diff --git a/.gitignore b/.gitignore index 621a7ff..72f6593 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,7 @@ junit.xml node_modules npm-debug.* npm-debug.log -package-lock.json \ No newline at end of file +package-lock.json + +# Root certificate chain exports +build-scripts/ca-certs/*.pem \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index ffacd0e..d94748f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,19 @@ # Our base image -FROM node:20-alpine as base +FROM node:24-alpine as base # Create app directory WORKDIR /src +# Configure OS to use the Yardi VPN certificate +COPY build-scripts/ca-certs ./build-scripts/ca-certs +RUN ./build-scripts/ca-certs/import-certs + +# Common env var used for CA certs +ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt + +# Necessary for VS Code extensions in dev containers +ENV NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt + RUN apk add --no-cache git zsh FROM base AS deps diff --git a/Makefile b/Makefile index 86c592d..9ca9add 100644 --- a/Makefile +++ b/Makefile @@ -31,6 +31,7 @@ dev-clean: ## Remove all the docker containers for this project .PHONY: dev-setup dev-setup: build-scripts/git-hooks + build-scripts/ca-certs/export-certs .PHONY: dev-ssh dev-ssh: ## Open a shell on the current running docker image of the project diff --git a/build-scripts/ca-certs/export-certs b/build-scripts/ca-certs/export-certs new file mode 100755 index 0000000..0fc7672 --- /dev/null +++ b/build-scripts/ca-certs/export-certs @@ -0,0 +1,20 @@ +#!/usr/bin/env sh + +# Exports the root certificates of the current host system, for use inside a +# Docker container. +# +# This includes the Yardi VPN root signing certificate. + +set -e + +export_path=build-scripts/ca-certs/certs.pem + +if command -v security 2>&1 >/dev/null +then + # macOS: `security` command allows for exporting certs + echo "Exporting macOS root certificate store to $export_path..." + security find-certificate -a -p > $export_path +else + echo "Exporting certificates is unsupported on this platform." + exit 1 +fi diff --git a/build-scripts/ca-certs/import-certs b/build-scripts/ca-certs/import-certs new file mode 100755 index 0000000..24cf531 --- /dev/null +++ b/build-scripts/ca-certs/import-certs @@ -0,0 +1,31 @@ +#!/usr/bin/env sh + +# Exports the root certificates of the current host system, for use inside a +# Docker container. +# +# This includes the Yardi VPN root signing certificate. + +set -e + +import_path=build-scripts/ca-certs/certs.pem + +if ! test -f $import_path +then + echo "No certificates to import, skipping..." + exit 0 +fi + +if ! command -v update-ca-certificates 2>&1 >/dev/null +then + # We need to install the ca-certificates package. + # + # First, we need to temporarily add our certificate chain somewhere that apk can + # access it. + cat $import_path >> /etc/ssl/certs/ca-certificates.crt + # Now, install ca-certificates + apk --no-cache add ca-certificates +fi + +# Add our exported certificates into the system certificate store +cp ${import_path} /usr/local/share/ca-certificates/ +update-ca-certificates \ No newline at end of file diff --git a/package.json b/package.json index d5c0b1a..5fafe4f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@hubble/request", - "version": "2.2.0", + "version": "3.0.0", "description": "A simple, universal, no-frills networking library", "main": "dist/index.js", "repository": "https://github.com/HubbleHQ/request", @@ -38,7 +38,7 @@ "serve": "^11.3.0" }, "engines": { - "node": ">=20.5.1", + "node": ">=24.0.0", "npm": "^6.13.4", "yarn": "^1.21.1" },