Build-Option ebenfalls auf Tag-Referenz angepasst um unnötige Artefaktbildung zu umgehen

.gitea/workflows/release.yml

@@ -1,14 +1,18 @@
-# Git(tea) Actions workflow: Build and publish standalone binaries
+# Git(tea) Actions workflow: Build and publish standalone binaries **plus** bundled `static/` assets
 # ────────────────────────────────────────────────────────────────────
-#  ✧  Builds the Go‑based WoL server for three targets
+#  ✧  Builds the Go‑based WoL server for four targets **and** packt das Verzeichnis
+#      `static` zusammen mit der Binary, sodass es relativ zur ausführbaren Datei
+#      liegt (wichtig für die eingebauten Bootstrap‑Assets & favicon).
+#
 #       • linux/amd64    → wol-server-linux-amd64.tar.gz
-#       • linux/arm64   → wol-server-linux-arm64.tar.gz   (Raspberry Pi 4/5, 64‑bit OS)
+#       • linux/arm64    → wol-server-linux-arm64.tar.gz
+#       • linux/arm/v7   → wol-server-linux-armv7.tar.gz
 #       • windows/amd64  → wol-server-windows-amd64.zip
-#  ✧  Uploads artifacts to the workflow and, if a tag (vX.Y.Z) is pushed,
-#      attaches them to the corresponding release.
+#
+#  ✧  Artefakte landen im Workflow und – bei Tag‑Push (vX.Y.Z) – als Release‑Assets.
 #
 #  Secrets/variables:
-#    GITEA_TOKEN – optional, only needed if default token lacks release perms.
+#    GITEA_TOKEN – optional, falls default token keine Release‑Rechte hat.
 # ────────────────────────────────────────────────────────────────────
 
 name: build-binaries
@@ -20,6 +24,7 @@ on:
 
 jobs:
   build:
+    if: startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-fast
 
     strategy:
@@ -28,15 +33,19 @@ jobs:
           - goos: linux
             goarch: amd64
             ext: ""
-          - goos: linux   # Raspberry Pi (64‑bit)
+          - goos: linux
             goarch: arm64
             ext: ""
+          - goos: linux
+            goarch: arm
+            goarm: "7"
+            ext: ""
           - goos: windows
             goarch: amd64
             ext: ".exe"
 
     env:
-      GO_VERSION: "1.22"
+      GO_VERSION: "1.24"
       BINARY_NAME: wol-server
 
     steps:
@@ -49,35 +58,45 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
           cache: true
 
-      - name: Build ${{ matrix.goos }}/${{ matrix.goarch }}
+      - name: Build ${{ matrix.goos }}/${{ matrix.goarch }}${{ matrix.goarm && format('/v{0}', matrix.goarm) || '' }}
         shell: bash
         run: |
-          mkdir -p dist
-          GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build -trimpath -ldflags "-s -w" \
-            -o "dist/${BINARY_NAME}-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.ext }}" .
+          set -e
+          mkdir -p dist/package
+          if [ -n "${{ matrix.goarm }}" ]; then export GOARM=${{ matrix.goarm }}; fi
+          CGO_ENABLED=0 GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build -trimpath -ldflags "-s -w" \
+            -o "dist/package/${BINARY_NAME}${{ matrix.ext }}" .
+          # Assets: statisches Verzeichnis beilegen
+          cp -r static dist/package/
 
-      - name: Package archive
+      - name: Package archive with static assets
         shell: bash
         run: |
+          set -e
           cd dist
-          FILE="${BINARY_NAME}-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.ext }}"
           if [ "${{ matrix.goos }}" == "windows" ]; then
-            zip "${BINARY_NAME}-windows-amd64.zip" "$FILE"
-            rm "$FILE"
+            ZIP_NAME="${BINARY_NAME}-windows-amd64.zip"
+            (cd package && zip -r "../$ZIP_NAME" .)
           else
-            tar -czf "${BINARY_NAME}-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz" "$FILE"
-            rm "$FILE"
+            ARCH_SUFFIX="${{ matrix.goarch }}"
+            if [ "${{ matrix.goarch }}" == "arm" ]; then ARCH_SUFFIX="armv${{ matrix.goarm }}"; fi
+            TAR_NAME="${BINARY_NAME}-${{ matrix.goos }}-${ARCH_SUFFIX}.tar.gz"
+            tar -czf "$TAR_NAME" -C package .
           fi
 
       - name: Upload workflow artifact
         uses: actions/upload-artifact@v3
         with:
-          name: ${{ matrix.goos }}-${{ matrix.goarch }}
-          path: |
-            dist/*.zip
-            dist/*.tar.gz
+          name: ${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goarm && format('v{0}', matrix.goarm) || '' }}
+          path: dist/*.tar.gz
+          if-no-files-found: ignore
+      - uses: actions/upload-artifact@v3
+        with:
+          name: windows-amd64
+          path: dist/*.zip
+          if-no-files-found: ignore
 
-  # Optional release step for tag pushes
+  # Release Schritt für Tag‑Pushes
   release:
     if: startsWith(github.ref, 'refs/tags/')
     needs: build
@@ -86,7 +105,7 @@ jobs:
       contents: write
 
     steps:
-      - name: Download build artifacts
+      - name: Download artifacts
         uses: actions/download-artifact@v3
         with:
           path: ./dist

Dockerfile

@@ -28,7 +28,12 @@ EXPOSE 8080
 ENV EW_USERNAME=admin \
     EW_PASSWORD=admin \
     EW_DB=/data/machines.json \
-    EW_PRODUCTIVE=true
+    EW_PRODUCTIVE=true \
+    EW_FORCEINSECURECOOKIE=false \
+    HTTP_PORT=8080 \
+    HTTP_TLS=false \
+    HTTP_TLS_CERTIFICATE=./server-cert.pem \
+    HTTP_TLS_PRIVATEKEY=./server-key.pem
 
 
 ENTRYPOINT ["/bin/edgewol"]

compose.yml

@@ -2,7 +2,6 @@ services:
   api:
     image: git.send.nrw/sendnrw/edge-wol:latest
     container_name: edgewol
-    restart: unless-stopped
     volumes:
       - /docker/edgewol/machines.json:/data/machines.json
     #labels:

main.go

@@ -41,6 +41,10 @@ import (
 )
 
 var (
+	HTTP_PORT            string = "8080"
+	HTTP_TLS             bool   = false
+	HTTP_TLS_PRIVATEKEY  string = ""
+	HTTP_TLS_CERTIFICATE string = ""
 	username                    = GetENV("EW_USERNAME", "root")
 	password                    = GetENV("EW_PASSWORD", "root")
 	productive                  = Enabled("EW_PRODUCTIVE", false)
@@ -185,7 +189,17 @@ func generateSessionToken() string {
 func main() {
 	// Determine DB path and load machines.
 	hashedPassword = hashPassword(password)
+	if productive {
 		dbPath = GetENV("EW_DB", "/data/machines.json")
+	} else {
+		dbPath = "./machines.json"
+	}
+
+	HTTP_PORT = GetENV("HTTP_PORT", "8080")
+	HTTP_TLS = Enabled("HTTP_TLS", true)
+	HTTP_TLS_CERTIFICATE = GetENV("HTTP_TLS_CERTIFICATE", "./server-cert.pem")
+	HTTP_TLS_PRIVATEKEY = GetENV("HTTP_TLS_PRIVATEKEY", "./server-key.pem")
+
 	loadMachines()
 
 	// Save on SIGINT/SIGTERM.
@@ -223,13 +237,25 @@ func main() {
 				// Speichere Session
 				sessionStore[token] = user
 
+				var envSecure bool
+				if productive {
+					var forceInsecure bool = Enabled("EW_FORCEINSECURECOOKIE", false)
+					if forceInsecure {
+						envSecure = r.TLS != nil
+					} else {
+						envSecure = true
+					}
+				} else {
+					envSecure = r.TLS != nil
+				}
+
 				// Cookie setzen
 				http.SetCookie(w, &http.Cookie{
 					Name:     "session",
 					Value:    token,
 					Path:     "/",
 					HttpOnly: true,
-					Secure:   true,
+					Secure:   envSecure,
 					SameSite: http.SameSiteLaxMode,
 				})
 
@@ -298,15 +324,18 @@ func main() {
 	http.HandleFunc("/add", addHandler)
 	http.HandleFunc("/remove", removeHandler)
 
-	addr := os.Getenv("LISTEN")
-	if addr == "" {
-		addr = ":8080"
-	}
-
-	log.Printf("WoL server listening on %s (DB: %s)", addr, dbPath)
-	if err := http.ListenAndServe(addr, nil); err != nil {
+	if HTTP_TLS {
+		log.Printf("WoL server listening on %s (DB: %s)", ":"+HTTP_PORT, dbPath)
+		if err := http.ListenAndServeTLS(":"+HTTP_PORT, HTTP_TLS_CERTIFICATE, HTTP_TLS_PRIVATEKEY, nil); err != nil {
 			log.Fatalf("http server error: %v", err)
 		}
+	} else {
+		log.Printf("WoL server listening on %s (DB: %s)", ":"+HTTP_PORT, dbPath)
+		if err := http.ListenAndServe(":"+HTTP_PORT, nil); err != nil {
+			log.Fatalf("http server error: %v", err)
+		}
+	}
+
 }
 
 // ========= persistence =========