Fix errors (#1)

.github/hi.txt

@@ -0,0 +1 @@
+hi

.github/workflows/docker-publish.yml

@@ -0,0 +1,37 @@
+name: Docker Build and Push to GHCR
+
+on:
+  push:
+    branches:
+      - master  # Trigger the workflow on push to the main branch
+  pull_request:
+    branches:
+      - master  # Trigger the workflow on pull requests to the main branch
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Log in to GitHub Container Registry
+        run: echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ghcr.io/lilkidsuave/cosmos-cert-extractor:latest
+
+      - name: Log out from GitHub Container Registry
+        run: docker logout ghcr.io

Dockerfile

@@ -1,22 +1,12 @@
+# Use an appropriate base image
 FROM python:3.12-slim
-
-# Update apt-get package list, grab pre-requisites 'cron' & 'vim'
-RUN apt-get update && apt-get -y install cron vim
-
-# Set the working directory for following commands in this docker container to '/app'
-WORKDIR /app
-
-COPY crontab /etc/cron.d/crontab
-COPY extract.py ./extract.py
-
-# Make the crontab executable
-RUN chmod 0644 /etc/cron.d/crontab
-
-# Set the cron job
-RUN crontab /etc/cron.d/crontab
-
-# Create empty log (TAIL needs this)
-RUN touch /tmp/out.log
-
-# Run cron and tail the log
-CMD cron && tail -f /tmp/out.log
+# Copy the script into the container
+COPY extract.py /extract.py 
+# Install any necessary dependencies
+RUN pip install pyOpenSSL
+# Set default environment variable
+ENV CHECK_INTERVAL=3600
+# Make sure the script is executable (if necessary)
+RUN chmod +x /extract.py
+# Command to run the script
+ENTRYPOINT ["./extract.py"]

README.md

@@ -1,5 +1,5 @@
 # cosmos-cert-extractor
-This is a python script periodically running (every 5 minutes) to extract the TLS certificate from the Cosmos config file. The use case I set this up for is in order to use the certificate in my Adguard Home instance.
+This is a python script periodically running (every 30 minutes[configurable]) to extract the TLS certificate from the Cosmos config file. The use case I set this up for is in order to use the certificate in my Adguard Home instance.
 ## How to use
 Make sure your volume mounts are set up correctly:
 * The `cosmos` volume or path must be mapped to `/input`.

docker-compose.yaml

@@ -1,16 +1,9 @@
 version: '3.3'
-volumes:
-  cosmos:
-    external: true
-  adguard-config:
-    external: true
 services:
-  cosmos-cert-extractor:
-    container_name: cosmos-cert-extractor
-    restart: always
-    volumes:
-      - cosmos:/input
-      - adguard-config:/output
-    image: 'waschinski/cosmos-cert-extractor:latest'
+  cert_checker:
+    image: ghcr.io/lilkidsuave/cosmos-cert-extractor:latest
     environment:
-      - PYTHONUNBUFFERED=0
+      - CHECK_INTERVAL=1800  # Override the check interval to 1800 seconds (30 minutes) Default is 1 hour
+    volumes:
+      - #CosmosDirectory:/input
+      - #AdguardDirectory:/output/certs

extract.py

@@ -1,18 +1,81 @@
+#!/usr/bin/env python3
+
 import json
+import os
+import time
+from datetime import datetime, timezone
+from OpenSSL import crypto
+
+CONFIG_PATH = "/input/cosmos.config.json"
+CERT_PATH = "/output/certs/cert.pem"
+KEY_PATH = "/output/certs/key.pem"
+DEFAULT_CHECK_INTERVAL = 3600  # Default check interval (1 hour)
+
+def load_config():
+    try:
+        with open(CONFIG_PATH, "r") as conf_file:
+            return json.load(conf_file)
+    except OSError:
+        return None
+
+def load_certificates():
+    try:
+        with open(CERT_PATH, "r") as cert_file:
+            cert_data = cert_file.read()
+        with open(KEY_PATH, "r") as key_file:
+            key_data = key_file.read()
+        return cert_data, key_data
+    except OSError:
+        return None, None
+
+def write_certificates(cert, key):
+    with open(CERT_PATH, "w") as cert_file:
+        cert_file.write(cert)
+
+    with open(KEY_PATH, "w") as key_file:
+        key_file.write(key)
+
+    print("Cert extracted successfully. Checking again in {check_interval} seconds")
+
+def is_cert_expired(cert_data):
+    cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_data)
+    expiry_date_str = cert.get_notAfter().decode('ascii')
+    expiry_date = datetime.strptime(expiry_date_str, '%Y%m%d%H%M%SZ').replace(tzinfo=timezone.utc)
+    return expiry_date < datetime.now(timezone.utc)
+
 
-try:
-    with open("/input/cosmos.config.json", "r") as conf_file:
-        config_object = json.load(conf_file)
-except OSError:
-    print("Couldn't read the config file.")
+def get_check_interval():
+    try:
+        return int(os.getenv('CHECK_INTERVAL', DEFAULT_CHECK_INTERVAL))
+    except ValueError:
+        print(f"Invalid CHECK_INTERVAL value. Using default: {DEFAULT_CHECK_INTERVAL} seconds.")
+        return DEFAULT_CHECK_INTERVAL
 
-cert = config_object["HTTPConfig"]["TLSCert"]
-key = config_object["HTTPConfig"]["TLSKey"]
+def main():
+    # Ensure it runs at least once
+    run_once = False
+    check_interval = get_check_interval()
 
-with open("/output/certs/cert.pem", "w") as cert_file:
-    cert_file.write(cert)
+    while True:
+        cert_data, key_data = load_certificates()
+        if not cert_data or not key_data:
+            print(f"Couldn't read the certificate or key file. Checking again in {check_interval} seconds")
+            time.sleep(check_interval)
+            continue
 
-with open("/output/certs/key.pem", "w") as key_file:
-    key_file.write(key)
+        if not run_once or is_cert_expired(cert_data):
+            config_object = load_config()
+            if config_object:
+                cert = config_object["HTTPConfig"]["TLSCert"]
+                key = config_object["HTTPConfig"]["TLSKey"]
+                write_certificates(cert, key)
+                run_once = True
+            else:
+                print(f"Couldn't read the config file. Checking again in {check_interval} seconds")
+        else:
+            print(f"Certificate is still valid. Checking again in {check_interval} seconds")
+
+        time.sleep(check_interval)
 
-print("Cert extracted successfully.")
+if __name__ == "__main__":
+    main()