diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..df84ed4 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,7 @@ +* +!package.json +!bun.lockb +!*.cjs +!*.js +!amt-setupbin-img/*.go +!amt-setupbin-img/go.* diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 17f1b5a..d5144a9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,19 +7,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - uses: oven-sh/setup-bun@v1 - with: - bun-version: '1.0.21' - - name: Install dependencies - run: bun install --frozen-lockfile - name: Build - run: bun build . --target bun --minify --outfile dist/amt-setupbin.js + run: docker build -t amt-setupbin . - name: Test run: ./create-provisioning-certificate.sh - - name: Upload artifacts - if: success() || failure() - uses: actions/upload-artifact@v4 - with: - name: artifacts - path: | - dist/* diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..a1ea112 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,29 @@ +# syntax=docker/dockerfile:1.6 + +FROM oven/bun:1.0 as build +WORKDIR /app +COPY package.json bun.lockb ./ +RUN bun install --frozen-lockfile +COPY *.cjs *.js ./ +# NB this is not using --minify --sourcemap=inline beause it makes stack traces +# hard to read, as they show the minified version source code. +RUN bun \ + build \ + . \ + --production \ + --compile \ + --target=bun \ + --outfile=amt-setupbin + +FROM golang:1.21-bookworm as img-build +WORKDIR /app +COPY amt-setupbin-img/go.* ./ +RUN go mod download +COPY amt-setupbin-img/*.go ./ +RUN CGO_ENABLED=0 go build -ldflags="-s" + +# NB we use the bookworm-slim (instead of scratch) image so we can enter the container to execute bash etc. +FROM debian:12-slim +COPY --from=build /app/amt-setupbin /usr/local/bin/ +COPY --from=img-build /app/amt-setupbin-img /usr/local/bin/ +ENTRYPOINT ["amt-setupbin"] diff --git a/README.md b/README.md index ca6d087..3b93524 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,6 @@ This creates: # Usage -Install [`bun`](https://bun.sh). - Install `openssl`. Install `docker` and `docker compose`. diff --git a/amt-setupbin-img/Dockerfile b/amt-setupbin-img/Dockerfile deleted file mode 100644 index a89454c..0000000 --- a/amt-setupbin-img/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -# syntax=docker/dockerfile:1.6 -FROM golang:1.21-bookworm as builder -WORKDIR /app -COPY go.* ./ -RUN go mod download -COPY *.go ./ -RUN CGO_ENABLED=0 go build -ldflags="-s" - -# NB we use the bookworm-slim (instead of scratch) image so we can enter the container to execute bash etc. -FROM debian:12-slim -COPY --from=builder /app/amt-setupbin-img . -ENTRYPOINT ["/amt-setupbin-img"] diff --git a/create-provisioning-certificate.sh b/create-provisioning-certificate.sh index 9b0ca2b..a541523 100755 --- a/create-provisioning-certificate.sh +++ b/create-provisioning-certificate.sh @@ -1,3 +1,6 @@ +#!/bin/bash +set -euo pipefail + amt_domain='amt.test' amt_domain_pfx_password='HeyH0Password!' amt_device_current_password='admin' @@ -77,23 +80,28 @@ amt_ca_certificate_hash="$( # go back to the original directory. popd >/dev/null +# build the binaries. +docker build -t amt-setupbin . + # Create the AMT configuration file. -bun . \ +docker run --rm \ + -i \ + -u "$(id -u):$(id -g)" \ + -v "$PWD/amt-ca:/host:rw" \ + -w /host \ + amt-setupbin \ --debug \ --current-password "$amt_device_current_password" \ --new-password "$amt_device_new_password" \ --pki-dns-suffix "$amt_domain" \ - --certificate "$amt_ca_certificate_hash AMT CA" \ - --path amt-ca/Setup.bin + --certificate "$amt_ca_certificate_hash AMT CA" # create a disk image with the AMT configuration file. -pushd amt-setupbin-img >/dev/null -rm -f ../amt-ca/Setup.bin.img -docker build -t amt-setupbin-img . +rm -f amt-ca/Setup.bin.img docker run --rm \ -i \ -u "$(id -u):$(id -g)" \ - -v "$PWD/../amt-ca:/host:rw" \ + -v "$PWD/amt-ca:/host:rw" \ -w /host \ - amt-setupbin-img -popd >/dev/null + --entrypoint amt-setupbin-img \ + amt-setupbin