Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix actions and configure

Browse Source
This commit is contained in:
bunkerity 2021-06-21 18:27:12 +02:00
parent 09a2a4f9e5
commit a1fcbd4b83
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
6 changed files with 47 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/build-bunkerized-nginx-autoconf.yml vendored
View File

@ -46,7 +46,7 @@ jobs:
file: autoconf/Dockerfile file: autoconf/Dockerfile
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
push: false push: false
tags: bunkerity/bunkerized-nginx-autoconf:dev tags: bunkerized-nginx-autoconf
cache-from: type=local,src=/tmp/.buildx-cache cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new cache-to: type=local,dest=/tmp/.buildx-cache-new
@ -64,23 +64,13 @@ jobs:
file: autoconf/Dockerfile file: autoconf/Dockerfile
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
push: false push: false
tags: bunkerity/bunkerized-nginx-autoconf:latest,bunkerity/bunkerized-nginx-autoconf:${{ env.VERSION }} tags: bunkerized-nginx-autoconf
cache-to: type=local,dest=/tmp/.buildx-cache-master
- name: Run Trivy security scanner (dev) - name: Run Trivy security scanner
if: github.ref == 'refs/heads/dev'
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@master
with: with:
image-ref: 'bunkerity/bunkerized-nginx-autoconf:dev' image-ref: 'bunkerized-nginx-autoconf'
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
- name: Run Trivy security scanner (master)
if: github.ref == 'refs/heads/master'
uses: aquasecurity/trivy-action@master
with:
image-ref: 'bunkerity/bunkerized-nginx-autoconf'
format: 'table' format: 'table'
exit-code: '1' exit-code: '1'
ignore-unfixed: true ignore-unfixed: true
@ -106,3 +96,4 @@ jobs:
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
push: true push: true
tags: bunkerity/bunkerized-nginx-autoconf:latest,bunkerity/bunkerized-nginx-autoconf:${{ env.VERSION }} tags: bunkerity/bunkerized-nginx-autoconf:latest,bunkerity/bunkerized-nginx-autoconf:${{ env.VERSION }}
cache-from: type=local,src=/tmp/.buildx-cache-master

21
.github/workflows/build-bunkerized-nginx-ui.yml vendored
View File

@ -46,7 +46,7 @@ jobs:
file: ui/Dockerfile file: ui/Dockerfile
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
push: false push: false
tags: bunkerity/bunkerized-nginx-ui:dev tags: bunkerized-nginx-ui
cache-from: type=local,src=/tmp/.buildx-cache cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new cache-to: type=local,dest=/tmp/.buildx-cache-new
@ -64,23 +64,13 @@ jobs:
file: ui/Dockerfile file: ui/Dockerfile
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
push: false push: false
tags: bunkerity/bunkerized-nginx-ui:latest,bunkerity/bunkerized-nginx-ui:${{ env.VERSION }} tags: bunkerized-nginx-ui
cache-to: type=local,dest=/tmp/.buildx-cache-master
- name: Run Trivy security scanner (dev) - name: Run Trivy security scanner
if: github.ref == 'refs/heads/dev'
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@master
with: with:
image-ref: 'bunkerity/bunkerized-nginx-ui:dev' image-ref: 'bunkerized-nginx-ui'
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
- name: Run Trivy security scanner (master)
if: github.ref == 'refs/heads/master'
uses: aquasecurity/trivy-action@master
with:
image-ref: 'bunkerity/bunkerized-nginx-ui'
format: 'table' format: 'table'
exit-code: '1' exit-code: '1'
ignore-unfixed: true ignore-unfixed: true
@ -106,3 +96,4 @@ jobs:
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
push: true push: true
tags: bunkerity/bunkerized-nginx-ui:latest,bunkerity/bunkerized-nginx-ui:${{ env.VERSION }} tags: bunkerity/bunkerized-nginx-ui:latest,bunkerity/bunkerized-nginx-ui:${{ env.VERSION }}
cache-from: type=local,src=/tmp/.buildx-cache-master

30
.github/workflows/build-bunkerized-nginx.yml vendored
View File

@ -45,7 +45,7 @@ jobs:
context: . context: .
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
push: false push: false
tags: bunkerity/bunkerized-nginx:dev tags: bunkerized-nginx
cache-from: type=local,src=/tmp/.buildx-cache cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new cache-to: type=local,dest=/tmp/.buildx-cache-new
@ -62,31 +62,16 @@ jobs:
context: . context: .
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
push: false push: false
tags: bunkerity/bunkerized-nginx:latest,bunkerity/bunkerized-nginx:${{ env.VERSION }} tags: bunkerized-nginx
cache-to: type=local,dest=/tmp/.buildx-cache-master
- name: Run autotest (dev) - name: Run autotest
if: github.ref == 'refs/heads/dev' run: docker run bunkerized-nginx test
run: docker run bunkerity/bunkerized-nginx:dev test
- name: Run autotest (master) - name: Run Trivy security scanner
if: github.ref == 'refs/heads/master'
run: docker run bunkerity/bunkerized-nginx test
- name: Run Trivy security scanner (dev)
if: github.ref == 'refs/heads/dev'
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@master
with: with:
image-ref: 'bunkerity/bunkerized-nginx:dev' image-ref: 'bunkerized-nginx'
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
- name: Run Trivy security scanner (master)
if: github.ref == 'refs/heads/master'
uses: aquasecurity/trivy-action@master
with:
image-ref: 'bunkerity/bunkerized-nginx'
format: 'table' format: 'table'
exit-code: '1' exit-code: '1'
ignore-unfixed: true ignore-unfixed: true
@ -110,3 +95,4 @@ jobs:
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
push: true push: true
tags: bunkerity/bunkerized-nginx:latest,bunkerity/bunkerized-nginx:${{ env.VERSION }} tags: bunkerity/bunkerized-nginx:latest,bunkerity/bunkerized-nginx:${{ env.VERSION }}
cache-from: type=local,src=/tmp/.buildx-cache-master

5
helpers/dependencies.sh
View File

@ -527,7 +527,10 @@ CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERS
echo "[*] Compile dynamic modules" echo "[*] Compile dynamic modules"
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')" CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}" CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli echo "\#/bin/sh" > "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli" >> "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
do_and_check_cmd chmod +x "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure-fix.sh
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
if [ "$OS" = "centos" ] ; then if [ "$OS" = "centos" ] ; then
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib64/nginx/modules CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib64/nginx/modules

10
helpers/install.sh
View File

@ -93,12 +93,19 @@ fi
# Clone the repo # Clone the repo
echo "[*] Clone bunkerity/bunkerized-nginx" echo "[*] Clone bunkerity/bunkerized-nginx"
CHANGE_DIR="/tmp" do_and_check_cmd git_secure_clone https://github.com/bunkerity/bunkerized-nginx.git 93543d3962473af42eb0295868f8ac4184d8eeca #CHANGE_DIR="/tmp" do_and_check_cmd git_secure_clone https://github.com/bunkerity/bunkerized-nginx.git 09a2a4f9e531b93684b0916a5146091a818501d3
# TODO : do a secure clone
CHANGE_DIR="/tmp" do_and_check_cmd git clone https://github.com/bunkerity/bunkerized-nginx.git
CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd git checkout dev
# Copy generator # Copy generator
echo "[*] Copy generator" echo "[*] Copy generator"
do_and_check_cmd cp -r /tmp/bunkerized-nginx/gen /opt/bunkerized-nginx do_and_check_cmd cp -r /tmp/bunkerized-nginx/gen /opt/bunkerized-nginx
# Copy entrypoint
echo "[*] Copy entrypoint"
do_and_check_cmd cp -r /tmp/bunkerized-nginx/entrypoint /opt/bunkerized-nginx
# Copy configs # Copy configs
echo "[*] Copy configs" echo "[*] Copy configs"
do_and_check_cmd cp -r /tmp/bunkerized-nginx/confs /opt/bunkerized-nginx do_and_check_cmd cp -r /tmp/bunkerized-nginx/confs /opt/bunkerized-nginx
@ -191,6 +198,7 @@ do_and_check_cmd find /opt -type d -exec chmod 0750 {} \;
do_and_check_cmd chmod 770 /opt/bunkerized-nginx/cache do_and_check_cmd chmod 770 /opt/bunkerized-nginx/cache
do_and_check_cmd chmod 770 /opt/bunkerized-nginx/acme-challenge do_and_check_cmd chmod 770 /opt/bunkerized-nginx/acme-challenge
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/scripts/* do_and_check_cmd chmod 750 /opt/bunkerized-nginx/scripts/*
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/entrypoint/*
# Install cron # Install cron
echo "[*] Add jobs to crontab" echo "[*] Add jobs to crontab"

18
tests/linux.sh
View File

@ -1,11 +1,16 @@
#!/bin/sh #!/bin/bash
function cleanup() {
docker kill "$1"
}
image="$1" image="$1"
echo "[*] Run $image" echo "[*] Run $image"
id="$(docker run -d -it "$image")" id="$(docker run --rm -d -it "$image")"
if [ $? -ne 0 ] ; then if [ $? -ne 0 ] ; then
echo "[!] docker run failed" echo "[!] docker run failed"
cleanup "$id"
exit 1 exit 1
fi fi
@ -13,6 +18,7 @@ echo "[*] Copy dependencies.sh"
docker cp helpers/dependencies.sh "$id:/tmp" docker cp helpers/dependencies.sh "$id:/tmp"
if [ $? -ne 0 ] ; then if [ $? -ne 0 ] ; then
echo "[!] docker cp failed" echo "[!] docker cp failed"
cleanup "$id"
exit 2 exit 2
fi fi
@ -20,6 +26,7 @@ echo "[*] Exec dependencies.sh"
docker exec "$id" /bin/bash -c 'chmod +x /tmp/dependencies.sh && /tmp/dependencies.sh' docker exec "$id" /bin/bash -c 'chmod +x /tmp/dependencies.sh && /tmp/dependencies.sh'
if [ $? -ne 0 ] ; then if [ $? -ne 0 ] ; then
echo "[!] docker exec failed" echo "[!] docker exec failed"
cleanup "$id"
exit 3 exit 3
fi fi
@ -27,6 +34,7 @@ echo "[*] Copy install.sh"
docker cp helpers/install.sh "$id:/tmp" docker cp helpers/install.sh "$id:/tmp"
if [ $? -ne 0 ] ; then if [ $? -ne 0 ] ; then
echo "[!] docker cp failed" echo "[!] docker cp failed"
cleanup "$id"
exit 4 exit 4
fi fi
@ -34,12 +42,14 @@ echo "[*] Exec install.sh"
docker exec "$id" /bin/bash -c 'chmod +x /tmp/install.sh && /tmp/install.sh' docker exec "$id" /bin/bash -c 'chmod +x /tmp/install.sh && /tmp/install.sh'
if [ $? -ne 0 ] ; then if [ $? -ne 0 ] ; then
echo "[!] docker exec failed" echo "[!] docker exec failed"
exit 4 cleanup "$id"
exit 5
fi fi
echo "[*] Exec nginx -V" echo "[*] Exec nginx -V"
docker exec "$id" nginx -V docker exec "$id" nginx -V
if [ $? -ne 0 ] ; then if [ $? -ne 0 ] ; then
echo "[!] docker exec failed" echo "[!] docker exec failed"
exit 5 cleanup "$id"
exit 6
fi fi