building feos-nginx package

Author: MalteJ

.github/workflows/nginx-container.yaml

@@ -0,0 +1,103 @@
+name: FeOS Nginx Container
+
+on:
+  push:
+    branches:
+      - master
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+
+jobs:
+  build_nginx_container:
+    permissions:
+      contents: read
+      packages: write
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout Code
+      uses: actions/checkout@v4
+
+    - uses: docker/metadata-action@v5
+      id: meta
+      with:
+        images: |
+          ghcr.io/ironcore-dev/feos/feos-nginx
+        tags: |
+          type=ref,event=branch
+          type=sha,prefix={{branch}}-
+          type=raw,value=latest,enable={{is_default_branch}}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Install Protobuf Compiler
+      run: sudo apt-get update && sudo apt-get install protobuf-compiler -y
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Set up cargo cache
+      uses: actions/cache@v4
+      continue-on-error: false
+      with:
+        path: |
+          ~/.cargo/bin/
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+          target/
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: ${{ runner.os }}-cargo-
+
+    - name: Run Tests
+      run: make test
+
+    - name: Build build-container
+      run: make build-container
+
+    - name: Set up kernel cache
+      uses: actions/cache@v4
+      continue-on-error: false
+      with:
+        path: |
+          target/kernel/
+        key: ${{ runner.os }}-kernel-${{ hashFiles('hack/kernel/**') }}
+        restore-keys: ${{ runner.os }}-kernel-
+
+    - name: Build Kernel
+      run: make kernel
+
+    - name: Build initramfs
+      run: make initramfs
+
+    - name: Build UKI with secrets
+      run: |
+        CMDLINE="console=tty0 console=ttyS0,115200 earlyprintk=ttyS0,115200 consoleblank=0"
+        echo $CMDLINE > target/cmdline
+        mkdir -p keys
+        echo "${{ secrets.SECUREBOOT_PRIVATEKEY }}" > keys/secureboot.key
+        echo "${{ secrets.SECUREBOOT_CERTIFICATE }}" > keys/secureboot.pem
+        openssl x509 -in keys/secureboot.pem -out keys/feos.crt -outform DER
+        make uki
+
+    - name: Build nginx container
+      run: make nginx
+
+    - name: Tag and push Docker image
+      run: |
+        # Tag the locally built image with the registry tags
+        for tag in ${{ steps.meta.outputs.tags }}; do
+          docker tag feos-nginx $tag
+        done
+        
+        # Push all tags
+        for tag in ${{ steps.meta.outputs.tags }}; do
+          docker push $tag
+        done 

Makefile

@@ -22,3 +22,8 @@ include hack/hack.mk
 
 cli:
 	 cargo build --bin feos-cli
+
+nginx: uki
+	@echo "Building nginx container with FeOS UKI..."
+	docker build -f hack/Dockerfile.nginx -t feos-nginx .
+	@echo "Built feos-nginx container successfully"

hack/Dockerfile.nginx

@@ -0,0 +1,14 @@
+FROM nginx:alpine
+
+# Copy the UKI file to nginx html directory
+COPY target/uki.efi /usr/share/nginx/html/feos.uki
+
+# Add MIME type for .uki files
+RUN echo "types {" > /etc/nginx/mime.types
+RUN echo "    application/efi uki;" >> /etc/nginx/mime.types
+RUN echo "}" >> /etc/nginx/mime.types
+
+# Create a simple index page
+RUN echo '<html><body><h1>FeOS UKI Server</h1><p><a href="/feos.uki">Download FeOS UKI (x86_64)</a></p></body></html>' > /usr/share/nginx/html/index.html
+
+EXPOSE 80