUILD_DIR" >> $GITHUB_ENV + echo "VARIANT=$VARIANT" >> $GITHUB_ENV + echo "REF_VARIANT=$REF_VARIANT" >> $GITHUB_ENV + echo "REF_SHA_VARIANT=$REF_SHA_VARIANT" >> $GITHUB_ENV + + - name: Login to Docker Hub registry + # Run on master and tags + if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_REGISTRY_USER }} + password: ${{ secrets.DOCKERHUB_REGISTRY_PASSWORD }} + + - name: Build (PRs) + # Run only on pull requests + if: github.event_name == 'pull_request' + uses: docker/build-push-action@v3 + with: + context: variants/v3.0.9 + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x + push: false + tags: | + ${{ github.repository }}:${{ env.REF_VARIANT }} + ${{ github.repository }}:${{ env.REF_SHA_VARIANT }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + + - name: Build and push (master) + # Run only on master + if: github.ref == 'refs/heads/master' + uses: docker/build-push-action@v3 + with: + context: variants/v3.0.9 + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x + push: true + tags: | + ${{ github.repository }}:${{ env.REF_VARIANT }} + ${{ github.repository }}:${{ env.REF_SHA_VARIANT }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + + - name: Build and push (release) + if: startsWith(github.ref, 'refs/tags/') + uses: docker/build-push-action@v3 + with: + context: variants/v3.0.9 + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x + push: true + tags: | + ${{ github.repository }}:${{ env.VARIANT }} + ${{ github.repository }}:${{ env.REF_VARIANT }} + ${{ github.repository }}:${{ env.REF_SHA_VARIANT }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + build-v3-0-8: runs-on: ubuntu-latest env: @@ -1715,7 +1835,7 @@ jobs: mv /tmp/.buildx-cache-new /tmp/.buildx-cache update-draft-release: - needs: [build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1] + needs: [build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-9, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1] if: github.ref == 'refs/heads/master' runs-on: ubuntu-latest steps: @@ -1728,7 +1848,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} publish-draft-release: - needs: [build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1] + needs: [build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-9, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1] if: startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest steps: @@ -1743,7 +1863,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} update-dockerhub-description: - needs: [build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1] + needs: [build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-9, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1] if: github.ref == 'refs/heads/master' runs-on: ubuntu-latest steps: diff --git a/README.md b/README.md index c83e44f..d56dfbf 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ The base image is `alpine`. | `:v3.1.2` | [View](variants/v3.1.2) | | `:v3.1.1` | [View](variants/v3.1.1) | | `:v3.1.0` | [View](variants/v3.1.0) | +| `:v3.0.9` | [View](variants/v3.0.9) | | `:v3.0.8` | [View](variants/v3.0.8) | | `:v3.0.7` | [View](variants/v3.0.7) | | `:v3.0.6` | [View](variants/v3.0.6) | diff --git a/generate/definitions/versions.json b/generate/definitions/versions.json index a1a1fb0..55e9caf 100644 --- a/generate/definitions/versions.json +++ b/generate/definitions/versions.json @@ -5,6 +5,7 @@ "3.1.2", "3.1.1", "3.1.0", + "3.0.9", "3.0.8", "3.0.7", "3.0.6", diff --git a/generate/templates/Dockerfile.ps1 b/generate/templates/Dockerfile.ps1 index 1bbc55a..88a20bb 100644 --- a/generate/templates/Dockerfile.ps1 +++ b/generate/templates/Dockerfile.ps1 @@ -18,10 +18,13 @@ RUN set -eux; \ else { "v$( $VARIANT['_metadata']['package_version'] )" } )/$( # The prefix for the .tgz file is inconsistent - if ([version]$VARIANT['_metadata']['package_version'] -ge [version]'3.0.7') { 'EasyRSA-' } - if ([version]$VARIANT['_metadata']['package_version'] -eq [version]'3.0.6') { 'EasyRSA-unix-v' } - if ([version]$VARIANT['_metadata']['package_version'] -eq [version]'3.0.5') { 'EasyRSA-nix-' } - if ([version]$VARIANT['_metadata']['package_version'] -le [version]'3.0.4') { 'EasyRSA-' } + if ([version]$VARIANT['_metadata']['package_version'] -ge [version]'3.1.0') { 'EasyRSA-' } + elseif ([version]$VARIANT['_metadata']['package_version'] -eq [version]'3.0.9') { 'EasyRSA-v' } + elseif ([version]$VARIANT['_metadata']['package_version'] -eq [version]'3.0.8') { 'EasyRSA-' } + elseif ([version]$VARIANT['_metadata']['package_version'] -eq [version]'3.0.7') { 'EasyRSA-' } + elseif ([version]$VARIANT['_metadata']['package_version'] -eq [version]'3.0.6') { 'EasyRSA-unix-v' } + elseif ([version]$VARIANT['_metadata']['package_version'] -eq [version]'3.0.5') { 'EasyRSA-nix-' } + elseif ([version]$VARIANT['_metadata']['package_version'] -le [version]'3.0.4') { 'EasyRSA-' } )$( $VARIANT['_metadata']['package_version'] ).tgz; \ FILE=`$( basename `$URL ); \ wget -q "`$URL"; \ diff --git a/variants/v3.0.9/Dockerfile b/variants/v3.0.9/Dockerfile new file mode 100644 index 0000000..9895949 --- /dev/null +++ b/variants/v3.0.9/Dockerfile @@ -0,0 +1,41 @@ +FROM alpine:3.17 +ARG TARGETPLATFORM +ARG BUILDPLATFORM +RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" + +RUN apk add --no-cache ca-certificates + +# Install easyrsa dependencies +RUN apk add --no-cache iptables openssl + +# Install easyrsa +# See: https://github.com/OpenVPN/easy-rsa/tree/master/release-keys +RUN set -eux; \ + apk add --no-cache gnupg gpg-agent dirmngr; \ + URL=https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.9/EasyRSA-v3.0.9.tgz; \ + FILE=$( basename $URL ); \ + wget -q "$URL"; \ + wget -q "$URL.sig"; \ + gpg --keyserver keys.openpgp.org --recv-keys 6F4056821152F03B6B24F2FCF8489F839D7367F3; \ + gpg --verify "$FILE.sig" "$FILE"; \ + mkdir -p /usr/share/easy-rsa; \ + tar -zxvf "$FILE" --strip-components=1 -C /usr/share/easy-rsa; \ + /usr/share/easy-rsa/easyrsa help; \ + rm -fv "$FILE"; \ + rm -fv "$FILE.sig"; \ + rm -rf /root/.gnupg; \ + apk del gnupg gpg-agent dirmngr; + +ENV EASYRSA=/usr/share/easy-rsa +WORKDIR /usr/share/easy-rsa + +# alpine openssl.cnf location. Use command find / -name 'openssl*.cnf' +# < v3.0.4: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0/easyrsa3/easyrsa#L1032-L1033 +# >= v3.0.4: +RUN echo "Looking for openssl.cnf" \ + && find /etc /usr -name 'openssl*.cnf' + +COPY docker-entrypoint.sh /docker-entrypoint.sh +RUN chmod +x /docker-entrypoint.sh + +ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/variants/v3.0.9/docker-compose.yml b/variants/v3.0.9/docker-compose.yml new file mode 100644 index 0000000..17db5fb --- /dev/null +++ b/variants/v3.0.9/docker-compose.yml @@ -0,0 +1,40 @@ +version: '2.1' +services: + easyrsa: + container_name: easyrsa + image: theohbrothers/docker-easyrsa:v3.0.9 + + # Uncomment and configure these environment to your needs. The following are the default values, according to: https://github.com/OpenVPN/easy-rsa/blob/v3.0.8/doc/EasyRSA-Advanced.md#configuration-reference + # Using environment variables is preferred to using a vars file + # Double dollar signs '$$' is to escape a dollar sign in the docker-compose yaml parser, see: https://stackoverflow.com/a/40621373 + # environment: + # - EASYRSA_SSL_CONF=/etc/ssl/openssl.cnf + # - EASYRSA=$${0%/*} + # - EASYRSA_OPENSSL=openssl + # - EASYRSA_SSL_CONF=$$EASYRSA/openssl-easyrsa.cnf + # - EASYRSA_PKI=$$PWD/pki + # - EASYRSA_DN=cn_only + # - EASYRSA_REQ_COUNTRY=US + # - EASYRSA_REQ_PROVINCE=California + # - EASYRSA_REQ_CITY=San Francisco + # - EASYRSA_REQ_ORG=Copyleft Certificate Co + # - EASYRSA_REQ_EMAIL=me@example.net + # - EASYRSA_REQ_OU=My Organizational Unit + # - EASYRSA_KEY_SIZE=2048 + # - EASYRSA_ALGO=rsa + # - EASYRSA_CURVE=secp384r1 + # - EASYRSA_CA_EXPIRE=3650 + # - EASYRSA_CERT_EXPIRE=180 + # - EASYRSA_CERT_RENEW=30 + # - EASYRSA_NS_SUPPORT=no + # - EASYRSA_NS_COMMENT=Easy-RSA Generated Certificate + # - EASYRSA_TEMP_FILE=$$EASYRSA_PKI/extensions.temp + # - EASYRSA_EXT_DIR=$$EASYRSA/x509-types + # - EASYRSA_REQ_CN=ChangeMe + # - EASYRSA_DIGEST=sha256 + # - EASYRSA_BATCH= + + # Uncomment this to mount your own openssl.cnf, vars file(s) + # volumes: + # - ./path/to/openssl.conf:/etc/ssl/openssl.cnf + # - ./path/to/vars:/etc/ssl/openssl.cnf \ No newline at end of file diff --git a/variants/v3.0.9/docker-entrypoint.sh b/variants/v3.0.9/docker-entrypoint.sh new file mode 100644 index 0000000..2790529 --- /dev/null +++ b/variants/v3.0.9/docker-entrypoint.sh @@ -0,0 +1,20 @@ +#!/bin/sh +set -eu + +if [ $# -gt 0 ]; then + # Get all subcommands. 'help' is also a subcommand + SUBCOMMANDS=$( ./easyrsa | awk "/^'help'/,/^DIRECTORY/" | grep -vE "^'help'|^DIRECTORY|^\s*$" | awk '{print $1}'; echo help ) + if echo "$SUBCOMMANDS" | grep "^$1$"; then + # Generate the command line. easy-rsa man: https://github.com/OpenVPN/easy-rsa/blob/v3.0.0/README.quickstart.md + echo "Generating command line" + set "$EASYRSA/easyrsa" "$@" + + # Exec + echo "easyrsa command line: $@" + exec "$@" + fi +else + exec "$EASYRSA/easyrsa" "$@" +fi + +exec "$@"