From 65b5c76dcf7a7cd54a9a2438d6c6b8b330b65291 Mon Sep 17 00:00:00 2001
From: DrunkBatya <drunkbatya.js@gmail.com>
Date: Thu, 25 Jul 2024 07:20:16 +0000
Subject: [PATCH] Add CI/CD

---
 .github/workflows/build.yml | 68 +++++++++++++++++++++++++++++++++++++
 README.md                   | 53 +++++++++++++++++++++++++++++
 2 files changed, 121 insertions(+)
 create mode 100644 .github/workflows/build.yml
 create mode 100644 README.md

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..f52812f
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,68 @@
+name: 'Deploy'
+
+on:
+  push:
+    branches:
+      - dev
+    tags:
+      - '*'
+  pull_request:
+
+env:
+  IMAGE_NAME: "flipperdevices/ext-ip-local-port"
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: 'Checkout code'
+        uses: actions/checkout@v4
+
+      - name: 'Set image tag and name'
+        id: tag
+        run: |
+          IMAGE_TAG="0.0.0"
+          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
+            REF=${{ github.ref }};
+            TAG_FULL=${REF#refs/*/};
+            IMAGE_TAG=${TAG_FULL//\//_};
+          fi
+          echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV
+          echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
+          echo "image_name=${IMAGE_NAME}" >> $GITHUB_OUTPUT
+
+      - name: 'Login to Docker Hub'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v3
+
+      - name: 'Build'
+        uses: docker/build-push-action@v6
+        with:
+          push: false
+          tags: ${{ steps.tag.outputs.image_name }}:${{ steps.tag.outputs.image_tag }}
+          cache-from: type=registry,ref=${{ steps.tag.outputs.image_name }}:buildcache
+
+      - name: 'Push'
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: ${{ steps.tag.outputs.image_name }}:${{ steps.tag.outputs.image_tag }}
+          cache-from: type=registry,ref=${{ steps.tag.outputs.image_name }}:buildcache
+          cache-to: type=registry,ref=${{ steps.tag.outputs.image_name }}:buildcache,mode=max
+
+      - name: 'Trigger k8s to use new image: prod'
+        if: ${{ (github.event_name != 'pull_request')
+            && (steps.tag.outputs.image_tag != '0.0.0')
+            && (!endsWith(github.event.client_payload.image_tag, '-rc')) }}
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          repository: ${{ secrets.INFRASTRUCTURE_REPO }}
+          token: ${{ secrets.K8S_GITHUB_PAT }}
+          event-type: ext-ip-local-port-deploy
+          client-payload: '{"image_tag": "${{steps.tag.outputs.image_tag}}"}'
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..78a5778
--- /dev/null
+++ b/README.md
@@ -0,0 +1,53 @@
+# Ext IP local access
+
+## Description
+This app can be used for external access local PC http ports
+
+## How to use
+1. Create a ZeroTier network. Probably you wanna restrict an inter-network cross-client access ([docs](https://docs.zerotier.com/faq-rules/#client-isolation))
+2. Setup this app to be a zerotier network gateway:
+    1. Generate identity via:
+    ```bash
+   zerotier-idtool generate gateway.secret gateway.public 
+    ```
+    2. Manualy add member with id from public or secret file (id is the same in both files), example
+    ```bash
+    $ zerotier-idtool generate gateway.secret gateway.public
+    gateway.secret written
+    gateway.public written
+    $ cat gateway.public 
+    4a7f049cf1:0:a4ee328392ccaf0c22900606aeb20a9cdc76716da70[OMMITED]
+    ```
+    `4a7f049cf1` will be host ID in this case
+    3. Assign an IP address to this host via admin console
+3. Create a config file, example:
+```json
+{
+    "zerotier_network": "ZeroTier network ID",
+    "zerotier_public_key": "gateway.public output from exaple above",
+    "zerotier_private_key": "gateway.secret output from exaple above",
+    "hostname_base": "set a base hostname, eq: 'ext.example.com'",
+    "users": [  # put all users here
+        {
+            "hostname": "prefix to base hostname, eq: 'user1'. It will produce 'user1.ext.example.com' address",
+            "ip": "user ZeroTier IP address for proxy external traffic to. Eq: 10.10.10.2 for 10.10.10.0/24 net"
+        }
+    ]
+}
+```
+
+4. Start a container with the app
+```bash
+docker run \
+    --name ext-ip \  # optional
+    -v $(pwd)/config.json:/etc/app/config.json \
+    --cap-add NET_ADMIN \
+    --device /dev/net/tun \
+    flipperdevices/ext-ip-local-port:0.0.1  # this should be a latest release from github
+```
+
+For Kubernetes use you also need to add capabilities [docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
+
+5. Join a network from clients, also set a coresponding IP's
+
+In example above URL `user1.ext.example.com` will point to the `10.10.10.2` address.