From 32dfaaa463ad43a4647030dc35df07c2be6d3c72 Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Wed, 17 May 2023 21:39:42 -0400 Subject: [PATCH] code-server-ssl update/add workflows --- .github/workflows/BuildImage.yml | 87 ++++++++----------- .github/workflows/call_issue_pr_tracker.yml | 16 ++++ .github/workflows/permissions.yml | 10 +++ Dockerfile | 2 + README.md | 4 +- root/etc/cont-init.d/98-ssl-config | 10 --- .../dependencies.d/init-mods | 0 .../init-mod-code-server-ssl-setup/run | 15 ---- .../init-mod-code-server-ssl-setup/type | 1 - .../s6-rc.d/init-mod-code-server-ssl-setup/up | 1 - .../init-mod-code-server-ssl-setup | 0 .../s6-overlay/s6-rc.d/svc-code-server/run | 28 ++++++ .../contents.d/init-mod-code-server-ssl-setup | 0 13 files changed, 93 insertions(+), 81 deletions(-) create mode 100644 .github/workflows/call_issue_pr_tracker.yml create mode 100644 .github/workflows/permissions.yml delete mode 100644 root/etc/cont-init.d/98-ssl-config delete mode 100644 root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/dependencies.d/init-mods delete mode 100755 root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/run delete mode 100644 root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/type delete mode 100644 root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/up delete mode 100644 root/etc/s6-overlay/s6-rc.d/init-mods-end/dependencies.d/init-mod-code-server-ssl-setup create mode 100644 root/etc/s6-overlay/s6-rc.d/svc-code-server/run delete mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mod-code-server-ssl-setup diff --git a/.github/workflows/BuildImage.yml b/.github/workflows/BuildImage.yml index 49569b0..e789009 100644 --- a/.github/workflows/BuildImage.yml +++ b/.github/workflows/BuildImage.yml @@ -1,62 +1,45 @@ name: Build Image -on: [push, pull_request, workflow_dispatch] +on: [push, pull_request_target, workflow_dispatch] env: - ENDPOINT: "linuxserver/mods" - BASEIMAGE: "code-server" - MODNAME: "ssl" + GITHUB_REPO: "linuxserver/docker-mods" #don't modify + ENDPOINT: "linuxserver/mods" #don't modify + BASEIMAGE: "code-server" #replace + MODNAME: "ssl" #replace jobs: - build: + set-vars: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2.3.3 - - - name: Build image + - name: Set Vars + id: outputs run: | - docker build --no-cache -t ${{ github.sha }} . + echo "GITHUB_REPO=${{ env.GITHUB_REPO }}" >> $GITHUB_OUTPUT + echo "ENDPOINT=${{ env.ENDPOINT }}" >> $GITHUB_OUTPUT + echo "BASEIMAGE=${{ env.BASEIMAGE }}" >> $GITHUB_OUTPUT + echo "MODNAME=${{ env.MODNAME }}" >> $GITHUB_OUTPUT + # **** If the mod needs to be versioned, set the versioning logic below. Otherwise leave as is. **** + MOD_VERSION="" + echo "MOD_VERSION=${MOD_VERSION}" >> $GITHUB_OUTPUT + outputs: + GITHUB_REPO: ${{ steps.outputs.outputs.GITHUB_REPO }} + ENDPOINT: ${{ steps.outputs.outputs.ENDPOINT }} + BASEIMAGE: ${{ steps.outputs.outputs.BASEIMAGE }} + MODNAME: ${{ steps.outputs.outputs.MODNAME }} + MOD_VERSION: ${{ steps.outputs.outputs.MOD_VERSION }} - - name: Tag image - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }} - run: | - docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME} - docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME} - docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - - - name: Credential check - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }} - run: | - echo "CR_USER=${{ secrets.CR_USER }}" >> $GITHUB_ENV - echo "CR_PAT=${{ secrets.CR_PAT }}" >> $GITHUB_ENV - echo "DOCKERUSER=${{ secrets.DOCKERUSER }}" >> $GITHUB_ENV - echo "DOCKERPASS=${{ secrets.DOCKERPASS }}" >> $GITHUB_ENV - if [[ "${{ secrets.CR_USER }}" == "" && "${{ secrets.CR_PAT }}" == "" && "${{ secrets.DOCKERUSER }}" == "" && "${{ secrets.DOCKERPASS }}" == "" ]]; then - echo "::error::Push credential secrets missing." - echo "::error::You must set either CR_USER & CR_PAT or DOCKERUSER & DOCKERPASS as secrets in your repo settings." - echo "::error::See https://github.com/linuxserver/docker-mods/blob/master/README.md for more information/instructions." - exit 1 - fi - - - name: Login to GitHub Container Registry - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }} - run: | - echo "${{ secrets.CR_PAT }}" | docker login ghcr.io -u ${{ secrets.CR_USER }} --password-stdin - - - name: Push tags to GitHub Container Registry - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }} - run: | - docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME} - - - name: Login to DockerHub - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }} - run: | - echo ${{ secrets.DOCKERPASS }} | docker login -u ${{ secrets.DOCKERUSER }} --password-stdin - - - name: Push tags to DockerHub - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }} - run: | - docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME} + build: + uses: linuxserver/github-workflows/.github/workflows/docker-mod-builder.yml@v1 + needs: set-vars + secrets: + CR_USER: ${{ secrets.CR_USER }} + CR_PAT: ${{ secrets.CR_PAT }} + DOCKERUSER: ${{ secrets.DOCKERUSER }} + DOCKERPASS: ${{ secrets.DOCKERPASS }} + with: + GITHUB_REPO: ${{ needs.set-vars.outputs.GITHUB_REPO }} + ENDPOINT: ${{ needs.set-vars.outputs.ENDPOINT }} + BASEIMAGE: ${{ needs.set-vars.outputs.BASEIMAGE }} + MODNAME: ${{ needs.set-vars.outputs.MODNAME }} + MOD_VERSION: ${{ needs.set-vars.outputs.MOD_VERSION }} diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml new file mode 100644 index 0000000..2c30784 --- /dev/null +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -0,0 +1,16 @@ +name: Issue & PR Tracker + +on: + issues: + types: [opened,reopened,labeled,unlabeled,closed] + pull_request_target: + types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed] + pull_request_review: + types: [submitted,edited,dismissed] + +jobs: + manage-project: + permissions: + issues: write + uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1 + secrets: inherit diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml new file mode 100644 index 0000000..1447bc5 --- /dev/null +++ b/.github/workflows/permissions.yml @@ -0,0 +1,10 @@ +name: Permission check +on: + pull_request_target: + paths: + - '**/run' + - '**/finish' + - '**/check' +jobs: + permission_check: + uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 diff --git a/Dockerfile b/Dockerfile index a7dda39..244f2e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,5 @@ +# syntax=docker/dockerfile:1 + FROM scratch LABEL maintainer="MateoPeri" diff --git a/README.md b/README.md index 2e46166..0020215 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# SSL - Docker mod for code-server/openvscode-server +# SSL - Docker mod for code-server -This mod adds SSL capabilities to code-server/openvscode-server. +This mod adds SSL capabilities to code-server. In code-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:code-server-ssl` diff --git a/root/etc/cont-init.d/98-ssl-config b/root/etc/cont-init.d/98-ssl-config deleted file mode 100644 index b975844..0000000 --- a/root/etc/cont-init.d/98-ssl-config +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/with-contenv bash - -if [ -f "/etc/services.d/openvscode-server/run" ]; -then - echo "**** adding --cert and --cert-key parameters to openvscode-server startup ****" - sed -i 's/\/app\/openvscode-server\/bin\/openvscode-server \\/\/app\/openvscode-server\/bin\/openvscode-server \\\n --cert ${SSL_CERT_PATH} \\\n --cert-key ${SSL_KEY_PATH} \\/g' /etc/services.d/openvscode-server/run -else - echo "**** adding --cert and --cert-key parameters to code-server startup ****" - sed -i 's/\/bin\/code-server \\/\/bin\/code-server \\\n --cert ${SSL_CERT_PATH} \\\n --cert-key ${SSL_KEY_PATH} \\/g' /etc/services.d/code-server/run -fi \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/dependencies.d/init-mods b/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/dependencies.d/init-mods deleted file mode 100644 index e69de29..0000000 diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/run b/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/run deleted file mode 100755 index 810060f..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/run +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/with-contenv bash - -if [ -f "/etc/services.d/openvscode-server/run" ]; then - echo "**** adding --cert and --cert-key parameters to openvscode-server startup ****" - sed -i 's/\/app\/openvscode-server\/bin\/openvscode-server \\/\/app\/openvscode-server\/bin\/openvscode-server \\\n --cert ${SSL_CERT_PATH} \\\n --cert-key ${SSL_KEY_PATH} \\/g' /etc/services.d/openvscode-server/run -elif [ -f "/etc/s6-overlay/s6-rc.d/svc-openvscode-server/run" ]; then - echo "**** adding --cert and --cert-key parameters to openvscode-server startup ****" - sed -i 's/\/app\/openvscode-server\/bin\/openvscode-server \\/\/app\/openvscode-server\/bin\/openvscode-server \\\n --cert ${SSL_CERT_PATH} \\\n --cert-key ${SSL_KEY_PATH} \\/g' /etc/s6-overlay/s6-rc.d/svc-openvscode-server/run -elif [ -f "/etc/services.d/code-server/run" ]; then - echo "**** adding --cert and --cert-key parameters to code-server startup ****" - sed -i 's/\/bin\/code-server \\/\/bin\/code-server \\\n --cert ${SSL_CERT_PATH} \\\n --cert-key ${SSL_KEY_PATH} \\/g' /etc/services.d/code-server/run -elif [ -f "/etc/s6-overlay/s6-rc.d/svc-code-server/run" ]; then - echo "**** adding --cert and --cert-key parameters to code-server startup ****" - sed -i 's/\/bin\/code-server \\/\/bin\/code-server \\\n --cert ${SSL_CERT_PATH} \\\n --cert-key ${SSL_KEY_PATH} \\/g' /etc/s6-overlay/s6-rc.d/svc-code-server/run -fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/type b/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/type deleted file mode 100644 index 3d92b15..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/type +++ /dev/null @@ -1 +0,0 @@ -oneshot \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/up b/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/up deleted file mode 100644 index 80c5903..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/up +++ /dev/null @@ -1 +0,0 @@ -/etc/s6-overlay/s6-rc.d/init-mod-code-server-ssl-setup/run \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-mods-end/dependencies.d/init-mod-code-server-ssl-setup b/root/etc/s6-overlay/s6-rc.d/init-mods-end/dependencies.d/init-mod-code-server-ssl-setup deleted file mode 100644 index e69de29..0000000 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-code-server/run b/root/etc/s6-overlay/s6-rc.d/svc-code-server/run new file mode 100644 index 0000000..0aea75e --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-code-server/run @@ -0,0 +1,28 @@ +#!/usr/bin/with-contenv bash + +if [ -n "${PASSWORD}" ] || [ -n "${HASHED_PASSWORD}" ]; then + AUTH="password" +else + AUTH="none" + echo "starting with no password" +fi + +if [ -z ${PROXY_DOMAIN+x} ]; then + PROXY_DOMAIN_ARG="" +else + PROXY_DOMAIN_ARG="--proxy-domain=${PROXY_DOMAIN}" +fi + +exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 8443" \ + s6-setuidgid abc \ + /app/code-server/bin/code-server \ + --bind-addr 0.0.0.0:8443 \ + --user-data-dir /config/data \ + --extensions-dir /config/extensions \ + --disable-telemetry \ + --auth "${AUTH}" \ + "${PROXY_DOMAIN_ARG}" \ + "${DEFAULT_WORKSPACE:-/config/workspace}" \ + --cert ${SSL_CERT_PATH} \ + --cert-key ${SSL_KEY_PATH} diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mod-code-server-ssl-setup b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mod-code-server-ssl-setup deleted file mode 100644 index e69de29..0000000