mirror of
https://github.com/phishingclub/phishingclub.git
synced 2026-07-16 16:57:25 +02:00
Merge branch 'feat-build-prod-image' into develop
This commit is contained in:
@@ -10,6 +10,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
packages: write
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
@@ -19,6 +20,13 @@ jobs:
|
||||
- name: Set up Docker
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Log in to GitHub Container Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Extract version from tag
|
||||
id: get_version
|
||||
run: |
|
||||
@@ -129,6 +137,24 @@ jobs:
|
||||
--title "PhishingClub ${{ steps.get_version.outputs.TAG }}" \
|
||||
--notes "${{ steps.get_release_notes.outputs.NOTES }}"
|
||||
|
||||
- name: Build and push Docker image
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile.release
|
||||
push: true
|
||||
tags: |
|
||||
ghcr.io/${{ github.repository }}:latest
|
||||
ghcr.io/${{ github.repository }}:${{ steps.get_version.outputs.VERSION }}
|
||||
ghcr.io/${{ github.repository }}:${{ steps.get_version.outputs.TAG }}
|
||||
labels: |
|
||||
org.opencontainers.image.title=PhishingClub
|
||||
org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}
|
||||
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
|
||||
org.opencontainers.image.version=${{ steps.get_version.outputs.VERSION }}
|
||||
org.opencontainers.image.created=${{ github.event.head_commit.timestamp }}
|
||||
org.opencontainers.image.revision=${{ github.sha }}
|
||||
|
||||
- name: Notify about release
|
||||
run: |
|
||||
curl -d "phishingclub version ${{ steps.get_version.outputs.VERSION }} has been released on GitHub" https://ntfy.sh/phishing_club_released
|
||||
|
||||
@@ -9,6 +9,9 @@ on:
|
||||
jobs:
|
||||
test-build:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
@@ -18,6 +21,13 @@ jobs:
|
||||
- name: Set up Docker
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Log in to GitHub Container Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Extract version info
|
||||
id: get_version
|
||||
run: |
|
||||
@@ -100,6 +110,23 @@ jobs:
|
||||
echo "✅ Package created without signature"
|
||||
fi
|
||||
|
||||
- name: Build and push test Docker image
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile.release
|
||||
push: true
|
||||
tags: |
|
||||
ghcr.io/${{ github.repository }}:test-${{ steps.get_version.outputs.HASH }}
|
||||
ghcr.io/${{ github.repository }}:test-latest
|
||||
labels: |
|
||||
org.opencontainers.image.title=PhishingClub-Test
|
||||
org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}
|
||||
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
|
||||
org.opencontainers.image.version=${{ steps.get_version.outputs.VERSION }}
|
||||
org.opencontainers.image.created=${{ github.event.head_commit.timestamp }}
|
||||
org.opencontainers.image.revision=${{ github.sha }}
|
||||
|
||||
- name: Verify build artifacts
|
||||
run: |
|
||||
echo "=== Build Summary ==="
|
||||
|
||||
@@ -0,0 +1,57 @@
|
||||
# production dockerfile for release builds
|
||||
FROM debian:12-slim
|
||||
|
||||
# install ca-certificates for https requests
|
||||
RUN apt-get update && \
|
||||
apt-get install -y ca-certificates tzdata && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# create non-root user
|
||||
RUN groupadd -g 1000 appuser && \
|
||||
useradd -r -u 1000 -g appuser appuser
|
||||
|
||||
# create app and data directories
|
||||
WORKDIR /app
|
||||
RUN mkdir -p /app/data && \
|
||||
mkdir -p /app/config
|
||||
|
||||
# copy the binary from build context
|
||||
COPY build/phishingclub /app/phishingclub
|
||||
|
||||
# copy docker-friendly config
|
||||
COPY config.docker.json /app/config.docker.json
|
||||
|
||||
# create entrypoint script
|
||||
RUN cat > /app/entrypoint.sh << 'EOF'
|
||||
#!/bin/sh
|
||||
|
||||
# check if config exists, if not use docker-friendly default
|
||||
if [ ! -f /app/config/config.json ]; then
|
||||
echo "🔧 No config found, using Docker-friendly default (non-privileged ports)..."
|
||||
cp /app/config.docker.json /app/config/config.json
|
||||
echo "✅ Docker config copied to /app/config/config.json"
|
||||
echo "💡 You can mount your own config at /app/config/config.json to override"
|
||||
fi
|
||||
|
||||
# start the application
|
||||
exec /app/phishingclub --config /app/config/config.json --files /app/data "$@"
|
||||
EOF
|
||||
|
||||
# make scripts executable
|
||||
RUN chmod +x /app/phishingclub && \
|
||||
chmod +x /app/entrypoint.sh
|
||||
|
||||
# change ownership to appuser
|
||||
RUN chown -R appuser:appuser /app
|
||||
|
||||
# switch to non-root user
|
||||
USER appuser
|
||||
|
||||
# expose ports (using non-privileged ports by default)
|
||||
EXPOSE 8080 8443 8000
|
||||
|
||||
# create volumes for config and data
|
||||
VOLUME ["/app/config", "/app/data"]
|
||||
|
||||
# use entrypoint script
|
||||
ENTRYPOINT ["/app/entrypoint.sh"]
|
||||
@@ -0,0 +1,30 @@
|
||||
{
|
||||
"acme": {
|
||||
"email": ""
|
||||
},
|
||||
"administration": {
|
||||
"tls_host": "localhost",
|
||||
"tls_auto": false,
|
||||
"tls_cert_path": "/app/data/certs/admin/public.pem",
|
||||
"tls_key_path": "/app/data/certs/admin/private.pem",
|
||||
"address": "0.0.0.0:8000",
|
||||
"ip_allow_list": []
|
||||
},
|
||||
"phishing": {
|
||||
"http": "0.0.0.0:8080",
|
||||
"https": "0.0.0.0:8443"
|
||||
},
|
||||
"database": {
|
||||
"engine": "sqlite3",
|
||||
"dsn": "file:/app/data/db.sqlite3"
|
||||
},
|
||||
"log": {
|
||||
"path": "",
|
||||
"errorPath": ""
|
||||
},
|
||||
"ip_security": {
|
||||
"admin_allowed": [],
|
||||
"trusted_proxies": [],
|
||||
"trusted_ip_header": ""
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
# PhishingClub Production Docker Compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
phishingclub:
|
||||
image: ghcr.io/phishingclub/phishingclub:latest
|
||||
|
||||
container_name: phishingclub
|
||||
restart: unless-stopped
|
||||
|
||||
# Mount config and data directories
|
||||
volumes:
|
||||
- ./config:/app/config
|
||||
- ./data:/app/data
|
||||
|
||||
ports:
|
||||
- "80:8080" # HTTP phishing server
|
||||
- "443:8443" # HTTPS phishing server
|
||||
- "8000:8000" # Admin interface
|
||||
|
||||
networks:
|
||||
- phishingclub
|
||||
|
||||
networks:
|
||||
phishingclub:
|
||||
driver: bridge
|
||||
Reference in New Issue
Block a user