From b32dd54cc21e9ebdc874b2c7b5b4897c074c5e52 Mon Sep 17 00:00:00 2001
From: Jiri Mikaus <jiri.mikaus@whalebone.io>
Date: Wed, 15 Nov 2023 11:52:51 +0100
Subject: [PATCH] add gh actions

---
 .github/workflows/docker-build.yml   |  28 +++++++++
 .github/workflows/test.yml           |  51 +++++++++++++++
 Dockerfile                           |  91 +++++++++++++++++----------
 Dockerfile-bak                       |  34 ++++++++++
 app/version.go                       |   5 ++
 certs/crl/certs/intermediate.crl.der | Bin 0 -> 829 bytes
 docker-compose.yml                   |   2 +-
 server.go                            |   5 +-
 server_test.go                       |   2 +-
 9 files changed, 179 insertions(+), 39 deletions(-)
 create mode 100644 .github/workflows/docker-build.yml
 create mode 100644 .github/workflows/test.yml
 create mode 100644 Dockerfile-bak
 create mode 100644 app/version.go
 create mode 100644 certs/crl/certs/intermediate.crl.der

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
new file mode 100644
index 0000000..fac1d91
--- /dev/null
+++ b/.github/workflows/docker-build.yml
@@ -0,0 +1,28 @@
+name: Build docker image and push to Harbor
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  Built-login-push:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build and push image
+        run: |-
+          GIT_COMMIT=$(git rev-parse HEAD)
+          VERSION_TAG=$(git describe --exact-match --tags 2>/dev/null)
+          VERSION_TAG=$(echo $VERSION_TAG | tr '[A-Z]' '[a-z]')
+          IMAGE_TAG="harbor.whalebone.io/whalebone/${{ github.event.repository.name }}:${VERSION_TAG}"
+          IMAGE_TAG=$(echo $IMAGE_TAG | tr '[A-Z]' '[a-z]')
+
+          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login harbor.whalebone.io/whalebone -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+
+          docker build . --file Dockerfile --tag "${IMAGE_TAG}" \
+            --build-arg VERSION="${VERSION_TAG}" \
+            --build-arg GIT_COMMIT="${GIT_COMMIT}" \
+            --build-arg GH_USERNAME=${{ secrets.GH_USERNAME }} \
+            --build-arg GH_TOKEN=${{ secrets.GH_TOKEN }}
+
+          docker push "${IMAGE_TAG}"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..bb088cc
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,51 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - "**"
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    services:
+      minio:
+        image: bitnami/minio:latest
+        env:
+          MINIO_ROOT_USER: minio
+          MINIO_ROOT_PASSWORD: minio123
+        ports:
+          - 9000:9000
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+      - name: Cache Go modules
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      # - name: Setup Go and Git for private modules
+      #   run: |
+      #     go env -w GOPRIVATE=github.com/whalebone/*
+      #     git config --global url."https://${{ secrets.GH_USERNAME }}:${{ secrets.GH_TOKEN }}@github.com".insteadOf "https://github.com"
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: latest
+          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
+          skip-pkg-cache: true
+          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
+          skip-build-cache: true
+
+      - name: Test Go packages
+        run: |
+          go test -v -covermode=atomic -coverpkg=./... -coverprofile coverage.out ./... -p=1 count=1 -cpu 2
+          go tool cover -func=coverage.out
diff --git a/Dockerfile b/Dockerfile
index d5675aa..d18d5a3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,34 +1,57 @@
-# Multi-stage build: The final stage adds just 9 MB of our Go binary on the top of the base image, e.g.:
-# fedora             29       24508ec0e667    260MB
-# karm/serve-file    1.0.0    3cebf268c53e    269MB
-
-# build stage
-#############
-# Why 25 and not 29? newer Curl/NSS on Fedora 27+ fails to handshake with the test
-# certificates on the grounds of "unsupported purpose"; TODO: revisit cert extensions
-FROM fedora:25 AS build-env
-LABEL Author="Michal Karm Babacek <karm@email.cz"
-ENV GOPATH /gopath
-ENV PROJECT_DIR ${GOPATH}/src/github.com/Karm/serve-file/
-ENV PATH ${PATH}:/opt/go/bin/:/opt/linux-amd64/
-ENV GO_VERSION 1.14.13
-WORKDIR /opt
-RUN dnf install git gcc -y
-RUN curl -L -O https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz
-RUN tar -xvf go${GO_VERSION}.linux-amd64.tar.gz
-ADD . ${PROJECT_DIR}
-WORKDIR ${PROJECT_DIR}
-RUN GO111MODULE=on GOARCH=amd64 GOOS=linux go build .
-RUN GO111MODULE=on go test 
-
-# final stage
-#############
-FROM fedora:29
-LABEL Author="Michal Karm Babacek <karm@email.cz"
-RUN useradd -s /sbin/nologin serveit
-RUN mkdir -p /opt/serveit && chown serveit /opt/serveit && chgrp serveit /opt/serveit && chmod ug+rwxs /opt/serveit
-WORKDIR /opt/serveit/
-EXPOSE 8443/tcp 6060/tcp
-USER serveit
-COPY --from=build-env /gopath/src/github.com/Karm/serve-file/serve-file /opt/serveit/
-CMD ["/opt/serveit/serve-file"]
+# build image
+FROM golang:1.21-alpine as build
+
+ARG GH_USERNAME
+ARG GH_TOKEN
+ARG GIT_COMMIT
+ARG VERSION
+
+# set the Current Working Directory inside the build container
+WORKDIR /build
+
+# Create appuser.
+ENV USER=appuser
+ENV UID=10001
+# See https://stackoverflow.com/a/55757473/12429735RUN
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+
+# copy go mod and sum files
+COPY go.mod go.sum ./
+
+# download all dependencies; dependencies will be cached if the go.mod and go.sum files are not changed
+# install ca-certificates to allow external tls connections
+RUN apk add --no-cache ca-certificates && \
+    go mod download && go mod verify
+
+# copy sources
+COPY . .
+
+# build the Go app, -w -s to strip debug info
+RUN export GO_MOD=$(go list -m); mkdir binary && \
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+    -ldflags="-w -s -X '${GO_MOD}/app.Version=${VERSION}' \
+        -X '${GO_MOD}/app.GitCommit=${GIT_COMMIT}'" \
+    -o /build/binary/app ./server.go
+
+# runtime image
+FROM scratch
+
+COPY --from=build /etc/passwd /etc/passwd
+COPY --from=build /etc/group /etc/group
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
+COPY --from=build /build/binary/app .
+
+USER appuser:appuser
+
+# Add port if service
+EXPOSE 8443
+
+ENTRYPOINT ["/app"]
diff --git a/Dockerfile-bak b/Dockerfile-bak
new file mode 100644
index 0000000..d5675aa
--- /dev/null
+++ b/Dockerfile-bak
@@ -0,0 +1,34 @@
+# Multi-stage build: The final stage adds just 9 MB of our Go binary on the top of the base image, e.g.:
+# fedora             29       24508ec0e667    260MB
+# karm/serve-file    1.0.0    3cebf268c53e    269MB
+
+# build stage
+#############
+# Why 25 and not 29? newer Curl/NSS on Fedora 27+ fails to handshake with the test
+# certificates on the grounds of "unsupported purpose"; TODO: revisit cert extensions
+FROM fedora:25 AS build-env
+LABEL Author="Michal Karm Babacek <karm@email.cz"
+ENV GOPATH /gopath
+ENV PROJECT_DIR ${GOPATH}/src/github.com/Karm/serve-file/
+ENV PATH ${PATH}:/opt/go/bin/:/opt/linux-amd64/
+ENV GO_VERSION 1.14.13
+WORKDIR /opt
+RUN dnf install git gcc -y
+RUN curl -L -O https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz
+RUN tar -xvf go${GO_VERSION}.linux-amd64.tar.gz
+ADD . ${PROJECT_DIR}
+WORKDIR ${PROJECT_DIR}
+RUN GO111MODULE=on GOARCH=amd64 GOOS=linux go build .
+RUN GO111MODULE=on go test 
+
+# final stage
+#############
+FROM fedora:29
+LABEL Author="Michal Karm Babacek <karm@email.cz"
+RUN useradd -s /sbin/nologin serveit
+RUN mkdir -p /opt/serveit && chown serveit /opt/serveit && chgrp serveit /opt/serveit && chmod ug+rwxs /opt/serveit
+WORKDIR /opt/serveit/
+EXPOSE 8443/tcp 6060/tcp
+USER serveit
+COPY --from=build-env /gopath/src/github.com/Karm/serve-file/serve-file /opt/serveit/
+CMD ["/opt/serveit/serve-file"]
diff --git a/app/version.go b/app/version.go
new file mode 100644
index 0000000..23d5dea
--- /dev/null
+++ b/app/version.go
@@ -0,0 +1,5 @@
+package app
+
+// Version and GitCommit values overwritten by `-ldflags` in `go build`.
+var Version = "dev"
+var GitCommit = "dev"
diff --git a/certs/crl/certs/intermediate.crl.der b/certs/crl/certs/intermediate.crl.der
new file mode 100644
index 0000000000000000000000000000000000000000..ccdaea73290dce7b08fa0d31b4fdbb1c2cd5e9aa
GIT binary patch
literal 829
zcmXqLVzxABVpL>eWHjJq<J4;NX#38~$jHmeV9+?-klTQhjX9KsO_<3!%23=u6vW}+
z;d8D^P0mmVN-Zc&%E?SNlrfM3NpSH9`(`F*B<3i1Cl=)@I3*?}CZ}c_3K;N#WVw0R
zLsE-NGV{_66%FJ;BFsDzo_QsyMY*XdnTaK-3dyNOC7EfN$v`&PNSI?d8O3<BfhIbn
z<|bz5=p|Q)^BP(h8XA}yni`mz7(|Kl8iBY*P_BWpfg%%=z#KGH20R8_KwD)+S(v#P
zSr-@>=z(1!tIQ%{Al4uv{aN*v^wrh<St^g3*9L_3U*9icX}}HAAi}}|G!8v<n46dw
z8JLxMn5w;__p2lsGI*>wSCVE?T>T_3Vqw>*=gQZz&hZ@m>S41sXvy9sM<=K~T&ZTN
zA#lnkV5RES7sfj>?{d!2P3mY+Hp;JCsj)F(JKvpLlZCYsmRgGfrak8FnSLnXva5vj
z_qvx$a?bFno&CM3*LH@Yl8*kWwg={sU7}X8o?@CFn^Q^}rM7ZC`DZO=yW`fC>sm)%
zy9L;vTd>^IIyINeu(ayS2KlDt6Yss%@6q9`+Vr7&S$x<d#|sNtx4n8HZ5~(sa9{Vv
z#JrnM98>=0W~QB9C;j)oU)ixQy3s7BW*UEt5Z}}i87!@pt&kyXclUA&|1Hi(?oFSs
z%(zos*32Q0x&7$F<6rvI<qkbn=n>DWSZv$**8iiY`BU8w5w-Wvd%O{u_(r^R;^rP%
zEzgKsJpX4j6|jpb9B0wAiL_^$cVX`7BUfLQitFCs48E|J@nXdPV+$kB&7Y?ImnFM`
zB{OL{E3fmFv$wl{Xgn4=HO;oj{cuNS_PoG~hl!K+Hg+A1Tec(3Xd;7jP3N<}vR86S
z;#dDNVE&ZbIMwI#m8I8i*$Pa#Uuk;X<JZB!9<$@l9W|S_Juhz)I9$IqvUv-e`>k{@
z^`40?kE1Wn<!W!fIiv6Em9pP=?^>*#VZZL#vx5C0O5E~7`%>4WX3q2ODzth$rLH(Q
YYt2-L6ISZa&0}BB+;w$DaoN8Y00a_7AOHXW

literal 0
HcmV?d00001

diff --git a/docker-compose.yml b/docker-compose.yml
index a700dbf..c32e1d6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,7 +7,7 @@ services:
     ports:
       - "9000:9000"
       - "9001:9001"
-    command: server --console-address :9001 /data --certs-dir /minio-conf/certs
+    command: server --console-address :9001 /data
     environment:
       MINIO_ROOT_USER: minio
       MINIO_ROOT_PASSWORD: minio123
diff --git a/server.go b/server.go
index 8c6469d..e32be6c 100644
--- a/server.go
+++ b/server.go
@@ -32,12 +32,11 @@ import (
 	"time"
 
 	minio "github.com/minio/minio-go"
+	"whalebone.io/serve-file/app"
 	"whalebone.io/serve-file/config"
 	"whalebone.io/serve-file/validation"
 )
 
-const version = "1.0.0"
-
 //nolint:gocognit,cyclop
 func createServer(settings *config.Settings) *http.Server {
 	mux := http.NewServeMux()
@@ -283,7 +282,7 @@ func main() {
 		}
 		done <- true
 	}(srv)
-	log.Printf("Running version %s. Ctrl+C to stop.", version)
+	log.Printf("Running version %s (%s). Ctrl+C to stop.", app.Version, app.GitCommit)
 	<-done
 	log.Printf("Stopped.")
 }
diff --git a/server_test.go b/server_test.go
index 8d3abfb..051e1c2 100644
--- a/server_test.go
+++ b/server_test.go
@@ -50,7 +50,7 @@ var (
 	caCertBase64     = testutil.GetBase64(caCertFile)
 	serverCertBase64 = testutil.GetBase64("certs/server/certs/server.cert.pem")
 	serverKeyBase64  = testutil.GetBase64("certs/server/private/server.key.nopass.pem")
-	crlBase64        = testutil.GetBase64("certs/crl/certs/intermediate.crl.pem")
+	crlBase64        = testutil.GetBase64("certs/crl/certs/intermediate.crl.der")
 	testMutex        = &sync.Mutex{}
 )