Initial import

Author: dvershinin

.github/workflows/main.yml

@@ -0,0 +1,160 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - main
+      - master
+    paths-ignore:
+      - '**/README.md'
+    tags:
+      - '*'
+  schedule:
+    - cron: '0 3 * * 1'
+  workflow_dispatch:
+    inputs:
+      push:
+        description: 'Push image to Docker Hub'
+        type: boolean
+        default: false
+
+jobs:
+
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Inject slug/short variables
+        uses: rlespinasse/[email protected]
+
+      - name: Get curl version
+        id: curlver
+        uses: dvershinin/[email protected]
+        with:
+          repository: 'https://github.com/curl/curl'
+          output_format: 'version'
+
+      - name: Resolve tags
+        run: |
+          set -euo pipefail
+          CURL_VERSION="${{ steps.curlver.outputs.last_version }}"
+          CURL_TAG="curl-${CURL_VERSION//./_}"
+          # determine latest quiche semver tag (v-prefixed or plain), choose highest
+          QUICHE_VERSION="$(
+            git ls-remote --tags https://github.com/cloudflare/quiche \
+              | awk -F'refs/tags/' '/refs\/tags\/v?[0-9]+\.[0-9]+\.[0-9]+(\^\{\})?$/ {gsub(/\^\{\}/,"",$2); gsub(/^v/,"",$2); print $2}' \
+              | sort -V | tail -n1
+          )"
+          if git ls-remote --tags https://github.com/cloudflare/quiche "refs/tags/v${QUICHE_VERSION}" | grep -q "refs/tags/v${QUICHE_VERSION}$"; then
+            QUICHE_REF="v${QUICHE_VERSION}"
+          else
+            QUICHE_REF="${QUICHE_VERSION}"
+          fi
+          echo "CURL_VERSION=${CURL_VERSION}" >> $GITHUB_ENV
+          echo "IMAGE_TAG=${CURL_VERSION}" >> $GITHUB_ENV
+          echo "CURL_TAG=${CURL_TAG}" >> $GITHUB_ENV
+          echo "QUICHE_REF=${QUICHE_REF}" >> $GITHUB_ENV
+
+      - name: Prepare sources (git shallow clone + tar)
+        run: |
+          set -euo pipefail
+          rm -rf src _dl
+          mkdir -p src _dl
+          git clone --depth 1 --branch "${CURL_TAG}" https://github.com/curl/curl src/curl-src
+          git clone --filter=blob:none --recurse-submodules --shallow-submodules https://github.com/cloudflare/quiche src/quiche-src
+          git -C src/quiche-src fetch --tags --depth 1 origin "refs/tags/${QUICHE_REF}:refs/tags/${QUICHE_REF}"
+          git -C src/quiche-src checkout -q "refs/tags/${QUICHE_REF}"
+          git -C src/quiche-src submodule update --init --recursive --depth 1
+          tar -czf _dl/curl.tar.gz -C src curl-src
+          tar -czf _dl/quiche.tar.gz -C src quiche-src
+          curl -fL "https://raw.githubusercontent.com/b4b4r07/httpstat/master/httpstat.sh" -o _dl/httpstat.sh
+
+      - name: Login to Docker Hub
+        if: inputs.push == true || github.event_name == 'push' || github.event_name == 'schedule'
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up QEMU
+        if: github.event_name == 'schedule'
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/arm64
+
+      - name: Set up Docker Buildx
+        if: inputs.push == true || github.event_name == 'push' || github.event_name == 'schedule'
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build (no push) via docker build (act)
+        if: inputs.push != true && github.event_name != 'push' && env.ACT == 'true'
+        run: |
+          DOCKER_BUILDKIT=1 docker build --platform linux/amd64 --load \
+            -t curl-edge:${IMAGE_TAG} -t curl-edge:latest .
+
+      - name: Build (no push)
+        if: inputs.push != true && github.event_name != 'push' && github.event_name != 'schedule' && env.ACT != 'true'
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: false
+          platforms: linux/amd64
+          load: true
+          tags: |
+            curl-edge:${{ env.IMAGE_TAG }}
+            curl-edge:latest
+
+      - name: Test curl -V
+        if: inputs.push != true && github.event_name != 'push'
+        run: docker run --rm curl-edge:${IMAGE_TAG} -V
+
+      - name: Test HTTP/3 to Cloudflare
+        if: inputs.push != true && github.event_name != 'push'
+        run: |
+          docker run --rm --network host curl-edge:${IMAGE_TAG} \
+            -I --http3 https://cloudflare-quic.com/ || \
+          docker run --rm --network host curl-edge:${IMAGE_TAG} \
+            -I --http3 https://www.cloudflare.com/ --connect-timeout 10 || true
+
+      - name: Test httpstat script
+        if: inputs.push != true && github.event_name != 'push'
+        run: |
+          docker run --rm --network host curl-edge:${IMAGE_TAG} \
+            /opt/httpstat.sh -I --http3 https://cloudflare-quic.com/ || true
+
+      - name: Build and push (push/dispatch, amd64 only)
+        if: inputs.push == true || github.event_name == 'push'
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: |
+            getpagespeed/curl-edge:amd64-${{ env.IMAGE_TAG }}
+            getpagespeed/curl-edge:latest-amd64
+
+      - name: Build and push (nightly, arm64 only)
+        if: github.event_name == 'schedule'
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          platforms: linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: |
+            getpagespeed/curl-edge:arm64-${{ env.IMAGE_TAG }}
+            getpagespeed/curl-edge:latest-arm64
+
+      - name: Create multi-arch manifest (nightly)
+        if: github.event_name == 'schedule'
+        run: |
+          docker buildx imagetools create \
+            -t getpagespeed/curl-edge:${IMAGE_TAG} \
+            -t getpagespeed/curl-edge:latest \
+            getpagespeed/curl-edge:amd64-${IMAGE_TAG} \
+            getpagespeed/curl-edge:arm64-${IMAGE_TAG}

Dockerfile

@@ -0,0 +1,42 @@
+FROM alpine:edge AS builder
+
+LABEL maintainer="Danila Vershinin <[email protected]>"
+
+WORKDIR /opt
+
+RUN apk add --no-cache build-base git autoconf libpsl-dev libtool cmake go curl nghttp2-dev zlib-dev automake rustup clang lld ninja pkgconf python3 linux-headers && rustup-init -y -q
+
+# Prefer clang toolchain for BoringSSL/quiche on all arches (including arm64)
+ENV CC=clang
+ENV CXX=g++
+
+COPY _dl/quiche.tar.gz /opt/quiche.tar.gz
+COPY _dl/curl.tar.gz /opt/curl.tar.gz
+
+RUN mkdir -p /opt/quiche-src && \
+    tar -xzf /opt/quiche.tar.gz -C /opt/quiche-src --strip-components=1 && \
+    rm /opt/quiche.tar.gz
+RUN cd /opt/quiche-src && \
+    RUST_BACKTRACE=1 PATH="$HOME/.cargo/bin:$PATH" cargo build -vv --package quiche --release --features ffi,pkg-config-meta,qlog --jobs $(nproc) && \
+    mkdir -p quiche/deps/boringssl/src/lib && \
+    ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/
+
+RUN mkdir -p /opt/curl-src && \
+    tar -xzf /opt/curl.tar.gz -C /opt/curl-src --strip-components=1 && \
+    rm /opt/curl.tar.gz
+RUN cd /opt/curl-src && \
+    autoreconf -fi && \
+    ./configure LDFLAGS="-Wl,-rpath,/opt/quiche-src/target/release" --with-openssl=/opt/quiche-src/quiche/deps/boringssl/src --with-quiche=/opt/quiche-src/target/release --with-nghttp2 --with-zlib && \
+    make -j $(nproc) && \
+    make DESTDIR="/curl/" install
+
+FROM alpine:edge
+RUN apk add --no-cache nghttp2 zlib libpsl bash perl ca-certificates
+COPY --from=builder /curl/usr/local/ /usr/local/
+
+WORKDIR /opt
+# add httpstat script
+COPY _dl/httpstat.sh /opt/httpstat.sh
+RUN chmod +x /opt/httpstat.sh
+
+ENTRYPOINT ["curl"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 yurymuski
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,57 @@
+# curl-edge
+[![](https://img.shields.io/docker/pulls/getpagespeed/curl-edge?style=flat-square)](https://hub.docker.com/r/getpagespeed/curl-edge)
+
+Bleeding‑edge Docker image of `curl` with `BoringSSL` and `quiche` (HTTP/3), plus `httpstat` for visualization.
+
+Link for [curl + http3 manual](https://github.com/curl/curl/blob/master/docs/HTTP3.md#quiche-version)
+
+## Usage
+
+`docker run -it --rm getpagespeed/curl-edge -V`
+```
+curl 8.1.2-DEV (x86_64-pc-linux-gnu) libcurl/8.1.2-DEV BoringSSL quiche/0.17.2
+Release-Date: [unreleased]
+Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
+Features: alt-svc AsynchDNS HSTS HTTP3 HTTPS-proxy IPv6 Largefile NTLM NTLM_WB SSL threadsafe UnixSockets
+```
+
+
+`docker run -it --rm getpagespeed/curl-edge -IL https://blog.cloudflare.com --http3`
+
+`docker run -it --rm getpagespeed/curl-edge -IL https://yurets.pro --http3`
+
+```
+
+HTTP/3 200
+date: Sun, 28 May 2023 19:03:00 GMT
+content-type: text/html
+last-modified: Sun, 26 Sep 2021 16:14:14 GMT
+strict-transport-security: max-age=15552000; includeSubDomains; preload
+cf-cache-status: DYNAMIC
+report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ahatt6rf%2FLHIouteXEJEQ3KOBYsfdCSbpsCotGOuaWESHJYJBrd4E6yRbUhFiLuQQ%2BsNmRujvr2A48QTpUa5BbI5iHWBNVVOCdpPaDdqqZkEh%2BQxKssoggYjY4Q"}],"group":"cf-nel","max_age":604800}
+nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
+x-content-type-options: nosniff
+server: cloudflare
+cf-ray: 7ce8c1510e3295a6-TBS
+alt-svc: h3=":443"; ma=86400
+
+```
+
+### httpstat support
+
+`docker run -it --rm getpagespeed/curl-edge ./httpstat.sh -ILv https://blog.cloudflare.com --http3`
+
+`docker run -it --rm getpagespeed/curl-edge ./httpstat.sh -ILv https://yurets.pro --http3`
+
+![](httpstat.png?raw=true "HTTPSTAT H3")
+
+
+## Build
+
+```
+docker buildx build --platform linux/amd64  -t getpagespeed/curl-edge:latest -t getpagespeed/curl-edge:8.1.2 . --push
+
+# quiche fails to compile for arm
+docker buildx build --platform linux/arm,linux/arm64,linux/amd64  -t getpagespeed/curl-edge:latest -t getpagespeed/curl-edge:8.1.2 . --push
+
+```