Cleanup Dockerfile

This adds 2 new settings: GITDIR_ADMIN_USER, and
GITDIR_ADMIN_PUBLIC_KEY, which allow gitdir to auto-add a public key to
the config on startup. This greatly simplifies the setup process and
lines up with how many services are run in docker.

Unfortunately, between the last commit and now, travis-ci dropped their
free option, so the CI is also being migrated to Github Actions.
Finally, all packages and linters have been updated to their latest
versions.

Author: belak

.dockerignore

@@ -3,3 +3,6 @@
 **/node_modules
 Dockerfile
 docker-compose.yaml
+.env
+gitdir
+tmp

.github/workflows/test.yml

@@ -0,0 +1,33 @@
+name: Test
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.17
+
+    - name: Build
+      run: go build -v ./...
+
+    - name: Test
+      run: go test -v ./...
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: golangci-lint
+      uses: golangci/golangci-lint-action@v2
+      with:
+        version: v1.42.1

.gitignore

@@ -12,7 +12,7 @@
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
 
-# Temporary folder for the repo storage.
-# TODO: remove this.
-tmp
+/tmp
 admin-clone
+.env
+/gitdir

.golangci.yml

@@ -3,10 +3,28 @@ linters:
   disable:
     - godox
     - gomnd
-    - prealloc
     - unparam
     - gochecknoglobals
+    - goerr113
+    - exhaustivestruct
+    - nestif
+    - wrapcheck
+    - nlreturn
+    - testpackage
+    - exhaustive
+
+    # Deprecated linters
+    - interfacer
+    - maligned
+    - scopelint
+    - golint
 
 linters-settings:
   govet:
     check-shadowing: true
+  gci:
+    local-prefixes: github.com/belak/go-gitdir
+  tagliatelle:
+    case:
+      rules:
+        yaml: snake

.travis.yml

@@ -1,46 +1,30 @@
-FROM golang:1 as builder
-ARG CGO_ENABLED=0\
-    GO_LDFLAGS="-s -w"
-RUN mkdir -p /tmp/build
-COPY . /tmp/build
-WORKDIR /tmp/build/cmd/gitdir
-RUN set -ex && ls -la && export &&\
-    until go get -v ./...; do sleep 1; done &&\
-    go build -o /tmp/gitdir -ldflags="$GO_LDFLAGS" -x -v &&\
-    chmod +x /tmp/gitdir
-
-FROM alpine:3 as runner
-ENV GITDIR_BASE_DIR=/var/gitdir\
-    GITDIR_BIND_ADDR=0.0.0.0:2222
-RUN until apk add --no-cache git curl openssh-keygen ca-certificates; do sleep 1; done &&\
-    update-ca-certificates
-RUN adduser -D -H -s /bin/false gitdir gitdir
-COPY --from=builder /tmp/gitdir /usr/bin/gitdir
-RUN chmod +x /usr/bin/gitdir && ls -l /usr/bin/gitdir
-RUN rm -rf /{tmp,var,opt}/*
-RUN mkdir -p $GITDIR_BASE_DIR && chown -R gitdir:gitdir $GITDIR_BASE_DIR
-RUN echo -e '#!/bin/sh\n \
-( \
-set -x; \
-rm -rf $GITDIR_BASE_DIR/admin/unbared; \
-until [ -d "$GITDIR_BASE_DIR/admin/admin.git" ]; do echo "The admin repo is not ready"; sleep 1; done &&\
-cd $GITDIR_BASE_DIR/admin/admin.git &&\
-until git log >> /dev/null 2>&1; do echo "The admin repo is been initalized, waiting"; sleep 5; done; \
-mv $GITDIR_BASE_DIR/admin/admin.git/hooks $GITDIR_BASE_DIR/admin/admin.git/hooks.disabled &&\
-git clone $GITDIR_BASE_DIR/admin/admin.git $GITDIR_BASE_DIR/admin/unbared &&\
-cd $GITDIR_BASE_DIR/admin/unbared &&\
-git config user.name "gitdir Docker Helper Script" &&\
-git config user.email "[email protected]" &&\
-vi config.yml &&\
-git commit --no-verify config.yml &&\
-git push &&\
-rm -rf $GITDIR_BASE_DIR/admin/unbared &&\
-echo "Saved! You may need to restart the server to verify and apply the settings"; \
-mv $GITDIR_BASE_DIR/admin/admin.git/hooks.disabled $GITDIR_BASE_DIR/admin/admin.git/hooks \
-)' > /usr/bin/gitdir_config && chmod +x /usr/bin/gitdir_config
-WORKDIR $GITDIR_BASE_DIR
-USER gitdir:gitdir
+# Stage 1: Build the application
+FROM golang:1.17-bullseye as builder
+
+# Get yq to use as a helper script in the debian image.
+
+RUN mkdir /build && mkdir /usr/local/src/gitdir
+WORKDIR /usr/local/src/gitdir
+
+ADD ./go.mod ./go.sum ./
+RUN go mod download
+ADD . ./
+
+RUN go build -v -o /build/gitdir ./cmd/gitdir
+
+# State 2: Copy files and configure what we need
+FROM debian:bullseye-slim as runner
+
+ENV GITDIR_BASE_DIR=/var/lib/gitdir \
+  GITDIR_BIND_ADDR=0.0.0.0:2222
+
+VOLUME /var/lib/gitdir
+
+# Install git so git-upload-pack and git-receive-pack work.
+RUN apt-get update && apt-get install -y git \
+  && rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /build/gitdir /usr/bin/gitdir
 
 EXPOSE 2222
-ENTRYPOINT ["gitdir"]
-CMD []
+CMD ["gitdir"]

Dockerfile

@@ -65,6 +65,10 @@ The following are optional:
   defaults to `:2222`.
 - `GITDIR_LOG_READABLE` - A true value if the log should be human readable
 - `GITDIR_LOG_DEBUG` - A true value if debug logging should be enabled
+- `GITDIR_ADMIN_USER` - The name of an admin user which the server will ensure
+  exists on startup.
+- `GITHUB_ADMIN_PUBLIC_KEY` - The contents of a public key which will be added
+  to the admin user on startup.
 
 ### Runtime Config
 
@@ -89,14 +93,17 @@ which change the behavior of the server.
 
 Simply run the built binary with `GITDIR_BASE_DIR` set and start using it!
 
-On first run, go-git-dir will push a commit to the admin repo with a sample
+On first run, gitdir will push a commit to the admin repo with a sample
 config as well as generated server ssh keys. These can be updated at any time
 (even at runtime) but if the server restarts and the keys cannot be loaded, they
 will be re-generated.
 
-Note that you will need to manually clone the admin repository (at
-`$GITDIR_BASE_DIR/admin/admin`) to add a user to `config.yml` and set them as an
-admin.
+If you set `GITDIR_ADMIN_USER` and `GITHUB_ADMIN_PUBLIC_KEY` an admin user will
+automatically be added to the config.
+
+If you do not set those environment variables, you will need to manually clone
+the admin repository (at `$GITDIR_BASE_DIR/admin/admin`) to add a user to
+`config.yml` and set them as an admin.
 
 ## Sample Config
 

README.md

@@ -1,3 +1,4 @@
+//nolint:forbidigo
 package main
 
 import (

cmd/gitdir/cmd_hook.go

@@ -14,6 +14,17 @@ func cmdServe(c Config) {
 		log.Fatal().Err(err).Msg("failed to load SSH server")
 	}
 
+	// If both the AdminUser and AdminPublicKey were set, attempt to add that
+	// user to the config.
+	if c.AdminUser != "" && c.AdminPublicKey != nil {
+		log.Info().Str("user", c.AdminUser).Msg("ensuring admin user exists")
+
+		err = serv.EnsureAdminUser(c.AdminUser, c.AdminPublicKey)
+		if err != nil {
+			log.Fatal().Err(err).Msg("failed to add admin user")
+		}
+	}
+
 	serv.Addr = c.BindAddr
 
 	err = serv.ListenAndServe()

cmd/gitdir/cmd_serve.go

@@ -1,25 +1,30 @@
 package main
 
 import (
+	"errors"
+	"fmt"
 	"os"
 	"path/filepath"
 	"strconv"
 
 	billy "github.com/go-git/go-billy/v5"
 	"github.com/go-git/go-billy/v5/osfs"
-	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
+
+	"github.com/belak/go-gitdir/models"
 )
 
 // Config stores all the server-level settings. These cannot be changed at
 // runtime. They are only used by the binary and are passed to the proper
 // places.
 type Config struct {
-	BindAddr  string
-	BasePath  string
-	LogFormat string
-	LogDebug  bool
+	BindAddr       string
+	BasePath       string
+	LogFormat      string
+	LogDebug       bool
+	AdminUser      string
+	AdminPublicKey *models.PublicKey
 }
 
 // FS returns the billy.Filesystem for this base path.
@@ -29,21 +34,24 @@ func (c Config) FS() billy.Filesystem {
 
 // DefaultConfig is used as the base config.
 var DefaultConfig = Config{
-	BindAddr:  ":2222",
-	BasePath:  "./tmp",
-	LogFormat: "json",
+	BindAddr:       ":2222",
+	BasePath:       "./tmp",
+	LogFormat:      "json",
+	LogDebug:       false,
+	AdminUser:      "",
+	AdminPublicKey: nil,
 }
 
 // NewEnvConfig returns a new Config based on environment variables.
-func NewEnvConfig() (Config, error) {
+func NewEnvConfig() (Config, error) { //nolint:cyclop,funlen
 	var err error
 
 	c := DefaultConfig
 
 	if rawDebug, ok := os.LookupEnv("GITDIR_DEBUG"); ok {
 		c.LogDebug, err = strconv.ParseBool(rawDebug)
 		if err != nil {
-			return c, errors.Wrap(err, "GITDIR_DEBUG")
+			return c, fmt.Errorf("GITDIR_DEBUG: %w", err)
 		}
 	}
 
@@ -69,21 +77,35 @@ func NewEnvConfig() (Config, error) {
 	var ok bool
 
 	if c.BasePath, ok = os.LookupEnv("GITDIR_BASE_DIR"); !ok {
-		return c, errors.New("GITDIR_BASE_DIR: not set")
+		return c, fmt.Errorf("GITDIR_BASE_DIR: not set")
 	}
 
 	if c.BasePath, err = filepath.Abs(c.BasePath); err != nil {
-		return c, errors.Wrap(err, "GITDIR_BASE_DIR")
+		return c, fmt.Errorf("GITDIR_BASE_DIR: %w", err)
 	}
 
 	info, err := os.Stat(c.BasePath)
 	if err != nil {
-		return c, errors.Wrap(err, "GITDIR_BASE_DIR")
+		return c, fmt.Errorf("GITDIR_BASE_DIR: %w", err)
 	}
 
 	if !info.IsDir() {
 		return c, errors.New("GITDIR_BASE_DIR: not a directory")
 	}
 
+	// AdminUser and AdminPublicKey are allowed to not be set.
+	if adminUser, ok := os.LookupEnv("GITDIR_ADMIN_USER"); ok {
+		c.AdminUser = adminUser
+	}
+
+	if adminPublicKeyRaw, ok := os.LookupEnv("GITDIR_ADMIN_PUBLIC_KEY"); ok {
+		adminPublicKey, err := models.ParsePublicKey([]byte(adminPublicKeyRaw))
+		if err != nil {
+			return c, fmt.Errorf("GITDIR_ADMIN_PUBLIC_KEY: %w", err)
+		}
+
+		c.AdminPublicKey = adminPublicKey
+	}
+
 	return c, nil
 }

cmd/gitdir/config.go

@@ -3,22 +3,26 @@ package main
 import (
 	"os"
 
+	"github.com/joho/godotenv"
 	"github.com/rs/zerolog/log"
 )
 
 func main() {
+	_ = godotenv.Load()
+
 	c, err := NewEnvConfig()
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed to load base config")
 	}
 
 	if len(os.Args) > 1 {
-		if os.Args[1] != "hook" {
+		switch os.Args[1] {
+		case "hook":
+			cmdHook(c)
+		default:
 			log.Fatal().Msg("sub-command not found")
 		}
 
-		cmdHook(c)
-
 		return
 	}