Fix cert deploy

Luke Hinds · Luke Hinds · commit fddcc71d9e27 · 2024-12-14T20:29:07.000Z
diff --git a/Dockerfile b/Dockerfile
@@ -32,20 +32,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 
 WORKDIR /usr/src/
 
-# Get the latest commit sha as a build arg
-# This is needed otherwise Docker will cache the git clone step. With this workaround
-# we can force Docker to re-run the git clone step if the latest commit sha changes.
-# --build-arg LATEST_COMMIT_SHA=$(curl \
-#     -LSsk "https://api.github.com/repos/stacklok/codegate-ui/commits?per_page=1" \
-#     -H "Authorization: Bearer $GH_CI_TOKEN" | jq -r '.[0].sha')
-ARG LATEST_COMMIT_SHA=LATEST
-RUN echo "Latest FE commit: $LATEST_COMMIT_SHA"
-# Download the webapp from GH
-# -L to follow redirects
+# Get the latest release of the webapp from GH
 RUN --mount=type=secret,id=gh_token \
-    LATEST_COMMIT_SHA=${LATEST_COMMIT_SHA} \
-    curl -L -o main.zip "https://api.github.com/repos/stacklok/codegate-ui/zipball/main" \
-    -H "Authorization: Bearer $(cat /run/secrets/gh_token)"
+    curl -s -H "Authorization: Bearer $(cat /run/secrets/gh_token)" https://api.github.com/repos/stacklok/codegate-ui/releases/latest \
+    | grep '"zipball_url":' \
+    | cut -d '"' -f 4 \
+    | xargs -n 1 -I {} curl -L -H "Authorization: Bearer $(cat /run/secrets/gh_token)" -o main.zip {}
 
 # Extract the downloaded zip file
 RUN unzip main.zip
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
@@ -6,7 +6,31 @@ BACKUP_NAME="backup"
 MODEL_BASE_PATH="/app/codegate_volume/models"
 CODEGATE_DB_FILE="/app/codegate_volume/db/codegate.db"
 CODEGATE_CERTS="/app/codegate_volume/certs"
-WEBAPP="/usr/src/webapp"
+NGINX_CA_CERT="/usr/share/nginx/html/certificates"
+
+# Function to ensure the certificates directory exists and copy the certificate
+setup_certificate() {
+    echo "Ensuring the Nginx certificates directory exists..."
+    mkdir -p "$NGINX_CA_CERT"  # Ensure the directory exists
+
+    # Check if the source certificate exists
+    if [ ! -f "$CODEGATE_CERTS/ca.crt" ]; then
+        echo "Error: Certificate file not found at $CODEGATE_CERTS/ca.crt"
+        exit 1
+    fi
+
+    echo "Copying CA certificate to $NGINX_CA_CERT..."
+    cp "$CODEGATE_CERTS/ca.crt" "$NGINX_CA_CERT/codegate_ca.crt"
+
+    # Verify the copy was successful
+    if [ -f "$NGINX_CA_CERT/codegate_ca.crt" ]; then
+        echo "CA certificate successfully copied to $NGINX_CA_CERT"
+    else
+        echo "Error: Failed to copy CA certificate."
+        exit 1
+    fi
+}
+
 
 # Function to restore backup if paths are provided
 restore_backup() {
@@ -64,7 +88,7 @@ restore_backup
 genrerate_certs
 
 # Step 3: Make CA available to UI
-cp "$CODEGATE_CERTS/ca.crt" "$WEBAPP/public/certificates/codegate_ca.crt"
+setup_certificate
 
 # Step 4: Start the dashboard
 start_dashboard
