Fix Docker build issues: Replace shasum with sha256sum and handle Caddyfile path correctly
ci/woodpecker/push/woodpecker Pipeline failed
Details
ci/woodpecker/push/woodpecker Pipeline failed
Details
This commit is contained in:
parent
c4a45ef8fd
commit
2d50f99b65
|
@ -1,6 +1,6 @@
|
||||||
FROM caddy:2-alpine
|
FROM caddy:2-alpine
|
||||||
|
|
||||||
# Install required tools for hash calculation
|
# Install required tools for hash calculation and CSP updates
|
||||||
RUN apk add --no-cache bash coreutils findutils grep sed xxd perl gawk
|
RUN apk add --no-cache bash coreutils findutils grep sed xxd perl gawk
|
||||||
|
|
||||||
# Copy update scripts first
|
# Copy update scripts first
|
||||||
|
@ -9,6 +9,8 @@ COPY caddy.sh /srv/caddy.sh
|
||||||
|
|
||||||
# Copy Caddyfile and static content
|
# Copy Caddyfile and static content
|
||||||
COPY Caddyfile /etc/caddy/Caddyfile
|
COPY Caddyfile /etc/caddy/Caddyfile
|
||||||
|
# Also copy to /srv for compatibility with the script
|
||||||
|
COPY Caddyfile /srv/Caddyfile
|
||||||
COPY index.html /srv/
|
COPY index.html /srv/
|
||||||
COPY theme.js /srv/
|
COPY theme.js /srv/
|
||||||
COPY utils.js /srv/
|
COPY utils.js /srv/
|
||||||
|
@ -18,6 +20,12 @@ COPY favicon.ico /srv/
|
||||||
# Copy one-pager-tools directory
|
# Copy one-pager-tools directory
|
||||||
COPY one-pager-tools /srv/one-pager-tools/
|
COPY one-pager-tools /srv/one-pager-tools/
|
||||||
|
|
||||||
|
# Copy includes directory if it exists
|
||||||
|
COPY includes /srv/includes/ 2>/dev/null || :
|
||||||
|
|
||||||
|
# Copy stories directory if it exists
|
||||||
|
COPY stories /srv/stories/ 2>/dev/null || :
|
||||||
|
|
||||||
# Set working directory
|
# Set working directory
|
||||||
WORKDIR /srv
|
WORKDIR /srv
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,12 @@ echo "Updating CSP hashes for all JavaScript, CSS files, and inline styles..."
|
||||||
|
|
||||||
# Directory containing the files
|
# Directory containing the files
|
||||||
BASE_DIR="$(pwd)"
|
BASE_DIR="$(pwd)"
|
||||||
CADDYFILE="$BASE_DIR/Caddyfile"
|
# Check if we're in a Docker environment
|
||||||
|
if [ -f "/etc/caddy/Caddyfile" ]; then
|
||||||
|
CADDYFILE="/etc/caddy/Caddyfile"
|
||||||
|
else
|
||||||
|
CADDYFILE="$BASE_DIR/Caddyfile"
|
||||||
|
fi
|
||||||
TEMP_INLINE_HASHES_FILE=$(mktemp)
|
TEMP_INLINE_HASHES_FILE=$(mktemp)
|
||||||
|
|
||||||
# Arrays to store hashes
|
# Arrays to store hashes
|
||||||
|
@ -26,13 +31,13 @@ STYLE_HASHES=()
|
||||||
# Calculate hash for a file
|
# Calculate hash for a file
|
||||||
calculate_hash() {
|
calculate_hash() {
|
||||||
local file=$1
|
local file=$1
|
||||||
shasum -a 256 "$file" | awk '{print $1}' | xxd -r -p | base64
|
sha256sum "$file" | awk '{print $1}' | xxd -r -p | base64
|
||||||
}
|
}
|
||||||
|
|
||||||
# Calculate hash for inline style
|
# Calculate hash for inline style
|
||||||
calculate_inline_hash() {
|
calculate_inline_hash() {
|
||||||
local style_content=$1
|
local style_content=$1
|
||||||
echo -n "$style_content" | shasum -a 256 | awk '{print $1}' | xxd -r -p | base64
|
echo -n "$style_content" | sha256sum | awk '{print $1}' | xxd -r -p | base64
|
||||||
}
|
}
|
||||||
|
|
||||||
# Process JavaScript files
|
# Process JavaScript files
|
||||||
|
@ -160,20 +165,25 @@ STYLE_HASHES_STR=$(printf " %s" "${STYLE_HASHES[@]}")
|
||||||
# Create the CSP string
|
# Create the CSP string
|
||||||
CSP_STRING="default-src 'none'; script-src 'self'$SCRIPT_HASHES_STR; style-src 'self'$STYLE_HASHES_STR; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';"
|
CSP_STRING="default-src 'none'; script-src 'self'$SCRIPT_HASHES_STR; style-src 'self'$STYLE_HASHES_STR; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';"
|
||||||
|
|
||||||
# Create a temporary file for the Caddyfile update
|
# Check if Caddyfile exists before attempting to modify it
|
||||||
tmp_file=$(mktemp)
|
if [ -f "$CADDYFILE" ]; then
|
||||||
|
# Create a temporary file for the Caddyfile update
|
||||||
|
tmp_file=$(mktemp)
|
||||||
|
|
||||||
# Update CSP in Caddyfile using awk for more reliable text processing
|
# Update CSP in Caddyfile using awk for more reliable text processing
|
||||||
awk -v csp_string="$CSP_STRING" '
|
awk -v csp_string="$CSP_STRING" '
|
||||||
{
|
{
|
||||||
if ($0 ~ /Content-Security-Policy/) {
|
if ($0 ~ /Content-Security-Policy/) {
|
||||||
gsub(/Content-Security-Policy "[^"]*"/, "Content-Security-Policy \"" csp_string "\"");
|
gsub(/Content-Security-Policy "[^"]*"/, "Content-Security-Policy \"" csp_string "\"");
|
||||||
}
|
}
|
||||||
print;
|
print;
|
||||||
}' "$CADDYFILE" > "$tmp_file"
|
}' "$CADDYFILE" > "$tmp_file"
|
||||||
|
|
||||||
# Replace original Caddyfile with modified content
|
# Replace original Caddyfile with modified content
|
||||||
mv "$tmp_file" "$CADDYFILE"
|
mv "$tmp_file" "$CADDYFILE"
|
||||||
|
else
|
||||||
|
echo "Warning: Caddyfile not found at $CADDYFILE"
|
||||||
|
fi
|
||||||
|
|
||||||
# Also update Caddyfile.local if it exists
|
# Also update Caddyfile.local if it exists
|
||||||
if [ -f "$BASE_DIR/Caddyfile.local" ]; then
|
if [ -f "$BASE_DIR/Caddyfile.local" ]; then
|
||||||
|
|
Loading…
Reference in New Issue