Merge branch 'feat-build-prod-image' into develop

This commit is contained in:
Ronni Skansing
2025-10-24 18:42:15 +02:00
5 changed files with 166 additions and 0 deletions
+26
View File
@@ -10,6 +10,7 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
@@ -19,6 +20,13 @@ jobs:
- name: Set up Docker
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract version from tag
id: get_version
run: |
@@ -129,6 +137,24 @@ jobs:
--title "PhishingClub ${{ steps.get_version.outputs.TAG }}" \
--notes "${{ steps.get_release_notes.outputs.NOTES }}"
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.release
push: true
tags: |
ghcr.io/${{ github.repository }}:latest
ghcr.io/${{ github.repository }}:${{ steps.get_version.outputs.VERSION }}
ghcr.io/${{ github.repository }}:${{ steps.get_version.outputs.TAG }}
labels: |
org.opencontainers.image.title=PhishingClub
org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
org.opencontainers.image.version=${{ steps.get_version.outputs.VERSION }}
org.opencontainers.image.created=${{ github.event.head_commit.timestamp }}
org.opencontainers.image.revision=${{ github.sha }}
- name: Notify about release
run: |
curl -d "phishingclub version ${{ steps.get_version.outputs.VERSION }} has been released on GitHub" https://ntfy.sh/phishing_club_released
+27
View File
@@ -9,6 +9,9 @@ on:
jobs:
test-build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
@@ -18,6 +21,13 @@ jobs:
- name: Set up Docker
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract version info
id: get_version
run: |
@@ -100,6 +110,23 @@ jobs:
echo "✅ Package created without signature"
fi
- name: Build and push test Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.release
push: true
tags: |
ghcr.io/${{ github.repository }}:test-${{ steps.get_version.outputs.HASH }}
ghcr.io/${{ github.repository }}:test-latest
labels: |
org.opencontainers.image.title=PhishingClub-Test
org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
org.opencontainers.image.version=${{ steps.get_version.outputs.VERSION }}
org.opencontainers.image.created=${{ github.event.head_commit.timestamp }}
org.opencontainers.image.revision=${{ github.sha }}
- name: Verify build artifacts
run: |
echo "=== Build Summary ==="
+57
View File
@@ -0,0 +1,57 @@
# production dockerfile for release builds
FROM debian:12-slim
# install ca-certificates for https requests
RUN apt-get update && \
apt-get install -y ca-certificates tzdata && \
rm -rf /var/lib/apt/lists/*
# create non-root user
RUN groupadd -g 1000 appuser && \
useradd -r -u 1000 -g appuser appuser
# create app and data directories
WORKDIR /app
RUN mkdir -p /app/data && \
mkdir -p /app/config
# copy the binary from build context
COPY build/phishingclub /app/phishingclub
# copy docker-friendly config
COPY config.docker.json /app/config.docker.json
# create entrypoint script
RUN cat > /app/entrypoint.sh << 'EOF'
#!/bin/sh
# check if config exists, if not use docker-friendly default
if [ ! -f /app/config/config.json ]; then
echo "🔧 No config found, using Docker-friendly default (non-privileged ports)..."
cp /app/config.docker.json /app/config/config.json
echo "✅ Docker config copied to /app/config/config.json"
echo "💡 You can mount your own config at /app/config/config.json to override"
fi
# start the application
exec /app/phishingclub --config /app/config/config.json --files /app/data "$@"
EOF
# make scripts executable
RUN chmod +x /app/phishingclub && \
chmod +x /app/entrypoint.sh
# change ownership to appuser
RUN chown -R appuser:appuser /app
# switch to non-root user
USER appuser
# expose ports (using non-privileged ports by default)
EXPOSE 8080 8443 8000
# create volumes for config and data
VOLUME ["/app/config", "/app/data"]
# use entrypoint script
ENTRYPOINT ["/app/entrypoint.sh"]
+30
View File
@@ -0,0 +1,30 @@
{
"acme": {
"email": ""
},
"administration": {
"tls_host": "localhost",
"tls_auto": false,
"tls_cert_path": "/app/data/certs/admin/public.pem",
"tls_key_path": "/app/data/certs/admin/private.pem",
"address": "0.0.0.0:8000",
"ip_allow_list": []
},
"phishing": {
"http": "0.0.0.0:8080",
"https": "0.0.0.0:8443"
},
"database": {
"engine": "sqlite3",
"dsn": "file:/app/data/db.sqlite3"
},
"log": {
"path": "",
"errorPath": ""
},
"ip_security": {
"admin_allowed": [],
"trusted_proxies": [],
"trusted_ip_header": ""
}
}
+26
View File
@@ -0,0 +1,26 @@
# PhishingClub Production Docker Compose
version: "3.8"
services:
phishingclub:
image: ghcr.io/phishingclub/phishingclub:latest
container_name: phishingclub
restart: unless-stopped
# Mount config and data directories
volumes:
- ./config:/app/config
- ./data:/app/data
ports:
- "80:8080" # HTTP phishing server
- "443:8443" # HTTPS phishing server
- "8000:8000" # Admin interface
networks:
- phishingclub
networks:
phishingclub:
driver: bridge