Cloud: fix cross-build and encode server private key for 12-factor usage

StefanSchoof · Apr 19, 2021 · 39667d9 · 39667d9
1 parent 49450cf
commit 39667d9
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 54 deletions.
diff --git a/Makefile b/Makefile
@@ -109,5 +109,6 @@ server:
 	go build -o soc-server $(BUILD_TAGS) $(BUILD_ARGS) github.com/andig/evcc/soc/server
 
 publish-server:
+	GOOS=linux GOARCH=amd64 go build -o soc-server $(BUILD_TAGS) $(BUILD_ARGS) github.com/andig/evcc/soc/server
 	docker build -f soc/Dockerfile --platform linux/amd64 -t andig/evcc-cloud .
 	docker push andig/evcc-cloud
diff --git a/soc/Dockerfile b/soc/Dockerfile
@@ -1,24 +1,26 @@
 # STEP 1 build executable binary
-FROM golang:1.16-alpine as builder
+# FROM golang:1.16-alpine as builder
 
-# Install git + SSL ca certificates.
-# Git is required for fetching the dependencies.
-# Ca-certificates is required to call HTTPS endpoints.
-RUN apk update && apk add --no-cache git ca-certificates tzdata alpine-sdk && update-ca-certificates
+# # Install git + SSL ca certificates.
+# # Git is required for fetching the dependencies.
+# # Ca-certificates is required to call HTTPS endpoints.
+# RUN apk update && apk add --no-cache git ca-certificates tzdata alpine-sdk && update-ca-certificates
 
-WORKDIR /build
+# WORKDIR /build
 
-# install go tools and cache modules
-COPY Makefile .
-COPY go.mod .
-COPY go.sum .
-RUN make install
-RUN go mod download
+# # install go tools and cache modules
+# COPY Makefile .
+# COPY go.mod .
+# COPY go.sum .
+# RUN make install
+# RUN go mod download
 
-# build
-COPY . .
-RUN make server
+# # build
+# COPY . .
+# RUN make server
 
+FROM alpine:3.13 as builder
+RUN apk update && apk add --no-cache git ca-certificates tzdata && update-ca-certificates
 
 # STEP 2 build a small image including module support
 FROM alpine:3.13
@@ -28,6 +30,6 @@ ENV TZ=Europe/Berlin
 # Import from builder
 COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /build/soc-server /usr/local/bin/soc-server
+COPY soc-server /usr/local/bin/soc-server
 
 CMD [ "soc-server" ]
diff --git a/soc/cert/main.go b/soc/cert/main.go
@@ -0,0 +1,14 @@
+package main
+
+import (
+	_ "embed"
+	"encoding/base64"
+	"fmt"
+)
+
+//go:embed server/server-key.pem
+var key []byte
+
+func main() {
+	fmt.Println(base64.StdEncoding.EncodeToString(key))
+}
diff --git a/soc/cert/server/cert.go b/soc/cert/server/cert.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"crypto/tls"
 	_ "embed"
+	"encoding/base64"
 
 	"github.com/andig/evcc/util"
 )
@@ -15,7 +16,11 @@ var cert []byte
 var key []byte
 
 func init() {
-	key = []byte(util.Getenv("SERVER_KEY"))
+	var err error
+	key, err = base64.StdEncoding.DecodeString(util.Getenv("SERVER_KEY"))
+	if err != nil {
+		panic(err)
+	}
 }
 
 func PEM() []byte {

diff --git a/soc/server/Dockerfile b/soc/server/Dockerfile
diff --git a/soc/server/server/init.go b/soc/server/server/init.go
@@ -51,7 +51,7 @@ func loadTLSCredentials() (*tls.Config, error) {
 }
 
 func Run() {
-	fmt.Println("grpc:", ":"+port)
+	log.Println("grpc:", ":"+port)
 
 	listener, err := net.Listen("tcp", ":"+port)
 	if err != nil {