From 61d3ddb4dc452742f69ecaa740ad42334b6c8049 Mon Sep 17 00:00:00 2001
From: Arjan H <github@hakwerk.com>
Date: Sun, 16 Apr 2023 12:39:05 +0200
Subject: [PATCH] Create action for building docker images (#41)

---
 .github/workflows/build-dockers.yml | 109 ++++++++++++++++++++++++++++
 .github/workflows/try-bump.yml      |   1 +
 build/build.sh                      |  19 ++++-
 build/tag_and_upload.sh             |  12 ---
 build/tmp.patch                     |   6 +-
 5 files changed, 129 insertions(+), 18 deletions(-)
 create mode 100644 .github/workflows/build-dockers.yml

diff --git a/.github/workflows/build-dockers.yml b/.github/workflows/build-dockers.yml
new file mode 100644
index 0000000..e009434
--- /dev/null
+++ b/.github/workflows/build-dockers.yml
@@ -0,0 +1,109 @@
+name: Build Docker Images
+
+on:
+  push:
+    branches:
+      - "**"
+    tags:
+      - "v*"
+  pull_request:
+    branches:
+      - "main"
+  workflow_dispatch:
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: Build binaries
+        run: |
+          build/build.sh
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - name: Commit any updated files
+        uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: "[skip ci] Commit changes from build-dockers action"
+          commit_options: "-S"
+          commit_user_email: ${{ vars.COMMIT_USER }}
+
+      - name: Cache build output
+        uses: actions/cache/save@v3
+        with:
+          path: build
+          key: build-dockers
+
+  build-publish:
+    runs-on: ubuntu-latest
+    needs: prepare
+    strategy:
+      matrix:
+        include:
+          - image: ghcr.io/hakwerk/labca-gui
+            dockerfile: build/Dockerfile-gui
+            label: org.opencontainers.image.title=labca-gui
+          - image: ghcr.io/hakwerk/labca-boulder
+            dockerfile: build/Dockerfile-boulder
+            label: org.opencontainers.image.title=labca-boulder
+          - image: ghcr.io/hakwerk/labca-control
+            dockerfile: build/Dockerfile-control
+            label: org.opencontainers.image.title=labca-control
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: Restore build output
+        uses: actions/cache/restore@v3
+        with:
+          path: build
+          key: build-dockers
+
+      - name: Set up docker buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ matrix.image }}
+          labels: ${{ matrix.label }}
+          tags: |
+            type=schedule,pattern={{date 'YYYYMMDD'}}
+            type=match,pattern=v(.*),group=1
+            type=edge,branch=$repo.default_branch
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+
+      - name: Login to GHCR
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.ACTION_PAT }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: build
+          file: ${{ matrix.dockerfile }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+
diff --git a/.github/workflows/try-bump.yml b/.github/workflows/try-bump.yml
index 3ae1d8c..c3cd491 100644
--- a/.github/workflows/try-bump.yml
+++ b/.github/workflows/try-bump.yml
@@ -36,5 +36,6 @@ jobs:
       - name: Apply our config patches
         run: |
             cd boulder
+            cp -r test labca
             ../patch-cfg.sh
 
diff --git a/build/build.sh b/build/build.sh
index 7510b52..25bfbd0 100755
--- a/build/build.sh
+++ b/build/build.sh
@@ -35,7 +35,7 @@ cp -p docker-compose.yml $cloneDir/build/
 
 echo
 BASEDIR=/go/src/github.com/letsencrypt/boulder
-docker run -it -v $boulderDir:$BASEDIR:cached -v $TMP_DIR/bin:$BASEDIR/bin -w $BASEDIR -e BUILD_HOST=$BUILD_HOST $BUILD_IMAGE sh -c "git config --global --add safe.directory $BASEDIR && make build"
+docker run -v $boulderDir:$BASEDIR:cached -v $TMP_DIR/bin:$BASEDIR/bin -w $BASEDIR -e BUILD_HOST=$BUILD_HOST $BUILD_IMAGE sh -c "git config --global --add safe.directory $BASEDIR && make build"
 
 cp $cloneDir/nginx.conf $TMP_DIR/
 cp $cloneDir/proxy.conf $TMP_DIR/
@@ -47,7 +47,20 @@ sed -i '/^$/d' $TMP_DIR/admin/setup.sh
 
 echo
 BASEDIR=/go/src/labca
-docker run -it -v $TMP_DIR/admin:$BASEDIR:cached -v $TMP_DIR:$BASEDIR/bin -w $BASEDIR -e GIT_VERSION=$GIT_VERSION $BUILD_IMAGE ./setup.sh
-docker run -it -v $TMP_DIR:/utils -w /utils $BUILD_IMAGE go build nameidtool.go
+docker run -v $TMP_DIR/admin:$BASEDIR:cached -v $TMP_DIR:$BASEDIR/bin -w $BASEDIR -e GIT_VERSION=$GIT_VERSION $BUILD_IMAGE ./setup.sh
+docker run -v $TMP_DIR:/utils -w /utils $BUILD_IMAGE go build nameidtool.go
+
+cp -rp $cloneDir/gui/setup.sh $TMP_DIR/admin/
+cp -rp $cloneDir/acme_tiny.py $TMP_DIR/
+cp -rp $cloneDir/backup $TMP_DIR/
+cp -rp $cloneDir/checkcrl $TMP_DIR/
+cp -rp $cloneDir/checkrenew $TMP_DIR/
+cp -rp $cloneDir/commander $TMP_DIR/
+cp -rp $cloneDir/control_do.sh $TMP_DIR/control.sh
+cp -rp $cloneDir/cron_d $TMP_DIR/
+cp -rp $cloneDir/mailer $TMP_DIR/
+cp -rp $cloneDir/renew $TMP_DIR/
+cp -rp $cloneDir/restore $TMP_DIR/
+cp -rp $cloneDir/utils.sh $TMP_DIR/
 
 echo
diff --git a/build/tag_and_upload.sh b/build/tag_and_upload.sh
index f565051..7e933fb 100755
--- a/build/tag_and_upload.sh
+++ b/build/tag_and_upload.sh
@@ -26,7 +26,6 @@ die() {
     exit 1
 }
 
-cp -rp ../gui/setup.sh tmp/admin/
 [ -f "tmp/labca-gui" ] || die "LabCA binary does not exist!"
 docker build -f Dockerfile-gui -t $LABCA_GUI_TAG .
 
@@ -44,17 +43,6 @@ if [ "$BRANCH" == "master" ] || [ "$BRANCH" == "main" ]; then
     docker tag "$ID" $LABCA_BOULDER_LATEST
 fi
 
-cp -rp ../acme_tiny.py tmp/
-cp -rp ../backup tmp/
-cp -rp ../checkcrl tmp/
-cp -rp ../checkrenew tmp/
-cp -rp ../commander tmp/
-cp -rp ../control_do.sh tmp/control.sh
-cp -rp ../cron_d tmp/
-cp -rp ../mailer tmp/
-cp -rp ../renew tmp/
-cp -rp ../restore tmp/
-cp -rp ../utils.sh tmp/
 docker build -f Dockerfile-control -t $LABCA_CONTROL_TAG .
 
 if [ "$BRANCH" == "master" ] || [ "$BRANCH" == "main" ]; then
diff --git a/build/tmp.patch b/build/tmp.patch
index 5e2eb98..b3e018f 100644
--- a/build/tmp.patch
+++ b/build/tmp.patch
@@ -9,7 +9,7 @@ index cfdcc784a..b50c8b18d 100644
    boulder:
      # Should match one of the GO_DEV_VERSIONS in test/boulder-tools/tag_and_upload.sh.
 -    image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.20.3_2023-04-04}
-+    image: hakwerk/labca-boulder:dockeronly
++    image: ghcr.io/hakwerk/labca-boulder:dockeronly
      environment:
        # To solve HTTP-01 and TLS-ALPN-01 challenges, change the IP in FAKE_DNS
        # to the IP address where your ACME client's solver is listening.
@@ -55,7 +55,7 @@ index cfdcc784a..b50c8b18d 100644
  
    gui:
 -    image: *boulder_image
-+    image: hakwerk/labca-gui:dockeronly
++    image: ghcr.io/hakwerk/labca-gui:dockeronly
      networks:
        - bluenet
      volumes:
@@ -97,7 +97,7 @@ index cfdcc784a..b50c8b18d 100644
  
    control:
 -    image: *boulder_image
-+    image: hakwerk/labca-control:dockeronly
++    image: ghcr.io/hakwerk/labca-control:dockeronly
      networks:
        - bluenet
      volumes: