P12 (#1)

* add p12 support

* Refactor workflow to trigger on all branches
The workflow has been modified to trigger on all branches, allowing it to run for any branch push.

* add --no-password --insecure to p12

* add --no-password --insecure to renewer

.github/workflows/build.yaml

@@ -3,7 +3,7 @@ name: Create and publish a Docker image
 # Configures this workflow to run every time a change is pushed to the branch called `release`.
 on:
   push:
-    branches: ['main']
+    branches: ['*']
   release:
     types: [published]
 # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.

bootstrapper/bootstrapper.sh

@@ -1,5 +1,5 @@
 #!/bin/sh
-
+P12="/var/run/autocert.step.sm/site.p12"
 
 if [ -f "$STEP_ROOT" ];
 then
@@ -15,17 +15,19 @@ else
     step ca certificate --not-after $DURATION $COMMON_NAME $CRT $KEY
 fi
 
+step certificate p12 $:vP12 $CRT $KEY --no-password --insecure
+
 step ca root $STEP_ROOT
 
 if [ -n "$OWNER" ]
 then
-    chown "$OWNER" $CRT $KEY $STEP_ROOT
+    chown "$OWNER" $CRT $KEY $STEP_ROOT $P12
 fi
 
 if [ -n "$MODE" ]
 then
-    chmod "$MODE" $CRT $KEY $STEP_ROOT
+    chmod "$MODE" $CRT $KEY $STEP_ROOT $P12
 else
-    chmod 644 $CRT $KEY $STEP_ROOT
+    chmod 644 $CRT $KEY $STEP_ROOT $P12
 fi
 

renewer/Dockerfile

@@ -4,5 +4,6 @@ USER root
 ENV CRT="/var/run/autocert.step.sm/site.crt"
 ENV KEY="/var/run/autocert.step.sm/site.key"
 ENV STEP_ROOT="/var/run/autocert.step.sm/root.crt"
+ENV P12="/var/run/autocert.step.sm/site.p12"
 
-ENTRYPOINT ["/bin/bash", "-c", "step ca renew --daemon $CRT $KEY"]
+ENTRYPOINT ["/bin/bash", "-c", "step ca renew --daemon --exec 'step certificate p12 $P12 $CRT $KEY --no-password --insecure' $CRT $KEY"]