Dockerize and add new feature

PythonCoderAS · PythonCoderAS · commit 2e51aa22bcf8 · 2024-11-23T20:58:31.000-05:00
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -0,0 +1,132 @@
+name: Docker
+
+on:
+  push:
+    branches: ["master"]
+    tags: ["*.*.*"]
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/386
+          - linux/amd64
+          - linux/arm/v6
+          - linux/arm/v7
+          - linux/arm64/v8
+          - linux/ppc64le
+          - linux/s390x
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Convert image name to lowercase
+        run: |
+          GITHUB_REPOSITORY="${{ github.repository }}"
+          echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> "${GITHUB_ENV}"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3 # v3.0.0
+
+      - name: "Log into registry ${{ env.REGISTRY }}"
+        uses: docker/login-action@v3 # v3.0.0
+        with:
+          registry: "${{ env.REGISTRY }}"
+          username: "${{ github.actor }}"
+          password: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5 # v5.0.0
+        with:
+          images: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
+
+      - name: Build and push Docker image
+        id: build
+        uses: docker/build-push-action@v5 # v5.0.0
+        with:
+          context: .
+          labels: "${{ steps.meta.outputs.labels }}"
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: "${{ matrix.platform }}"
+          provenance: true
+          sbom: true
+          outputs: "type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true"
+
+      - name: Export digest
+        run: |
+          mkdir -p "/tmp/digests/"
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: "Get arch name (compatible with docker manifest)"
+        id: get_arch_name
+        run: |
+          SAFENAME="$(echo "${{ matrix.platform }}" | sed 's/\//_/g')"
+          echo "ARCH_NAME=${SAFENAME}" >> "${GITHUB_OUTPUT}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: "digests-plat-${{ steps.get_arch_name.outputs.ARCH_NAME }}"
+          path: "/tmp/digests/*"
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    permissions:
+      packages: write
+    steps:
+      - name: Convert image name to lowercase
+        run: |
+          GITHUB_REPOSITORY="${{ github.repository }}"
+          echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> "${GITHUB_ENV}"
+
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: "/tmp/digests/"
+
+      - name: Move to one directory
+        run: |
+          mkdir -p /tmp/digests-all
+          mv /tmp/digests/*/* /tmp/digests-all
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
+
+      - name: "Log into registry ${{ env.REGISTRY }}"
+        uses: docker/login-action@v3
+        with:
+          registry: "${{ env.REGISTRY }}"
+          username: "${{ github.actor }}"
+          password: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Create manifest list and push
+        working-directory: "/tmp/digests-all"
+        run: |
+          # shellcheck disable=SC2046
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,10 @@
+FROM python:3.13.0-alpine
+
+WORKDIR /app
+COPY ./requirements.txt /app/requirements.txt
+RUN pip install --upgrade pip
+RUN pip install -r /app/requirements.txt
+
+COPY ./main.py /app/main.py
+
+ENTRYPOINT ["python3", "/app/main.py"]
diff --git a/main.py b/main.py
@@ -1,9 +1,11 @@
 import argparse
+import socket
 
 from OpenSSL import crypto
 import re
 from requests import Session
 import sys
+from ssl import get_server_certificate
 
 ca_url_pattern = re.compile(r'CA Issuers - URI:(\S+)')
 
@@ -68,13 +70,34 @@ def build_chain(self) -> str:
 
 def main(args=None):
     parser = argparse.ArgumentParser(description="Build a certificate chain from a certificate")
-    parser.add_argument("cert", help="The certificate to build the chain from")
+    parser.add_argument("cert", help="The certificate to build the chain from (either a file path or a hostname/hostname+port combination, use '-' to read from stdin)")
     parser.add_argument("--out", help="The file to write the chain to (otherwise writes to stdout)")
     parser.add_argument("--verbose", help="Logs intermediate certificate URLs", action="store_true")
     parser.add_argument("--save-intermediate-certificates", help="Saves intermediate certificates", action="store_true")
     args = parser.parse_args(args)
-    with open(args.cert, "rb") as f:
-        cert_data = f.read()
+    if args.cert == "-":
+        cert_data = sys.stdin.buffer.read()
+    else:
+        try:
+            with open(args.cert, "rb") as f:
+                cert_data = f.read()
+        except FileNotFoundError:
+            # Treat it as a hostname or hostname+port combination
+            if "/" in args.cert:
+                print("Invalid certificate path: " + args.cert, file=sys.stderr)
+                sys.exit(1)
+            hostname, sep, port = args.cert.partition(":")
+            if not sep:
+                port = 443
+            else:
+                port = int(port)
+            try:
+                if args.verbose:
+                    print(f"Fetching certificate for {hostname}:{port}")
+                cert_data = get_server_certificate((hostname, port)).encode("utf-8")
+            except socket.gaierror:
+                print(f"Could not resolve hostname: {hostname}", file=sys.stderr)
+                sys.exit(1)
     builder = CertChainBuilder(verbose=args.verbose)
     builder.feed(cert_data)
     chain = builder.build_chain()
