From 4defddc60232a723f0a4c347eb8966d6d0039af8 Mon Sep 17 00:00:00 2001 From: Joseph Cummings Date: Wed, 1 May 2024 14:33:42 +0100 Subject: [PATCH 1/3] Pull es-gencert-cli from Cloudsmith --- .github/workflows/publish.yml | 8 ++++---- gencert.ps1 | 10 +++++----- gencert.sh | 10 +++++----- .../Fixtures/CertificatesManager.cs | 2 +- .../docker-compose.certs.yml | 2 +- .../docker-compose.cluster.yml | 2 +- test/EventStore.Client.Tests.Common/docker-compose.yml | 2 +- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e96512060..c111f939f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -80,10 +80,10 @@ jobs: - name: Generate certificates run: | mkdir -p certs - docker run --rm --user root --volume "$PWD/certs:/tmp" ghcr.io/eventstore/es-gencert-cli:1.3 create-ca -out /tmp/ca - docker run --rm --user root --volume "$PWD/certs:/tmp" ghcr.io/eventstore/es-gencert-cli:1.3 create-node -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/node -ip-addresses 127.0.0.1 -dns-names localhost - docker run --rm --user root --volume "$PWD/certs:/tmp" ghcr.io/eventstore/es-gencert-cli:1.3 create-user -username admin -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-admin - docker run --rm --user root --volume "$PWD/certs:/tmp" ghcr.io/eventstore/es-gencert-cli:1.3 create-user -username invalid -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-invalid + docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 create-ca -out /tmp/ca + docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 create-node -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/node -ip-addresses 127.0.0.1 -dns-names localhost + docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 create-user -username admin -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-admin + docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 create-user -username invalid -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-invalid - name: Set permissions on certificates run: | sudo chown -R $USER:$USER certs diff --git a/gencert.ps1 b/gencert.ps1 index f2b5dff13..7f0df572e 100644 --- a/gencert.ps1 +++ b/gencert.ps1 @@ -7,17 +7,17 @@ New-Item -ItemType Directory -Path .\certs -Force icacls .\certs /grant:r "$($env:UserName):(OI)(CI)F" # Pull the Docker image -docker pull ghcr.io/eventstore/es-gencert-cli:1.3.0 +docker pull docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 -docker run --rm --volume .\certs:/tmp ghcr.io/eventstore/es-gencert-cli create-ca -out /tmp/ca +docker run --rm --volume .\certs:/tmp docker.eventstore.com/eventstore-utils/es-gencert-cli create-ca -out /tmp/ca -docker run --rm --volume .\certs:/tmp ghcr.io/eventstore/es-gencert-cli create-node -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/node -ip-addresses 127.0.0.1 -dns-names localhost +docker run --rm --volume .\certs:/tmp docker.eventstore.com/eventstore-utils/es-gencert-cli create-node -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/node -ip-addresses 127.0.0.1 -dns-names localhost # Create admin user -docker run --rm --volume .\certs:/tmp ghcr.io/eventstore/es-gencert-cli create-user -username admin -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-admin +docker run --rm --volume .\certs:/tmp docker.eventstore.com/eventstore-utils/es-gencert-cli create-user -username admin -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-admin # Create an invalid user -docker run --rm --volume .\certs:/tmp ghcr.io/eventstore/es-gencert-cli create-user -username invalid -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-invalid +docker run --rm --volume .\certs:/tmp docker.eventstore.com/eventstore-utils/es-gencert-cli create-user -username invalid -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-invalid # Set permissions recursively for the directory icacls .\certs /grant:r "$($env:UserName):(OI)(CI)F" diff --git a/gencert.sh b/gencert.sh index c9c1878b8..f7af295e8 100755 --- a/gencert.sh +++ b/gencert.sh @@ -13,15 +13,15 @@ mkdir -p certs chmod 0755 ./certs -docker pull ghcr.io/eventstore/es-gencert-cli:1.3.0 +docker pull docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 -docker run --rm --volume $PWD/certs:/tmp --user $(id -u):$(id -g) ghcr.io/eventstore/es-gencert-cli create-ca -out /tmp/ca +docker run --rm --volume $PWD/certs:/tmp --user $(id -u):$(id -g) docker.eventstore.com/eventstore-utils/es-gencert-cli create-ca -out /tmp/ca -docker run --rm --volume $PWD/certs:/tmp --user $(id -u):$(id -g) ghcr.io/eventstore/es-gencert-cli create-node -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/node -ip-addresses 127.0.0.1 -dns-names localhost +docker run --rm --volume $PWD/certs:/tmp --user $(id -u):$(id -g) docker.eventstore.com/eventstore-utils/es-gencert-cli create-node -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/node -ip-addresses 127.0.0.1 -dns-names localhost -docker run --rm --volume $PWD/certs:/tmp --user $(id -u):$(id -g) ghcr.io/eventstore/es-gencert-cli create-user -username admin -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-admin +docker run --rm --volume $PWD/certs:/tmp --user $(id -u):$(id -g) docker.eventstore.com/eventstore-utils/es-gencert-cli create-user -username admin -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-admin -docker run --rm --volume $PWD/certs:/tmp --user $(id -u):$(id -g) ghcr.io/eventstore/es-gencert-cli create-user -username invalid -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-invalid +docker run --rm --volume $PWD/certs:/tmp --user $(id -u):$(id -g) docker.eventstore.com/eventstore-utils/es-gencert-cli create-user -username invalid -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-invalid chmod -R 0755 ./certs diff --git a/test/EventStore.Client.Tests.Common/Fixtures/CertificatesManager.cs b/test/EventStore.Client.Tests.Common/Fixtures/CertificatesManager.cs index 6b57137cc..aac5b258f 100644 --- a/test/EventStore.Client.Tests.Common/Fixtures/CertificatesManager.cs +++ b/test/EventStore.Client.Tests.Common/Fixtures/CertificatesManager.cs @@ -55,7 +55,7 @@ await GenerateCertificates( static Task GenerateCertificates(string sourceFolder, string expectedLogMessage, string command, params string[] commandArgs) { using var container = new Builder() .UseContainer() - .UseImage("ghcr.io/eventstore/es-gencert-cli:1.3.0") + .UseImage("docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3") .MountVolume(sourceFolder, "/tmp", Ductus.FluentDocker.Model.Builders.MountType.ReadWrite) // .MountVolume(Options.CertificateDirectory.FullName, "/etc/eventstore/certs", MountType.ReadOnly) .Command(command, commandArgs) diff --git a/test/EventStore.Client.Tests.Common/docker-compose.certs.yml b/test/EventStore.Client.Tests.Common/docker-compose.certs.yml index 49c16183c..11919040b 100644 --- a/test/EventStore.Client.Tests.Common/docker-compose.certs.yml +++ b/test/EventStore.Client.Tests.Common/docker-compose.certs.yml @@ -16,7 +16,7 @@ services: network_mode: none cert-gen: - image: ghcr.io/eventstore/es-gencert-cli:1.3.0 + image: docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 container_name: cert-gen user: "1000:1000" entrypoint: [ "/bin/sh","-c" ] diff --git a/test/EventStore.Client.Tests.Common/docker-compose.cluster.yml b/test/EventStore.Client.Tests.Common/docker-compose.cluster.yml index d6c4d37e0..9acbbe3a0 100644 --- a/test/EventStore.Client.Tests.Common/docker-compose.cluster.yml +++ b/test/EventStore.Client.Tests.Common/docker-compose.cluster.yml @@ -11,7 +11,7 @@ services: network_mode: none cert-gen: - image: ghcr.io/eventstore/es-gencert-cli:1.3.0 + image: docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 container_name: cert-gen user: "1000:1000" entrypoint: [ "/bin/sh","-c" ] diff --git a/test/EventStore.Client.Tests.Common/docker-compose.yml b/test/EventStore.Client.Tests.Common/docker-compose.yml index fb986fd18..8a720ed85 100644 --- a/test/EventStore.Client.Tests.Common/docker-compose.yml +++ b/test/EventStore.Client.Tests.Common/docker-compose.yml @@ -11,7 +11,7 @@ services: network_mode: none cert-gen: - image: ghcr.io/eventstore/es-gencert-cli:1.3.0 + image: docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 container_name: cert-gen user: "1000:1000" entrypoint: [ "/bin/sh","-c" ] From 718e3e98a15b39e1d85274ff6c8281608be31e2c Mon Sep 17 00:00:00 2001 From: Joseph Cummings Date: Wed, 1 May 2024 14:43:38 +0100 Subject: [PATCH 2/3] Always pull latest es-gencert-cli image --- .github/workflows/publish.yml | 8 ++++---- gencert.ps1 | 2 +- gencert.sh | 2 +- samples/secure-with-tls/docker-compose.certs.yml | 2 +- .../Fixtures/CertificatesManager.cs | 2 +- .../docker-compose.certs.yml | 2 +- .../docker-compose.cluster.yml | 2 +- test/EventStore.Client.Tests.Common/docker-compose.yml | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c111f939f..146e3c967 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -80,10 +80,10 @@ jobs: - name: Generate certificates run: | mkdir -p certs - docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 create-ca -out /tmp/ca - docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 create-node -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/node -ip-addresses 127.0.0.1 -dns-names localhost - docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 create-user -username admin -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-admin - docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 create-user -username invalid -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-invalid + docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:latest create-ca -out /tmp/ca + docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:latest create-node -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/node -ip-addresses 127.0.0.1 -dns-names localhost + docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:latest create-user -username admin -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-admin + docker run --rm --user root --volume "$PWD/certs:/tmp" docker.eventstore.com/eventstore-utils/es-gencert-cli:latest create-user -username invalid -ca-certificate /tmp/ca/ca.crt -ca-key /tmp/ca/ca.key -out /tmp/user-invalid - name: Set permissions on certificates run: | sudo chown -R $USER:$USER certs diff --git a/gencert.ps1 b/gencert.ps1 index 7f0df572e..74fc80d59 100644 --- a/gencert.ps1 +++ b/gencert.ps1 @@ -7,7 +7,7 @@ New-Item -ItemType Directory -Path .\certs -Force icacls .\certs /grant:r "$($env:UserName):(OI)(CI)F" # Pull the Docker image -docker pull docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 +docker pull docker.eventstore.com/eventstore-utils/es-gencert-cli:latest docker run --rm --volume .\certs:/tmp docker.eventstore.com/eventstore-utils/es-gencert-cli create-ca -out /tmp/ca diff --git a/gencert.sh b/gencert.sh index f7af295e8..5a2c63bd5 100755 --- a/gencert.sh +++ b/gencert.sh @@ -13,7 +13,7 @@ mkdir -p certs chmod 0755 ./certs -docker pull docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 +docker pull docker.eventstore.com/eventstore-utils/es-gencert-cli:latest docker run --rm --volume $PWD/certs:/tmp --user $(id -u):$(id -g) docker.eventstore.com/eventstore-utils/es-gencert-cli create-ca -out /tmp/ca diff --git a/samples/secure-with-tls/docker-compose.certs.yml b/samples/secure-with-tls/docker-compose.certs.yml index 179fa05c2..55969da24 100644 --- a/samples/secure-with-tls/docker-compose.certs.yml +++ b/samples/secure-with-tls/docker-compose.certs.yml @@ -16,7 +16,7 @@ services: network_mode: none cert-gen: - image: eventstore/es-gencert-cli:1.3.0 + image: eventstore/es-gencert-cli:latest.0 container_name: cert-gen user: "1000:1000" entrypoint: [ "/bin/sh","-c" ] diff --git a/test/EventStore.Client.Tests.Common/Fixtures/CertificatesManager.cs b/test/EventStore.Client.Tests.Common/Fixtures/CertificatesManager.cs index aac5b258f..487bfd340 100644 --- a/test/EventStore.Client.Tests.Common/Fixtures/CertificatesManager.cs +++ b/test/EventStore.Client.Tests.Common/Fixtures/CertificatesManager.cs @@ -55,7 +55,7 @@ await GenerateCertificates( static Task GenerateCertificates(string sourceFolder, string expectedLogMessage, string command, params string[] commandArgs) { using var container = new Builder() .UseContainer() - .UseImage("docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3") + .UseImage("docker.eventstore.com/eventstore-utils/es-gencert-cli:latest") .MountVolume(sourceFolder, "/tmp", Ductus.FluentDocker.Model.Builders.MountType.ReadWrite) // .MountVolume(Options.CertificateDirectory.FullName, "/etc/eventstore/certs", MountType.ReadOnly) .Command(command, commandArgs) diff --git a/test/EventStore.Client.Tests.Common/docker-compose.certs.yml b/test/EventStore.Client.Tests.Common/docker-compose.certs.yml index 11919040b..bd3836a63 100644 --- a/test/EventStore.Client.Tests.Common/docker-compose.certs.yml +++ b/test/EventStore.Client.Tests.Common/docker-compose.certs.yml @@ -16,7 +16,7 @@ services: network_mode: none cert-gen: - image: docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 + image: docker.eventstore.com/eventstore-utils/es-gencert-cli:latest container_name: cert-gen user: "1000:1000" entrypoint: [ "/bin/sh","-c" ] diff --git a/test/EventStore.Client.Tests.Common/docker-compose.cluster.yml b/test/EventStore.Client.Tests.Common/docker-compose.cluster.yml index 9acbbe3a0..869f54b9e 100644 --- a/test/EventStore.Client.Tests.Common/docker-compose.cluster.yml +++ b/test/EventStore.Client.Tests.Common/docker-compose.cluster.yml @@ -11,7 +11,7 @@ services: network_mode: none cert-gen: - image: docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 + image: docker.eventstore.com/eventstore-utils/es-gencert-cli:latest container_name: cert-gen user: "1000:1000" entrypoint: [ "/bin/sh","-c" ] diff --git a/test/EventStore.Client.Tests.Common/docker-compose.yml b/test/EventStore.Client.Tests.Common/docker-compose.yml index 8a720ed85..e93af67a3 100644 --- a/test/EventStore.Client.Tests.Common/docker-compose.yml +++ b/test/EventStore.Client.Tests.Common/docker-compose.yml @@ -11,7 +11,7 @@ services: network_mode: none cert-gen: - image: docker.eventstore.com/eventstore-utils/es-gencert-cli:1.3 + image: docker.eventstore.com/eventstore-utils/es-gencert-cli:latest container_name: cert-gen user: "1000:1000" entrypoint: [ "/bin/sh","-c" ] From 757d4ca74881d926ec5c654913fb689b43aab28b Mon Sep 17 00:00:00 2001 From: Joseph Cummings Date: Thu, 2 May 2024 10:05:54 +0100 Subject: [PATCH 3/3] Fix sample compose file --- samples/secure-with-tls/docker-compose.certs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/secure-with-tls/docker-compose.certs.yml b/samples/secure-with-tls/docker-compose.certs.yml index 55969da24..10b466fa0 100644 --- a/samples/secure-with-tls/docker-compose.certs.yml +++ b/samples/secure-with-tls/docker-compose.certs.yml @@ -16,7 +16,7 @@ services: network_mode: none cert-gen: - image: eventstore/es-gencert-cli:latest.0 + image: docker.eventstore.com/eventstore-utils/es-gencert-cli:latest container_name: cert-gen user: "1000:1000" entrypoint: [ "/bin/sh","-c" ]