From a9fd00d9f5243ba6455e27b26427d1ea42a04427 Mon Sep 17 00:00:00 2001
From: Leonard Jonathan Oh <leonardjonathanoh@live.com>
Date: Fri, 15 Sep 2023 03:51:29 +0000
Subject: [PATCH] Enhancement: Add v3.1.6 variants

Signed-off-by: The Oh Brothers Bot <bot@theohbrothers.com>
---
 .github/workflows/ci-master-pr.yml   | 128 ++++++++++++++++++++++++++-
 README.md                            |  13 +--
 generate/definitions/versions.json   |   1 +
 variants/v3.1.6/Dockerfile           |  43 +++++++++
 variants/v3.1.6/docker-compose.yml   |  40 +++++++++
 variants/v3.1.6/docker-entrypoint.sh |  16 ++++
 6 files changed, 231 insertions(+), 10 deletions(-)
 create mode 100644 variants/v3.1.6/Dockerfile
 create mode 100644 variants/v3.1.6/docker-compose.yml
 create mode 100644 variants/v3.1.6/docker-entrypoint.sh

diff --git a/.github/workflows/ci-master-pr.yml b/.github/workflows/ci-master-pr.yml
index a79391b..5ff8f08 100644
--- a/.github/workflows/ci-master-pr.yml
+++ b/.github/workflows/ci-master-pr.yml
@@ -33,6 +33,127 @@ jobs:
       run: |
         git diff --exit-code
 
+  build-v3-1-6:
+    runs-on: ubuntu-latest
+    env:
+      VARIANT: v3.1.6
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Display system info (linux)
+      run: |
+        set -e
+        hostname
+        whoami
+        cat /etc/*release
+        lscpu
+        free
+        df -h
+        pwd
+        docker info
+        docker version
+
+    # See: https://github.com/docker/build-push-action/blob/v2.6.1/docs/advanced/cache.md#github-cache
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Cache Docker layers
+      uses: actions/cache@v3
+      with:
+        path: /tmp/.buildx-cache
+        key: ${{ runner.os }}-buildx-${{ env.VARIANT }}-${{ github.sha }}
+        restore-keys: |
+          ${{ runner.os }}-buildx-${{ env.VARIANT }}-
+          ${{ runner.os }}-buildx-
+
+    # This step generates the docker tags
+    - name: Prepare
+      id: prep
+      run: |
+        set -e
+
+        # Get ref, i.e. <branch_name> from refs/heads/<branch_name>, or <tag-name> from refs/tags/<tag_name>. E.g. 'master' or 'v0.0.0'
+        REF=$( echo "${GITHUB_REF}" | rev | cut -d '/' -f 1 | rev )
+
+        # Get short commit hash E.g. 'abc0123'
+        SHA=$( echo "${GITHUB_SHA}" | cut -c1-7 )
+
+        # Generate docker image tags
+        # E.g. 'v0.0.0-<variant>' and 'v0.0.0-abc0123-<variant>'
+        # E.g. 'master-<variant>' and 'master-abc0123-<variant>'
+        REF_VARIANT="${REF}-${VARIANT}"
+        REF_SHA_VARIANT="${REF}-${SHA}-${VARIANT}"
+
+        # Pass variables to next step
+        echo "VARIANT_BUILD_DIR=$VARIANT_BUILD_DIR" >> $GITHUB_ENV
+        echo "VARIANT=$VARIANT" >> $GITHUB_ENV
+        echo "REF_VARIANT=$REF_VARIANT" >> $GITHUB_ENV
+        echo "REF_SHA_VARIANT=$REF_SHA_VARIANT" >> $GITHUB_ENV
+
+    - name: Login to Docker Hub registry
+      # Run on master and tags
+      if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_REGISTRY_USER }}
+        password: ${{ secrets.DOCKERHUB_REGISTRY_PASSWORD }}
+
+    - name: Build (PRs)
+      # Run only on pull requests
+      if: github.event_name == 'pull_request'
+      uses: docker/build-push-action@v3
+      with:
+        context: variants/v3.1.6
+        platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x
+        push: false
+        tags: |
+          ${{ github.repository }}:${{ env.REF_VARIANT }}
+          ${{ github.repository }}:${{ env.REF_SHA_VARIANT }}
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+    - name: Build and push (master)
+      # Run only on master
+      if: github.ref == 'refs/heads/master'
+      uses: docker/build-push-action@v3
+      with:
+        context: variants/v3.1.6
+        platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x
+        push: true
+        tags: |
+          ${{ github.repository }}:${{ env.REF_VARIANT }}
+          ${{ github.repository }}:${{ env.REF_SHA_VARIANT }}
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+    - name: Build and push (release)
+      if: startsWith(github.ref, 'refs/tags/')
+      uses: docker/build-push-action@v3
+      with:
+        context: variants/v3.1.6
+        platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x
+        push: true
+        tags: |
+          ${{ github.repository }}:${{ env.VARIANT }}
+          ${{ github.repository }}:${{ env.REF_VARIANT }}
+          ${{ github.repository }}:${{ env.REF_SHA_VARIANT }}
+          ${{ github.repository }}:latest
+        cache-from: type=local,src=/tmp/.buildx-cache
+        cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+    # Temp fix
+    # https://github.com/docker/build-push-action/issues/252
+    # https://github.com/moby/buildkit/issues/1896
+    - name: Move cache
+      run: |
+        rm -rf /tmp/.buildx-cache
+        mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
   build-v3-1-5:
     runs-on: ubuntu-latest
     env:
@@ -142,7 +263,6 @@ jobs:
           ${{ github.repository }}:${{ env.VARIANT }}
           ${{ github.repository }}:${{ env.REF_VARIANT }}
           ${{ github.repository }}:${{ env.REF_SHA_VARIANT }}
-          ${{ github.repository }}:latest
         cache-from: type=local,src=/tmp/.buildx-cache
         cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
@@ -1835,7 +1955,7 @@ jobs:
         mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
   update-draft-release:
-    needs: [build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-9, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1]
+    needs: [build-v3-1-6, build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-9, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1]
     if: github.ref == 'refs/heads/master'
     runs-on: ubuntu-latest
     steps:
@@ -1848,7 +1968,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   publish-draft-release:
-    needs: [build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-9, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1]
+    needs: [build-v3-1-6, build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-9, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1]
     if: startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
     steps:
@@ -1863,7 +1983,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   update-dockerhub-description:
-    needs: [build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-9, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1]
+    needs: [build-v3-1-6, build-v3-1-5, build-v3-1-4, build-v3-1-3, build-v3-1-2, build-v3-1-1, build-v3-1-0, build-v3-0-9, build-v3-0-8, build-v3-0-7, build-v3-0-6, build-v3-0-5, build-v3-0-4, build-v3-0-3, build-v3-0-2, build-v3-0-1]
     if: github.ref == 'refs/heads/master'
     runs-on: ubuntu-latest
     steps:
diff --git a/README.md b/README.md
index 9138a2c..f3f4713 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,8 @@ The base image is `alpine`.
 
 | Tag | Dockerfile Build Context |
 |:-------:|:---------:|
-| `:v3.1.5`, `:latest` | [View](variants/v3.1.5) |
+| `:v3.1.6`, `:latest` | [View](variants/v3.1.6) |
+| `:v3.1.5` | [View](variants/v3.1.5) |
 | `:v3.1.4` | [View](variants/v3.1.4) |
 | `:v3.1.3` | [View](variants/v3.1.3) |
 | `:v3.1.2` | [View](variants/v3.1.2) |
@@ -36,14 +37,14 @@ In this image, the PKI will be stored in `/data/pki` (i.e. `EASYRSA_PKI=/data/pk
 
 ```sh
 # Generate /data/pki
-docker run --rm -it -v data:/data theohbrothers/docker-easyrsa:v3.1.5 init-pki
+docker run --rm -it -v data:/data theohbrothers/docker-easyrsa:v3.1.6 init-pki
 # Generate CA, server and client certs
-docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:v3.1.5 build-ca nopass
-docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:v3.1.5 build-server-full server-01 nopass
-docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:v3.1.5 build-client-full client-01 nopass
+docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:v3.1.6 build-ca nopass
+docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:v3.1.6 build-server-full server-01 nopass
+docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:v3.1.6 build-client-full client-01 nopass
 
 # Alternatively, a nice one liner to do everything
-docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:v3.1.5 sh -c 'set -e; easyrsa init-pki; easyrsa build-ca nopass; easyrsa build-server-full server-01 nopass; easyrsa build-client-full client-01 nopass; find /data/pki'
+docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:v3.1.6 sh -c 'set -e; easyrsa init-pki; easyrsa build-ca nopass; easyrsa build-server-full server-01 nopass; easyrsa build-client-full client-01 nopass; find /data/pki'
 ```
 
 According to [`easy-rsa` documentation](https://github.com/OpenVPN/easy-rsa/blob/v3.0.0/doc/EasyRSA-Advanced.md#configuration-reference), there are four ways to run `easy-rsa`, namely:
diff --git a/generate/definitions/versions.json b/generate/definitions/versions.json
index 55e9caf..eb9c738 100644
--- a/generate/definitions/versions.json
+++ b/generate/definitions/versions.json
@@ -1,4 +1,5 @@
 [
+  "3.1.6",
   "3.1.5",
   "3.1.4",
   "3.1.3",
diff --git a/variants/v3.1.6/Dockerfile b/variants/v3.1.6/Dockerfile
new file mode 100644
index 0000000..80ed404
--- /dev/null
+++ b/variants/v3.1.6/Dockerfile
@@ -0,0 +1,43 @@
+FROM alpine:3.17
+ARG TARGETPLATFORM
+ARG BUILDPLATFORM
+RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM"
+
+RUN apk add --no-cache ca-certificates
+
+# Install easyrsa dependencies
+RUN apk add --no-cache iptables openssl
+
+WORKDIR /data
+ENV EASYRSA=/usr/share/easy-rsa
+ENV EASYRSA_PKI=/data/pki
+
+# Install easyrsa
+# See: https://github.com/OpenVPN/easy-rsa/tree/master/release-keys
+RUN set -eux; \
+    apk add --no-cache gnupg gpg-agent dirmngr; \
+    URL=https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.6/EasyRSA-3.1.6.tgz; \
+    FILE=$( basename $URL ); \
+    wget -q "$URL"; \
+    wget -q "$URL.sig"; \
+    gpg --keyserver keys.openpgp.org --recv-keys 6F4056821152F03B6B24F2FCF8489F839D7367F3; \
+    gpg --verify "$FILE.sig" "$FILE"; \
+    mkdir -p /usr/share/easy-rsa; \
+    tar -zxvf "$FILE" --strip-components=1 -C /usr/share/easy-rsa; \
+    ln -sf /usr/share/easy-rsa/easyrsa /usr/local/bin/easyrsa; \
+    \
+    easyrsa help; \
+    easyrsa init-pki; \
+    rm -rfv /data/pki; \
+    \
+    rm -fv "$FILE"; \
+    rm -fv "$FILE.sig"; \
+    rm -rf /root/.gnupg; \
+    apk del gnupg gpg-agent dirmngr;
+
+VOLUME /data
+
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+RUN chmod +x /docker-entrypoint.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/variants/v3.1.6/docker-compose.yml b/variants/v3.1.6/docker-compose.yml
new file mode 100644
index 0000000..5caa2a2
--- /dev/null
+++ b/variants/v3.1.6/docker-compose.yml
@@ -0,0 +1,40 @@
+version: '2.1'
+services:
+  easyrsa:
+    container_name: easyrsa
+    image: theohbrothers/docker-easyrsa:v3.1.6
+
+    # Uncomment and configure these environment to your needs. The following are the default values, according to: https://github.com/OpenVPN/easy-rsa/blob/v3.0.8/doc/EasyRSA-Advanced.md#configuration-reference
+    # Using environment variables is preferred to using a vars file
+    # Double dollar signs '$$' is to escape a dollar sign in the docker-compose yaml parser, see: https://stackoverflow.com/a/40621373
+    # environment:
+      # - EASYRSA_SSL_CONF=/etc/ssl/openssl.cnf
+      # - EASYRSA=$${0%/*}
+      # - EASYRSA_OPENSSL=openssl
+      # - EASYRSA_SSL_CONF=$$EASYRSA/openssl-easyrsa.cnf
+      # - EASYRSA_PKI=$$PWD/pki
+      # - EASYRSA_DN=cn_only
+      # - EASYRSA_REQ_COUNTRY=US
+      # - EASYRSA_REQ_PROVINCE=California
+      # - EASYRSA_REQ_CITY=San Francisco
+      # - EASYRSA_REQ_ORG=Copyleft Certificate Co
+      # - EASYRSA_REQ_EMAIL=me@example.net
+      # - EASYRSA_REQ_OU=My Organizational Unit
+      # - EASYRSA_KEY_SIZE=2048
+      # - EASYRSA_ALGO=rsa
+      # - EASYRSA_CURVE=secp384r1
+      # - EASYRSA_CA_EXPIRE=3650
+      # - EASYRSA_CERT_EXPIRE=180
+      # - EASYRSA_CERT_RENEW=30
+      # - EASYRSA_NS_SUPPORT=no
+      # - EASYRSA_NS_COMMENT=Easy-RSA Generated Certificate
+      # - EASYRSA_TEMP_FILE=$$EASYRSA_PKI/extensions.temp
+      # - EASYRSA_EXT_DIR=$$EASYRSA/x509-types
+      # - EASYRSA_REQ_CN=ChangeMe
+      # - EASYRSA_DIGEST=sha256
+      # - EASYRSA_BATCH=
+
+    # Uncomment this to mount your own openssl.cnf, vars file(s)
+    # volumes:
+      # - ./path/to/openssl.conf:/etc/ssl/openssl.cnf
+      # - ./path/to/vars:/etc/ssl/openssl.cnf
\ No newline at end of file
diff --git a/variants/v3.1.6/docker-entrypoint.sh b/variants/v3.1.6/docker-entrypoint.sh
new file mode 100644
index 0000000..dc974bb
--- /dev/null
+++ b/variants/v3.1.6/docker-entrypoint.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+set -eu
+
+if [ $# -gt 0 ]; then
+    # Get all subcommands. 'help' is also a subcommand
+    SUBCOMMANDS=$( easyrsa | awk "/^'help'/,/^DIRECTORY/" | grep -vE "^'help'|^DIRECTORY|^\s*$" | awk '{print $1}'; echo help )
+    if echo "$SUBCOMMANDS" | grep "^$1$"; then
+        set "easyrsa" "$@"
+        echo "Executing: $@"
+        exec "$@"
+    fi
+else
+    exec "easyrsa" "$@"
+fi
+
+exec "$@"