DRY by using the Linux package's enable and share scripts in the Docker share project

docker/compose/zrok-public-reserved/compose.yml

@@ -53,117 +53,34 @@ services:
     depends_on:
       zrok-init:
         condition: service_completed_successfully
-    entrypoint:
-      - bash
-      - -euc
-      - |
-        if [[ -s ~/.zrok/environment.json ]]; then
-          ZITI_ID="$(jq '.ziti_identity' ~/.zrok/environment.json 2>/dev/null)"
-          if [[ -z "$${ZITI_ID}" || "$${ZITI_ID}" == null ]]; then
-            echo "ERROR: invalid environment; consider a reset with 'docker compose down --volumes'" >&2
-            exit 1
-          else
-            echo "INFO: zrok environment is already enabled"
-            exit 0
-          fi
-        else
-          if [[ -z "${ZROK_ENABLE_TOKEN}" ]]; then
-            echo "ERROR: ZROK_ENABLE_TOKEN is not defined" >&2
-            exit 1
-          else
-            zrok config set apiEndpoint ${ZROK_API_ENDPOINT:-https://api.zrok.io}
-            echo "INFO: running: zrok $(sed -E "s/${ZROK_ENABLE_TOKEN}/************/" <<< $${@})"
-            exec zrok "$${@}"
-          fi
-        fi
-    command: -- enable --headless --description "${ZROK_ENVIRONMENT_NAME:-docker reserved public share}" ${ZROK_ENABLE_TOKEN}
+    entrypoint: zrok-enable.bash
     volumes:
       - zrok_env:/mnt
     environment:
-      HOME: /mnt
+      STATE_DIRECTORY: /mnt
+      ZROK_ENABLE_TOKEN:
+      ZROK_API_ENDPOINT:
+      ZROK_ENVIRONMENT_NAME:
 
-  # reserve zrok frontend url for the zrok backend config
-  zrok-reserve:
+  # reserve zrok frontend subdomain and start sharing the target
+  zrok-share:
     image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
-    entrypoint:
-      - bash
-      - -euc
-      - |
-        if [[ -s ~/.zrok/reserved.json ]]; then
-          ZROK_RESERVED_TOKEN="$(jq '.token' ~/.zrok/reserved.json 2>/dev/null)"
-          if [[ -z "$${ZROK_RESERVED_TOKEN}" || "$${ZROK_RESERVED_TOKEN}" == null ]]; then
-            echo "ERROR: invalid reserved.json: $(jq -c . ~/.zrok/reserved.json)" >&2
-            exit 1
-          else
-            echo "INFO: zrok backend is already reserved: $${ZROK_RESERVED_TOKEN}"
-            exit 0
-          fi
-        else
-          set -o pipefail
-          ZROK_CMD="reserve public --json-output"
-          if [[ -n "${ZROK_SHARE_OPTS:-}" ]]; then
-            ZROK_CMD+=" ${ZROK_SHARE_OPTS}"
-          fi
-          if [[ -n "${ZROK_OAUTH_PROVIDER:-}" ]]; then
-            ZROK_CMD+=" --oauth-provider ${ZROK_OAUTH_PROVIDER}"
-          fi
-          if [[ -n "${ZROK_BACKEND_MODE:-}" && "${ZROK_BACKEND_MODE}" != caddy ]]; then
-            ZROK_CMD+=" --backend-mode ${ZROK_BACKEND_MODE} ${ZROK_TARGET:-http://zrok-test:9090}"
-          else
-            ZROK_CMD+=" --backend-mode caddy /mnt/.zrok/Caddyfile"
-          fi
-          echo "INFO: running: zrok $${ZROK_CMD}"
-          zrok $${ZROK_CMD} | jq -rc | tee ~/.zrok/reserved.json
-        fi
+    entrypoint: zrok-share.bash
     depends_on:
       zrok-enable:
         condition: service_completed_successfully
     volumes:
       - zrok_env:/mnt
+    ports: []
+      # - 127.0.0.1:2019:2019  # Caddy admin API
     environment:
-      HOME: /mnt
-
-  # start share on reserved public frontend url
-  zrok-share:
-    image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
-    restart: unless-stopped
-    entrypoint:
-      - bash
-      - -euc
-      - |
-        if ! [[ -s ~/.zrok/reserved.json ]]; then
-          echo "ERROR: empty or missing reserved.json" >&2
-          exit 1
-        else
-          ZROK_PUBLIC_URLS=$(jq -cr '.frontend_endpoints' ~/.zrok/reserved.json 2>/dev/null)
-          if [[ -z "$${ZROK_PUBLIC_URLS}" || "$${ZROK_PUBLIC_URLS}" == null ]]; then
-            echo "ERROR: frontend endpoints not defined" >&2
-            exit 1
-          else
-            echo "INFO: zrok public URLs: $${ZROK_PUBLIC_URLS}"
-          fi
-          ZROK_RESERVED_TOKEN=$(jq -r '.token' ~/.zrok/reserved.json 2>/dev/null)
-          if [[ -z "$${ZROK_RESERVED_TOKEN}" && "$${ZROK_RESERVED_TOKEN}" == null ]]; then
-            echo "ERROR: zrok reservation token not defined" >&2
-            exit 1
-          else
-            echo "INFO: zrok reservation token: $${ZROK_RESERVED_TOKEN}"
-          fi
-
-          echo "INFO: running: zrok $${@} $${ZROK_RESERVED_TOKEN}"
-          exec zrok "$${@}" $${ZROK_RESERVED_TOKEN}
-        fi
-    command: -- share reserved --headless
-    depends_on:
-      zrok-reserve:
-        condition: service_completed_successfully
-    volumes:
-      - zrok_env:/mnt
-    ports:
-      - 127.0.0.1:2019:2019
-    environment:
-      HOME: /mnt
+      STATE_DIRECTORY: /mnt
       PFXLOG_NO_JSON: "true"
+      ZROK_BACKEND_MODE:
+      ZROK_TARGET:
+      ZROK_OAUTH_PROVIDER:
+      ZROK_OATH_EMAILS:
+      ZROK_BASIC_AUTH:
 
   # demo server
   zrok-test:

docker/images/zrok/Dockerfile

@@ -1,5 +1,5 @@
 # this builds docker.io/openziti/zrok
-ARG ZITI_CLI_TAG="0.30.5"
+ARG ZITI_CLI_TAG="0.31.0"
 ARG ZITI_CLI_IMAGE="docker.io/openziti/ziti-cli"
 # this builds docker.io/openziti/ziti-controller
 FROM ${ZITI_CLI_IMAGE}:${ZITI_CLI_TAG}
@@ -30,8 +30,14 @@ RUN mkdir -p -m0755 /licenses
 COPY ./LICENSE /licenses/apache.txt
 
 RUN mkdir -p /usr/local/bin
-COPY ${ARTIFACTS_DIR}/${TARGETARCH}/${TARGETOS}/zrok /usr/local/bin/
-RUN chmod 0755 /usr/local/bin/zrok
+COPY ${ARTIFACTS_DIR}/${TARGETARCH}/${TARGETOS}/zrok \
+      ./nfpm/zrok-enable.bash \
+      ./nfpm/zrok-share.bash \
+      /usr/local/bin/
+RUN chmod 0755 \
+      /usr/local/bin/zrok \
+      /usr/local/bin/zrok-enable.bash \
+      /usr/local/bin/zrok-share.bash
 
 USER nobody
 ENTRYPOINT [ "zrok" ]

docs/guides/frontdoor.mdx

@@ -34,7 +34,7 @@ If you'd prefer to run zrok in Docker, you can follow the same Docker instructio
 
   <TabItem value="Mac OS">
 
-On macOS, zrok frontdoor is implemented as a Docker share project which reserves a public subdomain for your website or service.
+On macOS, zrok frontdoor is implemented as a Docker Compose project which reserves a public subdomain for your website or service.
 
     <ReservedDocker/>
 
@@ -42,7 +42,7 @@ On macOS, zrok frontdoor is implemented as a Docker share project which reserves
 
   <TabItem value="Windows">
 
-On Windows, zrok frontdoor is implemented as a Docker share project which reserves a public subdomain for your website or service.
+On Windows, zrok frontdoor is implemented as a Docker Compose project which reserves a public subdomain for your website or service.
 
     <ReservedDocker/>
 

nfpm/README.md

@@ -1,4 +1,4 @@
 
 # nfpm supporting files
 
-These files are sourced by nfpm when invoked by goreleaser to build Linux packages.
+These files are sourced by nfpm when invoked by goreleaser to build Linux packages, and by the Docker BuildKit build to build Docker release images.

nfpm/zrok-enable.bash

@@ -8,7 +8,7 @@ set -o nounset
 set -o pipefail
 
 BASENAME=$(basename "$0")
-DEFAULT_ZROK_ENVIRONMENT_NAME="zrok-share.service on $(hostname -s)"
+DEFAULT_ZROK_ENVIRONMENT_NAME="zrok-share service on $(hostname -s 2>/dev/null || echo localhost)"
 
 if (( $# )); then
   case $1 in
@@ -44,8 +44,7 @@ if (( $# )); then
     exit 1
   fi
 else
-  echo "ERROR: need filename argument to read environment configuration" >&2
-  exit 1
+  echo "WARNING: no env filename argument, trying to read configuration from environment variables" >&2
 fi
 
 if [[ -z "${ZROK_ENABLE_TOKEN}" ]]; then

nfpm/zrok-share.bash

@@ -30,8 +30,7 @@ else
   #   echo "ERROR: need /opt/openziti/etc/zrok.env or filename argument to read share configuration" >&2
   #   exit 1
   # fi
-  echo "ERROR: need filename argument to read share configuration" >&2
-  exit 1
+  echo "WARNING: no environment filename argument, trying to read share configuration from env vars" >&2
 fi
 
 if [[ -s ~/.zrok/reserved.json ]]; then