initial commit

.gitignore

@@ -0,0 +1,32 @@
+# Allowlisting gitignore template for GO projects prevents us
+# from adding various unwanted local files, such as generated
+# files, developer configurations or IDE-specific files etc.
+#
+# Recommended: Go.AllowList.gitignore
+
+# Ignore everything
+*
+
+# But not these files...
+!/.gitignore
+
+!*.go
+!go.sum
+!go.mod
+
+!examples/*
+
+!*.md
+!LICENSE
+
+!Makefile
+
+# Woodpecker CI
+!.woodpecker/*
+
+# Docker build files
+!Dockerfile
+!Dockerfile.*
+
+# ...even if they are in subdirectories
+!*/

.woodpecker/build-and-deploy.yml

@@ -0,0 +1,57 @@
+when:
+  event: tag
+
+matrix:
+  include:
+    - GOOS: linux
+      GOARCH: amd64
+    - GOOS: linux
+      GOARCH: arm
+      GOARM: 6
+    - GOOS: linux
+      GOARCH: arm64
+
+steps:
+  build:
+    secrets:
+      - FORGEJO_APIKEY
+    image: golang:1.22-alpine
+    environment:
+      - APP_NAME=forgejo-release-proxy
+      - FORGE=https://code.lila.network
+    commands:
+      - apk add --update --no-cache xz curl jq make git
+      - make build
+      - cd bin/
+      - mv $APP_NAME $APP_NAME-${GOOS}-${GOARCH}${GOARM}
+      - xz --keep --compress $APP_NAME-${GOOS}-${GOARCH}${GOARM}
+      - sha256sum $APP_NAME-${GOOS}-${GOARCH}${GOARM} >> $APP_NAME-${GOOS}-${GOARCH}${GOARM}.sha256
+      - sha256sum $APP_NAME-${GOOS}-${GOARCH}${GOARM}.xz >> $APP_NAME-${GOOS}-${GOARCH}${GOARM}.xz.sha256
+      - |-
+        export RELEASE_ID=`curl --location "$FORGE/api/v1/repos/$CI_REPO/releases?limit=10" \
+        --header 'Accept: application/json' -s -S \
+        --fail-with-body | jq -r ".[] | select (.tag_name==\"$CI_COMMIT_TAG\").id"`        
+      - |-
+        curl --location "$FORGE/api/v1/repos/$CI_REPO/releases/$RELEASE_ID/assets" \
+        --header "Authorization: token $FORGEJO_APIKEY" \
+        --header 'Content-Type: multipart/form-data' -s -S \
+        --form "attachment=@$APP_NAME-${GOOS}-${GOARCH}${GOARM};type=application/octet-stream" \
+        --fail-with-body        
+      - |-
+        curl --location "$FORGE/api/v1/repos/$CI_REPO/releases/$RELEASE_ID/assets" \
+        --header "Authorization: token $FORGEJO_APIKEY" \
+        --header 'Content-Type: multipart/form-data' -s -S \
+        --form "attachment=@$APP_NAME-${GOOS}-${GOARCH}${GOARM}.xz;type=application/octet-stream" \
+        --fail-with-body        
+      - |-
+        curl --location "$FORGE/api/v1/repos/$CI_REPO/releases/$RELEASE_ID/assets" \
+        --header "Authorization: token $FORGEJO_APIKEY" \
+        --header 'Content-Type: multipart/form-data' -s -S \
+        --form "attachment=@$APP_NAME-${GOOS}-${GOARCH}${GOARM}.sha256;type=application/octet-stream" \
+        --fail-with-body        
+      - |-
+        curl --location "$FORGE/api/v1/repos/$CI_REPO/releases/$RELEASE_ID/assets" \
+        --header "Authorization: token $FORGEJO_APIKEY" \
+        --header 'Content-Type: multipart/form-data' -s -S \
+        --form "attachment=@$APP_NAME-${GOOS}-${GOARCH}${GOARM}.xz.sha256;type=application/octet-stream" \
+        --fail-with-body        

.woodpecker/deploy-docker.yml

@@ -0,0 +1,35 @@
+when:
+  - event: [pull_request, tag]
+  
+
+steps:
+  docker-deploy-pr:
+    when:
+      - event: pull_request
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      dockerfile: Dockerfile
+      platforms: linux/arm/v7,linux/arm64/v8,linux/amd64
+      repo: adoralaura/forgejo-release-proxy
+      registry: https://index.docker.io/v1/
+      tag: pr-${CI_COMMIT_PULL_REQUEST}
+      username: adoralaura
+      password:
+        from_secret: dockerhub_token
+  
+
+  docker-deploy-tag:
+    when:
+      event: tag
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      dockerfile: Dockerfile
+      platforms: linux/arm/v7,linux/arm64/v8,linux/amd64
+      repo: adoralaura/forgejo-release-proxy
+      registry: https://index.docker.io/v1/
+      auto_tag: true
+      username: adoralaura
+      password:
+        from_secret: dockerhub_token
+
+  

CHANGELOG.md

@@ -0,0 +1,58 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+
+## [Unreleased]
+## [0.2.2] - 2024-07-30
+
+### Changed
+- changed the way the version string is handled internally
+- CI pipeline changed
+- documentation is now more sophisticated and has a new theme
+
+### Added
+- Makefile
+
+## [0.2.1] - 2024-07-12
+### Fixed
+- Configuration validation did not work as intended
+
+### Changed
+- updated example config file
+
+## [0.2.0] - 2024-07-11
+### ⚠️ Breaking Changes
+- Config file syntax was changed to accomodate both private and public key deployment for certificates. 
+
+    This change is __NOT__ backwards compatible!
+    The following yaml keys were changed/added:
+    - `api_key`: changed to `cert_secret`
+    - `file_path`: changed to `cert_path`
+    - added keys: `key_secret`, `key_path`
+
+### Changed
+- config file syntax to enable deployment of private keys too
+- refactor code
+
+## [0.1.1] - 2024-07-03
+
+### Fixed
+- Fixed handling of the post certificate action
+
+## [0.1.0] - 2024-07-03
+
+### Added
+- Minimal viable application
+- some documentation
+
+
+[unreleased]: https://code.lila.network/adoralaura/forgejo-release-proxy/compare/0.2.2...HEAD
+[0.2.2]: https://code.lila.network/adoralaura/forgejo-release-proxy/compare/0.2.1...0.2.2
+[0.2.1]: https://code.lila.network/adoralaura/forgejo-release-proxy/compare/0.2.0...0.2.1
+[0.2.0]: https://code.lila.network/adoralaura/forgejo-release-proxy/compare/0.1.1...0.2.0
+[0.1.1]: https://code.lila.network/adoralaura/forgejo-release-proxy/compare/0.1.0...0.1.1
+[0.1.0]: https://code.lila.network/adoralaura/forgejo-release-proxy/releases/tag/0.1.0

CONTRIBUTING.md

@@ -0,0 +1,17 @@
+# Contributing
+
+I use my own [Forgejo Instance](https://code.lila.network) to manage issues and pull requests.
+
+* If you have a trivial fix or improvement, go ahead and create a pull request,
+  addressing (with `@...`) the maintainer of this repository (see
+  [MAINTAINERS.md](MAINTAINERS.md)) in the description of the pull request.
+
+* If you plan to do something more involved, first please [send me a mail]( mailto:dev@lauka.net?subject=%5Bforgejo-release-proxy%5D).
+
+# What to contribute
+
+The best way to help without speaking a lot of Go would be to share your
+configuration, alerts, dashboards, and recording rules. If you have something
+that works and is not in the repository, please pay it forward and
+share what works.
+

Dockerfile

@@ -0,0 +1,31 @@
+FROM golang:1.22-bullseye AS dev
+
+COPY . /var/app
+WORKDIR /var/app
+
+
+ENV GO111MODULE="on" \
+    CGO_ENABLED=0 \
+    GOOS=linux
+
+EXPOSE 80
+ENTRYPOINT ["sh"]
+
+
+FROM dev as build
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --assume-yes ca-certificates make git
+RUN go mod download && go mod verify
+RUN make build
+RUN chmod +x forgejo-release-proxy
+
+
+FROM gcr.io/distroless/static-debian12 AS prod
+
+WORKDIR /app
+COPY --from=build /var/app/forgejo-release-proxy /bin/
+
+LABEL maintainer="Adora Laura Kalb <adora@lila.network>"
+
+EXPOSE     8080
+ENTRYPOINT ["/bin/forgejo-release-proxy"]

LICENSE

@@ -0,0 +1,9 @@
+MIT License
+
+Copyright © 2024 Adora Laura Kalb <dev@lauka.net>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

MAINTAINERS.md

@@ -0,0 +1 @@
+* Adora Laura Kalb <dev@lauka.net> @adoralaura

Makefile

@@ -0,0 +1,13 @@
+# Set the default Go build flags
+GOFLAGS = -ldflags='-w -s -X webservice.Version=$(VERSION)'
+
+# Build the application
+build:
+	go build $(GOFLAGS) -o bin/forgejo-release-proxy cmd/forgejo-release-proxy/main.go 
+
+# Clean the build artifacts
+clean:
+	rm -rf bin
+
+# Set a version for the build
+VERSION := $(shell git describe --tags --always)

cmd/forgejo-release-proxy/main.go

@@ -0,0 +1,14 @@
+package main
+
+import (
+	"log"
+
+	"code.lila.network/adoralaura/forgejo-release-proxy/internal/webservice"
+)
+
+func main() {
+	err := webservice.Run()
+	if err != nil {
+		log.Fatal(err)
+	}
+}

go.mod

@@ -0,0 +1,3 @@
+module code.lila.network/adoralaura/forgejo-release-proxy
+
+go 1.22.2

internal/webservice/base-endpoints.go

@@ -0,0 +1,12 @@
+package webservice
+
+import "net/http"
+
+func baseVersion(w http.ResponseWriter, _ *http.Request) {
+	w.WriteHeader(http.StatusOK)
+	w.Write([]byte(Version))
+}
+
+func baseHeartbeat(w http.ResponseWriter, _ *http.Request) {
+	w.WriteHeader(http.StatusOK)
+}

internal/webservice/cors.go

@@ -0,0 +1,8 @@
+package webservice
+
+import "net/http"
+
+// sets CORS header
+func enableCors(w *http.ResponseWriter) {
+	(*w).Header().Set("Access-Control-Allow-Origin", "*")
+}

internal/webservice/handlers.go

@@ -0,0 +1,77 @@
+/*
+Copyright © 2024 Laura Kalb <dev@lauka.net>
+The code of this project is available under the MIT license. See the LICENSE file for more info.
+*/
+package webservice
+
+import (
+	"encoding/json"
+	"io"
+	"log"
+	"net/http"
+)
+
+func codeLilaNetworkReleases(w http.ResponseWriter, r *http.Request) {
+	namespace := r.URL.Query().Get("namespace")
+	requestIp := r.Header.Get("X-Forwarded-For")
+	userAgent := r.Header.Get("User-Agent")
+
+	var releaseInfo forgejoRepoReleaseApiResponse
+
+	if requestIp == "" {
+		requestIp = r.RemoteAddr
+	}
+
+	enableCors(&w)
+
+	if namespace == "" {
+		http.Error(w, "400 Bad Request", http.StatusBadRequest)
+		return
+	}
+
+	// Target website URL
+	targetURL := "https://code.lila.network/api/v1/repos/" + namespace + "/releases/latest"
+
+	// Make the request to the target website
+	resp, err := http.Get(targetURL)
+	if err != nil {
+		log.Printf("Error fetching data from target website: %v", err)
+		http.Error(w, "500 Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		log.Printf("code.lila.network returned non-200 response: %v. Request-IP: %v, User-Agent: %v", resp.Status, requestIp, userAgent)
+		http.Error(w, "500 Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	// Read the response body
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Printf("Error reading response body: %v", err)
+		http.Error(w, "500 Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	err = json.Unmarshal(body, &releaseInfo)
+	if err != nil {
+		log.Printf("Error reading response body: %v", err)
+		http.Error(w, "500 Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+	w.Write([]byte(releaseInfo.TagName))
+}
+
+func Run() error {
+	log.Println("starting webserver, listening on 0.0.0.0:8080")
+	http.HandleFunc("/__version__", baseVersion)
+	http.HandleFunc("/__heartbeat__", baseHeartbeat)
+	http.HandleFunc("/__lbheartbeat__", baseHeartbeat)
+
+	http.HandleFunc("/api/v1/code.lila.network/releases", codeLilaNetworkReleases)
+	return http.ListenAndServe(":8080", nil)
+}

internal/webservice/models.go

@@ -0,0 +1,62 @@
+package webservice
+
+import "time"
+
+var Version string
+
+type forgejoRepoReleaseApiResponse struct {
+	ID               int       `json:"id"`
+	TagName          string    `json:"tag_name"`
+	TargetCommitish  string    `json:"target_commitish"`
+	Name             string    `json:"name"`
+	Body             string    `json:"body"`
+	URL              string    `json:"url"`
+	HTMLURL          string    `json:"html_url"`
+	TarballURL       string    `json:"tarball_url"`
+	ZipballURL       string    `json:"zipball_url"`
+	HideArchiveLinks bool      `json:"hide_archive_links"`
+	UploadURL        string    `json:"upload_url"`
+	Draft            bool      `json:"draft"`
+	Prerelease       bool      `json:"prerelease"`
+	CreatedAt        time.Time `json:"created_at"`
+	PublishedAt      time.Time `json:"published_at"`
+	Author           struct {
+		ID                int       `json:"id"`
+		Login             string    `json:"login"`
+		LoginName         string    `json:"login_name"`
+		SourceID          int       `json:"source_id"`
+		FullName          string    `json:"full_name"`
+		Email             string    `json:"email"`
+		AvatarURL         string    `json:"avatar_url"`
+		HTMLURL           string    `json:"html_url"`
+		Language          string    `json:"language"`
+		IsAdmin           bool      `json:"is_admin"`
+		LastLogin         time.Time `json:"last_login"`
+		Created           time.Time `json:"created"`
+		Restricted        bool      `json:"restricted"`
+		Active            bool      `json:"active"`
+		ProhibitLogin     bool      `json:"prohibit_login"`
+		Location          string    `json:"location"`
+		Pronouns          string    `json:"pronouns"`
+		Website           string    `json:"website"`
+		Description       string    `json:"description"`
+		Visibility        string    `json:"visibility"`
+		FollowersCount    int       `json:"followers_count"`
+		FollowingCount    int       `json:"following_count"`
+		StarredReposCount int       `json:"starred_repos_count"`
+		Username          string    `json:"username"`
+	} `json:"author"`
+	Assets []struct {
+		ID                 int       `json:"id"`
+		Name               string    `json:"name"`
+		Size               int       `json:"size"`
+		DownloadCount      int       `json:"download_count"`
+		CreatedAt          time.Time `json:"created_at"`
+		UUID               string    `json:"uuid"`
+		BrowserDownloadURL string    `json:"browser_download_url"`
+	} `json:"assets"`
+	ArchiveDownloadCount struct {
+		Zip   int `json:"zip"`
+		TarGz int `json:"tar_gz"`
+	} `json:"archive_download_count"`
+}