feat: add openssl

Author: 11notes

.github/workflows/openssl.yml

@@ -0,0 +1,58 @@
+name: openssl
+on:
+  workflow_dispatch:
+    inputs:
+      force:
+        description: 'force build, regardless if tag exists already'
+        required: false
+        default: 'false'
+  schedule:
+    - cron: "0 5 * * *"
+  push:
+    tags:
+      - 'openssl'
+jobs:
+  openssl:
+    runs-on: ubuntu-latest
+    steps:
+      - name: cron-update / get latest version
+        run: |
+          LATEST_VERSION=$(curl -s https://api.github.com/repos/openssl/openssl/releases/latest | jq -r '.tag_name' | sed 's/openssl-//')
+          if [ "${LATEST_VERSION}" != "null" ]; then
+            if curl -kILs --fail https://hub.docker.com/v2/repositories/11notes/distroless/tags/openssl-${LATEST_VERSION}; then
+              if [ "${{ github.event.inputs.force }}" == "true" ]; then
+                echo "WORKFLOW_AUTO_UPDATE=true" >> "${GITHUB_ENV}"
+                echo "LATEST_VERSION=${LATEST_VERSION}" >> "${GITHUB_ENV}"
+              else
+                echo "tag ${LATEST_VERSION} exists already!"
+              fi
+            else
+              echo "WORKFLOW_AUTO_UPDATE=true" >> "${GITHUB_ENV}"
+              echo "LATEST_VERSION=${LATEST_VERSION}" >> "${GITHUB_ENV}"
+            fi
+          else
+            echo "tag ${LATEST_VERSION} is null!"
+          fi
+
+      - name: init / base64 nested json
+        if: env.WORKFLOW_AUTO_UPDATE == 'true'
+        uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
+        with:
+          script: |
+            const { Buffer } = require('node:buffer');
+            const etc = {
+              dockerfile:"openssl.dockerfile",
+              tag:"openssl",
+              version:"${{ env.LATEST_VERSION }}",
+              semver:{disable:{rolling: true}}
+            };
+            core.exportVariable('WORKFLOW_BASE64JSON', Buffer.from(JSON.stringify(etc)).toString('base64'));
+
+      - name: build docker image
+        if: env.WORKFLOW_AUTO_UPDATE == 'true'
+        uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
+        with:
+          wait-for-completion: false
+          workflow: docker.yml
+          token: "${{ secrets.REPOSITORY_TOKEN }}"
+          inputs: '{ "release":"false", "readme":"false", "run-name":"openssl", "etc":"${{ env.WORKFLOW_BASE64JSON }}" }'

openssl.dockerfile

@@ -0,0 +1,96 @@
+# ╔═════════════════════════════════════════════════════╗
+# ║                       SETUP                         ║
+# ╚═════════════════════════════════════════════════════╝
+# GLOBAL
+  ARG APP_UID=1000 \
+      APP_GID=1000
+
+# :: FOREIGN IMAGES
+  FROM 11notes/util:bin AS util-bin
+
+
+# ╔═════════════════════════════════════════════════════╗
+# ║                       BUILD                         ║
+# ╚═════════════════════════════════════════════════════╝
+# :: OPENSSL
+  FROM alpine AS build
+  COPY --from=util-bin / /
+  ARG APP_VERSION \
+      APP_ROOT \
+      TARGETARCH \
+      TARGETVARIANT
+
+  RUN set -ex; \
+    apk --update --no-cache add \
+      perl \
+      g++ \
+      make \
+      linux-headers \
+      git \
+      cmake \
+      build-base \
+      samurai \
+      python3 \
+      py3-pkgconfig \
+      pkgconfig;
+
+  RUN set -ex; \
+    eleven github asset openssl/openssl openssl-${APP_VERSION} openssl-${APP_VERSION}.tar.gz;
+
+  RUN set -ex; \
+    cd /openssl-${APP_VERSION}; \
+    case "${TARGETARCH}${TARGETVARIANT}" in \
+      "amd64"|"arm64") \
+        ./Configure \
+          -static \
+          --openssldir=/etc/ssl; \
+      ;; \
+      \
+      "armv7") \
+        ./Configure \
+          linux-generic32 \
+          -static \
+          --openssldir=/etc/ssl; \
+      ;; \
+    esac;
+
+  RUN set -ex; \
+    cd /openssl-${APP_VERSION}; \
+    make -s -j $(nproc) 2>&1 > /dev/null;
+
+  RUN set -ex; \
+    eleven distroless /openssl-${APP_VERSION}/apps/openssl;
+
+
+# ╔═════════════════════════════════════════════════════╗
+# ║                       IMAGE                         ║
+# ╚═════════════════════════════════════════════════════╝
+# :: HEADER
+  FROM scratch
+
+  # :: default arguments
+    ARG TARGETPLATFORM \
+        TARGETOS \
+        TARGETARCH \
+        TARGETVARIANT \
+        APP_IMAGE \
+        APP_NAME \
+        APP_VERSION \
+        APP_ROOT \
+        APP_UID \
+        APP_GID \
+        APP_NO_CACHE
+
+  # :: default environment
+    ENV APP_IMAGE=${APP_IMAGE} \
+        APP_NAME=${APP_NAME} \
+        APP_VERSION=${APP_VERSION} \
+        APP_ROOT=${APP_ROOT}
+
+  # :: multi-stage
+    COPY --from=build ${APP_ROOT}/ /
+
+# :: EXECUTE
+  USER ${APP_UID}:${APP_GID}
+  ENTRYPOINT ["/usr/local/bin/openssl"]
+  CMD ["--version"]