Add action to build standalone docker images [#124]

Builds the standalone binary for both amd64 and arm64, and then builds a
multi-arch docker image and pushes it to the GitHub Container Registry.

.github/workflows/build-dockers.yml

@@ -6,9 +6,6 @@ on:
       - "**"
     tags:
       - "v*"
-  #pull_request:
-  #  branches:
-  #    - "**"
   workflow_dispatch:
 
 jobs:

.github/workflows/build-standalone.yml

@@ -0,0 +1,84 @@
+name: Build Standalone Docker Images
+
+on:
+  push:
+    branches:
+      - "**"
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+jobs:
+  build-standalone:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        GO_VERSION:
+          - 1.23.1
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.GO_VERSION }}
+
+      - name: APT Install
+        run: |
+          sudo dpkg --add-architecture arm64
+          sudo apt-get -y install build-essential debhelper fakeroot crossbuild-essential-arm64
+
+      - name: Build Debian packages
+        run: |
+          make debian
+          make debian-arm64
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/hakwerk/labca-standalone
+          annotations: |
+            org.opencontainers.image.description=Standalone version of LabCA GUI for use with other ACME servers
+            org.opencontainers.image.documentation=https://github.com/hakwerk/labca/blob/master/README_standalone.md
+            org.opencontainers.image.title=labca-standalone
+          labels: |
+            org.opencontainers.image.description=Standalone version of LabCA GUI for use with other ACME servers
+            org.opencontainers.image.documentation=https://github.com/hakwerk/labca/blob/master/README_standalone.md
+            org.opencontainers.image.title=labca-standalone
+          tags: |
+            type=schedule,pattern={{date 'YYYYMMDD'}}
+            type=match,pattern=v(.*),group=1
+            type=edge,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+            type=ref,event=branch,enable=${{ github.ref != format('refs/heads/{0}', github.event.repository.default_branch) }}
+            type=ref,event=pr
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.ACTION_PAT }}
+
+      - name: Build and push docker images
+        uses: docker/build-push-action@v6
+        with:
+          annotations: ${{ steps.meta.outputs.annotations }}
+          context: release
+          file: build/Dockerfile-standalone
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}

.github/workflows/release.yml

@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  build-standalone:
+  create-release:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false

README_standalone.md

@@ -6,16 +6,18 @@ Getting started with step-ca is much easier than starting with boulder. But Smal
 
 As the structure of the ACME data is pretty standard anyway, this standalone version of the LabCA GUI was created to work with step-ca (and potentially other ACME implementations in the future). It only works with their MySQL backend, as the BadgerDB backend has several limitations.
 
-The standalone GUI is distributed as a single binary so that it can be easily installed and started.
+The standalone GUI is distributed as a single binary so that it can be easily installed and started. There is also a docker image available.
 
 
 ## Usage
 
-Download the latest .deb file from the latest [release](https://github.com/hakwerk/labca/releases) on GitHub.
+### Install package
+
+Download the latest .deb file for your platform architecture from the latest [release](https://github.com/hakwerk/labca/releases) on GitHub.
 
 Install the .deb file:
 ```
-dpkg -i labca-gui_<version>_amd64.deb
+dpkg -i labca-gui_<version>_<arch>.deb
 ```
 
 The first time you can use the -init flag to create the config file. The location of the config file (default data/config.json), the IP address to listen on (default 0.0.0.0) and the port number (default 3000) can be specified, e.g.:
@@ -30,6 +32,17 @@ labca-gui -config stepca.json
 
 The first time you connect to the application, you can create an admin account and specify the MySQL connection details for your step-ca database.
 
+### Docker
+
+When running a docker container you can map local filesystem files or directories as volumes to have the config data outside of the image, e.g.:
+```
+docker run -it --rm -v /home/username/acme/stepca_config.json:/usr/data/config.json ghcr.io/hakwerk/labca-standalone
+```
+or
+```
+docker run -it --rm -v /home/username/acme:/opt/acme ghcr.io/hakwerk/labca-standalone labca-gui -config /opt/acme/stepca.json
+```
+
 
 ## systemd service
 

build/Dockerfile-standalone

@@ -0,0 +1,9 @@
+FROM ubuntu:focal
+
+ARG TARGETARCH
+
+COPY labca-gui*.deb /tmp/
+
+RUN dpkg -i /tmp/labca-gui_*_$TARGETARCH.deb
+
+CMD ["labca-gui", "-config", "/usr/data/config.json"]

dev/versions

@@ -103,6 +103,7 @@ goversion=$(grep GO_VERSION -A 3 ../boulder/.github/workflows/release.yml | egre
 echo "Boulder .github/workflows/release.yml"
 grep GO_VERSION -A 3 ../boulder/.github/workflows/release.yml | egrep "\- [\"0-9]+" | sed -e "s/yml-/yml/"
 colorGoVersion .github/workflows/release.yml $goversion
+colorGoVersion .github/workflows/build-standalone.yml $goversion
 echo
 
 goversion=$(grep GO_VERSION ../boulder/docker-compose.yml | sed -e "s/\s*GO_VERSION://")