Merge branch 'devel' into snyk-fix-3b927cf871b1bd61c88bc0b479260367

grindsa · Nov 3, 2024 · b72c27d · b72c27d
2 parents 9ba0114 + e1536fa
commit b72c27d
Show file tree

Hide file tree

Showing 131 changed files with 10,751 additions and 10,240 deletions.
diff --git a/.github/acme2certifier_cabundle.pem b/.github/acme2certifier_cabundle.pem
@@ -60,4 +60,5 @@ G8vEvt2p7QrjeZ3EAatx5JuYty/NKTHZwJWk51CgzEgzDwzE2JIiqeldtL5d0Sl6
 eVuv0G04BEyuXxEWpgVVzBS4qEFIBSnTJzgu1PXmId3yLvg2Nr8NKvwyZmN5xKFp
 0A9BWo15zW1PXDaD+l39oTYD7agjXkzTAjYIcfNJ7ATIYFD0xAvNAOf70s7aNupF
 fvkG2Q==
------END CERTIFICATE-----
+-----END CERTIFICATE-----
+
diff --git a/.github/actions/acme_clients/action.yml b/.github/actions/acme_clients/action.yml
diff --git a/.github/actions/container_build/action.yml b/.github/actions/container_build/action.yml
@@ -0,0 +1,31 @@
+name: "container_build"
+description: "Build Container"
+inputs:
+  DB_HANDLER:
+    description: "Database handler"
+    required: true
+    default: "wsgi"
+  WEB_SRV:
+    description: "Web server"
+    required: true
+    default: "apache2"
+  DOCKER_COMPOSE_FILE_PATH:
+    description: "Path to the docker-compose file"
+    required: false
+    default: "examples/Docker/"
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Build docker-compose (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
+      working-directory: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
+      run: |
+        sudo apt-get install -y docker-compose
+        sed -i "s/wsgi/$DB_HANDLER/g" .env
+        sed -i "s/apache2/$WEB_SRV/g" .env
+        # cat .env
+        docker-compose build
+      shell: bash
+      env:
+        WEB_SRV: ${{ inputs.WEB_SRV }}
+        DB_HANDLER: ${{ inputs.DB_HANDLER }}
diff --git a/.github/actions/container_build_upload/action.yml b/.github/actions/container_build_upload/action.yml
@@ -0,0 +1,37 @@
+name: "container_build_upload"
+description: "Build and Upload Container"
+inputs:
+  DB_HANDLER:
+    description: "Database handler"
+    required: true
+    default: "wsgi"
+  WEB_SRV:
+    description: "Web server"
+    required: true
+    default: "apache2"
+
+runs:
+  using: "composite"
+  steps:
+  - name: "Build container"
+    uses: ./.github/actions/container_build
+    with:
+      DB_HANDLER: ${{ inputs.DB_HANDLER }}
+      WEB_SRV: ${{ inputs.WEB_SRV }}
+
+  - name: "Save container"
+    run: |
+      docker images
+      mkdir -p /tmp/a2c
+      docker save acme2certifier/$DB_HANDLER > /tmp/a2c/a2c-${{ github.run_id }}.$WEB_SRV.$DB_HANDLER.tar
+      gzip /tmp/a2c/a2c-${{ github.run_id }}.$WEB_SRV.$DB_HANDLER.tar
+    shell: bash
+    env:
+      DB_HANDLER: ${{ inputs.DB_HANDLER }}
+      WEB_SRV: ${{ inputs.WEB_SRV }}
+
+  - name: "Upload container package"
+    uses: actions/upload-artifact@master
+    with:
+      name: a2c-${{ github.run_id }}.${{ inputs.WEB_SRV }}.${{ inputs.DB_HANDLER }}.tar.gz
+      path: /tmp/a2c
diff --git a/.github/actions/container_check/action.yml b/.github/actions/container_check/action.yml
@@ -0,0 +1,32 @@
+name: "container_check"
+description: "Check container configuration"
+inputs:
+  DB_HANDLER:
+    description: "Database handler"
+    required: true
+    default: "wsgi"
+  WEB_SRV:
+    description: "Web server"
+    required: true
+    default: "apache2"
+  DOCKER_COMPOSE_FILE_PATH:
+    description: "Path to the docker-compose file"
+    required: false
+    default: "examples/Docker/"
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Logs"
+      working-directory: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
+      run: |
+          docker-compose logs | grep -i $WEB_SRV
+          if [ "$DB_HANDLER" == "django" ]; then
+              docker-compose logs | grep -i migrations
+          else
+            docker-compose logs | grep -i $DB_HANDLER
+          fi
+      env:
+        WEB_SRV: ${{ inputs.WEB_SRV }}
+        DB_HANDLER: ${{ inputs.DB_HANDLER }}
+      shell: bash
diff --git a/.github/actions/container_prep/action.yml b/.github/actions/container_prep/action.yml
@@ -0,0 +1,92 @@
+name: "container_prep"
+description: "Prepare environment for container installation"
+inputs:
+  DB_HANDLER:
+    description: "Database handler"
+    required: true
+    default: "wsgi"
+  WEB_SRV:
+    description: "Web server"
+    required: true
+    default: "apache2"
+  DJANGO_DB:
+    description: "Django database"
+    required: false
+  CONTAINER_BUILD:
+    description: "Build container"
+    required: true
+    default: "true"
+  NAME_SPACE:
+    description: "namespace"
+    required: true
+    default: "acme"
+  IPV6:
+    description: "IPv6"
+    required: true
+    default: "false"
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Setup environment"
+      run: |
+        echo "IPv6 is $IPV6"
+        if [ "$IPV6" == "false" ]; then
+          echo "create v4 namespace"
+          docker network create $NAME_SPACE
+        else
+          echo "create v6 namespace"
+          docker network create $NAME_SPACE --ipv6 --subnet "fdbb:6445:65b4:0a60::/64"
+        fi
+        sudo mkdir -p examples/Docker/data
+        sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem
+        sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem
+        sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem
+        if [ -z "$DJANGO_DB" ]; then
+            sudo cp .github/django_settings.py examples/Docker/data/settings.py
+        else
+            sudo cp .github/django_settings_$DJANGO_DB.py examples/Docker/data/settings.py
+        fi
+      env:
+        DJANGO_DB: ${{ inputs.DJANGO_DB }}
+        NAME_SPACE: ${{ inputs.NAME_SPACE }}
+        IPV6: ${{ inputs.IPV6 }}
+      shell: bash
+
+    - name: "Build docker-compose (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
+      if: inputs.CONTAINER_BUILD == 'true'
+      uses: ./.github/actions/container_build
+      with:
+        WEB_SRV: ${{ inputs.WEB_SRV }}
+        DB_HANDLER: ${{ inputs.DB_HANDLER }}
+
+    - name: "Prepare container environment file (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
+      if: inputs.CONTAINER_BUILD != 'true'
+      working-directory: examples/Docker/
+      run: |
+        sed -i "s/wsgi/$DB_HANDLER/g" .env
+        sed -i "s/apache2/$WEB_SRV/g" .env
+      env:
+        WEB_SRV: ${{ inputs.WEB_SRV }}
+        DB_HANDLER: ${{ inputs.DB_HANDLER }}
+      shell: bash
+
+    - name: "Spin-up a2c instance (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
+      if: inputs.CONTAINER_BUILD == 'true'
+      uses: ./.github/actions/container_up
+      with:
+        WEB_SRV: ${{ inputs.WEB_SRV }}
+        DB_HANDLER: ${{ inputs.DB_HANDLER }}
+        NAME_SPACE: ${{ inputs.NAME_SPACE }}
+
+    - name: "Instanciate Mariadb"
+      if: inputs.DJANGO_DB == 'mariadb'
+      uses: ./.github/actions/mariadb_prep
+      with:
+        NAME_SPACE: ${{ inputs.NAME_SPACE }}
+
+    - name: "Instanciate Postgres"
+      if: inputs.DJANGO_DB == 'psql'
+      uses: ./.github/actions/psql_prep
+      with:
+        NAME_SPACE: ${{ inputs.NAME_SPACE }}
diff --git a/.github/actions/container_up/action.yml b/.github/actions/container_up/action.yml
@@ -0,0 +1,31 @@
+name: "container_up"
+description: "instanciate a2c container"
+inputs:
+  DB_HANDLER:
+    description: "Database handler"
+    required: true
+    default: "wsgi"
+  WEB_SRV:
+    description: "Web server"
+    required: true
+    default: "apache2"
+  DOCKER_COMPOSE_FILE_PATH:
+    description: "Path to the docker-compose file"
+    required: false
+    default: "examples/Docker/"
+  NAME_SPACE:
+    description: "namespace"
+    required: true
+    default: "acme"
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Spin-up a2c instance (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
+      working-directory: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
+      run: |
+          sed -i "s/name: acme/name: $NAME_SPACE/g" docker-compose.yml
+          docker-compose up -d --no-build
+      env:
+        NAME_SPACE: ${{ inputs.NAME_SPACE }}
+      shell: bash
diff --git a/.github/actions/deb_build/action.yml b/.github/actions/deb_build/action.yml
@@ -0,0 +1,72 @@
+name: "deb_build"
+description: "Build deb package"
+outputs:
+  deb_file_name:
+    description: "Name of the debian package file"
+    value: acme2certifier_${{ env.TAG_NAME }}-1_all.deb
+
+runs:
+  using: "composite"
+  steps:
+
+    - name: Retrieve Version from version.py
+      run: |
+        echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\'//g) >> $GITHUB_ENV
+      shell: bash
+
+    - run: echo "Latest tag is ${{ env.TAG_NAME }}"
+      shell: bash
+
+    - name: "Install Firefox from Mozilla"
+      run: |
+        sudo apt-get update
+        sudo install -d -m 0755 /etc/apt/keyrings
+        wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- | sudo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
+        echo "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | sudo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null
+        echo '
+        Package: *
+        Pin: origin packages.mozilla.org
+        Pin-Priority: 1000
+        ' | sudo tee /etc/apt/preferences.d/mozilla
+        sudo apt update && sudo apt install -y firefox --allow-downgrades
+      shell: bash
+
+    - name: "Prepare environment to build deb package"
+      run: |
+        sudo apt-get update && sudo apt-get -y upgrade
+        sudo apt-get -y install build-essential fakeroot dpkg-dev devscripts debhelper  --allow-downgrades
+        rm setup.py
+        rm -f examples/ngnix/acme2certifier.te
+        rm -f examples/nginx/supervisord.conf
+        rm -f examples/nginx/uwsgi.service
+        sed -i "s/run\/uwsgi\/acme.sock/var\/www\/acme2certifier\/acme.sock/g" examples/nginx/nginx_acme_srv.conf
+        sed -i "s/run\/uwsgi\/acme.sock/var\/www\/acme2certifier\/acme.sock/g" examples/nginx/nginx_acme_srv_ssl.conf
+        sed -i "s/\/run\/uwsgi\/acme.sock/acme.sock/g" examples/nginx/acme2certifier.ini
+        sed -i "s/nginx/www-data/g" examples/nginx/acme2certifier.ini
+        echo "plugins=python3" >> examples/nginx/acme2certifier.ini
+        cat <<EOT > examples/nginx/acme2certifier.service
+        [Unit]
+        Description=uWSGI instance to serve acme2certifier
+        After=network.target
+
+        [Service]
+        User=www-data
+        Group=www-data
+        WorkingDirectory=/var/www/acme2certifier
+        Environment="PATH=/var/www/acme2certifier"
+        ExecStart=uwsgi --ini /var/www/acme2certifier/acme2certifier.ini
+
+        [Install]
+        WantedBy=multi-user.target
+        EOT
+        cp -R examples/install_scripts/debian ./
+        sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" debian/changelog
+        cd ../
+        tar cvfz ../acme2certifier_${{ env.TAG_NAME }}.orig.tar.gz ./
+      shell: bash
+
+    - name: "Build debian package"
+      run: |
+        dpkg-buildpackage -uc -us
+        dpkg -c ../acme2certifier_${{ env.TAG_NAME }}-1_all.deb
+      shell: bash
diff --git a/.github/actions/deb_build_upload/action.yml b/.github/actions/deb_build_upload/action.yml
@@ -0,0 +1,27 @@
+name: "rpm_build_upload"
+description: "Build and Upload package"
+outputs:
+  deb_file_name:
+    description: "Name of the RPM package file"
+    value: acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb
+
+runs:
+  using: "composite"
+  steps:
+
+  - name: "Build deb package"
+    id: deb_build
+    uses: ./.github/actions/deb_build
+
+  - name: "Rename deb package"
+    run: |
+      sudo mv ../acme2certifier_${{ env.TAG_NAME }}-1_all.deb ./acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb
+    shell: bash
+
+  - name: "Upload deb package"
+    uses: actions/upload-artifact@v4
+    with:
+      name: acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb
+      path: acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb
+
+