From 191d352eee4a4d81b2a02f8d703b9e0034c592be Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Mon, 15 Jun 2020 13:01:37 +0200 Subject: [PATCH] fix container build and add missing demo CA files --- .github/workflows/docker-image.yml | 24 +++++++-- .github/workflows/go-build.yml | 2 + Dockerfile | 20 +++---- assets/demoCA/ca.key | 5 ++ assets/demoCA/ca.pem | 12 +++++ config-container.yaml | 86 ++++++++++++++++++++++++++++++ 6 files changed, 135 insertions(+), 14 deletions(-) create mode 100644 assets/demoCA/ca.key create mode 100644 assets/demoCA/ca.pem create mode 100644 config-container.yaml diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index f48503c..57c81da 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -10,17 +10,20 @@ env: IMAGE_NAME: server jobs: - build: - runs-on: ubuntu-latest - steps: - uses: actions/checkout@v2 + with: + lfs: true + + - name: Login to GitHub Docker registry + run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u baez90 --password-stdin + - name: Build the Docker image run: docker build . --file Dockerfile --tag $IMAGE_NAME - - name: Push image + - name: Push image to GitHub packages run: | IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/$IMAGE_NAME @@ -40,4 +43,15 @@ jobs: echo VERSION=$VERSION docker tag $IMAGE_NAME $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION \ No newline at end of file + docker push $IMAGE_ID:$VERSION + + - name: Tag image for Docker Hub + run: docker tag $IMAGE_NAME ${GITHUB_REPOSITORY}:latest + + - name: Push latest tag to Docker Hub + uses: docker/build-push-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + repository: baez90/inetmock + tags: latest \ No newline at end of file diff --git a/.github/workflows/go-build.yml b/.github/workflows/go-build.yml index c7717f5..b66e683 100644 --- a/.github/workflows/go-build.yml +++ b/.github/workflows/go-build.yml @@ -22,6 +22,8 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@v2 + with: + lfs: true - name: Install mockgen run: go get -u github.com/golang/mock/mockgen@latest diff --git a/Dockerfile b/Dockerfile index a4fe069..baa07db 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,7 @@ ENV CGO_ENABLED=0 # Prepare build stage - can be cached WORKDIR /work RUN apk add -U --no-cache \ - make protoc gcc musl-dev libcap && \ + make protoc gcc musl-dev && \ addgroup -S -g "${GROUP_ID}" "${GROUP}" && \ adduser \ --disabled-password \ @@ -32,11 +32,7 @@ RUN go mod download && \ COPY ./ ./ # Build binaries -RUN make CONTAINER=yes && \ - mkdir -p /usr/lib/inetmock/bin/ && \ - chown $USER:$GROUP inetmock imctl && \ - mv inetmock imctl /usr/lib/inetmock/bin/ && \ - setcap 'cap_net_bind_service=+ep' /usr/lib/inetmock/bin/inetmock +RUN make CONTAINER=yes # Runtime layer @@ -49,14 +45,20 @@ ARG USER_ID=10001 ARG GROUP_ID=10001 COPY --from=build /etc/group /etc/passwd /etc/ -COPY --from=build /usr/lib/inetmock/bin /usr/lib/inetmock/bin +COPY --from=build --chown=$USER:$GROUP /work/inetmock /work/imctl /usr/lib/inetmock/bin/ +COPY --chown=$USER:$GROUP ./assets/fakeFiles/ /var/lib/inetmock/fakeFiles/ COPY config-container.yaml /etc/inetmock/config.yaml RUN mkdir -p /var/run/inetmock /var/lib/inetmock/certs /usr/lib/inetmock && \ - chown -R $USER:$GROUP /var/run/inetmock /var/lib/inetmock /usr/lib/inetmock + chown -R $USER:$GROUP /var/run/inetmock /var/lib/inetmock /usr/lib/inetmock && \ + apk add -U --no-cache libcap RUN ln -s /usr/lib/inetmock/bin/inetmock /usr/bin/inetmock && \ - ln -s /usr/lib/inetmock/bin/imctl /usr/bin/imctl + ln -s /usr/lib/inetmock/bin/imctl /usr/bin/imctl && \ + setcap 'cap_net_bind_service=+ep' /usr/lib/inetmock/bin/inetmock + +HEALTHCHECK --interval=5s --timeout=1s \ + CMD imctl --socket-path /var/run/inetmock/inetmock.sock health container USER $USER diff --git a/assets/demoCA/ca.key b/assets/demoCA/ca.key new file mode 100644 index 0000000..b3aa03e --- /dev/null +++ b/assets/demoCA/ca.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTTz25fFLS2WO4hXD +162B059HEe+MAQtV4iGXf7HfKCihRANCAAT3D181Tzrz6i9Mx75pmyAsg+itojO9 +sHXZSswmfsh46IVK46m0hXNHgPvD2WYW5m1PHvRl3B0vDo/2Y6sOU/Q9 +-----END PRIVATE KEY----- diff --git a/assets/demoCA/ca.pem b/assets/demoCA/ca.pem new file mode 100644 index 0000000..c603b9c --- /dev/null +++ b/assets/demoCA/ca.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB3DCCAYKgAwIBAgIQHQIFIEcNZjsDP+wDtGPMXzAKBggqhkjOPQQDAjBOMRAw +DgYDVQQGEwdnZXJtYW55MREwDwYDVQQHEwhEb3J0bXVuZDERMA8GA1UEChMISU5l +dE1vY2sxFDASBgNVBAMTC0lOZXRNb2NrIENBMB4XDTIwMDYxNTEwNTEzNloXDTIw +MDYxNTEwNTEzNlowTjEQMA4GA1UEBhMHZ2VybWFueTERMA8GA1UEBxMIRG9ydG11 +bmQxETAPBgNVBAoTCElOZXRNb2NrMRQwEgYDVQQDEwtJTmV0TW9jayBDQTBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABPcPXzVPOvPqL0zHvmmbICyD6K2iM72wddlK +zCZ+yHjohUrjqbSFc0eA+8PZZhbmbU8e9GXcHS8Oj/Zjqw5T9D2jQjBAMA4GA1Ud +DwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDwYDVR0T +AQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBecJsOL7ej0kCkWOnoQJpW3JuY +KQIxQBT+XXPKEJj14AIhANG4twTloC3amz8Y7Zn3DVtvjXlTgg8YwjBFG+JioQOe +-----END CERTIFICATE----- diff --git a/config-container.yaml b/config-container.yaml new file mode 100644 index 0000000..1c2c04e --- /dev/null +++ b/config-container.yaml @@ -0,0 +1,86 @@ +x-response-rules: &httpResponseRules + rules: + - pattern: ".*\\.(?i)exe" + response: /var/lib/inetmock/fakeFiles/sample.exe + - pattern: ".*\\.(?i)(jpg|jpeg)" + response: /var/lib/inetmock/fakeFiles/default.jpg + - pattern: ".*\\.(?i)png" + response: /var/lib/inetmock/fakeFiles/default.png + - pattern: ".*\\.(?i)gif" + response: /var/lib/inetmock/fakeFiles/default.gif + - pattern: ".*\\.(?i)ico" + response: /var/lib/inetmock/fakeFiles/default.ico + - pattern: ".*\\.(?i)txt" + response: /var/lib/inetmock/fakeFiles/default.txt + - pattern: ".*" + response: /var/lib/inetmock/fakeFiles/default.html + +api: + listen: unix:///var/run/inetmock/inetmock.sock + +tls: + ecdsaCurve: P256 + validity: + ca: + notBeforeRelative: 17520h + notAfterRelative: 17520h + server: + NotBeforeRelative: 168h + NotAfterRelative: 168h + rootCaCert: + publicKeyPath: /var/lib/inetmock/ca/ca.pem + privateKeyPath: /var/lib/inetmock/ca/ca.key + certCachePath: /var/lib/inetmock/certs + +endpoints: + plainHttp: + handler: http_mock + listenAddress: 0.0.0.0 + ports: + - 80 + - 8080 + options: + <<: *httpResponseRules + proxy: + handler: http_proxy + listenAddress: 0.0.0.0 + ports: + - 3128 + options: + target: + ipAddress: 127.0.0.1 + port: 80 + httpsDowngrade: + handler: tls_interceptor + listenAddress: 0.0.0.0 + ports: + - 443 + - 8443 + options: + target: + ipAddress: 127.0.0.1 + port: 80 + plainDns: + handler: dns_mock + listenAddress: 0.0.0.0 + ports: + - 53 + options: + rules: + - pattern: ".*\\.google\\.com" + response: 1.1.1.1 + - pattern: ".*\\.reddit\\.com" + response: 2.2.2.2 + fallback: + strategy: incremental + args: + startIP: 10.0.10.0 + dnsOverTlsDowngrade: + handler: tls_interceptor + listenAddress: 0.0.0.0 + ports: + - 853 + options: + target: + ipAddress: 127.0.0.1 + port: 53 \ No newline at end of file