Separate local-ca from acme container

alexlovelltroy · alexlovelltroy · commit c9c4e67bd634 · 2024-04-22T17:33:17.000-04:00
diff --git a/.github/workflows/build_containers.yml b/.github/workflows/build_containers.yml
@@ -8,7 +8,7 @@ permissions:
   packages: write
   contents: read
 jobs:
-  build:
+  build-local-ca:
     runs-on: ubuntu-latest
     steps:
       - name: check out the repo
@@ -44,3 +44,40 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+  build-acmesh:
+    runs-on: ubuntu-latest
+    steps:
+        - name: check out the repo
+          uses: actions/checkout@v4
+        - name: Docker meta
+          id: meta
+          uses: docker/metadata-action@v5
+          with:
+            # list of Docker images to use as base name for tags
+            images: |
+              ghcr.io/openchami/acme.sh            
+            # generate Docker tags based on the following events/attributes
+            tags: |
+              type=schedule
+              type=ref,event=branch
+              type=ref,event=pr
+              type=semver,pattern=v{{version}}
+              type=semver,pattern=v{{major}}.{{minor}}
+              type=semver,pattern=v{{major}}
+              type=sha    
+        - name: setup Docker Buildx
+          uses: docker/setup-buildx-action@v3
+        - name: Login to github container repo
+          uses: docker/login-action@v3
+          with:
+            registry: ghcr.io
+            username: ${{ github.actor }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+        - name: Build and push
+          uses: docker/build-push-action@v5
+          with:
+            context: .
+            file: Dockerfile.acme
+            push: ${{ github.event_name != 'pull_request' }}
+            tags: ${{ steps.meta.outputs.tags }}
+            labels: ${{ steps.meta.outputs.labels }}
diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,13 @@
 FROM cgr.dev/chainguard/wolfi-base
 #install step dependencies
-RUN apk add --no-cache wget step step-ca bash acme.sh
+RUN apk add --no-cache wget step step-ca bash
 
 ENV CONFIGPATH="/home/step/config/ca.json"
 ENV PWDPATH="/home/step/secrets/password"
 ENV STEPPATH="/home/step"
 
 RUN mkdir /root_ca
-RUN mkdir /root/.acme.sh
+
 
 VOLUME ["/home/step", "/root-ca"]
 
diff --git a/Dockerfile.acme b/Dockerfile.acme
@@ -0,0 +1,7 @@
+FROM cgr.dev/chainguard/wolfi-base
+#install step dependencies
+RUN apk add --no-cache curl openssl acme.sh
+
+RUN mkdir /root/.acme.sh
+
+ENTRYPOINT [ "/usr/bin/acme.sh" ]
