1
0

Compare commits

...

2 Commits

Author SHA1 Message Date
3d2defc086
bump version to 0.0.7 2024-11-18 11:30:16 +03:00
00648c9940
treewide: improve template expansion 2024-11-18 11:30:16 +03:00
22 changed files with 101 additions and 38 deletions

View File

@ -2,7 +2,7 @@
set -ef set -ef
cd "$(dirname "$0")/.." cd "$(dirname "$0")/.."
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.6}" IMAGE_VERSION="${IMAGE_VERSION:-v0.0.7}"
set -a set -a
BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}" BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}"

View File

@ -2,7 +2,7 @@
set -ef set -ef
cd "$(dirname "$0")/.." cd "$(dirname "$0")/.."
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.6}" IMAGE_VERSION="${IMAGE_VERSION:-v0.0.7}"
set -a set -a
BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}" BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}"

View File

@ -2,7 +2,7 @@
set -ef set -ef
cd "$(dirname "$0")/.." cd "$(dirname "$0")/.."
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.6}" IMAGE_VERSION="${IMAGE_VERSION:-v0.0.7}"
set -a set -a
BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}" BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}"

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.6 FROM docker.io/rockdrilla/angie-conv:v0.0.7
SHELL [ "/bin/sh", "-ec" ] SHELL [ "/bin/sh", "-ec" ]
COPY /site/ /etc/angie/site/ COPY /site/ /etc/angie/site/

View File

@ -4,7 +4,7 @@ services:
angie-conv-example-basic: angie-conv-example-basic:
container_name: angie-conv-example-basic container_name: angie-conv-example-basic
image: docker.io/rockdrilla/angie-conv:v0.0.6 image: docker.io/rockdrilla/angie-conv:v0.0.7
environment: environment:
NGX_HTTP_NO_PROXY: 1 NGX_HTTP_NO_PROXY: 1
ports: ports:

View File

@ -58,7 +58,7 @@ services:
my-cache: my-cache:
container_name: my-cache container_name: my-cache
image: docker.io/rockdrilla/angie-conv:v0.0.6 image: docker.io/rockdrilla/angie-conv:v0.0.7
restart: always restart: always
privileged: true privileged: true
stop_grace_period: 15s stop_grace_period: 15s

View File

@ -4,7 +4,7 @@ services:
my-cache: my-cache:
container_name: my-cache container_name: my-cache
image: docker.io/rockdrilla/angie-conv:v0.0.6 image: docker.io/rockdrilla/angie-conv:v0.0.7
restart: always restart: always
privileged: true privileged: true
stop_grace_period: 15s stop_grace_period: 15s

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.6 FROM docker.io/rockdrilla/angie-conv:v0.0.7
SHELL [ "/bin/sh", "-ec" ] SHELL [ "/bin/sh", "-ec" ]
COPY /j2cfg/ /etc/angie/j2cfg/ COPY /j2cfg/ /etc/angie/j2cfg/

View File

@ -4,7 +4,7 @@ services:
angie-conv-example-cfg-override: angie-conv-example-cfg-override:
container_name: angie-conv-example-cfg-override container_name: angie-conv-example-cfg-override
image: docker.io/rockdrilla/angie-conv:v0.0.6 image: docker.io/rockdrilla/angie-conv:v0.0.7
environment: environment:
NGX_HTTP_MODULES: 'gzip brotli zstd' NGX_HTTP_MODULES: 'gzip brotli zstd'
ports: ports:

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.6 FROM docker.io/rockdrilla/angie-conv:v0.0.7
SHELL [ "/bin/sh", "-ec" ] SHELL [ "/bin/sh", "-ec" ]
COPY /site/ /etc/angie/site/ COPY /site/ /etc/angie/site/

View File

@ -3,7 +3,7 @@
Dockerfile: Dockerfile:
```dockerfile ```dockerfile
FROM docker.io/rockdrilla/angie-conv:v0.0.6 FROM docker.io/rockdrilla/angie-conv:v0.0.7
COPY /site/ /etc/angie/site/ COPY /site/ /etc/angie/site/

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.6 FROM docker.io/rockdrilla/angie-conv:v0.0.7
SHELL [ "/bin/sh", "-ec" ] SHELL [ "/bin/sh", "-ec" ]
COPY /site/ /etc/angie/site/ COPY /site/ /etc/angie/site/

View File

@ -3,7 +3,7 @@
Dockerfile: Dockerfile:
```dockerfile ```dockerfile
FROM docker.io/rockdrilla/angie-conv:v0.0.6 FROM docker.io/rockdrilla/angie-conv:v0.0.7
COPY /site/ /etc/angie/site/ COPY /site/ /etc/angie/site/

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.6 FROM docker.io/rockdrilla/angie-conv:v0.0.7
SHELL [ "/bin/sh", "-ec" ] SHELL [ "/bin/sh", "-ec" ]
COPY /site/ /etc/angie/site/ COPY /site/ /etc/angie/site/

View File

@ -4,7 +4,7 @@ services:
angie-conv-example-ssl: angie-conv-example-ssl:
container_name: angie-conv-example-ssl container_name: angie-conv-example-ssl
image: docker.io/rockdrilla/angie-conv:v0.0.6 image: docker.io/rockdrilla/angie-conv:v0.0.7
environment: environment:
NGX_HTTP_NO_PROXY: 1 NGX_HTTP_NO_PROXY: 1
NGX_HTTP_CONFLOAD: 'ssl v2' NGX_HTTP_CONFLOAD: 'ssl v2'

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.6 FROM docker.io/rockdrilla/angie-conv:v0.0.7
SHELL [ "/bin/sh", "-ec" ] SHELL [ "/bin/sh", "-ec" ]
COPY /site/ /etc/angie/site/ COPY /site/ /etc/angie/site/

View File

@ -4,7 +4,7 @@ services:
angie-conv-example-static-template: angie-conv-example-static-template:
container_name: angie-conv-example-static-template container_name: angie-conv-example-static-template
image: docker.io/rockdrilla/angie-conv:v0.0.6 image: docker.io/rockdrilla/angie-conv:v0.0.7
environment: environment:
NGX_HTTP_NO_PROXY: 1 NGX_HTTP_NO_PROXY: 1
NGX_PROCESS_STATIC: 1 NGX_PROCESS_STATIC: 1

View File

@ -128,28 +128,39 @@ expand_dir_envsubst() {
__template_list=$(mktemp) || return __template_list=$(mktemp) || return
find "$@" -follow -type f -name '*.in' \ find "$@" -follow -name '*.in' -type f \
| {
if [ -n "${NGX_TEMPLATE_EXCLUDE_REGEX:-}" ] ; then
grep -Ev -e "${NGX_TEMPLATE_EXCLUDE_REGEX}"
elif [ -n "${NGX_TEMPLATE_INCLUDE_REGEX:-}" ] ; then
grep -E -e "${NGX_TEMPLATE_INCLUDE_REGEX}"
else
cat
fi
} \
| sort -uV > "${__template_list}" | sort -uV > "${__template_list}"
__have_args="${ENVSUBST_ARGS:+1}"
if [ -z "${__have_args}" ] ; then
## optimize envsubst.sh invocation by caching argument list
## ref: envsubst.sh
ENVSUBST_ARGS=$(mktemp) || return
envsubst-args.sh > "${ENVSUBST_ARGS}"
export ENVSUBST_ARGS
fi
__ret=0 __ret=0
while read -r __orig_file ; do if [ -s "${__template_list}" ] ; then
[ -n "${__orig_file}" ] || continue __have_args="${ENVSUBST_ARGS:+1}"
expand_file_envsubst "${__orig_file}" || __ret=1 if [ -z "${__have_args}" ] ; then
done < "${__template_list}" ## optimize envsubst.sh invocation by caching argument list
## ref: envsubst.sh
ENVSUBST_ARGS=$(mktemp) || return
envsubst-args.sh > "${ENVSUBST_ARGS}"
export ENVSUBST_ARGS
fi
if [ -z "${__have_args}" ] ; then while read -r __orig_file ; do
rm -f "${ENVSUBST_ARGS}" ; unset ENVSUBST_ARGS [ -n "${__orig_file}" ] || continue
expand_file_envsubst "${__orig_file}" || __ret=1
done < "${__template_list}"
if [ -z "${__have_args}" ] ; then
rm -f "${ENVSUBST_ARGS}" ; unset ENVSUBST_ARGS
fi
unset __have_args
fi fi
unset __have_args
rm -f "${__template_list}" ; unset __template_list rm -f "${__template_list}" ; unset __template_list
@ -161,7 +172,16 @@ expand_dir_j2cfg() {
__template_list=$(mktemp) || return __template_list=$(mktemp) || return
find "$@" -follow -type f -name '*.j2' -printf '%p\0' \ find "$@" -follow -name '*.j2' -type f -printf '%p\0' \
| {
if [ -n "${NGX_TEMPLATE_EXCLUDE_REGEX:-}" ] ; then
grep -zEv -e "${NGX_TEMPLATE_EXCLUDE_REGEX}"
elif [ -n "${NGX_TEMPLATE_INCLUDE_REGEX:-}" ] ; then
grep -zE -e "${NGX_TEMPLATE_INCLUDE_REGEX}"
else
cat
fi
} \
| sort -zuV > "${__template_list}" | sort -zuV > "${__template_list}"
__ret=0 __ret=0

View File

@ -44,6 +44,10 @@ for i in ${NGX_DIRS_MERGE:-} ; do
log_always "NGX_DIRS_MERGE: dir '$i' is not legal, skipping" log_always "NGX_DIRS_MERGE: dir '$i' is not legal, skipping"
continue continue
;; ;;
j2cfg | j2cfg/* )
log_always "NGX_DIRS_MERGE: '$i' is reserved for internal use, skipping"
continue
;;
esac esac
dirs=$(append_list "${dirs}" "$i") dirs=$(append_list "${dirs}" "$i")
@ -59,6 +63,10 @@ for i in ${NGX_DIRS_LINK:-} ; do
log_always "NGX_DIRS_LINK: dir '$i' is not legal, skipping" log_always "NGX_DIRS_LINK: dir '$i' is not legal, skipping"
continue continue
;; ;;
j2cfg | j2cfg/* )
log_always "NGX_DIRS_MERGE: '$i' is reserved for internal use, skipping"
continue
;;
esac esac
if list_have_item "${NGX_DIRS_MERGE}" "$i" ; then if list_have_item "${NGX_DIRS_MERGE}" "$i" ; then

View File

@ -38,10 +38,13 @@ for n in ${NGX_DIRS_MERGE} ; do
done done
set -a set -a
ENVSUBST_ARGS="${volume_root}/diag.envsubst.txt"
J2CFG_PATH="${merged_root}/j2cfg" J2CFG_PATH="${merged_root}/j2cfg"
J2CFG_SEARCH_PATH="${merged_root}" J2CFG_SEARCH_PATH="${merged_root}"
set +a set +a
envsubst-args.sh > "${ENVSUBST_ARGS}"
## expand j2cfg templates first ## expand j2cfg templates first
expand_dir_envsubst j2cfg/ || expand_error expand_dir_envsubst j2cfg/ || expand_error
@ -60,4 +63,29 @@ export J2CFG_CONFIG="${j2cfg_dump}"
expand_dir_j2cfg ${merge_dirs} || expand_error expand_dir_j2cfg ${merge_dirs} || expand_error
## remove template sources in order to avoid leaking sensitive data
if [ "${NGX_PROCESS_STATIC}" = 1 ] ; then
__template_list=$(mktemp)
find static/ -follow -type f -printf '%p\0' \
| grep -zE '\.(in|j2)$' \
| {
if [ -n "${NGX_TEMPLATE_EXCLUDE_REGEX:-}" ] ; then
grep -zEv -e "${NGX_TEMPLATE_EXCLUDE_REGEX}"
elif [ -n "${NGX_TEMPLATE_INCLUDE_REGEX:-}" ] ; then
grep -zE -e "${NGX_TEMPLATE_INCLUDE_REGEX}"
else
cat
fi
} \
| sort -zuV > "${__template_list}"
if [ -s "${__template_list}" ] ; then
xargs -0r -n 1000 -a "${__template_list}" \
rm -fv < /dev/null
fi
rm -f "${__template_list}" ; unset __template_list
fi
exit 0 exit 0

View File

@ -29,8 +29,11 @@ J2CFG_JINJA_EXTENSIONS = [
] ]
J2CFG_BANNED_ENVS = [ J2CFG_BANNED_ENVS = [
r'ANGIE(=|$)', r'__IEP_', r'IEP_',
r'ANGIE_BPF_MAPS(=|$)' r'NGX_TEMPLATE_(EX|IN)CLUDE',
r'ENVSUBST_',
r'J2CFG_',
r'ANGIE(|_BPF_MAPS)(=|$)',
] ]
J2CFG_PRESERVE_ENVS = [ J2CFG_PRESERVE_ENVS = [

View File

@ -3,8 +3,12 @@ set -f
sed -znE '/^([^=]+)=.*$/s,,\1,p' /proc/$$/environ \ sed -znE '/^([^=]+)=.*$/s,,\1,p' /proc/$$/environ \
| sed -zE \ | sed -zE \
-e '/^_$/d;/^ENVSUBST_/d;' \ -e '/^_$/d' \
-e '/^__IEP_/d;/^IEP_$/d' \ -e '/^__IEP_/d;/^IEP_$/d' \
-e '/^NGX_TEMPLATE_(EX|IN)CLUDE/d' \
-e '/^ENVSUBST_/d' \
-e '/^J2CFG_/d' \
-e '/^ANGIE(|_BPF_MAPS)$/d' \
| { | {
if [ -n "${ENVSUBST_EXCLUDE_REGEX:-}" ] ; then if [ -n "${ENVSUBST_EXCLUDE_REGEX:-}" ] ; then
grep -zEv -e "${ENVSUBST_EXCLUDE_REGEX}" grep -zEv -e "${ENVSUBST_EXCLUDE_REGEX}"