From 6f4c7387e8a10af0e7c8a9be24e7ec88768b472d Mon Sep 17 00:00:00 2001 From: Adora Laura Kalb Date: Sat, 3 Aug 2024 14:56:35 +0200 Subject: [PATCH] first commit --- .gitignore | 28 +++++++++++++++ .woodpecker/build-and-deploy.yml | 57 +++++++++++++++++++++++++++++ .woodpecker/deploy-docs.yml | 38 ++++++++++++++++++++ CHANGELOG.md | 58 ++++++++++++++++++++++++++++++ CONTRIBUTING.md | 17 +++++++++ LICENSE | 9 +++++ MAINTAINERS.md | 1 + Makefile | 13 +++++++ cmd/app-name/main.go | 9 +++++ examples/certwarden-deploy.service | 13 +++++++ examples/certwarden-deploy.timer | 10 ++++++ examples/config.yaml | 36 +++++++++++++++++++ 12 files changed, 289 insertions(+) create mode 100644 .gitignore create mode 100644 .woodpecker/build-and-deploy.yml create mode 100644 .woodpecker/deploy-docs.yml create mode 100644 CHANGELOG.md create mode 100644 CONTRIBUTING.md create mode 100644 LICENSE create mode 100644 MAINTAINERS.md create mode 100644 Makefile create mode 100644 cmd/app-name/main.go create mode 100644 examples/certwarden-deploy.service create mode 100644 examples/certwarden-deploy.timer create mode 100644 examples/config.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4f1f4eb --- /dev/null +++ b/.gitignore @@ -0,0 +1,28 @@ +# Allowlisting gitignore template for GO projects prevents us +# from adding various unwanted local files, such as generated +# files, developer configurations or IDE-specific files etc. +# +# Recommended: Go.AllowList.gitignore + +# Ignore everything +* + +# But not these files... +!/.gitignore + +!*.go +!go.sum +!go.mod + +!examples/* + +!*.md +!LICENSE + +!Makefile + +# Woodpecker CI +!.woodpecker/* + +# ...even if they are in subdirectories +!*/ diff --git a/.woodpecker/build-and-deploy.yml b/.woodpecker/build-and-deploy.yml new file mode 100644 index 0000000..18b2a10 --- /dev/null +++ b/.woodpecker/build-and-deploy.yml @@ -0,0 +1,57 @@ +when: + event: tag + +matrix: + include: + - GOOS: linux + GOARCH: amd64 + - GOOS: linux + GOARCH: arm + GOARM: 6 + - GOOS: linux + GOARCH: arm64 + +steps: + build: + secrets: + - FORGEJO_APIKEY + image: golang:1.22-alpine + environment: + - APP_NAME=app-name + - FORGE=https://code.lila.network + commands: + - apk add --update --no-cache xz curl jq make git + - make build + - cd bin/ + - mv $APP_NAME $APP_NAME-${GOOS}-${GOARCH}${GOARM} + - xz --keep --compress $APP_NAME-${GOOS}-${GOARCH}${GOARM} + - sha256sum $APP_NAME-${GOOS}-${GOARCH}${GOARM} >> $APP_NAME-${GOOS}-${GOARCH}${GOARM}.sha256 + - sha256sum $APP_NAME-${GOOS}-${GOARCH}${GOARM}.xz >> $APP_NAME-${GOOS}-${GOARCH}${GOARM}.xz.sha256 + - |- + export RELEASE_ID=`curl --location "$FORGE/api/v1/repos/$CI_REPO/releases?limit=10" \ + --header 'Accept: application/json' -s -S \ + --fail-with-body | jq -r ".[] | select (.tag_name==\"$CI_COMMIT_TAG\").id"` + - |- + curl --location "$FORGE/api/v1/repos/$CI_REPO/releases/$RELEASE_ID/assets" \ + --header "Authorization: token $FORGEJO_APIKEY" \ + --header 'Content-Type: multipart/form-data' -s -S \ + --form "attachment=@$APP_NAME-${GOOS}-${GOARCH}${GOARM};type=application/octet-stream" \ + --fail-with-body + - |- + curl --location "$FORGE/api/v1/repos/$CI_REPO/releases/$RELEASE_ID/assets" \ + --header "Authorization: token $FORGEJO_APIKEY" \ + --header 'Content-Type: multipart/form-data' -s -S \ + --form "attachment=@$APP_NAME-${GOOS}-${GOARCH}${GOARM}.xz;type=application/octet-stream" \ + --fail-with-body + - |- + curl --location "$FORGE/api/v1/repos/$CI_REPO/releases/$RELEASE_ID/assets" \ + --header "Authorization: token $FORGEJO_APIKEY" \ + --header 'Content-Type: multipart/form-data' -s -S \ + --form "attachment=@$APP_NAME-${GOOS}-${GOARCH}${GOARM}.sha256;type=application/octet-stream" \ + --fail-with-body + - |- + curl --location "$FORGE/api/v1/repos/$CI_REPO/releases/$RELEASE_ID/assets" \ + --header "Authorization: token $FORGEJO_APIKEY" \ + --header 'Content-Type: multipart/form-data' -s -S \ + --form "attachment=@$APP_NAME-${GOOS}-${GOARCH}${GOARM}.xz.sha256;type=application/octet-stream" \ + --fail-with-body diff --git a/.woodpecker/deploy-docs.yml b/.woodpecker/deploy-docs.yml new file mode 100644 index 0000000..10f33f6 --- /dev/null +++ b/.woodpecker/deploy-docs.yml @@ -0,0 +1,38 @@ +when: + - event: push + branch: main + path: + include: + - 'docs/**' + - '.woodpecker/deploy-docs.yml' + ignore_message: '[ALL]' + +steps: + build: + image: golang:1.22-bookworm + environment: + - HUGO_VERSION=0.128.1 + - TZ=Europe/Berlin + + commands: + - cd docs/ + - wget https://github.com/gohugoio/hugo/releases/download/v$${HUGO_VERSION}/hugo_extended_$${HUGO_VERSION}_linux-amd64.deb && apt install ./hugo_extended_$${HUGO_VERSION}_linux-amd64.deb && rm -f hugo_extended_$${HUGO_VERSION}_linux-amd64.deb + - hugo --minify --destination ./public + + upload: + image: alpine:latest + secrets: + - RSYNC_SSHKEY + - RSYNC_TARGET_SERVER + - RSYNC_TARGET_USER + environment: + - TARGET_PATH=/webroot/app-name.adora.codes + - RSYNC_TARGET_PORT=2003 + commands: + - cd docs/ + - apk add --update --no-cache openssh rsync git + - mkdir -p $HOME/.ssh + - echo "$RSYNC_SSHKEY" > $HOME/.ssh/id_ed25519 + - chmod 0600 $HOME/.ssh/id_ed25519 + - ssh-keyscan -t ed25519 -p $RSYNC_TARGET_PORT $RSYNC_TARGET_SERVER >> $HOME/.ssh/known_hosts + - rsync -avh -e "ssh -p $RSYNC_TARGET_PORT" --delete ./public/ $RSYNC_TARGET_USER@$RSYNC_TARGET_SERVER:$TARGET_PATH diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..13f3acb --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,58 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + + +## [Unreleased] +## [0.2.2] - 2024-07-30 + +### Changed +- changed the way the version string is handled internally +- CI pipeline changed +- documentation is now more sophisticated and has a new theme + +### Added +- Makefile + +## [0.2.1] - 2024-07-12 +### Fixed +- Configuration validation did not work as intended + +### Changed +- updated example config file + +## [0.2.0] - 2024-07-11 +### ⚠️ Breaking Changes +- Config file syntax was changed to accomodate both private and public key deployment for certificates. + + This change is __NOT__ backwards compatible! + The following yaml keys were changed/added: + - `api_key`: changed to `cert_secret` + - `file_path`: changed to `cert_path` + - added keys: `key_secret`, `key_path` + +### Changed +- config file syntax to enable deployment of private keys too +- refactor code + +## [0.1.1] - 2024-07-03 + +### Fixed +- Fixed handling of the post certificate action + +## [0.1.0] - 2024-07-03 + +### Added +- Minimal viable application +- some documentation + + +[unreleased]: https://code.lila.network/adoralaura/app-name/compare/0.2.2...HEAD +[0.2.2]: https://code.lila.network/adoralaura/app-name/compare/0.2.1...0.2.2 +[0.2.1]: https://code.lila.network/adoralaura/app-name/compare/0.2.0...0.2.1 +[0.2.0]: https://code.lila.network/adoralaura/app-name/compare/0.1.1...0.2.0 +[0.1.1]: https://code.lila.network/adoralaura/app-name/compare/0.1.0...0.1.1 +[0.1.0]: https://code.lila.network/adoralaura/app-name/releases/tag/0.1.0 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..f8eb2f8 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,17 @@ +# Contributing + +I use my own [Forgejo Instance](https://code.lila.network) to manage issues and pull requests. + +* If you have a trivial fix or improvement, go ahead and create a pull request, + addressing (with `@...`) the maintainer of this repository (see + [MAINTAINERS.md](MAINTAINERS.md)) in the description of the pull request. + +* If you plan to do something more involved, first please [send me a mail]( mailto:dev@lauka.net?subject=%5Bapp-name%5D). + +# What to contribute + +The best way to help without speaking a lot of Go would be to share your +configuration, alerts, dashboards, and recording rules. If you have something +that works and is not in the repository, please pay it forward and +share what works. + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..40ed8f3 --- /dev/null +++ b/LICENSE @@ -0,0 +1,9 @@ +MIT License + +Copyright © 2024 Adora Laura Kalb + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/MAINTAINERS.md b/MAINTAINERS.md new file mode 100644 index 0000000..528f390 --- /dev/null +++ b/MAINTAINERS.md @@ -0,0 +1 @@ +* Adora Laura Kalb @adoralaura diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..c0b89b3 --- /dev/null +++ b/Makefile @@ -0,0 +1,13 @@ +# Set the default Go build flags +GOFLAGS = -ldflags='-w -s -X constants.Version=$(VERSION)' + +# Build the application +build: + go build $(GOFLAGS) -o bin/app-name cmd/app-name/main.go + +# Clean the build artifacts +clean: + rm -rf bin + +# Set a version for the build +VERSION := $(shell git describe --tags --always) diff --git a/cmd/app-name/main.go b/cmd/app-name/main.go new file mode 100644 index 0000000..417595b --- /dev/null +++ b/cmd/app-name/main.go @@ -0,0 +1,9 @@ +/* +Copyright © 2024 Laura Kalb +The code of this project is available under the MIT license. See the LICENSE file for more info. +*/ +package main + +func main() { + // do stuff +} diff --git a/examples/certwarden-deploy.service b/examples/certwarden-deploy.service new file mode 100644 index 0000000..61e56c6 --- /dev/null +++ b/examples/certwarden-deploy.service @@ -0,0 +1,13 @@ +[Unit] +Description=CertWarden Deployer binary +Documentation=https://code.lila.network/adoralaura/app-name + +[Service] +# uncomment if you want to use a different user than root +# User=app-name +# Group=app-name +ExecStart=/usr/local/bin/app-name + + +[Install] +WantedBy=multi-user.target diff --git a/examples/certwarden-deploy.timer b/examples/certwarden-deploy.timer new file mode 100644 index 0000000..6a50989 --- /dev/null +++ b/examples/certwarden-deploy.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Timer for app-name + +[Timer] +Persistent=true +OnCalendar=Sat *-*-* 04:00:00 +RandomizedDelaySec=2h + +[Install] +WantedBy=timers.target diff --git a/examples/config.yaml b/examples/config.yaml new file mode 100644 index 0000000..f8a02e7 --- /dev/null +++ b/examples/config.yaml @@ -0,0 +1,36 @@ +# Base URL of the CertWarden instance +# required +base_url: "https://certwarden.example.com" + +# Set this to true if your CertWarden instance does not have a publicly trusted +# TLS certificate (e.g. it has a self signed one) +# default is false +disable_certificate_validation: false + +# define all managed certificates here +certificates: + + # name is a unique identifier that must start and end with an alphanumeric character, + # and can contain the following characters: a-zA-Z0-9._- + # required + - name: test-certificate.example.com + + # Contains the API-Key to fetch the certificate from the server + # required + cert_secret: examplekey_notvalid_hrzjGDDw8z + + # path where to save the certificate + # required + cert_path: "/path/to/test-certificate.example.com-cert.pem" + + # Contains the API-Key to fetch the private key from the server + # required + key_secret: examplekey_notvalid_hrzbbDDw8z + + # path where to save the private key + # required + key_path: "/path/to/test-certificate.example.com-key.pem" + + # action to run when certificate was updated or --force is on + action: "/usr/bin/systemd reload caddy" +