From 75fdb5a1a9b993ea87b9c128a0ece3aa5902652e Mon Sep 17 00:00:00 2001 From: collinlucke Date: Sat, 30 Nov 2024 14:58:02 -0700 Subject: [PATCH 1/2] 56-alt --- .github/workflows/cicd.yml | 175 +++---------------------------------- Dockerfile | 8 +- 2 files changed, 14 insertions(+), 169 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 53dd8ca..503517d 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -1,164 +1,3 @@ -# name: Baphomet Server Deploy - -# on: -# push: -# branches: -# - master - -# jobs: -# build: -# runs-on: self-hosted - -# steps: -# - name: Checkout Source -# uses: actions/checkout@v4 - -# - name: Set Environment Variables -# shell: powershell -# run: | -# Write-Output "Setting environment variables..." -# function Encode-Base64 { -# param ( -# [string]$Text -# ) -# $bytes = [System.Text.Encoding]::UTF8.GetBytes($Text) -# [System.Convert]::ToBase64String($bytes) -# } - -# $envVars = @" -# ATLAS_DB_PASSWORD=${{ secrets.ATLAS_DB_PASSWORD }} -# ATLAS_DB_USERNAME=${{ secrets.ATLAS_DB_USERNAME }} -# ATLAS_CLUSTER=${{ secrets.ATLAS_CLUSTER }} -# ATLAS_DB=${{ secrets.ATLAS_DB }} -# ACCESS_TOKEN_SECRET=${{ secrets.ACCESS_TOKEN_SECRET }} -# REFRESH_TOKEN_SECRET=${{ secrets.REFRESH_TOKEN_SECRET }} -# SSL_CERT=$(Encode-Base64 "${{ secrets.SSL_CERT }}") -# SSL_PRIVATE_KEY=$(Encode-Base64 "${{ secrets.SSL_PRIVATE_KEY }}") -# SSL_CERT_INTERMEDIATE=$(Encode-Base64 "${{ secrets.SSL_CERT_INTERMEDIATE }}") -# SSL_KEY_PATH=./keyfile.key -# SSL_CERT_PATH=./certfile.cer -# SSL_CA_PATH=./intermediate.cer -# "@ - -# $envVars | Out-File -FilePath ".env" -Encoding utf8 -# Write-Output "Environment variables set." - - -# - name: Verify `.env` File -# shell: powershell -# run: | -# Write-Output "Verifying .env file contents..." -# Get-Content -Path ".env" - - - -# - name: Verify Working Directory and `.env` File Creation -# shell: powershell -# run: | -# Write-Output "Current directory: $(Get-Location)" -# if (Test-Path ".env") { -# Write-Output ".env file exists:" -# Get-Content ".env" -# } else { -# Write-Output ".env file does not exist." -# exit 1 -# } - -# - name: Install Docker Compose (if needed) -# shell: powershell -# run: | -# if (-not (Get-Command docker-compose -ErrorAction SilentlyContinue)) { -# $installPath = "${{ runner.temp }}/docker-compose.exe" -# Invoke-WebRequest -Uri "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Windows-x86_64.exe" -OutFile $installPath -# Start-Process -FilePath "powershell.exe" -ArgumentList "-Command -# Move-Item -Path $installPath -Destination 'C:\Program Files\Docker\Docker\resources\bin\docker-compose.exe'" -Verb RunAs -# Write-Output "Docker Compose Installed" -# } else { -# Write-Output "Docker Compose already installed" -# } - -# - name: List Files in Directory -# shell: powershell -# run: Get-ChildItem -Path . - -# - name: Docker Login with Elevated Permissions -# shell: powershell -# run: | -# Start-Process -FilePath "powershell.exe" -ArgumentList "-Command echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin" -Verb RunAs - -# - name: Verify Docker Login with Elevated Permissions -# shell: powershell -# run: | -# Start-Process -FilePath "powershell.exe" -ArgumentList "-Command docker info" -Verb RunAs -# Write-Output "Verifying Docker login..." - -# - name: Build Docker Images with Elevated Privileges -# shell: powershell -# run: Start-Process -FilePath "powershell.exe" -ArgumentList "-Command docker-compose -f docker-compose.yml build" -Verb RunAs - -# - name: Tag Docker Image with Elevated Privileges -# shell: powershell -# run: Start-Process -FilePath "docker" -ArgumentList "tag baphomet-server:latest collinlucke/baphomet-server:latest" -Verb RunAs - -# - name: Verify `docker-push.ps1` File -# shell: powershell -# run: | -# if (Test-Path "./docker-push.ps1") { -# Write-Output "Found docker-push.ps1 script, executing it..." -# } else { -# Write-Output "docker-push.ps1 script not found." -# exit 1 -# } - -# - name: Push Docker Images with Elevated Privileges -# shell: powershell -# run: | -# if (Test-Path "./docker-push.ps1") { -# Write-Output "Found docker-push.ps1 script, executing it with elevated privileges..." -# Start-Process -FilePath "powershell.exe" -ArgumentList "-Command .\docker-push.ps1" -Verb RunAs -# } else { -# Write-Output "docker-push.ps1 script not found." -# exit 1 -# } - -# - name: Verify Docker Login again -# shell: powershell -# run: | -# Start-Process -FilePath "powershell.exe" -ArgumentList "-Command docker info" -Verb RunAs -# Write-Output "Verifying Docker login..." - - -# deploy: -# needs: build -# runs-on: self-hosted - -# steps: -# - name: Checkout Source -# uses: actions/checkout@v4 - -# - name: Install Docker Compose (if needed) -# shell: powershell -# run: | -# if (-not (Get-Command docker-compose -ErrorAction SilentlyContinue)) { -# $installPath = "${{ runner.temp }}/docker-compose.exe" -# Invoke-WebRequest -Uri "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Windows-x86_64.exe" -OutFile $installPath -# Start-Process -FilePath "powershell.exe" -ArgumentList "-Command -# Move-Item -Path $installPath -Destination 'C:\Program Files\Docker\Docker\resources\bin\docker-compose.exe'" -Verb RunAs -# Write-Output "Docker Compose Installed" -# } else { -# Write-Output "Docker Compose already installed" -# } - -# - name: Pull Image from Docker Hub -# run: Start-Process -FilePath "powershell.exe" -ArgumentList "-Command docker-compose -f docker-compose.yml pull" -Verb RunAs - -# - name: Delete Old Container -# run: Start-Process -FilePath "powershell.exe" -ArgumentList "-Command docker-compose -f docker-compose.yml rm" -Verb RunAs - -# - name: Run Docker Container -# run: Start-Process -FilePath "powershell.exe" -ArgumentList "-Command docker-compose -f docker-compose.yml up -d" -Verb RunAs - - name: Baphomet Server Deploy on: @@ -182,12 +21,18 @@ jobs: echo "ATLAS_DB=${{ secrets.ATLAS_DB }}" >> $GITHUB_ENV echo "ACCESS_TOKEN_SECRET=${{ secrets.ACCESS_TOKEN_SECRET }}" >> $GITHUB_ENV echo "REFRESH_TOKEN_SECRET=${{ secrets.REFRESH_TOKEN_SECRET }}" >> $GITHUB_ENV - echo "SSL_CERT=$(echo "${{ secrets.SSL_CERT }}" | base64 --decode)" >> $GITHUB_ENV - echo "SSL_PRIVATE_KEY=$(echo "${{ secrets.SSL_PRIVATE_KEY }}" | base64 --decode)" >> $GITHUB_ENV - echo "SSL_CERT_INTERMEDIATE=$(echo "${{ secrets.SSL_CERT_INTERMEDIATE }}" | base64 --decode)" >> $GITHUB_ENV + + - name: Decode and Write SSL Certificates + run: | + echo "${{ secrets.SSL_CERT }}" | base64 --decode > certfile.cer + echo "${{ secrets.SSL_PRIVATE_KEY }}" | base64 --decode > keyfile.key + echo "${{ secrets.SSL_CERT_INTERMEDIATE }}" | base64 --decode > intermediate.cer + echo "SSL_CERT_PATH=certfile.cer" >> $GITHUB_ENV + echo "SSL_KEY_PATH=keyfile.key" >> $GITHUB_ENV + echo "SSL_CA_PATH=intermediate.cer" >> $GITHUB_ENV - name: Build Docker Image - run: docker build -t collinlucke/baphomet-server:latest . + run: docker build --build-arg SSL_CERT_PATH=$SSL_CERT_PATH --build-arg SSL_KEY_PATH=$SSL_KEY_PATH --build-arg SSL_CA_PATH=$SSL_CA_PATH -t collinlucke/baphomet-server:latest . - name: Login to Docker Hub run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin diff --git a/Dockerfile b/Dockerfile index 6c62eb8..ffc46e0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,11 +8,11 @@ ARG ATLAS_DB ARG ATLAS_DB_PASSWORD ARG ACCESS_TOKEN_SECRET ARG REFRESH_TOKEN_SECRET -ARG SSL_KEY_PATH=./keyfile.key -ARG SSL_CERT_PATH=./certfile.cer -ARG SSL_CA_PATH=./intermediate.cer +ARG SSL_KEY_PATH +ARG SSL_CERT_PATH +ARG SSL_CA_PATH -ENV ATLAS_DB_USERNAME=${ATLAS_DB_USERNAME} +ENV ATLAS_DB_USERNAME=${ATLAS_DB_USERNAME} ENV ATLAS_CLUSTER=${ATLAS_CLUSTER} ENV ATLAS_DB=${ATLAS_DB} ENV ATLAS_DB_PASSWORD=${ATLAS_DB_PASSWORD} From 13c7be812ffd80fa082362605dbb03ebdf10a52c Mon Sep 17 00:00:00 2001 From: collinlucke Date: Sat, 30 Nov 2024 14:59:23 -0700 Subject: [PATCH 2/2] Merge branch 'master' of github.com:collinlucke/baphomet-server --- .github/workflows/cicd.yml | 17 +++++++-- .gitignore | 3 +- docker-compose.yml | 78 ++++++++++++++++++++++++-------------- 3 files changed, 65 insertions(+), 33 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 503517d..18b3785 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -24,9 +24,9 @@ jobs: - name: Decode and Write SSL Certificates run: | - echo "${{ secrets.SSL_CERT }}" | base64 --decode > certfile.cer - echo "${{ secrets.SSL_PRIVATE_KEY }}" | base64 --decode > keyfile.key - echo "${{ secrets.SSL_CERT_INTERMEDIATE }}" | base64 --decode > intermediate.cer + echo "${{ secrets.SSL_CERT_BASE64 }}" | base64 --decode > certfile.cer + echo "${{ secrets.SSL_PRIVATE_KEY_BASE64 }}" | base64 --decode > keyfile.key + echo "${{ secrets.SSL_CERT_INTERMEDIATE_BASE64 }}" | base64 --decode > intermediate.cer echo "SSL_CERT_PATH=certfile.cer" >> $GITHUB_ENV echo "SSL_KEY_PATH=keyfile.key" >> $GITHUB_ENV echo "SSL_CA_PATH=intermediate.cer" >> $GITHUB_ENV @@ -39,3 +39,14 @@ jobs: - name: Push Docker Image run: docker push collinlucke/baphomet-server:latest + + - name: Add SSH Key + uses: webfactory/ssh-agent@v0.5.3 + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + + - name: Deploy to Server + run: ssh -o StrictHostKeyChecking=no ohclt@192.168.1.52 'bash ~/deploy.sh' + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} diff --git a/.gitignore b/.gitignore index 586859d..b5bf906 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,5 @@ *testCon.js *.cer *.key -*set-env.sh \ No newline at end of file +*set-env.sh +deploy.sh \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 50231b3..71fc2a7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,39 +1,59 @@ +# services: +# app: +# restart: unless-stopped +# image: collinlucke/baphomet-server:latest +# networks: +# - baphomet +# build: +# context: . +# dockerfile: Dockerfile +# args: +# - ATLAS_DB_USERNAME=${ATLAS_DB_USERNAME} +# - ATLAS_CLUSTER=${ATLAS_CLUSTER} +# - ATLAS_DB=${ATLAS_DB} +# - ATLAS_DB_PASSWORD=${ATLAS_DB_PASSWORD} +# - ACCESS_TOKEN_SECRET=${ACCESS_TOKEN_SECRET} +# - REFRESH_TOKEN_SECRET=${REFRESH_TOKEN_SECRET} +# - SSL_KEY_PATH=${SSL_KEY_PATH} +# - SSL_CERT_PATH=${SSL_CERT_PATH} +# - SSL_CA_PATH=${SSL_CA_PATH} +# ports: +# - '5050:5050' +# - '443:443' +# volumes: +# - ./src:/usr/src/app/src +# - ../baphomet-ui/dist:/usr/src/app/dist +# environment: +# - ATLAS_DB_PASSWORD=${ATLAS_DB_PASSWORD} +# - ATLAS_DB_USERNAME=${ATLAS_DB_USERNAME} +# - ATLAS_CLUSTER=${ATLAS_CLUSTER} +# - ATLAS_DB=${ATLAS_DB} +# - ACCESS_TOKEN_SECRET=${ACCESS_TOKEN_SECRET} +# - REFRESH_TOKEN_SECRET=${REFRESH_TOKEN_SECRET} +# - SSL_CERT +# - SSL_CERT_INTERMEDIATE +# - SSL_PRIVATE_KEY + +# networks: +# baphomet: +# driver: bridge + + services: app: - restart: unless-stopped image: collinlucke/baphomet-server:latest - networks: - - baphomet - build: - context: . - dockerfile: Dockerfile - args: - - ATLAS_DB_USERNAME=${ATLAS_DB_USERNAME} - - ATLAS_CLUSTER=${ATLAS_CLUSTER} - - ATLAS_DB=${ATLAS_DB} - - ATLAS_DB_PASSWORD=${ATLAS_DB_PASSWORD} - - ACCESS_TOKEN_SECRET=${ACCESS_TOKEN_SECRET} - - REFRESH_TOKEN_SECRET=${REFRESH_TOKEN_SECRET} - - SSL_KEY_PATH=${SSL_KEY_PATH} - - SSL_CERT_PATH=${SSL_CERT_PATH} - - SSL_CA_PATH=${SSL_CA_PATH} + container_name: baphomet-server ports: - - '5050:5050' - - '443:443' - volumes: - - ./src:/usr/src/app/src - - ../baphomet-ui/dist:/usr/src/app/dist + - "5050:5050" + - "443:443" environment: - ATLAS_DB_PASSWORD=${ATLAS_DB_PASSWORD} - ATLAS_DB_USERNAME=${ATLAS_DB_USERNAME} - ATLAS_CLUSTER=${ATLAS_CLUSTER} - ATLAS_DB=${ATLAS_DB} - ACCESS_TOKEN_SECRET=${ACCESS_TOKEN_SECRET} - - REFRESH_TOKEN_SECRET=${REFRESH_TOKEN_SECRET} - - SSL_CERT - - SSL_CERT_INTERMEDIATE - - SSL_PRIVATE_KEY - -networks: - baphomet: - driver: bridge + - REFRESH_TOKEN_SECRET=${ACCESS_TOKEN_SECRET} + volumes: + - ./src:/usr/src/app/src + - ../baphomet-ui/dist:/usr/src/app/dist + restart: unless-stopped