From 0de59d8d6bc572f9cbd8f3e073ef1a014cff065a Mon Sep 17 00:00:00 2001
From: Arjan H <github@hakwerk.com>
Date: Sun, 15 Dec 2024 18:07:54 +0100
Subject: [PATCH] Add action to build standalone docker images [#124]

Builds the standalone binary for both amd64 and arm64, and then builds a
multi-arch docker image and pushes it to the GitHub Container Registry.
---
 .github/workflows/build-dockers.yml    |  3 -
 .github/workflows/build-standalone.yml | 84 ++++++++++++++++++++++++++
 .github/workflows/release.yml          |  2 +-
 README_standalone.md                   | 19 +++++-
 build/Dockerfile-standalone            |  9 +++
 dev/versions                           |  1 +
 6 files changed, 111 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/build-standalone.yml
 create mode 100644 build/Dockerfile-standalone

diff --git a/.github/workflows/build-dockers.yml b/.github/workflows/build-dockers.yml
index 461a73c..8793516 100644
--- a/.github/workflows/build-dockers.yml
+++ b/.github/workflows/build-dockers.yml
@@ -6,9 +6,6 @@ on:
       - "**"
     tags:
       - "v*"
-  #pull_request:
-  #  branches:
-  #    - "**"
   workflow_dispatch:
 
 jobs:
diff --git a/.github/workflows/build-standalone.yml b/.github/workflows/build-standalone.yml
new file mode 100644
index 0000000..d917912
--- /dev/null
+++ b/.github/workflows/build-standalone.yml
@@ -0,0 +1,84 @@
+name: Build Standalone Docker Images
+
+on:
+  push:
+    branches:
+      - "**"
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+jobs:
+  build-standalone:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        GO_VERSION:
+          - 1.23.1
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.GO_VERSION }}
+
+      - name: APT Install
+        run: |
+          sudo dpkg --add-architecture arm64
+          sudo apt-get -y install build-essential debhelper fakeroot crossbuild-essential-arm64
+
+      - name: Build Debian packages
+        run: |
+          make debian
+          make debian-arm64
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/hakwerk/labca-standalone
+          annotations: |
+            org.opencontainers.image.description=Standalone version of LabCA GUI for use with other ACME servers
+            org.opencontainers.image.documentation=https://github.com/hakwerk/labca/blob/master/README_standalone.md
+            org.opencontainers.image.title=labca-standalone
+          labels: |
+            org.opencontainers.image.description=Standalone version of LabCA GUI for use with other ACME servers
+            org.opencontainers.image.documentation=https://github.com/hakwerk/labca/blob/master/README_standalone.md
+            org.opencontainers.image.title=labca-standalone
+          tags: |
+            type=schedule,pattern={{date 'YYYYMMDD'}}
+            type=match,pattern=v(.*),group=1
+            type=edge,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+            type=ref,event=branch,enable=${{ github.ref != format('refs/heads/{0}', github.event.repository.default_branch) }}
+            type=ref,event=pr
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.ACTION_PAT }}
+
+      - name: Build and push docker images
+        uses: docker/build-push-action@v6
+        with:
+          annotations: ${{ steps.meta.outputs.annotations }}
+          context: release
+          file: build/Dockerfile-standalone
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2adee87..054fa37 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  build-standalone:
+  create-release:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
diff --git a/README_standalone.md b/README_standalone.md
index 235ff0a..cc34f51 100644
--- a/README_standalone.md
+++ b/README_standalone.md
@@ -6,16 +6,18 @@ Getting started with step-ca is much easier than starting with boulder. But Smal
 
 As the structure of the ACME data is pretty standard anyway, this standalone version of the LabCA GUI was created to work with step-ca (and potentially other ACME implementations in the future). It only works with their MySQL backend, as the BadgerDB backend has several limitations.
 
-The standalone GUI is distributed as a single binary so that it can be easily installed and started.
+The standalone GUI is distributed as a single binary so that it can be easily installed and started. There is also a docker image available.
 
 
 ## Usage
 
-Download the latest .deb file from the latest [release](https://github.com/hakwerk/labca/releases) on GitHub.
+### Install package
+
+Download the latest .deb file for your platform architecture from the latest [release](https://github.com/hakwerk/labca/releases) on GitHub.
 
 Install the .deb file:
 ```
-dpkg -i labca-gui_<version>_amd64.deb
+dpkg -i labca-gui_<version>_<arch>.deb
 ```
 
 The first time you can use the -init flag to create the config file. The location of the config file (default data/config.json), the IP address to listen on (default 0.0.0.0) and the port number (default 3000) can be specified, e.g.:
@@ -30,6 +32,17 @@ labca-gui -config stepca.json
 
 The first time you connect to the application, you can create an admin account and specify the MySQL connection details for your step-ca database.
 
+### Docker
+
+When running a docker container you can map local filesystem files or directories as volumes to have the config data outside of the image, e.g.:
+```
+docker run -it --rm -v /home/username/acme/stepca_config.json:/usr/data/config.json ghcr.io/hakwerk/labca-standalone
+```
+or
+```
+docker run -it --rm -v /home/username/acme:/opt/acme ghcr.io/hakwerk/labca-standalone labca-gui -config /opt/acme/stepca.json
+```
+
 
 ## systemd service
 
diff --git a/build/Dockerfile-standalone b/build/Dockerfile-standalone
new file mode 100644
index 0000000..e615e83
--- /dev/null
+++ b/build/Dockerfile-standalone
@@ -0,0 +1,9 @@
+FROM ubuntu:focal
+
+ARG TARGETARCH
+
+COPY labca-gui*.deb /tmp/
+
+RUN dpkg -i /tmp/labca-gui_*_$TARGETARCH.deb
+
+CMD ["labca-gui", "-config", "/usr/data/config.json"]
diff --git a/dev/versions b/dev/versions
index b00ae82..e0e29df 100755
--- a/dev/versions
+++ b/dev/versions
@@ -103,6 +103,7 @@ goversion=$(grep GO_VERSION -A 3 ../boulder/.github/workflows/release.yml | egre
 echo "Boulder .github/workflows/release.yml"
 grep GO_VERSION -A 3 ../boulder/.github/workflows/release.yml | egrep "\- [\"0-9]+" | sed -e "s/yml-/yml/"
 colorGoVersion .github/workflows/release.yml $goversion
+colorGoVersion .github/workflows/build-standalone.yml $goversion
 echo
 
 goversion=$(grep GO_VERSION ../boulder/docker-compose.yml | sed -e "s/\s*GO_VERSION://")