h

kankerdev · May 11, 2024 · 5ae2dff · 5ae2dff
1 parent b92473d
commit 5ae2dff
Show file tree

Hide file tree

Showing 6 changed files with 223 additions and 0 deletions.
diff --git a/.github/workflows/build-modded.yml b/.github/workflows/build-modded.yml
@@ -0,0 +1,116 @@
+name: Build and publish containers
+
+on:
+  push:
+  workflow_dispatch:
+  schedule: [ cron: '0 4 * * *' ]
+
+permissions:
+  packages: write
+  contents: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      CARGO_TERM_COLOR: always
+      CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
+      CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc
+    outputs:
+      commit: ${{ steps.metadata.outputs.commit }}
+      continue: ${{ steps.metadata.outputs.continue }}
+    strategy:
+      fail-fast: false
+      matrix:
+        architecture: [ amd64, arm64v8 ]
+        include: 
+          - architecture: amd64
+            platform: linux/amd64
+            target: x86_64-unknown-linux-gnu
+          - architecture: arm64v8
+            platform: linux/arm64
+            target: aarch64-unknown-linux-gnu
+    steps:
+      - uses: actions/checkout@v4
+
+      - id: metadata
+        run: echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - uses: actions-rust-lang/setup-rust-toolchain@v1
+        with: { cache: false, target: "${{ matrix.target }}" }
+
+      - uses: Swatinem/rust-cache@v2
+        with: { prefix-key: "${{ matrix.architecture }}", cache-directories: "bin" }
+
+
+      - if: ${{ !contains(github.event.head_commit.message, '[build-image-only]') }}
+        uses: awalsh128/cache-apt-pkgs-action@latest
+        with:
+          packages: nasm gcc-aarch64-linux-gnu
+
+      - if: ${{ !contains(github.event.head_commit.message, '[build-image-only]') }}
+        run: RUSTFLAGS='-C target-feature=+crt-static' cargo build --release --target=${{ matrix.target }}
+
+      - if: ${{ !contains(github.event.head_commit.message, '[build-image-only]') }}
+        run: tar czfv piped-proxy-${{ matrix.architecture }}.tgz -C target/${{ matrix.target }}/release/ piped-proxy
+
+      - if: ${{ !contains(github.event.head_commit.message, '[build-image-only]') }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.target }}
+          path: piped-proxy-${{ matrix.architecture }}.tgz
+
+      - if: ${{ !contains(github.event.head_commit.message, '[build-image-only]') }}
+        run: |
+          mkdir -p ./bin
+          cp -fv ./target/${{ matrix.target }}/release/piped-proxy ./bin/piped-proxy
+
+      - uses: docker/setup-qemu-action@v3
+
+      - uses: docker/setup-buildx-action@v3
+
+      - uses: docker/metadata-action@v5
+        id: image-meta
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=${{ matrix.architecture }}-${{ steps.metadata.outputs.commit }},enable={{is_default_branch}}
+            type=raw,value=${{ matrix.architecture }},enable={{is_default_branch}}
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/build-push-action@v5
+        with:
+          push: true
+          context: .
+          file: Dockerfile.mod
+          tags: ${{ steps.image-meta.outputs.tags }}
+          platforms: ${{ matrix.platform }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+
+  merge:
+    runs-on: ubuntu-20.04
+    needs: [ build ]
+    env:
+      IMAGE: ghcr.io/${{ github.repository }}
+      COMMIT: ${{ needs.build.outputs.commit }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - run: |
+          docker buildx imagetools create \
+            --tag ${IMAGE}:${COMMIT} ${IMAGE}:{amd64,arm64v8}-${COMMIT}
+          docker buildx imagetools create \
+            --tag ${IMAGE}:latest ${IMAGE}:{amd64,arm64v8}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -4,6 +4,9 @@ on:
   push:
     paths-ignore:
       - "**.md"
+      - docker/**
+      - Docker.mod
+      - .github/workflows/build-modded.yml
     branches:
       - main
   pull_request:

diff --git a/Dockerfile.mod b/Dockerfile.mod
@@ -0,0 +1,20 @@
+FROM nginx:mainline
+
+WORKDIR /app/
+
+RUN apt-get update && \
+    apt-get install -yqq --no-install-recommends ca-certificates supervisor && \
+    rm -rvf /var/lib/apt/lists/*
+
+RUN mkdir -p /var/run/piped-proxy
+
+COPY ./docker/nginx/nginx.conf /etc/nginx/
+COPY ./docker/nginx/conf.d/app.conf /etc/nginx/conf.d/
+COPY ./docker/supervisord.conf /etc/supervisor/conf.d/
+
+COPY ./bin/piped-proxy /app/piped-proxy
+
+EXPOSE 80/tcp
+
+ENTRYPOINT [ "/usr/bin/supervisord" ]
+CMD ["-c", "/etc/supervisor/conf.d/supervisord.conf"]
diff --git a/docker/nginx/conf.d/app.conf b/docker/nginx/conf.d/app.conf
@@ -0,0 +1,22 @@
+server {
+    listen 80;
+    server_name _;
+
+
+    location / {
+        sendfile on;
+        sendfile_max_chunk 512k;
+
+        tcp_nopush on;
+
+        aio threads=default;
+        aio_write on;
+
+        directio 16m;
+
+        access_log off;
+
+        proxy_max_temp_file_size 32m;
+        proxy_pass http://unix:/var/run/piped-proxy/actix.sock;
+    }
+}
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
@@ -0,0 +1,35 @@
+user root;
+worker_processes auto;
+
+error_log /var/log/nginx/error.log notice;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    server_names_hash_bucket_size 128;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log main;
+
+    sendfile on;
+    tcp_nodelay on;
+
+    keepalive_timeout 65;
+
+    resolver 127.0.0.11 ipv6=off valid=10s;
+
+    # kanker.dev stuff
+    real_ip_header X-Forwarded-For;
+    set_real_ip_from 10.0.0.0/16;
+
+    include /etc/nginx/conf.d/*.conf;
+}
diff --git a/docker/supervisord.conf b/docker/supervisord.conf
@@ -0,0 +1,27 @@
+[supervisord]
+nodaemon = true
+logfile = /dev/null
+logfile_maxbytes = 0
+user=root
+
+[program:piped-proxy]
+command = /app/piped-proxy
+environment = UDS=1,BIND_UNIX=/var/run/piped-proxy/actix.sock
+process_name = %(program_name)s
+stdout_logfile = /dev/fd/1
+stdout_logfile_maxbytes = 0
+redirect_stderr = true
+directory = /app/
+autostart = true
+autorestart = true
+
+
+[program:nginx]
+command = /usr/sbin/nginx -g "daemon off;"
+process_name = %(program_name)s
+stdout_logfile = /dev/fd/1
+stdout_logfile_maxbytes = 0
+redirect_stderr = true
+startsecs = 5
+autostart = true
+autorestart = true