feat: upload final codebase

.github/workflows/docker-auto.yml

@@ -0,0 +1,32 @@
+name: Publish all docker images
+on:
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+jobs:
+  trigger-workflow:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: List folders
+      id: list-folders
+      run: |
+        echo "::set-output name=folders::$(ls -d */ | sed 's#/##g')"
+
+    - name: Trigger Docker Publish Workflow for each folder
+      run: |
+        IFS=', ' read -r -a folders <<< "${{ steps.list-folders.outputs.folders }}"
+        for folder in "${folders[@]}"; do
+          echo "Triggering Docker Publish Workflow for folder: $folder"
+          curl -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+               -H "Accept: application/vnd.github.v3+json" \
+               https://api.github.com/repos/${{ github.repository }}/actions/workflows/docker-publish.yml/dispatches \
+               -d '{"ref":"main", "inputs":{"version":"'$folder'"}}'
+        done

.github/workflows/docker-publish.yml

@@ -0,0 +1,67 @@
+name: Publish Docker Image (Specific Version)
+on:
+  workflow_call:
+    inputs:
+      version:
+        description: 'Version of the image to build and push'
+        required: true
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}:${{ inputs.version }}
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+    - uses: actions/checkout@v3
+
+    # Install the cosign tool except on PR
+    # https://github.com/sigstore/cosign-installer
+    - name: Install cosign
+      if: github.event_name != 'pull_request'
+      uses: sigstore/cosign-installer@main
+      with:
+        cosign-release: 'v1.7.1'
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+      with:
+        platforms: linux/amd64,linux/arm/v7,linux/arm64
+
+    - name: Setup Docker buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Log into registry ${{ env.REGISTRY }}
+      if: github.event_name != 'pull_request'
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+
+    - name: Extract Docker metadata
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+    - name: Checkout the folder with version
+      run: cd ./${{ inputs.version }}
+
+    - name: Build and push Docker image
+      id: build-and-push
+      uses: docker/build-push-action@v3
+      with:
+        file: Dockerfile
+        context: .
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        labels: ${{ steps.meta.outputs.labels }}
+        platforms: linux/amd64, linux/arm64
+        cache-from: type=gha
+        cache-to: type=gha,mode=max

2.9/Dockerfile

@@ -0,0 +1,29 @@
+FROM haproxytech/haproxy-debian:2.9
+
+# Set default config
+COPY ./haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
+COPY ./dataplaneapi.yaml /etc/haproxy/dataplaneapi.yaml
+
+# Create directory for SSL certificates
+RUN mkdir -p /etc/haproxy/ssl/
+
+# Copy default SSL certificate. With zero ssl certificates haproxy will not start
+COPY ./default.pem /etc/haproxy/ssl/default.pem
+
+
+# COPY ./config-generate.sh
+COPY ./config-generate.sh /
+RUN chmod +x /config-generate.sh
+
+# Run config-generate.sh
+RUN /config-generate.sh
+
+# Delete config-generate.sh
+RUN rm /config-generate.sh
+
+# Set custom entrypoint
+COPY ./entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]

2.9/config-generate.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+# check if ADMIN_USER and ADMIN_PASSWORD are set, else set admin/admin
+if [ -z "$ADMIN_USER" ]; then
+    ADMIN_USER=admin
+fi
+if [ -z "$ADMIN_PASSWORD" ]; then
+    ADMIN_PASSWORD=admin
+fi
+
+# update `dataplaneapi.yml` $username and $password with ADMIN_USER and ADMIN_PASSWORD
+sed -i "s/ADMIN_USERNAME/$ADMIN_USER/g" /etc/haproxy/dataplaneapi.yaml
+sed -i "s/ADMIN_PASSWORD/$ADMIN_PASSWORD/g" /etc/haproxy/dataplaneapi.yaml

2.9/dataplaneapi.yaml

@@ -0,0 +1,27 @@
+name: swiftwave_haproxy_dataplaneapi
+dataplaneapi:
+  host: localhost
+  port: 9999
+  user:
+  # dont' change the variables
+  # these auto-configure from environment variables
+  - name: "ADMIN_USERNAME"
+    insecure: true
+    password: "ADMIN_PASSWORD"
+  resources:
+    maps_dir: /etc/haproxy/maps
+    ssl_certs_dir: /etc/haproxy/ssl
+    spoe_dir: /etc/haproxy/spoe
+transaction:
+  transaction_dir: "/tmp/haproxy"
+  backups_number: 5
+  backups_dir: /tmp/backups
+  max_open_transactions: 50
+haproxy:
+  config_file: /usr/local/etc/haproxy/haproxy.cfg
+  haproxy_bin: /usr/local/sbin/haproxy
+  reload:
+    reload_strategy: custom
+    reload_cmd: kill -SIGUSR2 1
+    restart_cmd: kill -SIGUSR2 1
+log_targets:

2.9/default.pem

@@ -0,0 +1,45 @@
+-----BEGIN CERTIFICATE-----
+MIICoTCCAYkCFG4t0nUm5HNxekj/pH5/dZ/oUdhLMA0GCSqGSIb3DQEBCwUAMA0x
+CzAJBgNVBAYTAlhYMB4XDTIzMTEwODE5MzEwMloXDTI0MTEwNzE5MzEwMlowDTEL
+MAkGA1UEBhMCWFgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5luRh
+Oa+R/yGu3wzB7FEBMB+pb8G91kiyeIKFn1AS+FrU0BmUPB0JfzfKHljGFCKsrYn3
+MnijA6eIRzoWM78Rexe/RrnxHtdoLOQH/it4KiQ/mlJ6gsUVzqVnBX+VSYx/4+kE
+4lvdS1Z8SCSJq2Mx5KVV+lyNwt9s5Zal8fsH+gOgJyzPKrvABFeBZ2MAvY1JBkgB
+udDrzw7gvhMWUDnOsMWJtbR3w2wZ9vSzK+gn8yHDCIRFdnTFssz6byporv3mjCgh
+Ln/xmks/WBKvNVGpTnfN0U1URzv4PmALueV+vAiAB+ji9kwQUoqXSAZRC4l6JKjU
+CeNxgaIW7LC+8ojzAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADKxBzxlQjDKBpl1
+Zv2aykYu8RmoAINY6kpVvQiCbohV7WNdU3NlBxjzUo10o+OrwojyxoqVK2jLbKmo
+X0P7o0Eh2IKoIcNjoK1ngBijCajW9rlp0eH932qYIkwABui7SY3bjk9KI6MMso1F
+kn7juvaZlbIVXR6b1EwhImOa9aRWKzD9b6G03YfCDGbraMNyPAj/g5cpyOGAtlts
+pJ7sbRBvhtOQJ68jBOLMz8rBp8H7jAL+LaibSsqQC2o+XtWnS1WgYvryh0g2IDYw
+eCXs0vR86rQF4YdRMmsr2t3+acF9/TJM9PtHhTiz+ioElQiPvmU+c3CRn6EqbKmg
+/18KFTo=
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5luRhOa+R/yGu
+3wzB7FEBMB+pb8G91kiyeIKFn1AS+FrU0BmUPB0JfzfKHljGFCKsrYn3MnijA6eI
+RzoWM78Rexe/RrnxHtdoLOQH/it4KiQ/mlJ6gsUVzqVnBX+VSYx/4+kE4lvdS1Z8
+SCSJq2Mx5KVV+lyNwt9s5Zal8fsH+gOgJyzPKrvABFeBZ2MAvY1JBkgBudDrzw7g
+vhMWUDnOsMWJtbR3w2wZ9vSzK+gn8yHDCIRFdnTFssz6byporv3mjCghLn/xmks/
+WBKvNVGpTnfN0U1URzv4PmALueV+vAiAB+ji9kwQUoqXSAZRC4l6JKjUCeNxgaIW
+7LC+8ojzAgMBAAECggEAAYERaR+nESIGELKab13uICTW34WE2/gxzvnUEPzZZiCg
+19W3R1t0tCArAGveNf4cHoB/kZh/9Xjw8X/7nrTHqSlxZ/73ldaKp2ZUaM4suwTD
+Fh2MP+rxvvtVnYVOuJPdMXzUOtJngoklnSHr4zkXjOQjWj7fuNRqAX9w3k0c8ZPC
+bjPnNK36qICAyD0k1z23ppxSy3tq1+opnnf+Yl9WGRsAxxkjcXRoTgCVZRTTGC+F
+sK0zkyJwgpm4ayV3ckM+TF9csxO876k7uPf4WFzVm5oEDGvx75h5w8Od35NUgkRA
+0evz1YL/Q4N8lASXOTuam3Fq1gQC04zwpRdGeHjadQKBgQC70fQ6hx1SHMvahag4
+h0qcQzpyBBfEismfi7QMKz04TyCb7M+s8Bd6gkho8ON9iww5uuzLPsoieRDgtikV
+M213uZeIecoiNpxILo0ulRq5RqsxvqOmL2T0JM6sYSUCm3DRwr0MhbQNFcSFVWhl
+GDYk/hfQvr8RF8LewjtIX6b3TQKBgQD89aObpljBrzEfNNBlz4fg4S4KS+3hUx80
+EYK/fguhS5+kOO7D2a0vKn3q8krm8//ynogKzAcuX8y6SaFzFE+h1RThT03eTRq+
+nE6OJzDcIZgdw/74vGwG96Ptkb42s7HUQWDTyWEJ9UsQgDSoxwOTsZ2y2BO2sEn0
+ZTLIpQXhPwKBgQCp9E9i0rbGgcY5Y+6X0FzET9VILMnxEIFn/Lucs1e/Z2KjlcNK
+wysLsW6ify/rf3I9nxb8x0GTtid+n3dHdvTcfLVRSpuNIAuFCZK5jzTSaM8qwU5G
+Z+abQd8+ft1FobCSLvxwo2AM4yCkYmeH60O7b63PN3uflPfCKNIKKHvmlQKBgBz6
+tyeZwwlNXL9KeaVwRQzKP1AGqtXpg+WfK+9sLUDpPPy/WPsu8Nw6bfqAj3wt7+CH
+sOYrwZbaesXMsaZRaV4M3zuArlcNVkcH+Sfn7X0KjDa8wXUVgPq7XBhXXgc+Rt0e
+ME2TAH73jwXw6hd71TkSXBKlFn0TbSWGgm7iGO5ZAoGAc8MWMtjBEQYFCF6LpYbs
+Gjsny1hfqvX9KOkjGxrvlmd0D6yXRwL7ESBtE/ugVpP14mrVFX1653FlpDAGBNmU
+TPYZiWnJ2nnuKJDDR4sY+Tx9KKkGvVwUwwaaBKL0VjMk7ORABiLGwL+byVriKLnN
+5wA0oRrlSszpHHDy0fhdQMI=
+-----END PRIVATE KEY-----

2.9/entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+# Check if `SWIFTWAVE_SERVICE_ENDPOINT` is set, else exit
+if [ -z "$SWIFTWAVE_SERVICE_ENDPOINT" ]; then
+    echo "SWIFTWAVE_SERVICE_ENDPOINT environment variable is not set"
+    echo "Set this environment variable to the endpoint of the SwiftWave service"
+    echo "You need to provide a IP which is reachable from outside the server"
+    echo "It's safe to set public IP/domain with port of the swiftwave server"
+    echo "Exiting..."
+    exit 1
+fi
+
+# Run default entrypoint.sh
+./docker-entrypoint.sh "$@"

2.9/haproxy.cfg

@@ -0,0 +1,58 @@
+global
+  master-worker
+  chroot /var/lib/haproxy
+  user haproxy
+  group haproxy
+  stats socket /var/run/haproxy.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
+
+defaults unnamed_defaults_1
+  mode http
+  maxconn 4000
+  log global
+  option tcp-smart-accept
+  timeout http-request 10s
+  timeout check 10s
+  timeout connect 10s
+  timeout client 1m
+  timeout queue 1m
+  timeout server 1m
+  timeout http-keep-alive 10s
+  retries 3
+
+resolvers docker
+  nameserver ns1 127.0.0.11:53
+  hold nx 10
+  hold obsolete 10
+  hold other 10
+  hold refused 10
+  hold timeout 10
+  hold valid 10
+  timeout resolve 1
+  timeout retry 1
+  resolve_retries 1
+
+frontend fe_http
+  mode http
+  bind :80
+  acl letsencrypt-acl path_beg /.well-known
+  use_backend letsencrypt_backend if letsencrypt-acl
+
+frontend fe_https
+  mode http
+  bind :443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1
+  default_backend error_backend
+
+backend error_backend
+  mode http
+  http-request deny deny_status 404
+
+backend letsencrypt_backend
+  server swiftwave_service "$SWIFTWAVE_SERVICE_ENDPOINT"
+
+program api
+  command /usr/local/bin/dataplaneapi -f /etc/haproxy/dataplaneapi.yaml
+  no option start-on-reload
+
+program dataplaneapi_unix_socket
+  command socat UNIX-LISTEN:/home/dataplaneapi.sock,reuseaddr,fork TCP:localhost:9999
+  no option start-on-reload

README.MD

@@ -0,0 +1,17 @@
+#### This is a custom haproxy docker image for swiftwave
+
+The image is built on top of official docker images and follows same directory structure.
+
+**Added Customization -**
+- Custom haproxy configuration added
+- Custom dataplaneapi.yaml added
+- Converted haproxy dataplaneapi from TCP to UNIX at location `/home/dataplaneapi.sock`
+- Option to provide dataplaneapi username and password from environment variables
+
+**Available Environment Variables -**
+- `ADMIN_USER` : username of dataplaneapi (optional)
+- `ADMIN_PASSWORD` : password of dataplaneapi (optional)
+- `SWIFTWAVE_SERVICE_ENDPOINT` : this should be a public http/https endpoint with port of swiftwace which can be accessible by haproxy.
+
+**References -**
+- [https://github.com/haproxytech/haproxy-docker-debian](https://github.com/haproxytech/haproxy-docker-debian)