fix container build and add missing demo CA files
This commit is contained in:
parent
6899c6cc00
commit
191d352eee
6 changed files with 135 additions and 14 deletions
24
.github/workflows/docker-image.yml
vendored
24
.github/workflows/docker-image.yml
vendored
|
@ -10,17 +10,20 @@ env:
|
|||
IMAGE_NAME: server
|
||||
|
||||
jobs:
|
||||
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
lfs: true
|
||||
|
||||
- name: Login to GitHub Docker registry
|
||||
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u baez90 --password-stdin
|
||||
|
||||
- name: Build the Docker image
|
||||
run: docker build . --file Dockerfile --tag $IMAGE_NAME
|
||||
|
||||
- name: Push image
|
||||
- name: Push image to GitHub packages
|
||||
run: |
|
||||
IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/$IMAGE_NAME
|
||||
|
||||
|
@ -40,4 +43,15 @@ jobs:
|
|||
echo VERSION=$VERSION
|
||||
|
||||
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
|
||||
docker push $IMAGE_ID:$VERSION
|
||||
docker push $IMAGE_ID:$VERSION
|
||||
|
||||
- name: Tag image for Docker Hub
|
||||
run: docker tag $IMAGE_NAME ${GITHUB_REPOSITORY}:latest
|
||||
|
||||
- name: Push latest tag to Docker Hub
|
||||
uses: docker/build-push-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
repository: baez90/inetmock
|
||||
tags: latest
|
2
.github/workflows/go-build.yml
vendored
2
.github/workflows/go-build.yml
vendored
|
@ -22,6 +22,8 @@ jobs:
|
|||
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
lfs: true
|
||||
|
||||
- name: Install mockgen
|
||||
run: go get -u github.com/golang/mock/mockgen@latest
|
||||
|
|
20
Dockerfile
20
Dockerfile
|
@ -11,7 +11,7 @@ ENV CGO_ENABLED=0
|
|||
# Prepare build stage - can be cached
|
||||
WORKDIR /work
|
||||
RUN apk add -U --no-cache \
|
||||
make protoc gcc musl-dev libcap && \
|
||||
make protoc gcc musl-dev && \
|
||||
addgroup -S -g "${GROUP_ID}" "${GROUP}" && \
|
||||
adduser \
|
||||
--disabled-password \
|
||||
|
@ -32,11 +32,7 @@ RUN go mod download && \
|
|||
COPY ./ ./
|
||||
|
||||
# Build binaries
|
||||
RUN make CONTAINER=yes && \
|
||||
mkdir -p /usr/lib/inetmock/bin/ && \
|
||||
chown $USER:$GROUP inetmock imctl && \
|
||||
mv inetmock imctl /usr/lib/inetmock/bin/ && \
|
||||
setcap 'cap_net_bind_service=+ep' /usr/lib/inetmock/bin/inetmock
|
||||
RUN make CONTAINER=yes
|
||||
|
||||
# Runtime layer
|
||||
|
||||
|
@ -49,14 +45,20 @@ ARG USER_ID=10001
|
|||
ARG GROUP_ID=10001
|
||||
|
||||
COPY --from=build /etc/group /etc/passwd /etc/
|
||||
COPY --from=build /usr/lib/inetmock/bin /usr/lib/inetmock/bin
|
||||
COPY --from=build --chown=$USER:$GROUP /work/inetmock /work/imctl /usr/lib/inetmock/bin/
|
||||
COPY --chown=$USER:$GROUP ./assets/fakeFiles/ /var/lib/inetmock/fakeFiles/
|
||||
COPY config-container.yaml /etc/inetmock/config.yaml
|
||||
|
||||
RUN mkdir -p /var/run/inetmock /var/lib/inetmock/certs /usr/lib/inetmock && \
|
||||
chown -R $USER:$GROUP /var/run/inetmock /var/lib/inetmock /usr/lib/inetmock
|
||||
chown -R $USER:$GROUP /var/run/inetmock /var/lib/inetmock /usr/lib/inetmock && \
|
||||
apk add -U --no-cache libcap
|
||||
|
||||
RUN ln -s /usr/lib/inetmock/bin/inetmock /usr/bin/inetmock && \
|
||||
ln -s /usr/lib/inetmock/bin/imctl /usr/bin/imctl
|
||||
ln -s /usr/lib/inetmock/bin/imctl /usr/bin/imctl && \
|
||||
setcap 'cap_net_bind_service=+ep' /usr/lib/inetmock/bin/inetmock
|
||||
|
||||
HEALTHCHECK --interval=5s --timeout=1s \
|
||||
CMD imctl --socket-path /var/run/inetmock/inetmock.sock health container
|
||||
|
||||
USER $USER
|
||||
|
||||
|
|
5
assets/demoCA/ca.key
Normal file
5
assets/demoCA/ca.key
Normal file
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTTz25fFLS2WO4hXD
|
||||
162B059HEe+MAQtV4iGXf7HfKCihRANCAAT3D181Tzrz6i9Mx75pmyAsg+itojO9
|
||||
sHXZSswmfsh46IVK46m0hXNHgPvD2WYW5m1PHvRl3B0vDo/2Y6sOU/Q9
|
||||
-----END PRIVATE KEY-----
|
12
assets/demoCA/ca.pem
Normal file
12
assets/demoCA/ca.pem
Normal file
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB3DCCAYKgAwIBAgIQHQIFIEcNZjsDP+wDtGPMXzAKBggqhkjOPQQDAjBOMRAw
|
||||
DgYDVQQGEwdnZXJtYW55MREwDwYDVQQHEwhEb3J0bXVuZDERMA8GA1UEChMISU5l
|
||||
dE1vY2sxFDASBgNVBAMTC0lOZXRNb2NrIENBMB4XDTIwMDYxNTEwNTEzNloXDTIw
|
||||
MDYxNTEwNTEzNlowTjEQMA4GA1UEBhMHZ2VybWFueTERMA8GA1UEBxMIRG9ydG11
|
||||
bmQxETAPBgNVBAoTCElOZXRNb2NrMRQwEgYDVQQDEwtJTmV0TW9jayBDQTBZMBMG
|
||||
ByqGSM49AgEGCCqGSM49AwEHA0IABPcPXzVPOvPqL0zHvmmbICyD6K2iM72wddlK
|
||||
zCZ+yHjohUrjqbSFc0eA+8PZZhbmbU8e9GXcHS8Oj/Zjqw5T9D2jQjBAMA4GA1Ud
|
||||
DwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDwYDVR0T
|
||||
AQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBecJsOL7ej0kCkWOnoQJpW3JuY
|
||||
KQIxQBT+XXPKEJj14AIhANG4twTloC3amz8Y7Zn3DVtvjXlTgg8YwjBFG+JioQOe
|
||||
-----END CERTIFICATE-----
|
86
config-container.yaml
Normal file
86
config-container.yaml
Normal file
|
@ -0,0 +1,86 @@
|
|||
x-response-rules: &httpResponseRules
|
||||
rules:
|
||||
- pattern: ".*\\.(?i)exe"
|
||||
response: /var/lib/inetmock/fakeFiles/sample.exe
|
||||
- pattern: ".*\\.(?i)(jpg|jpeg)"
|
||||
response: /var/lib/inetmock/fakeFiles/default.jpg
|
||||
- pattern: ".*\\.(?i)png"
|
||||
response: /var/lib/inetmock/fakeFiles/default.png
|
||||
- pattern: ".*\\.(?i)gif"
|
||||
response: /var/lib/inetmock/fakeFiles/default.gif
|
||||
- pattern: ".*\\.(?i)ico"
|
||||
response: /var/lib/inetmock/fakeFiles/default.ico
|
||||
- pattern: ".*\\.(?i)txt"
|
||||
response: /var/lib/inetmock/fakeFiles/default.txt
|
||||
- pattern: ".*"
|
||||
response: /var/lib/inetmock/fakeFiles/default.html
|
||||
|
||||
api:
|
||||
listen: unix:///var/run/inetmock/inetmock.sock
|
||||
|
||||
tls:
|
||||
ecdsaCurve: P256
|
||||
validity:
|
||||
ca:
|
||||
notBeforeRelative: 17520h
|
||||
notAfterRelative: 17520h
|
||||
server:
|
||||
NotBeforeRelative: 168h
|
||||
NotAfterRelative: 168h
|
||||
rootCaCert:
|
||||
publicKeyPath: /var/lib/inetmock/ca/ca.pem
|
||||
privateKeyPath: /var/lib/inetmock/ca/ca.key
|
||||
certCachePath: /var/lib/inetmock/certs
|
||||
|
||||
endpoints:
|
||||
plainHttp:
|
||||
handler: http_mock
|
||||
listenAddress: 0.0.0.0
|
||||
ports:
|
||||
- 80
|
||||
- 8080
|
||||
options:
|
||||
<<: *httpResponseRules
|
||||
proxy:
|
||||
handler: http_proxy
|
||||
listenAddress: 0.0.0.0
|
||||
ports:
|
||||
- 3128
|
||||
options:
|
||||
target:
|
||||
ipAddress: 127.0.0.1
|
||||
port: 80
|
||||
httpsDowngrade:
|
||||
handler: tls_interceptor
|
||||
listenAddress: 0.0.0.0
|
||||
ports:
|
||||
- 443
|
||||
- 8443
|
||||
options:
|
||||
target:
|
||||
ipAddress: 127.0.0.1
|
||||
port: 80
|
||||
plainDns:
|
||||
handler: dns_mock
|
||||
listenAddress: 0.0.0.0
|
||||
ports:
|
||||
- 53
|
||||
options:
|
||||
rules:
|
||||
- pattern: ".*\\.google\\.com"
|
||||
response: 1.1.1.1
|
||||
- pattern: ".*\\.reddit\\.com"
|
||||
response: 2.2.2.2
|
||||
fallback:
|
||||
strategy: incremental
|
||||
args:
|
||||
startIP: 10.0.10.0
|
||||
dnsOverTlsDowngrade:
|
||||
handler: tls_interceptor
|
||||
listenAddress: 0.0.0.0
|
||||
ports:
|
||||
- 853
|
||||
options:
|
||||
target:
|
||||
ipAddress: 127.0.0.1
|
||||
port: 53
|
Loading…
Reference in a new issue