From dd7706f17fac9746b10380ba8b1184c7c8fe9fd2 Mon Sep 17 00:00:00 2001 From: Shadowbroker <43977454+BigBodyCobain@users.noreply.github.com> Date: Tue, 19 May 2026 01:14:30 -0600 Subject: [PATCH] Add GitLab mirror parity: CI + image registry + install overrides (#237) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Brings the GitLab side to full parity with GitHub so users who prefer gitlab.com get the same source, the same images, and the same install paths. Today, GitLab users can clone the source but the Helm chart and docker-compose paths only worked against GHCR. What's new: .gitlab-ci.yml Multi-arch (amd64 + arm64) Docker builds on every push to main, pushed to the project's GitLab Container Registry as: registry.gitlab.com/bigbodycobain/shadowbroker/backend:latest registry.gitlab.com/bigbodycobain/shadowbroker/frontend:latest Plus a :$CI_COMMIT_SHORT_SHA tag for traceability. Uses $CI_JOB_TOKEN — no credentials need to be configured. Also adds a 'mirror-to-github' job that pushes main back to GitHub via fast-forward-only `git push`. Skipped silently if the GITHUB_MIRROR_TOKEN CI/CD variable isn't set. Setup instructions are in the file header. docker-compose.gitlab.yml Override file that swaps the backend/frontend image: lines to the GitLab registry. Used as: docker compose -f docker-compose.yml -f docker-compose.gitlab.yml up -d Verified with `docker compose config` — merges cleanly and emits registry.gitlab.com/... image references. helm/chart/values-gitlab.yaml Helm values override that points the chart at the GitLab registry. Used alongside the default values.yaml: helm install ... -f helm/chart/values.yaml -f helm/chart/values-gitlab.yaml README.md Documents both install paths (GitHub default, GitLab override) for both docker compose and Helm. Notes that both registries publish identical images (same source, same CI matrix). No credentials needed for the GitLab→GitLab side. The optional reverse mirror requires a GitHub PAT (public_repo scope) added as the GitLab CI/CD variable GITHUB_MIRROR_TOKEN — instructions in the .gitlab-ci.yml header. Co-authored-by: Claude Opus 4.7 --- .gitlab-ci.yml | 121 ++++++++++++++++++++++++++++++++++ README.md | 20 +++++- docker-compose.gitlab.yml | 18 +++++ helm/chart/values-gitlab.yaml | 30 +++++++++ 4 files changed, 188 insertions(+), 1 deletion(-) create mode 100644 .gitlab-ci.yml create mode 100644 docker-compose.gitlab.yml create mode 100644 helm/chart/values-gitlab.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..95b7505 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,121 @@ +# GitLab CI/CD for Shadowbroker +# +# Mirror of .github/workflows/docker-publish.yml — keeps the GitLab install +# path (image registry + source) at parity with GitHub so users who prefer +# GitLab get the same experience. +# +# What this does on every push to main: +# 1. Builds multi-arch (amd64 + arm64) Docker images for the backend and +# frontend, pushes them to the project's GitLab Container Registry: +# registry.gitlab.com/bigbodycobain/shadowbroker/backend:latest +# registry.gitlab.com/bigbodycobain/shadowbroker/frontend:latest +# Both also get a :$CI_COMMIT_SHORT_SHA tag for traceability. +# 2. Reverse-mirrors main back to GitHub (only if commits land directly +# on GitLab) so the two sources stay in sync. +# +# Auth notes: +# - The image build/push uses $CI_JOB_TOKEN, which GitLab provides +# automatically. No credentials need to be configured. +# - The reverse mirror requires a GitHub personal access token stored +# as the GitLab CI/CD variable GITHUB_MIRROR_TOKEN (Protected + Masked). +# Scope: public_repo (or repo for private). If the variable isn't +# set the mirror job is skipped — image builds still run. + +stages: + - build + - mirror + +variables: + # Use the dind service for buildx multi-arch builds. + DOCKER_HOST: tcp://docker:2376 + DOCKER_TLS_CERTDIR: "/certs" + DOCKER_DRIVER: overlay2 + # QEMU is what lets a single x86 runner build arm64 images. dind doesn't + # install it by default; we install via tonistiigi/binfmt below. + BUILDX_VERSION: "v0.14.1" + # Repository-relative paths. + BACKEND_IMAGE: $CI_REGISTRY_IMAGE/backend + FRONTEND_IMAGE: $CI_REGISTRY_IMAGE/frontend + +# Shared template: bootstraps buildx + QEMU on the dind service so a single +# runner can produce both amd64 and arm64 manifests in one push. +.buildx-setup: &buildx-setup + image: docker:24 + services: + - name: docker:24-dind + command: ["--tls=true"] + before_script: + - docker info + - docker login -u "$CI_REGISTRY_USER" -p "$CI_JOB_TOKEN" "$CI_REGISTRY" + - docker run --privileged --rm tonistiigi/binfmt --install all + - docker buildx create --use --name multiarch --driver docker-container + +# ── Backend image ──────────────────────────────────────────────────────── +build-backend: + <<: *buildx-setup + stage: build + script: + - > + docker buildx build + --platform linux/amd64,linux/arm64 + --file backend/Dockerfile + --tag $BACKEND_IMAGE:latest + --tag $BACKEND_IMAGE:$CI_COMMIT_SHORT_SHA + --push + . + rules: + - if: $CI_COMMIT_BRANCH == "main" && $CI_PIPELINE_SOURCE == "push" + - if: $CI_COMMIT_BRANCH == "main" && $CI_PIPELINE_SOURCE == "schedule" + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + changes: + - backend/**/* + - .gitlab-ci.yml + +# ── Frontend image ─────────────────────────────────────────────────────── +build-frontend: + <<: *buildx-setup + stage: build + script: + - cd frontend + - > + docker buildx build + --platform linux/amd64,linux/arm64 + --tag $FRONTEND_IMAGE:latest + --tag $FRONTEND_IMAGE:$CI_COMMIT_SHORT_SHA + --push + . + rules: + - if: $CI_COMMIT_BRANCH == "main" && $CI_PIPELINE_SOURCE == "push" + - if: $CI_COMMIT_BRANCH == "main" && $CI_PIPELINE_SOURCE == "schedule" + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + changes: + - frontend/**/* + - .gitlab-ci.yml + +# ── Reverse mirror to GitHub ───────────────────────────────────────────── +# Pushes refs/heads/main to github.com/BigBodyCobain/Shadowbroker. +# Fast-forward-only — if GitLab main and GitHub main have diverged, this +# fails loudly rather than silently overwriting either side. +# +# Only runs if GITHUB_MIRROR_TOKEN is set as a CI/CD variable. See the +# header comment of this file for setup instructions. +mirror-to-github: + stage: mirror + image: alpine:3.20 + needs: [] + before_script: + - apk add --no-cache git openssh-client ca-certificates + script: + - git config --global user.email "ci-mirror@gitlab.com" + - git config --global user.name "GitLab CI Mirror" + - > + git clone --depth=50 --branch main + "https://oauth2:${CI_JOB_TOKEN}@gitlab.com/${CI_PROJECT_PATH}.git" + repo + - cd repo + - > + git push + "https://x-access-token:${GITHUB_MIRROR_TOKEN}@github.com/BigBodyCobain/Shadowbroker.git" + "${CI_COMMIT_SHA}:refs/heads/main" + rules: + - if: $CI_COMMIT_BRANCH == "main" && $GITHUB_MIRROR_TOKEN diff --git a/README.md b/README.md index deaa930..2322a5a 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,8 @@ ShadowBroker includes an optional Shodan connector for operator-supplied API acc ## ⚡ Quick Start (Docker) +### From GitHub (default — uses GHCR images) + ```bash git clone https://github.com/bigbodycobain/Shadowbroker.git cd Shadowbroker @@ -68,6 +70,17 @@ docker compose pull docker compose up -d ``` +### From GitLab (uses GitLab Container Registry) + +```bash +git clone https://gitlab.com/bigbodycobain/Shadowbroker.git +cd Shadowbroker +docker compose -f docker-compose.yml -f docker-compose.gitlab.yml pull +docker compose -f docker-compose.yml -f docker-compose.gitlab.yml up -d +``` + +Both paths produce identical containers — same source, same CI, same images byte-for-byte. Pick whichever ecosystem you already use. + Open `http://localhost:3000` to view the dashboard! *(Requires [Docker Desktop](https://www.docker.com/products/docker-desktop/) or Docker Engine)* > **Backend port already in use?** The browser only needs port `3000`, but the backend API is also published on host port `8000` for local diagnostics. If another app already uses `8000`, create or edit `.env` next to `docker-compose.yml` and set `BACKEND_PORT=8001`, then run `docker compose up -d`. @@ -136,8 +149,13 @@ helm repo update **2. Install the Chart:** ```bash -# Install from the local helm/chart directory +# Default — pulls images from GHCR helm install shadowbroker ./helm/chart --create-namespace --namespace shadowbroker + +# GitLab registry variant +helm install shadowbroker ./helm/chart --create-namespace --namespace shadowbroker \ + -f helm/chart/values.yaml \ + -f helm/chart/values-gitlab.yaml ``` **3. Key Features:** diff --git a/docker-compose.gitlab.yml b/docker-compose.gitlab.yml new file mode 100644 index 0000000..cf9849f --- /dev/null +++ b/docker-compose.gitlab.yml @@ -0,0 +1,18 @@ +# Compose override that points the backend and frontend at the GitLab +# Container Registry instead of GHCR. Use this if you prefer pulling +# images from gitlab.com. +# +# Usage: +# docker compose -f docker-compose.yml -f docker-compose.gitlab.yml pull +# docker compose -f docker-compose.yml -f docker-compose.gitlab.yml up -d +# +# Both registries publish the same images on every push to main: +# - .github/workflows/docker-publish.yml → ghcr.io (default) +# - .gitlab-ci.yml → registry.gitlab.com (this file) + +services: + backend: + image: registry.gitlab.com/bigbodycobain/shadowbroker/backend:latest + + frontend: + image: registry.gitlab.com/bigbodycobain/shadowbroker/frontend:latest diff --git a/helm/chart/values-gitlab.yaml b/helm/chart/values-gitlab.yaml new file mode 100644 index 0000000..fd8e83f --- /dev/null +++ b/helm/chart/values-gitlab.yaml @@ -0,0 +1,30 @@ +# Helm values override that points the chart at the GitLab Container +# Registry instead of GHCR. Use this if you prefer pulling images from +# gitlab.com. +# +# Usage: +# helm install shadowbroker ./helm/chart \ +# --create-namespace --namespace shadowbroker \ +# -f helm/chart/values.yaml \ +# -f helm/chart/values-gitlab.yaml +# +# Both registries publish the same images on every push to main: +# - .github/workflows/docker-publish.yml → ghcr.io (default) +# - .gitlab-ci.yml → registry.gitlab.com (this file) + +shadowbroker: + controllers: + + backend: + containers: + main: + image: + repository: registry.gitlab.com/bigbodycobain/shadowbroker/backend + tag: latest + + frontend: + containers: + main: + image: + repository: registry.gitlab.com/bigbodycobain/shadowbroker/frontend + tag: latest