feat: added the ability to update the list of repos and paths

Supports both ULN and yum.oracle.com and tries to match the
yum.oracle.com URL structure as closely as possible.

Signed-off-by: Avi Miller <[email protected]>

Author: Djelibeybi

.github/workflows/publish-nginx-image.yml

@@ -0,0 +1,67 @@
+name: Build, publish and sign the NGINX webserver image
+
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+    tags: [ 'v*.*.*' ]
+
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: djelibeybi/ol-repo-webserver
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
+        with:
+          cosign-release: 'v1.4.0'
+
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          file: ./Dockerfile.nginx
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+        run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}

.github/workflows/publish-reposync-image.yml

@@ -0,0 +1,66 @@
+name: Build, publish and sign the reposync image
+
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+    tags: [ 'v*.*.*' ]
+
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: djelibeybi/ol-repo-sync
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
+        with:
+          cosign-release: 'v1.4.0'
+
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+        run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}

CONTRIBUTING.md

@@ -9,8 +9,8 @@ security related. When filing a bug remember that the better written the bug is,
 the more likely it is to be fixed.
 
 If you think you've found a security vulnerability, do not raise a GitHub issue.
-Please email <sec@dje.li> directly. You may chose to encrypt your email using
-our [public GPG key](./gpg-key.asc)
+Please email <security@dje.li> directly. You may chose to encrypt your email using
+[my public GPG key](./gpg-key.asc)
 
 ## Pull request process
 

Dockerfile

@@ -1,17 +1,15 @@
 # Copyright (c) 2020, 2021 Avi Miller.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
-FROM oraclelinux:8-slim
+FROM ghcr.io/oracle/oraclelinux8-python:3.9
 
-# Install and enable the ULN client then disable the default repos from yum.oracle.com
-RUN microdnf install dnf jq && \
-    echo > /etc/dnf/vars/ociregion && \
-    dnf -y module install satellite-5-client && \
-    sed -i.bak -z 's/\[main\]\nenabled = 0/\[main\]\nenabled = 1/' /etc/dnf/plugins/spacewalk.conf && \
-    dnf config-manager --disable ol8_baseos_latest --disable ol8_appstream && \
-    dnf clean all
+RUN  echo > /etc/dnf/vars/ociregion && \
+     dnf -y module enable satellite-5-client && \
+     dnf -y install cpio jq dnf-plugin-spacewalk python3-dnf-plugin-ulninfo rhn-setup rhnlib rhnsd rhn-client-tools tar && \
+     sed -i.bak -z 's/\[main\]\nenabled = 0/\[main\]\nenabled = 1/' /etc/dnf/plugins/spacewalk.conf && \
+     dnf clean all
+
+COPY rootfs/ /
 
-COPY /config/repo-map.json /config/
-COPY entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 
 ENTRYPOINT ["/entrypoint.sh"]

Dockerfile.nginx

@@ -0,0 +1,18 @@
+# Copyright (c) 2020, 2021 Avi Miller.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+FROM oraclelinux:8-slim
+
+RUN microdnf module disable php && \
+		microdnf module enable nginx:1.20 && \
+		microdnf install nginx && \
+    microdnf clean all && \
+    ln -sf /dev/stdout /var/log/nginx/access.log && \
+    ln -sf /dev/stderr /var/log/nginx/error.log && \
+    sed -i 's/\/usr\/share\/nginx\/html;/\/var\/www\/html;/' /etc/nginx/nginx.conf
+
+STOPSIGNAL SIGQUIT
+
+EXPOSE 80/tcp
+EXPOSE 443/tcp
+
+CMD ["nginx", "-g", "daemon off;"]