diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..d36341f --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,127 @@ +name: Build and Draft Release + +on: + push: + tags: + - "*" + +env: + REGISTRY_IMAGE: ghcr.io/proofrock/fileconduit + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - name: Create Draft Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.TOKEN }} + with: + body: _replace_me_ + tag_name: ${{ github.ref_name }} + release_name: Version ${{ github.ref_name }} + draft: true + prerelease: false + - name: Checkout + uses: actions/checkout@v4 + - name: Release Python Client + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: fcuploader.py + asset_name: fcuploader.py + asset_content_type: text/x-python + + # https://docs.docker.com/build/ci/github-actions/multi-platform/ + + build-docker: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm/v7 + - linux/arm64 + steps: + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout + uses: actions/checkout@v4 + - name: Modify fileconduit + run: sed -i 's/v0\.0\.0/${{ github.ref_name }}/g' main.go + working-directory: src/ + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + # - name: Set up QEMU + # uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Github Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.TOKEN }} + - name: Build and push by digest + id: build + uses: docker/build-push-action@v5 + with: + context: . + platforms: ${{ matrix.platform }} + labels: ${{ steps.meta.outputs.labels }} + outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge-docker: + runs-on: ubuntu-latest + needs: + - build-docker + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + - name: Login to Github Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.TOKEN }} + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} diff --git a/README.md b/README.md index 79eb693..d408eeb 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# fileconduit v0.3.1 +# fileconduit v0.3.2 `fileconduit` is a client/server application that aids to transfer files securely between two systems that access the internet but don't access each other. @@ -15,7 +15,7 @@ This will print a secure link to download the file from, using a browser or `cur `fileconduit` **transfers single files**: you can upload several files concurrently, with repeated `fcuploader.py` executions. One download is possible for each, and the fcuploader script will exit after successful download. -# Quickstart/demo +## Quickstart/demo For a quick test of how it works, you can run it locally. Prerequisites are `docker` and `python` v3, a file to upload, nothing else. @@ -23,7 +23,7 @@ upload, nothing else. Run the server: ```bash -docker run --rm -p 8080:8080 -e FILECONDUIT_SECRET_HASHES=652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0 germanorizzo/fileconduit:latest +docker run --rm -p 8080:8080 -e FILECONDUIT_SECRET_HASHES=652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0 ghcr.io/proofrock/fileconduit:latest ``` Then download `fcuploader.py` from this repository and run it in another console: @@ -34,12 +34,12 @@ python3 fcuploader.py myfile.bin And follow the instructions to download the file. -# Installation/usage +## Installation/usage This section expands on the previous, to explain how to set up `fileconduit` in a proper architecture. It assumes a certain familiarity with `docker`, we won't explain all the concepts involved. -## Server +### Server It's a Go application but it's tailor-made to be configured and installed via Docker. @@ -53,15 +53,15 @@ SHA256 using for example [this site](https://emn178.github.io/online-tools/sha25 > You can generate several hashes, and specify them as a comma-separated list. ```bash -docker run --name fileconduit -p 8080:8080 -e FILECONDUIT_SECRET_HASHES=,...]> germanorizzo/fileconduit:latest +docker run --name fileconduit -p 8080:8080 -e FILECONDUIT_SECRET_HASHES=,...]> ghcr.io/proofrock/fileconduit:latest ``` Or, via docker compose: -``` +```yaml services: fileconduit: - image: germanorizzo/fileconduit:latest + image: ghcr.io/proofrock/fileconduit:latest container_name: fileconduit environment: - FILECONDUIT_SECRET_HASHES=,...]> @@ -72,17 +72,17 @@ services: > This will expose it on port 8080; if installing with a reverse proxy, you may want to set up a docker network. You can > set `internal: true` on it, `fileconduit` doesn't need to access any other system other than the reverse proxy. -### Example: using `caddy` as a reverse proxy +#### Example: using `caddy` as a reverse proxy This is an excerpt of a `caddyfile`: -``` +```caddyfile conduit.example.com { reverse_proxy localhost:8080 } ``` -## Upload client +### Upload client Download the file `upload.py` from this repository. @@ -98,8 +98,8 @@ python3 fcuploader.py myfile.bin This will output a link with the instructions to download. The link is unique and, while public, it's quite difficult to guess. -``` -== fileconduit v0.3.1 == +```text +== fileconduit v0.3.2 == All set up! Download your file using: - a browser, from https://conduit.example.com/dl/I5zeoJIId1d10FAvnsJrp4q6I2f2F3v7j - a shell, with $> curl -OJ https://conduit.example.com/dl/I5zeoJIId1d10FAvnsJrp4q6I2f2F3v7j @@ -107,9 +107,9 @@ All set up! Download your file using: After a client initiates a download and the fcuploader sends all the data, the fcuploader script will exit. -# Building the server +## Building the server -In the root dir of this repository, use `docker buildx build . -t fileconduit:v0.3.1`. This will generate a docker image -tagged as `fileconduit:v0.3.1`. +In the root dir of this repository, use `docker buildx build . -t fileconduit:v0.3.2`. This will generate a docker image +tagged as `fileconduit:v0.3.2`. `docker` and `docker buildx` must be properly installed and available. diff --git a/fcuploader.py b/fcuploader.py index 67b28c9..3af9e1c 100644 --- a/fcuploader.py +++ b/fcuploader.py @@ -103,7 +103,7 @@ def upload_file(filepath): if __name__ == "__main__": import sys - print("== fileconduit v0.3.1 ==") + print("== fileconduit v0.3.2 ==") if len(sys.argv) < 2: print("Usage: python fcuploader.py ") diff --git a/src/main.go b/src/main.go index d371904..37f3da0 100644 --- a/src/main.go +++ b/src/main.go @@ -24,7 +24,7 @@ func main() { fmt.Println(" / __(_) /__ _________ ____ ____/ /_ __(_) /_") fmt.Println(" / /_/ / / _ \\/ ___/ __ \\/ __ \\/ __ / / / / / __/") fmt.Println(" / __/ / / __/ /__/ /_/ / / / / /_/ / /_/ / / /_ ") - fmt.Println("/_/ /_/_/\\___/\\___/\\____/_/ /_/\\__,_/\\__,_/_/\\__/ v0.3.1") + fmt.Println("/_/ /_/_/\\___/\\___/\\____/_/ /_/\\__,_/\\__,_/_/\\__/ v0.0.0") fmt.Println() env := os.Getenv("FILECONDUIT_SECRET_HASHES")