Merge pull request #6 from 3scale-qe/ca_file_update

Use certificate from secret
3scale-qe · Feb 9, 2024 · c3cb3cd · c3cb3cd
2 parents c1c710e + 09e7223
commit c3cb3cd
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 11 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,33 +1,50 @@
-name: build
+name: build chrome webdriver
+
 on:
   workflow_dispatch:
   schedule:
     - cron: '0 0 * * 0'
 
+env:
+  CACERT_CONTENT: ${{ secrets.CA_CERT }}
+  CACERT: custom-ca.crt
+
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: docker/setup-buildx-action@master
-      - name: quay.io login
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Login to quay.io
         uses: docker/login-action@v1
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_ROBOT_TOKEN }}
-      - uses: docker/metadata-action@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Prepare docker build metadata
         id: metadata
+        uses: docker/metadata-action@v4
         with:
           images: |
             quay.io/rh_integration/selenium-standalone-chrome
           flavor: |
             latest=true
           tags: |
             type=sha
-      - uses: docker/build-push-action@v2
+
+      - name: Echo CaCert content to file
+        run: echo "$CACERT_CONTENT" > $CACERT
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v2
         with:
-          build-args: customca=${{ secrets.CUSTOMCA }}
+          context: .
+          build-args: customca=${{ env.CACERT }}
           tags: ${{ steps.metadata.outputs.tags }}
           labels: ${{ steps.metadata.outputs.labels }}
           push: true
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+# JetBrains dev nev files
+.idea
diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,26 @@
 FROM selenium/standalone-chrome
 
+# Retrieve certificate content from GitHub secret
 ARG customca
-ARG customca_dest=/usr/local/share/ca-certificates/customca.crt
+ARG customca_dest=/usr/local/share/ca-certificates/certificate.crt
 
 USER root
 
+# Copy certificate to desired certificate destination file
 ADD $customca $customca_dest
-RUN update-ca-certificates \
-	&& chmod a+r $customca_dest \
-	&& apt update && apt install libnss3-tools && rm -Rf /var/lib/apt/lists/*
+
+# Update CA certificates
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends openssl ca-certificates \
+    && update-ca-certificates  \
+    && chmod a+r $customca_dest \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
 
 USER seluser
 
+# Create NSS database directory
 RUN mkdir -p $HOME/.pki/nssdb
+
+# Add the custom CA certificate to NSS database
 RUN certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n customca -i $customca_dest