LAB-linuxserver/docker-mods
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-mods.git synced 2026-02-04 14:44:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

universal-cloudflared update/add workflows

Browse Source
This commit is contained in:
aptalca 2023-05-18 15:30:37 -04:00
parent af7cf70d43
commit c19a967945
No known key found for this signature in database
GPG Key ID: BE36CFFB9FD85548
7 changed files with 63 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
.github/workflows/BuildImage.yml vendored
View File

@ -1,72 +1,45 @@
name: Build Image
on: [push, pull_request, workflow_dispatch]
on: [push, pull_request_target, workflow_dispatch]
env:
GITHUB_REPO: "linuxserver/docker-mods" #don't modify
ENDPOINT: "linuxserver/mods" #don't modify
BASEIMAGE: "universal" #replace
MODNAME: "cloudflared" #replace
jobs:
build:
set-vars:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
- name: Build image
- name: Set Vars
id: outputs
run: |
CLOUDFLARED_TAG=$(curl -s https://api.github.com/repos/cloudflare/cloudflared/releases/latest | jq -rc ".tag_name")
echo "CLOUDFLARED_TAG=${CLOUDFLARED_TAG}" >> $GITHUB_ENV
docker build --no-cache --build-arg CLOUDFLARED_TAG=${CLOUDFLARED_TAG} -t ${{ github.sha }} .
echo "GITHUB_REPO=${{ env.GITHUB_REPO }}" >> $GITHUB_OUTPUT
echo "ENDPOINT=${{ env.ENDPOINT }}" >> $GITHUB_OUTPUT
echo "BASEIMAGE=${{ env.BASEIMAGE }}" >> $GITHUB_OUTPUT
echo "MODNAME=${{ env.MODNAME }}" >> $GITHUB_OUTPUT
# **** If the mod needs to be versioned, set the versioning logic below. Otherwise leave as is. ****
MOD_VERSION=$(curl -s https://api.github.com/repos/cloudflare/cloudflared/releases/latest | jq -rc ".tag_name")
echo "MOD_VERSION=${MOD_VERSION}" >> $GITHUB_OUTPUT
outputs:
GITHUB_REPO: ${{ steps.outputs.outputs.GITHUB_REPO }}
ENDPOINT: ${{ steps.outputs.outputs.ENDPOINT }}
BASEIMAGE: ${{ steps.outputs.outputs.BASEIMAGE }}
MODNAME: ${{ steps.outputs.outputs.MODNAME }}
MOD_VERSION: ${{ steps.outputs.outputs.MOD_VERSION }}
- name: Tag image
if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }}
run: |
docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}
docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}
docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}-${{ github.sha }}
docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }}
docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}
docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}
docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}-${{ github.sha }}
docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }}
- name: Credential check
if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }}
run: |
echo "CR_USER=${{ secrets.CR_USER }}" >> $GITHUB_ENV
echo "CR_PAT=${{ secrets.CR_PAT }}" >> $GITHUB_ENV
echo "DOCKERUSER=${{ secrets.DOCKERUSER }}" >> $GITHUB_ENV
echo "DOCKERPASS=${{ secrets.DOCKERPASS }}" >> $GITHUB_ENV
if [[ "${{ secrets.CR_USER }}" == "" && "${{ secrets.CR_PAT }}" == "" && "${{ secrets.DOCKERUSER }}" == "" && "${{ secrets.DOCKERPASS }}" == "" ]]; then
echo "::error::Push credential secrets missing."
echo "::error::You must set either CR_USER & CR_PAT or DOCKERUSER & DOCKERPASS as secrets in your repo settings."
echo "::error::See https://github.com/linuxserver/docker-mods/blob/master/README.md for more information/instructions."
exit 1
fi
- name: Login to GitHub Container Registry
if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }}
run: |
echo "${{ secrets.CR_PAT }}" | docker login ghcr.io -u ${{ secrets.CR_USER }} --password-stdin
- name: Push tags to GitHub Container Registry
if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }}
run: |
docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }}
docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}-${{ github.sha }}
docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}
docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}
- name: Login to DockerHub
if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }}
run: |
echo ${{ secrets.DOCKERPASS }} | docker login -u ${{ secrets.DOCKERUSER }} --password-stdin
- name: Push tags to DockerHub
if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }}
run: |
docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }}
docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}-${{ github.sha }}
docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}
docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}
build:
uses: linuxserver/github-workflows/.github/workflows/docker-mod-builder.yml@v1
needs: set-vars
secrets:
CR_USER: ${{ secrets.CR_USER }}
CR_PAT: ${{ secrets.CR_PAT }}
DOCKERUSER: ${{ secrets.DOCKERUSER }}
DOCKERPASS: ${{ secrets.DOCKERPASS }}
with:
GITHUB_REPO: ${{ needs.set-vars.outputs.GITHUB_REPO }}
ENDPOINT: ${{ needs.set-vars.outputs.ENDPOINT }}
BASEIMAGE: ${{ needs.set-vars.outputs.BASEIMAGE }}
MODNAME: ${{ needs.set-vars.outputs.MODNAME }}
MOD_VERSION: ${{ needs.set-vars.outputs.MOD_VERSION }}

16
.github/workflows/call_issue_pr_tracker.yml vendored Normal file
View File

@ -0,0 +1,16 @@
name: Issue & PR Tracker
on:
issues:
types: [opened,reopened,labeled,unlabeled,closed]
pull_request_target:
types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed]
pull_request_review:
types: [submitted,edited,dismissed]
jobs:
manage-project:
permissions:
issues: write
uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1
secrets: inherit

10
.github/workflows/permissions.yml vendored Normal file
View File

@ -0,0 +1,10 @@
name: Permission check
on:
pull_request_target:
paths:
- '**/run'
- '**/finish'
- '**/check'
jobs:
permission_check:
uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

8
Dockerfile
View File

@ -1,7 +1,9 @@
# syntax=docker/dockerfile:1
# Build container
FROM ghcr.io/linuxserver/baseimage-alpine:3.17 AS buildstage
ARG CLOUDFLARED_TAG
ARG MOD_VERSION
RUN mkdir -p /root-layer/cloudflared
WORKDIR /src
@ -16,12 +18,12 @@ ENV GO111MODULE=on \
CGO_ENABLED=0
RUN \
if [ -z "${CLOUDFLARED_TAG}" ]; then \
if [ -z "${MOD_VERSION}" ]; then \
curl -s https://api.github.com/repos/cloudflare/cloudflared/releases/latest \
| jq -rc ".tag_name" \
| xargs -I TAG sh -c 'git -c advice.detachedHead=false clone https://github.com/cloudflare/cloudflared --depth=1 --branch TAG .'; \
else \
git -c advice.detachedHead=false clone https://github.com/cloudflare/cloudflared --depth=1 --branch ${CLOUDFLARED_TAG} .; \
git -c advice.detachedHead=false clone https://github.com/cloudflare/cloudflared --depth=1 --branch ${MOD_VERSION} .; \
fi
RUN GOOS=linux GOARCH=amd64 make cloudflared

5
root/etc/cont-init.d/95-apt-get
View File

@ -1,5 +0,0 @@
#!/usr/bin/with-contenv bash
if [ -f /usr/bin/apt ]; then
apt-get update
fi

142
root/etc/cont-init.d/98-cloudflared-config
View File

@ -1,142 +0,0 @@
#!/usr/bin/with-contenv bash
echo "**** Cloudflared setup script init... ****"
echo "**** Checking cloudflared setup script requirements... ****"
ARCH="$(command arch)"
if [ "${ARCH}" = "x86_64" ]; then
ARCH="amd64"
elif [ "${ARCH}" = "aarch64" ]; then
ARCH="arm64"
elif [ "${ARCH}" = "armv7l" ]; then
ARCH="armhf"
else
echo "**** Unsupported Linux architecture ${ARCH} found, exiting... ****"
exit 1
fi
echo "**** Linux architecture found: ${ARCH} ****"
echo "**** Checking for cloudflared setup script dependencies... ****"
YQARCH="${ARCH}"
if [ "${YQ_ARCH}" = "armhf" ]; then
YQARCH="arm"
fi
echo "**** Temporarily installing /tmp/yq... ****"
curl -sLo /tmp/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${YQARCH}
chmod +x /tmp/yq
echo "**** Installing cloudflared...****"
if [ -d "/cloudflared/" ]; then
echo "**** Moving /cloudflared/cloudflared-${ARCH} to /usr/local/bin/cloudflared... ****"
mv /cloudflared/cloudflared-${ARCH} /usr/local/bin/cloudflared
echo "**** Deleting tmp /cloudflared dir... ****"
rm -rf /cloudflared
echo "**** Cloudflared installed ****"
elif [ -x "$(command -v cloudflared)" ]; then
echo "**** Cloudflared already installed, skipping... ****"
else
echo "**** Cloudflared missing, exiting... ****"
exit 1
fi
cloudflared -v
echo "**** Checking for cloudflare tunnel parameters... ****"
if [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]]; then
if [[ ${#CF_TUNNEL_PASSWORD} -lt 32 ]]; then
echo "**** Cloudflare tunnel password must be at least 32 characters long, exiting... ****"
rm -rf /etc/services.d/cloudflared
exit 1
else
echo "**** Cloudflare tunnel parameters found, starting cloudflare tunnel setup... ****"
echo "**** Creating cloudflare tunnel (${CF_TUNNEL_NAME}) via API... ****"
CF_TUNNEL_SECRET="$(command echo ${CF_TUNNEL_PASSWORD} | base64 -w 0)"
JSON_RESULT=$(curl -sX \
POST "https://api.cloudflare.com/client/v4/accounts/${CF_ACCOUNT_ID}/tunnels" \
-H "Authorization: Bearer ${CF_API_TOKEN}" \
-H "Content-Type: application/json" \
--data "{\"name\":\"${CF_TUNNEL_NAME}\",\"tunnel_secret\":\"${CF_TUNNEL_SECRET}\"}")
echo ${JSON_RESULT} | jq
JSON_CODE_VALUE=$(echo ${JSON_RESULT} | jq -rc ".code // .errors[].code")
if [[ ${JSON_CODE_VALUE} -eq 1013 ]]; then
echo "**** You already have a cloudflare tunnel named ${CF_TUNNEL_NAME} ****"
echo "**** Searching existing cloudflare tunnels via API... ****"
JSON_RESULT=$(curl -sX \
GET "https://api.cloudflare.com/client/v4/accounts/${CF_ACCOUNT_ID}/tunnels?name=${CF_TUNNEL_NAME}&is_deleted=false" \
-H "Authorization: Bearer ${CF_API_TOKEN}" \
-H "Content-Type: application/json")
echo ${JSON_RESULT} | jq
echo "**** Fetching existing cloudflare tunnel (${CF_TUNNEL_NAME}) via API... ****"
CF_TUNNEL_ID=$(echo ${JSON_RESULT} | jq -rc ".[].id? // .result[].id")
JSON_RESULT=$(curl -sX \
GET "https://api.cloudflare.com/client/v4/accounts/${CF_ACCOUNT_ID}/tunnels/${CF_TUNNEL_ID}?" \
-H "Authorization: Bearer ${CF_API_TOKEN}" \
-H "Content-Type: application/json")
JSON_RESULT=$(echo ${JSON_RESULT} | jq -rc ". |= .+ {\"credentials_file\": {\"AccountTag\": \"${CF_ACCOUNT_ID}\",\"TunnelID\": \"${CF_TUNNEL_ID}\",\"TunnelName\": \"${CF_TUNNEL_NAME}\",\"TunnelSecret\": \"${CF_TUNNEL_SECRET}\"}}")
echo ${JSON_RESULT} | jq
fi
CF_TUNNEL_ID=$(echo ${JSON_RESULT} | jq -rc ".id // .result.id")
CREDENTIALS_FILE=$(echo ${JSON_RESULT} | jq -rc ".credentials_file // .result.credentials_file")
echo "**** Saving cloudflare tunnel (${CF_TUNNEL_NAME}) credentials json... ****"
if [ ! -d "/etc/cloudflared/" ]; then
mkdir -p "/etc/cloudflared";
fi
printf "${CREDENTIALS_FILE}" > "/etc/cloudflared/${CF_TUNNEL_ID}.json"
echo ${JSON_RESULT} | jq -r ".result.credentials_file"
echo "**** Cloudflare tunnel (${CF_TUNNEL_NAME}) credentials saved to /etc/cloudflared/${CF_TUNNEL_ID}.json ****"
echo "**** Generating config.yml for cloudflare tunnel (${CF_TUNNEL_NAME})... ****"
printf "tunnel: ${CF_TUNNEL_ID}\n" > "/etc/cloudflared/config.yml"
printf "credentials-file: /etc/cloudflared/${CF_TUNNEL_ID}.json\n" >> "/etc/cloudflared/config.yml"
printf "no-autoupdate: true\n\n" >> "/etc/cloudflared/config.yml"
printf "${CF_TUNNEL_CONFIG}" >> "/etc/cloudflared/config.yml"
/tmp/yq e /etc/cloudflared/config.yml
echo "**** Config for cloudflare tunnel (${CF_TUNNEL_NAME}) saved to /etc/cloudflared/config.yml ****"
echo "**** Validating cloudflared tunnel rules... ****"
cloudflared tunnel ingress validate
echo "**** Updating cloudflare zone... ****"
for HOSTNAME in $(/tmp/yq e ".ingress.[].hostname" /etc/cloudflared/config.yml); do
if [ ! "${HOSTNAME}" = "null" ]; then
echo "**** Searching zone for hostname (${HOSTNAME}) via API... ****"
JSON_RESULT=$(curl -sX \
GET "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records?name=${HOSTNAME}&type=CNAME&match=all" \
-H "Authorization: Bearer ${CF_API_TOKEN}" \
-H "Content-Type: application/json")
COUNT=$(echo ${JSON_RESULT} | jq -rc ".result_info.count")
if [[ ${COUNT} -eq 0 ]]; then
echo "**** Creating new CNAME for hostname (${HOSTNAME}) via API... ****"
JSON_RESULT=$(curl -sX \
POST "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records" \
-H "Authorization: Bearer ${CF_API_TOKEN}" \
-H "Content-Type: application/json" \
--data "{\"type\":\"CNAME\",\"name\":\"${HOSTNAME}\",\"content\":\"${CF_TUNNEL_ID}.cfargotunnel.com\",\"ttl\":1,\"proxied\":true}")
echo ${JSON_RESULT} | jq
else
echo "**** Updating existing CNAME for hostname (${HOSTNAME}) via API... ****"
RECORD_ID=$(echo ${JSON_RESULT} | jq -rc ".result[].id")
JSON_RESULT=$(curl -sX \
PUT "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records/${RECORD_ID}" \
-H "Authorization: Bearer ${CF_API_TOKEN}" \
-H "Content-Type: application/json" \
--data "{\"type\":\"CNAME\",\"name\":\"${HOSTNAME}\",\"content\":\"${CF_TUNNEL_ID}.cfargotunnel.com\",\"ttl\":1,\"proxied\":true}")
echo ${JSON_RESULT} | jq
fi
fi
done
fi
else
echo "**** Cloudflare parameters blank or missing, skipped cloudflare tunnel setup ****"
rm -rf /etc/services.d/cloudflared
fi
echo "**** Cloudflared setup script done, exiting... ****"

3
root/etc/services.d/cloudflared/run
View File

@ -1,3 +0,0 @@
#!/usr/bin/with-contenv bash
exec s6-setuidgid abc cloudflared tunnel --no-autoupdate --config /etc/cloudflared/config.yml run