Building docker images for signal service

.github/workflows/release.yml

@@ -30,10 +30,22 @@ jobs:
       -
         name: Install modules
         run: go mod tidy
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to GitHub Packages Docker Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GITHUB_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
-        if: startsWith(github.ref, 'refs/tags/')
         with:
           version: latest
           args: release --rm-dist

.goreleaser.yaml

@@ -28,3 +28,41 @@ nfpms:
 
     scripts:
       postinstall: "release_files/post_install.sh"
+dockers:
+  - image_templates:
+      - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64
+    goarch: amd64
+    use_buildx: true
+    dockerfile: Dockerfile
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=maintainer=wiretrustee@wiretrustee.com"
+  - image_templates:
+      - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
+    goarch: arm64
+    use_buildx: true
+    dockerfile: Dockerfile
+    build_flag_templates:
+      - "--platform=linux/arm64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=maintainer=wiretrustee@wiretrustee.com"
+
+docker_manifests:
+  - name_template: ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}
+    image_templates:
+      - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
+      - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64
+
+  - name_template: ghcr.io/wiretrustee/wiretrustee:signal-latest
+    image_templates:
+      - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-arm64v8
+      - ghcr.io/wiretrustee/wiretrustee:signal-{{ .Version }}-amd64

Dockerfile

@@ -1,19 +1,5 @@
-FROM docker.io/golang:1.16 AS build
-
-WORKDIR /src
-
-COPY go.mod .
-COPY cmd .
-COPY connection .
-COPY iface .
-COPY signal .
-COPY util .
-COPY main.go .
-
-RUN go mod download
-RUN go mod tidy
-RUN go install .
-
-FROM gcr.io/distroless/base
-COPY --from=build /go/bin/wiretrustee /
-ENTRYPOINT [ "/wiretrustee signal" ]
+FROM gcr.io/distroless/base:debug
+EXPOSE 10000
+ENTRYPOINT [ "/go/bin/wiretrustee","signal" ]
+CMD ["--log-level","DEBUG"]
+COPY wiretrustee /go/bin/wiretrustee

README.md

@@ -21,12 +21,11 @@ A WireGuard®-based mesh network that connects your devices into a single privat
   For that matter, there is support for a relay server fallback (TURN). So in case, the (NAT-traversal is unsuccessful???), a secure Wireguard tunnel is established via TURN server.
   [Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in Wiretrustee setups.
 
-### What Wiretrustee is not doing (yet):
-* Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step. However, the support for the key management feature is on our roadmap.
+### What Wiretrustee is not doing:
+* Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step.
 * Peer address management. You have to specify a unique peer local address (e.g. 10.30.30.1/24) when configuring Wiretrustee
-  The peer management assignment is on our roadmap too.
 
-### Installation
+### Client Installation
 1. Checkout Wiretrustee [releases](https://github.com/wiretrustee/wiretrustee/releases)   
 2. Download the latest release:
 ```shell
@@ -36,7 +35,8 @@ wget https://github.com/wiretrustee/wiretrustee/releases/download/v0.0.4/wiretru
 ```shell
 sudo dpkg -i wiretrustee_0.0.4_linux_amd64.deb
 ```
-4. Initialize Wiretrustee:
+### Client Configuration
+1. Initialize Wiretrustee:
 ```shell
 sudo wiretrustee init \
  --stunURLs stun:stun.wiretrustee.com:3468,stun:stun.l.google.com:19302 \
@@ -52,17 +52,26 @@ If for some reason, you already have a generated Wireguard key, you can specify
 If not specified, then a new one will be generated, and its corresponding public key will be output to the log.
 A new config will be generated and stored under ```/etc/wiretrustee/config.json```
 
-5. Add a peer to connect to. 
-```
+2. Add a peer to connect to. 
+```shell
 sudo wiretrustee add-peer --allowedIPs 10.30.30.2/32 --key '<REMOTE PEER WIREUARD PUBLIC KEY>'
 ```
 
-6. Restart Wiretrustee
+3. Restart Wiretrustee to reload changes
 ```shell
 sudo systemctl restart wiretrustee.service
 sudo systemctl status wiretrustee.service 
 ```
-
+### Running the Signal service
+We have packed the signal into docker images. You can pull the images from the Github registry and execute it with the following commands:
+````shell
+docker pull ghcr.io/wiretrustee/wiretrustee:signal-latest
+docker run -d --name wiretrustee-signal -p 10000:10000 ghcr.io/wiretrustee/wiretrustee:signal-latest
+````
+The default log-level is set to INFO, if you need you can change it using by updating the docker cmd as followed:
+````shell
+docker run -d --name wiretrustee-signal -p 10000:10000 ghcr.io/wiretrustee/wiretrustee:signal-latest --log-level DEBUG
+````
 ### Roadmap
 * Android app
-* Key and address management service with SSO 
+