fix actions and configure
This commit is contained in:
parent
09a2a4f9e5
commit
a1fcbd4b83
|
@ -46,7 +46,7 @@ jobs:
|
|||
file: autoconf/Dockerfile
|
||||
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
|
||||
push: false
|
||||
tags: bunkerity/bunkerized-nginx-autoconf:dev
|
||||
tags: bunkerized-nginx-autoconf
|
||||
cache-from: type=local,src=/tmp/.buildx-cache
|
||||
cache-to: type=local,dest=/tmp/.buildx-cache-new
|
||||
|
||||
|
@ -64,23 +64,13 @@ jobs:
|
|||
file: autoconf/Dockerfile
|
||||
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
|
||||
push: false
|
||||
tags: bunkerity/bunkerized-nginx-autoconf:latest,bunkerity/bunkerized-nginx-autoconf:${{ env.VERSION }}
|
||||
tags: bunkerized-nginx-autoconf
|
||||
cache-to: type=local,dest=/tmp/.buildx-cache-master
|
||||
|
||||
- name: Run Trivy security scanner (dev)
|
||||
if: github.ref == 'refs/heads/dev'
|
||||
- name: Run Trivy security scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: 'bunkerity/bunkerized-nginx-autoconf:dev'
|
||||
format: 'table'
|
||||
exit-code: '1'
|
||||
ignore-unfixed: true
|
||||
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
|
||||
|
||||
- name: Run Trivy security scanner (master)
|
||||
if: github.ref == 'refs/heads/master'
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: 'bunkerity/bunkerized-nginx-autoconf'
|
||||
image-ref: 'bunkerized-nginx-autoconf'
|
||||
format: 'table'
|
||||
exit-code: '1'
|
||||
ignore-unfixed: true
|
||||
|
@ -106,3 +96,4 @@ jobs:
|
|||
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
|
||||
push: true
|
||||
tags: bunkerity/bunkerized-nginx-autoconf:latest,bunkerity/bunkerized-nginx-autoconf:${{ env.VERSION }}
|
||||
cache-from: type=local,src=/tmp/.buildx-cache-master
|
||||
|
|
|
@ -46,7 +46,7 @@ jobs:
|
|||
file: ui/Dockerfile
|
||||
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
|
||||
push: false
|
||||
tags: bunkerity/bunkerized-nginx-ui:dev
|
||||
tags: bunkerized-nginx-ui
|
||||
cache-from: type=local,src=/tmp/.buildx-cache
|
||||
cache-to: type=local,dest=/tmp/.buildx-cache-new
|
||||
|
||||
|
@ -64,23 +64,13 @@ jobs:
|
|||
file: ui/Dockerfile
|
||||
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
|
||||
push: false
|
||||
tags: bunkerity/bunkerized-nginx-ui:latest,bunkerity/bunkerized-nginx-ui:${{ env.VERSION }}
|
||||
tags: bunkerized-nginx-ui
|
||||
cache-to: type=local,dest=/tmp/.buildx-cache-master
|
||||
|
||||
- name: Run Trivy security scanner (dev)
|
||||
if: github.ref == 'refs/heads/dev'
|
||||
- name: Run Trivy security scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: 'bunkerity/bunkerized-nginx-ui:dev'
|
||||
format: 'table'
|
||||
exit-code: '1'
|
||||
ignore-unfixed: true
|
||||
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
|
||||
|
||||
- name: Run Trivy security scanner (master)
|
||||
if: github.ref == 'refs/heads/master'
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: 'bunkerity/bunkerized-nginx-ui'
|
||||
image-ref: 'bunkerized-nginx-ui'
|
||||
format: 'table'
|
||||
exit-code: '1'
|
||||
ignore-unfixed: true
|
||||
|
@ -106,3 +96,4 @@ jobs:
|
|||
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
|
||||
push: true
|
||||
tags: bunkerity/bunkerized-nginx-ui:latest,bunkerity/bunkerized-nginx-ui:${{ env.VERSION }}
|
||||
cache-from: type=local,src=/tmp/.buildx-cache-master
|
||||
|
|
|
@ -45,7 +45,7 @@ jobs:
|
|||
context: .
|
||||
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
|
||||
push: false
|
||||
tags: bunkerity/bunkerized-nginx:dev
|
||||
tags: bunkerized-nginx
|
||||
cache-from: type=local,src=/tmp/.buildx-cache
|
||||
cache-to: type=local,dest=/tmp/.buildx-cache-new
|
||||
|
||||
|
@ -62,31 +62,16 @@ jobs:
|
|||
context: .
|
||||
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
|
||||
push: false
|
||||
tags: bunkerity/bunkerized-nginx:latest,bunkerity/bunkerized-nginx:${{ env.VERSION }}
|
||||
tags: bunkerized-nginx
|
||||
cache-to: type=local,dest=/tmp/.buildx-cache-master
|
||||
|
||||
- name: Run autotest (dev)
|
||||
if: github.ref == 'refs/heads/dev'
|
||||
run: docker run bunkerity/bunkerized-nginx:dev test
|
||||
- name: Run autotest
|
||||
run: docker run bunkerized-nginx test
|
||||
|
||||
- name: Run autotest (master)
|
||||
if: github.ref == 'refs/heads/master'
|
||||
run: docker run bunkerity/bunkerized-nginx test
|
||||
|
||||
- name: Run Trivy security scanner (dev)
|
||||
if: github.ref == 'refs/heads/dev'
|
||||
- name: Run Trivy security scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: 'bunkerity/bunkerized-nginx:dev'
|
||||
format: 'table'
|
||||
exit-code: '1'
|
||||
ignore-unfixed: true
|
||||
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
|
||||
|
||||
- name: Run Trivy security scanner (master)
|
||||
if: github.ref == 'refs/heads/master'
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: 'bunkerity/bunkerized-nginx'
|
||||
image-ref: 'bunkerized-nginx'
|
||||
format: 'table'
|
||||
exit-code: '1'
|
||||
ignore-unfixed: true
|
||||
|
@ -110,3 +95,4 @@ jobs:
|
|||
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8
|
||||
push: true
|
||||
tags: bunkerity/bunkerized-nginx:latest,bunkerity/bunkerized-nginx:${{ env.VERSION }}
|
||||
cache-from: type=local,src=/tmp/.buildx-cache-master
|
||||
|
|
|
@ -527,7 +527,10 @@ CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd tar -xvzf nginx-${NGINX_VERS
|
|||
echo "[*] Compile dynamic modules"
|
||||
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
|
||||
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli
|
||||
echo "\#/bin/sh" > "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerized-nginx/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerized-nginx/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_http_geoip2_module --add-dynamic-module=/tmp/bunkerized-nginx/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerized-nginx/lua-nginx-module --add-dynamic-module=/tmp/bunkerized-nginx/ngx_brotli" >> "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
do_and_check_cmd chmod +x "/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/local/lib/" LUAJIT_INC="/usr/local/include/luajit-2.1" do_and_check_cmd ./configure-fix.sh
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
|
||||
if [ "$OS" = "centos" ] ; then
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/lib64/nginx/modules
|
||||
|
|
|
@ -93,12 +93,19 @@ fi
|
|||
|
||||
# Clone the repo
|
||||
echo "[*] Clone bunkerity/bunkerized-nginx"
|
||||
CHANGE_DIR="/tmp" do_and_check_cmd git_secure_clone https://github.com/bunkerity/bunkerized-nginx.git 93543d3962473af42eb0295868f8ac4184d8eeca
|
||||
#CHANGE_DIR="/tmp" do_and_check_cmd git_secure_clone https://github.com/bunkerity/bunkerized-nginx.git 09a2a4f9e531b93684b0916a5146091a818501d3
|
||||
# TODO : do a secure clone
|
||||
CHANGE_DIR="/tmp" do_and_check_cmd git clone https://github.com/bunkerity/bunkerized-nginx.git
|
||||
CHANGE_DIR="/tmp/bunkerized-nginx" do_and_check_cmd git checkout dev
|
||||
|
||||
# Copy generator
|
||||
echo "[*] Copy generator"
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/gen /opt/bunkerized-nginx
|
||||
|
||||
# Copy entrypoint
|
||||
echo "[*] Copy entrypoint"
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/entrypoint /opt/bunkerized-nginx
|
||||
|
||||
# Copy configs
|
||||
echo "[*] Copy configs"
|
||||
do_and_check_cmd cp -r /tmp/bunkerized-nginx/confs /opt/bunkerized-nginx
|
||||
|
@ -191,6 +198,7 @@ do_and_check_cmd find /opt -type d -exec chmod 0750 {} \;
|
|||
do_and_check_cmd chmod 770 /opt/bunkerized-nginx/cache
|
||||
do_and_check_cmd chmod 770 /opt/bunkerized-nginx/acme-challenge
|
||||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/scripts/*
|
||||
do_and_check_cmd chmod 750 /opt/bunkerized-nginx/entrypoint/*
|
||||
|
||||
# Install cron
|
||||
echo "[*] Add jobs to crontab"
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
|
||||
function cleanup() {
|
||||
docker kill "$1"
|
||||
}
|
||||
|
||||
image="$1"
|
||||
|
||||
echo "[*] Run $image"
|
||||
id="$(docker run -d -it "$image")"
|
||||
id="$(docker run --rm -d -it "$image")"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker run failed"
|
||||
cleanup "$id"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
@ -13,6 +18,7 @@ echo "[*] Copy dependencies.sh"
|
|||
docker cp helpers/dependencies.sh "$id:/tmp"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker cp failed"
|
||||
cleanup "$id"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
|
@ -20,6 +26,7 @@ echo "[*] Exec dependencies.sh"
|
|||
docker exec "$id" /bin/bash -c 'chmod +x /tmp/dependencies.sh && /tmp/dependencies.sh'
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker exec failed"
|
||||
cleanup "$id"
|
||||
exit 3
|
||||
fi
|
||||
|
||||
|
@ -27,6 +34,7 @@ echo "[*] Copy install.sh"
|
|||
docker cp helpers/install.sh "$id:/tmp"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker cp failed"
|
||||
cleanup "$id"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
|
@ -34,12 +42,14 @@ echo "[*] Exec install.sh"
|
|||
docker exec "$id" /bin/bash -c 'chmod +x /tmp/install.sh && /tmp/install.sh'
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker exec failed"
|
||||
exit 4
|
||||
cleanup "$id"
|
||||
exit 5
|
||||
fi
|
||||
|
||||
echo "[*] Exec nginx -V"
|
||||
docker exec "$id" nginx -V
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[!] docker exec failed"
|
||||
exit 5
|
||||
cleanup "$id"
|
||||
exit 6
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue