add gh actions

.github/workflows/docker-build.yml

@@ -0,0 +1,28 @@
+name: Build docker image and push to Harbor
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  Built-login-push:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build and push image
+        run: |-
+          GIT_COMMIT=$(git rev-parse HEAD)
+          VERSION_TAG=$(git describe --exact-match --tags 2>/dev/null)
+          VERSION_TAG=$(echo $VERSION_TAG | tr '[A-Z]' '[a-z]')
+          IMAGE_TAG="harbor.whalebone.io/whalebone/${{ github.event.repository.name }}:${VERSION_TAG}"
+          IMAGE_TAG=$(echo $IMAGE_TAG | tr '[A-Z]' '[a-z]')
+
+          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login harbor.whalebone.io/whalebone -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+
+          docker build . --file Dockerfile --tag "${IMAGE_TAG}" \
+            --build-arg VERSION="${VERSION_TAG}" \
+            --build-arg GIT_COMMIT="${GIT_COMMIT}" \
+            --build-arg GH_USERNAME=${{ secrets.GH_USERNAME }} \
+            --build-arg GH_TOKEN=${{ secrets.GH_TOKEN }}
+
+          docker push "${IMAGE_TAG}"

.github/workflows/test.yml

@@ -0,0 +1,51 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - "**"
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    services:
+      minio:
+        image: bitnami/minio:latest
+        env:
+          MINIO_ROOT_USER: minio
+          MINIO_ROOT_PASSWORD: minio123
+        ports:
+          - 9000:9000
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+      - name: Cache Go modules
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      # - name: Setup Go and Git for private modules
+      #   run: |
+      #     go env -w GOPRIVATE=github.com/whalebone/*
+      #     git config --global url."https://${{ secrets.GH_USERNAME }}:${{ secrets.GH_TOKEN }}@github.com".insteadOf "https://github.com"
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: latest
+          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
+          skip-pkg-cache: true
+          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
+          skip-build-cache: true
+
+      - name: Test Go packages
+        run: |
+          go test -v -covermode=atomic -coverpkg=./... -coverprofile coverage.out ./... -p=1 count=1 -cpu 2
+          go tool cover -func=coverage.out

Dockerfile

@@ -1,34 +1,57 @@
-# Multi-stage build: The final stage adds just 9 MB of our Go binary on the top of the base image, e.g.:
-# fedora             29       24508ec0e667    260MB
-# karm/serve-file    1.0.0    3cebf268c53e    269MB
-
-# build stage
-#############
-# Why 25 and not 29? newer Curl/NSS on Fedora 27+ fails to handshake with the test
-# certificates on the grounds of "unsupported purpose"; TODO: revisit cert extensions
-FROM fedora:25 AS build-env
-LABEL Author="Michal Karm Babacek <[email protected]"
-ENV GOPATH /gopath
-ENV PROJECT_DIR ${GOPATH}/src/github.com/Karm/serve-file/
-ENV PATH ${PATH}:/opt/go/bin/:/opt/linux-amd64/
-ENV GO_VERSION 1.14.13
-WORKDIR /opt
-RUN dnf install git gcc -y
-RUN curl -L -O https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz
-RUN tar -xvf go${GO_VERSION}.linux-amd64.tar.gz
-ADD . ${PROJECT_DIR}
-WORKDIR ${PROJECT_DIR}
-RUN GO111MODULE=on GOARCH=amd64 GOOS=linux go build .
-RUN GO111MODULE=on go test 
-
-# final stage
-#############
-FROM fedora:29
-LABEL Author="Michal Karm Babacek <[email protected]"
-RUN useradd -s /sbin/nologin serveit
-RUN mkdir -p /opt/serveit && chown serveit /opt/serveit && chgrp serveit /opt/serveit && chmod ug+rwxs /opt/serveit
-WORKDIR /opt/serveit/
-EXPOSE 8443/tcp 6060/tcp
-USER serveit
-COPY --from=build-env /gopath/src/github.com/Karm/serve-file/serve-file /opt/serveit/
-CMD ["/opt/serveit/serve-file"]
+# build image
+FROM golang:1.21-alpine as build
+
+ARG GH_USERNAME
+ARG GH_TOKEN
+ARG GIT_COMMIT
+ARG VERSION
+
+# set the Current Working Directory inside the build container
+WORKDIR /build
+
+# Create appuser.
+ENV USER=appuser
+ENV UID=10001
+# See https://stackoverflow.com/a/55757473/12429735RUN
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+
+# copy go mod and sum files
+COPY go.mod go.sum ./
+
+# download all dependencies; dependencies will be cached if the go.mod and go.sum files are not changed
+# install ca-certificates to allow external tls connections
+RUN apk add --no-cache ca-certificates && \
+    go mod download && go mod verify
+
+# copy sources
+COPY . .
+
+# build the Go app, -w -s to strip debug info
+RUN export GO_MOD=$(go list -m); mkdir binary && \
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+    -ldflags="-w -s -X '${GO_MOD}/app.Version=${VERSION}' \
+        -X '${GO_MOD}/app.GitCommit=${GIT_COMMIT}'" \
+    -o /build/binary/app ./server.go
+
+# runtime image
+FROM scratch
+
+COPY --from=build /etc/passwd /etc/passwd
+COPY --from=build /etc/group /etc/group
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
+COPY --from=build /build/binary/app .
+
+USER appuser:appuser
+
+# Add port if service
+EXPOSE 8443
+
+ENTRYPOINT ["/app"]

Dockerfile-bak

@@ -0,0 +1,34 @@
+# Multi-stage build: The final stage adds just 9 MB of our Go binary on the top of the base image, e.g.:
+# fedora             29       24508ec0e667    260MB
+# karm/serve-file    1.0.0    3cebf268c53e    269MB
+
+# build stage
+#############
+# Why 25 and not 29? newer Curl/NSS on Fedora 27+ fails to handshake with the test
+# certificates on the grounds of "unsupported purpose"; TODO: revisit cert extensions
+FROM fedora:25 AS build-env
+LABEL Author="Michal Karm Babacek <[email protected]"
+ENV GOPATH /gopath
+ENV PROJECT_DIR ${GOPATH}/src/github.com/Karm/serve-file/
+ENV PATH ${PATH}:/opt/go/bin/:/opt/linux-amd64/
+ENV GO_VERSION 1.14.13
+WORKDIR /opt
+RUN dnf install git gcc -y
+RUN curl -L -O https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz
+RUN tar -xvf go${GO_VERSION}.linux-amd64.tar.gz
+ADD . ${PROJECT_DIR}
+WORKDIR ${PROJECT_DIR}
+RUN GO111MODULE=on GOARCH=amd64 GOOS=linux go build .
+RUN GO111MODULE=on go test 
+
+# final stage
+#############
+FROM fedora:29
+LABEL Author="Michal Karm Babacek <[email protected]"
+RUN useradd -s /sbin/nologin serveit
+RUN mkdir -p /opt/serveit && chown serveit /opt/serveit && chgrp serveit /opt/serveit && chmod ug+rwxs /opt/serveit
+WORKDIR /opt/serveit/
+EXPOSE 8443/tcp 6060/tcp
+USER serveit
+COPY --from=build-env /gopath/src/github.com/Karm/serve-file/serve-file /opt/serveit/
+CMD ["/opt/serveit/serve-file"]

app/version.go

@@ -0,0 +1,5 @@
+package app
+
+// Version and GitCommit values overwritten by `-ldflags` in `go build`.
+var Version = "dev"
+var GitCommit = "dev"

docker-compose.yml

@@ -7,7 +7,7 @@ services:
     ports:
       - "9000:9000"
       - "9001:9001"
-    command: server --console-address :9001 /data --certs-dir /minio-conf/certs
+    command: server --console-address :9001 /data
     environment:
       MINIO_ROOT_USER: minio
       MINIO_ROOT_PASSWORD: minio123

server.go

@@ -32,12 +32,11 @@ import (
 	"time"
 
 	minio "github.com/minio/minio-go"
+	"whalebone.io/serve-file/app"
 	"whalebone.io/serve-file/config"
 	"whalebone.io/serve-file/validation"
 )
 
-const version = "1.0.0"
-
 //nolint:gocognit,cyclop
 func createServer(settings *config.Settings) *http.Server {
 	mux := http.NewServeMux()
@@ -283,7 +282,7 @@ func main() {
 		}
 		done <- true
 	}(srv)
-	log.Printf("Running version %s. Ctrl+C to stop.", version)
+	log.Printf("Running version %s (%s). Ctrl+C to stop.", app.Version, app.GitCommit)
 	<-done
 	log.Printf("Stopped.")
 }

server_test.go

@@ -50,7 +50,7 @@ var (
 	caCertBase64     = testutil.GetBase64(caCertFile)
 	serverCertBase64 = testutil.GetBase64("certs/server/certs/server.cert.pem")
 	serverKeyBase64  = testutil.GetBase64("certs/server/private/server.key.nopass.pem")
-	crlBase64        = testutil.GetBase64("certs/crl/certs/intermediate.crl.pem")
+	crlBase64        = testutil.GetBase64("certs/crl/certs/intermediate.crl.der")
 	testMutex        = &sync.Mutex{}
 )