feat: switch to mainline certmagic (#29)

Also updated to golang 1.19, added support for nesting in config blocks, and improved the Dockerfile.

Closes #19

.github/workflows/docker.yml

@@ -19,18 +19,21 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+        with:
+          # TODO: fetch-tags: true may also work here (commits are required for the goreleaser changelog, though)
+          fetch-depth: 0 # Used to get tags to populate the version number
 
       - name: Log in to the Container registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -42,16 +45,18 @@ jobs:
             latest=true
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: true
           platforms: ${{ env.PLATFORMS }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/go.yml

@@ -13,13 +13,13 @@ jobs:
     steps:
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
-        go-version: 1.17
+        go-version: 1.19
       id: go
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: Get dependencies
       run: go get -v -t ./...

.github/workflows/release.yml

@@ -10,12 +10,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
         with:
-          go-version: 1.17
+          go-version: 1.19
 
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Used to get tags to populate the version number
 
       - name: Go module init
         run: |
@@ -24,9 +26,9 @@ jobs:
           cd ..
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v5
         with:
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -20,6 +20,7 @@ Casketfile.*
 !casketfile/
 casket/go.mod
 casket/go.sum
+caskethttp/browse/tempTemplate*
 
 og_static/
 

.goreleaser.yml

@@ -28,10 +28,6 @@ builds:
 # Set dist directory to build/ since we have files in dist/
 dist: build
 
-before:
-  hooks:
-    - sh ./.prerelease.sh
-
 archives:
   - id: casket
     builds:

Dockerfile

@@ -1,16 +1,27 @@
-FROM golang:1.17-bullseye AS builder
+FROM golang:1.19-bullseye AS builder
 
 WORKDIR /workdir
 
+ENV GOPROXY=https://proxy.golang.org,direct
+ENV GOPRIVATE=github.com/tmpim/casket
 COPY go.mod go.sum /workdir
-RUN GOPROXY=https://proxy.golang.org,direct go mod download
+RUN go mod download
 
 COPY . /workdir
-WORKDIR /workdir
+WORKDIR /workdir/casket
+
+# Required to build with version information - but allow this step to fail (e.g. we're building a PR). Casket will try
+# to get the version from the module (this step) first, and then try to get it from `main.version` (goreleaser and
+# ldflags). See also:
+# - casket/casketmain/run.go#getBuildModule()
+# - https://goreleaser.com/cookbooks/using-main.version/
+RUN go get "github.com/tmpim/casket@master"; exit 0
 
-RUN cd casket && go mod init casket \
-    && GOPROXY=https://proxy.golang.org,direct GOPRIVATE=github.com/tmpim/casket go get "github.com/tmpim/casket@master" \
-    && go mod tidy && CGO_ENABLED=0 go build -o casket .
+ENV CGO_ENABLED=0
+# -s: Omit the symbol table and debug information
+# -w: Omit the DWARF symbol table
+# -X: Include the git tag as the version (goreleaser also uses main.version tag)
+RUN go build -ldflags="-s -w -X 'main.version=$(git describe --tags --dirty)'" -o casket .
 
 FROM alpine:3
 
@@ -33,4 +44,4 @@ WORKDIR /config
 
 COPY --from=builder /workdir/casket/casket /usr/bin/casket
 
-ENTRYPOINT ["/usr/bin/casket", "-agree", "-root", "/www"]
+ENTRYPOINT ["/usr/bin/casket", "-agree", "-root", "/www"]

casket/casketmain/plugins.go

@@ -11,22 +11,22 @@ import (
 	_ "github.com/tmpim/casket-plugins/realip"
 	_ "github.com/tmpim/casket-plugins/tmpauth"
 	_ "github.com/tmpim/casket-plugins/webdav"
+	_ "github.com/tmpim/dnsproviders/acmedns"
 	_ "github.com/tmpim/dnsproviders/azure"
 	_ "github.com/tmpim/dnsproviders/cloudflare"
 	_ "github.com/tmpim/dnsproviders/digitalocean"
-	_ "github.com/tmpim/dnsproviders/dnsimple"
+	_ "github.com/tmpim/dnsproviders/dnspod"
 	_ "github.com/tmpim/dnsproviders/duckdns"
-	_ "github.com/tmpim/dnsproviders/dyn"
+	_ "github.com/tmpim/dnsproviders/gandi"
 	_ "github.com/tmpim/dnsproviders/godaddy"
 	_ "github.com/tmpim/dnsproviders/googlecloud"
-	_ "github.com/tmpim/dnsproviders/httpreq"
-	_ "github.com/tmpim/dnsproviders/lightsail"
 	_ "github.com/tmpim/dnsproviders/linode"
 	_ "github.com/tmpim/dnsproviders/namecheap"
 	_ "github.com/tmpim/dnsproviders/namedotcom"
 	_ "github.com/tmpim/dnsproviders/ovh"
-	_ "github.com/tmpim/dnsproviders/rackspace"
+	_ "github.com/tmpim/dnsproviders/pdns"
 	_ "github.com/tmpim/dnsproviders/rfc2136"
 	_ "github.com/tmpim/dnsproviders/route53"
+	_ "github.com/tmpim/dnsproviders/transip"
 	_ "github.com/tmpim/dnsproviders/vultr"
 )

casket/casketmain/run.go

@@ -16,9 +16,11 @@ package casketmain
 
 import (
 	"bufio"
+	"context"
 	"errors"
 	"flag"
 	"fmt"
+	"go.uber.org/zap"
 	"io"
 	"io/ioutil"
 	"log"
@@ -29,13 +31,13 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/caddyserver/certmagic"
 	"github.com/google/uuid"
 	"github.com/klauspost/cpuid"
 	"github.com/tmpim/casket"
 	"github.com/tmpim/casket/casketfile"
 	"github.com/tmpim/casket/caskettls"
 	"github.com/tmpim/casket/telemetry"
-	"github.com/tmpim/certmagic"
 	lumberjack "gopkg.in/natefinch/lumberjack.v2"
 
 	_ "github.com/tmpim/casket/caskethttp" // plug in the HTTP server type
@@ -45,19 +47,19 @@ import (
 func init() {
 	casket.TrapSignals()
 
-	flag.BoolVar(&certmagic.Default.Agreed, "agree", true, "Agree to the CA's Subscriber Agreement")
-	flag.StringVar(&certmagic.Default.CA, "ca", certmagic.Default.CA, "URL to certificate authority's ACME server directory")
+	flag.BoolVar(&certmagic.DefaultACME.Agreed, "agree", true, "Agree to the CA's Subscriber Agreement")
+	flag.StringVar(&certmagic.DefaultACME.CA, "ca", certmagic.DefaultACME.CA, "URL to certificate authority's ACME server directory")
 	flag.StringVar(&certmagic.Default.DefaultServerName, "default-sni", certmagic.Default.DefaultServerName, "If a ClientHello ServerName is empty, use this ServerName to choose a TLS certificate")
-	flag.BoolVar(&certmagic.Default.DisableHTTPChallenge, "disable-http-challenge", certmagic.Default.DisableHTTPChallenge, "Disable the ACME HTTP challenge")
-	flag.BoolVar(&certmagic.Default.DisableTLSALPNChallenge, "disable-tls-alpn-challenge", certmagic.Default.DisableTLSALPNChallenge, "Disable the ACME TLS-ALPN challenge")
+	flag.BoolVar(&certmagic.DefaultACME.DisableHTTPChallenge, "disable-http-challenge", certmagic.DefaultACME.DisableHTTPChallenge, "Disable the ACME HTTP challenge")
+	flag.BoolVar(&certmagic.DefaultACME.DisableTLSALPNChallenge, "disable-tls-alpn-challenge", certmagic.DefaultACME.DisableTLSALPNChallenge, "Disable the ACME TLS-ALPN challenge")
 	flag.StringVar(&disabledMetrics, "disabled-metrics", "", "Comma-separated list of telemetry metrics to disable")
 	flag.StringVar(&conf, "conf", "", "Casketfile to load (default \""+casket.DefaultConfigFile+"\")")
 	flag.StringVar(&cpu, "cpu", "100%", "CPU cap")
 	flag.BoolVar(&printEnv, "env", false, "Enable to print environment variables")
 	flag.StringVar(&envFile, "envfile", "", "Path to file with environment variables to load in KEY=VALUE format")
 	flag.BoolVar(&fromJSON, "json-to-casketfile", false, "From JSON stdin to Casketfile stdout")
 	flag.BoolVar(&plugins, "plugins", false, "List installed plugins")
-	flag.StringVar(&certmagic.Default.Email, "email", "", "Default ACME CA account email address")
+	flag.StringVar(&certmagic.DefaultACME.Email, "email", "", "Default ACME CA account email address")
 	flag.DurationVar(&certmagic.HTTPTimeout, "catimeout", certmagic.HTTPTimeout, "Default ACME CA HTTP timeout")
 	flag.StringVar(&logfile, "log", "", "Process log file")
 	flag.BoolVar(&logTimestamps, "log-timestamps", true, "Enable timestamps for the process log")
@@ -79,13 +81,24 @@ func init() {
 func Run() {
 	flag.Parse()
 
+	casket.AppName = appName
+	casket.OnProcessExit = append(casket.OnProcessExit, func() {
+		// TODO: Redirect to our own logger instead of zap.NewNop()
+		certmagic.CleanUpOwnLocks(context.TODO(), zap.NewNop())
+	})
+
+	// AppVersion may be set by ldflags or by the module
 	module := getBuildModule()
-	cleanModVersion := strings.TrimPrefix(module.Version, "v")
+	if module.Version != "" && module.Version != "(devel)" {
+		casket.AppVersion = module.Version
+	}
 
-	casket.AppName = appName
-	casket.AppVersion = module.Version
-	casket.OnProcessExit = append(casket.OnProcessExit, certmagic.CleanUpOwnLocks)
-	certmagic.UserAgent = appName + "/" + cleanModVersion
+	if casket.AppVersion == "" {
+		casket.AppVersion = "unknown"
+	}
+
+	cleanVersion := strings.TrimPrefix(casket.AppVersion, "v")
+	certmagic.UserAgent = appName + "/" + cleanVersion
 
 	if !logTimestamps {
 		// Disable timestamps for logging
@@ -156,9 +169,9 @@ func Run() {
 	if version {
 		if module.Sum != "" {
 			// a build with a known version will also have a checksum
-			fmt.Printf("Casket %s (%s)\n", module.Version, module.Sum)
+			fmt.Printf("Casket %s (%s)\n", casket.AppVersion, module.Sum)
 		} else {
-			fmt.Println(module.Version)
+			fmt.Println("Casket " + casket.AppVersion)
 		}
 		os.Exit(0)
 	}
@@ -197,7 +210,7 @@ func Run() {
 	}
 
 	// Log Casket version before start
-	log.Printf("[INFO] Casket version: %s", module.Version)
+	log.Printf("[INFO] Casket version: %s", casket.AppVersion)
 
 	// Start your engines
 	instance, err := casket.Start(casketfileinput)
@@ -206,7 +219,7 @@ func Run() {
 	}
 
 	// Begin telemetry (these are no-ops if telemetry disabled)
-	telemetry.Set("casket_version", module.Version)
+	telemetry.Set("casket_version", casket.AppVersion)
 	telemetry.Set("num_listeners", len(instance.Servers()))
 	telemetry.Set("server_type", serverType)
 	telemetry.Set("os", runtime.GOOS)

casket/main.go

@@ -20,14 +20,22 @@
 package main
 
 import (
+	"github.com/tmpim/casket"
 	"log"
 
 	"github.com/tmpim/casket/casket/casketmain"
 )
 
+var (
+	// Populated by ldflags (Docker builds) and goreleaser - https://goreleaser.com/cookbooks/using-main.version/
+	version = "devel"
+)
+
 var run = casketmain.Run // replaced for tests
 
 func main() {
+	casket.AppVersion = version
+
 	log.SetFlags(log.Ldate | log.Ltime | log.Lmicroseconds | log.Llongfile)
 	run()
 }