diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ddce9f9..d57cbab 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,19 +10,19 @@ jobs: tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: shellcheck - uses: azohra/shell-linter@v0.4.0 + uses: azbagheri/shell-linter@latest - name: hadolint uses: brpaz/hadolint-action@master - name: Build image - run: ./build.sh + run: make build - name: Run tests - run: ./tests/test.sh + run: make tests deploy: runs-on: ubuntu-latest @@ -30,10 +30,10 @@ jobs: - tests if: github.event_name == 'push' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: Log in to dockerhub run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin - name: Deploy image - run: ./build.sh --push --latest + run: make push-latest diff --git a/Dockerfile b/Dockerfile index 559687f..0e90ade 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.22 ARG ARG_NGINX_VERSION @@ -13,7 +13,8 @@ RUN CONFIG=" \ --without-http_autoindex_module \ --without-http_browser_module \ --without-http_empty_gif_module \ - --without-http_limit_conn_module \ + --without-http_geo_module \ + --without-http_grpc_module \ --without-http_map_module \ --without-http_memcached_module \ --without-http_referer_module \ diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..6edd48f --- /dev/null +++ b/Makefile @@ -0,0 +1,16 @@ +include conf.env + +build: + docker build --build-arg=ARG_NGINX_VERSION="$(NGINX_VERSION)" \ + -t "$(DOCKER_IMAGE):$(NGINX_VERSION)" . + +build-latest: build + docker tag "$(DOCKER_IMAGE):$(NGINX_VERSION)" "$(DOCKER_IMAGE):latest" + +push-latest: build-latest + docker push "$(DOCKER_IMAGE):$(NGINX_VERSION)" + docker push "$(DOCKER_IMAGE):latest" + +.PHONY: tests +tests: + ./tests/test.sh diff --git a/README.md b/README.md index 1194d26..0b8ba75 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Edit [conf.env](conf.env) ```bash NGINX_VERSION=x.xx.x # Nginx version to build from -DOCKER_IMAGE=dcarrillo/nginx # Docker image +DOCKER_IMAGE=dcarrillo/nginx # Docker image target ``` ## Build @@ -25,19 +25,13 @@ DOCKER_IMAGE=dcarrillo/nginx # Docker image Build locally: ```bash -./build.sh +make build ``` -Build locally and upload the image to a registry (you must be logged in to the registry) +Push image (it includes latest tag): ```bash -./build.sh --push -``` - -Build locally, tag the image as latest and upload it to a registry (you must be logged in to the registry) - -```bash -./build.sh --push --latest +make push-latest ``` ## Testing @@ -49,9 +43,5 @@ Prerequisites: - curl ```bash -# build local image -./build.sh - -# run tests -./tests/test.sh +make tests ``` diff --git a/build.sh b/build.sh deleted file mode 100755 index 0bf9d83..0000000 --- a/build.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env sh - -set -e - -# shellcheck disable=SC1090 -. "$(dirname "$0")"/conf.env - -while [ $# -gt 0 ]; do - case $1 in - --push) - PUSH=true - shift - ;; - --latest) - LATEST=true - shift - ;; - *) - shift - ;; - esac -done - -docker build --build-arg=ARG_NGINX_VERSION="$NGINX_VERSION" \ - -t "$DOCKER_IMAGE":"$NGINX_VERSION" . - -if [ x$PUSH = "xtrue" ]; then - docker push "$DOCKER_IMAGE":"$NGINX_VERSION" -fi - -if [ x$LATEST = "xtrue" ]; then - docker tag "$DOCKER_IMAGE":"$NGINX_VERSION" "$DOCKER_IMAGE":latest - [ x$PUSH = "xtrue" ] && docker push "$DOCKER_IMAGE":latest -fi diff --git a/conf.env b/conf.env index 5b37264..2a1a0b9 100644 --- a/conf.env +++ b/conf.env @@ -1,2 +1,2 @@ -NGINX_VERSION=1.28.0 +NGINX_VERSION=1.29.3 DOCKER_IMAGE=dcarrillo/nginx diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml new file mode 100644 index 0000000..5cd1290 --- /dev/null +++ b/tests/docker-compose.yml @@ -0,0 +1,14 @@ +services: + nginx: + build: + context: .. + args: + ARG_NGINX_VERSION: ${NGINX_VERSION} + volumes: + - ./nginx.conf:/usr/local/nginx/conf/nginx.conf:ro + - /tmp/nginx-ssl/cert.pem:/tmp/cert.pem:ro + - /tmp/nginx-ssl/cert.key:/tmp/cert.key:ro + - /tmp/nginx-ssl/dhparams.pem:/tmp/dhparams.pem:ro + ports: + - 80:80 + - 443:443 diff --git a/tests/nginx.conf b/tests/nginx.conf index 9ce12fd..afc1556 100644 --- a/tests/nginx.conf +++ b/tests/nginx.conf @@ -49,18 +49,13 @@ http { ####################################################### server { listen 80 default_server; - listen 443 http2 ssl; + listen 443 ssl; + http2 on; server_name _ ""; access_log /dev/fd/1; location = /nginx_status { stub_status on; } - - location = /phpfpm_status { - include /usr/local/nginx/conf/fastcgi_params; - fastcgi_pass php:9000; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } } } diff --git a/tests/test.sh b/tests/test.sh index 52693d3..ddd7452 100755 --- a/tests/test.sh +++ b/tests/test.sh @@ -2,45 +2,36 @@ set -e -if [ x"$DEBUG" = xtrue ]; then - set -x -fi - # shellcheck disable=SC2039 -trap _catch_err ERR -trap _cleanup EXIT +trap catch_err ERR +trap cleanup EXIT -ALPINE_VERSION="alpine:3.19" +TMP_DIR=$(mkdir /tmp/nginx-ssl && echo /tmp/nginx-ssl) LOCAL_DIR="$(cd "$(dirname "$0")" ; pwd -P)" -# shellcheck disable=SC1090 -. "$LOCAL_DIR"/../conf.env -TMP_DIR=$(mktemp -d) - -_catch_err() +catch_err() { echo "Test FAILED" } -_cleanup() +cleanup() { echo "Cleaning up..." - docker rm -f "${NGINX_VERSION}"_test > /dev/null 2>&1 - docker rm -f "${NGINX_VERSION}"_requester > /dev/null 2>&1 - docker rm -f php > /dev/null 2>&1 + docker compose down rm -rf "$TMP_DIR" + popd > /dev/null } -_setup_crypto_stuff() +setup_crypto() { echo "Generating SSL files..." - openssl dhparam -out "$TMP_DIR"/dhparams.pem 1024 > /dev/null 2>&1 + openssl dhparam -out "$TMP_DIR"/dhparams.pem 2048 > /dev/null 2>&1 openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ -subj "/C=ES/ST=Madrid/L=Madrid/O=dcarrillo/CN=localhost" \ -keyout "$TMP_DIR"/cert.key -out "$TMP_DIR"/cert.pem > /dev/null 2>&1 } -_check_status_code() +check_status_code() { if [ "$1" != 200 ]; then printf "Test failed, status code %s is not 200\n" "$STATUS_CODE" @@ -50,39 +41,19 @@ _check_status_code() fi } -_setup_crypto_stuff +setup_crypto +pushd "$LOCAL_DIR" > /dev/null +ln -s ../conf.env .env &>/dev/null || true +docker compose up --build --detach -echo "Preparing php" -docker run --name php --rm -d php:fpm-alpine > /dev/null -docker exec -i php sh -c "echo 'pm.status_path = /phpfpm_status' \ - >> /usr/local/etc/php-fpm.d/www.conf \ - && kill -USR2 1" - -echo "Running container to be tested..." -docker run --name "${NGINX_VERSION}"_test --rm --link php \ - -v "$LOCAL_DIR"/nginx.conf:/usr/local/nginx/conf/nginx.conf:ro \ - -v "$TMP_DIR"/cert.pem:/tmp/cert.pem:ro \ - -v "$TMP_DIR"/cert.key:/tmp/cert.key:ro \ - -v "$TMP_DIR"/dhparams.pem:/tmp/dhparams.pem:ro \ - -d "${DOCKER_IMAGE}":"${NGINX_VERSION}" > /dev/null - -echo "Preparing requester container..." -docker run --name "${NGINX_VERSION}"_requester --rm --link "${NGINX_VERSION}"_test \ - -i -d $ALPINE_VERSION sh > /dev/null -exec_docker="docker exec -i ${NGINX_VERSION}_requester" -$exec_docker apk add curl > /dev/null - -## Test 1-4 http/https/fastcgipass requests=" -http://${NGINX_VERSION}_test/nginx_status -https://${NGINX_VERSION}_test/nginx_status -http://${NGINX_VERSION}_test/phpfpm_status -https://${NGINX_VERSION}_test/phpfpm_status +http://localhost/nginx_status +https://localhost/nginx_status " for request in $requests; do printf "\nRequesting %s\n" "$request" - STATUS_CODE=$($exec_docker curl -s -k -m 5 -o /dev/null -w "%{http_code}" "$request") - _check_status_code "$STATUS_CODE" + STATUS_CODE=$(curl -s -k -m 5 -o /dev/null -w "%{http_code}" "$request") + check_status_code "$STATUS_CODE" done echo "All tests succeeded !"