feat: new deployment provider: netlify site

internal/deployer/providers.go

@@ -52,6 +52,7 @@ import (
 	pJDCloudVOD "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/jdcloud-vod"
 	pK8sSecret "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/k8s-secret"
 	pLocal "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/local"
+	pNetlifySite "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/netlify-site"
 	pProxmoxVE "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/proxmoxve"
 	pQiniuCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/qiniu-cdn"
 	pQiniuPili "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/qiniu-pili"
@@ -729,6 +730,20 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 			return deployer, err
 		}
 
+	case domain.DeploymentProviderTypeNetlifySite:
+		{
+			access := domain.AccessConfigForNetlify{}
+			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+				return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+			}
+
+			deployer, err := pNetlifySite.NewDeployer(&pNetlifySite.DeployerConfig{
+				ApiToken: access.ApiToken,
+				SiteId:   maputil.GetString(options.ProviderExtendedConfig, "siteId"),
+			})
+			return deployer, err
+		}
+
 	case domain.DeploymentProviderTypeProxmoxVE:
 		{
 			access := domain.AccessConfigForProxmoxVE{}

internal/domain/provider.go

@@ -202,6 +202,7 @@ const (
 	DeploymentProviderTypeJDCloudVOD            = DeploymentProviderType(AccessProviderTypeJDCloud + "-vod")
 	DeploymentProviderTypeKubernetesSecret      = DeploymentProviderType(AccessProviderTypeKubernetes + "-secret")
 	DeploymentProviderTypeLocal                 = DeploymentProviderType(AccessProviderTypeLocal)
+	DeploymentProviderTypeNetlifySite           = DeploymentProviderType(AccessProviderTypeNetlify + "-site")
 	DeploymentProviderTypeProxmoxVE             = DeploymentProviderType(AccessProviderTypeProxmoxVE)
 	DeploymentProviderTypeQiniuCDN              = DeploymentProviderType(AccessProviderTypeQiniu + "-cdn")
 	DeploymentProviderTypeQiniuKodo             = DeploymentProviderType(AccessProviderTypeQiniu + "-kodo")

internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site.go

@@ -20,11 +20,11 @@ type DeployerConfig struct {
 	ApiKey string `json:"apiKey"`
 	// 是否允许不安全的连接。
 	AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
-	// 站点类型。
+	// 网站类型。
 	SiteType string `json:"siteType"`
-	// 站点名称（单个）。
+	// 网站名称（单个）。
 	SiteName string `json:"siteName,omitempty"`
-	// 站点名称（多个）。
+	// 网站名称（多个）。
 	SiteNames []string `json:"siteNames,omitempty"`
 }
 

internal/pkg/core/deployer/providers/netlify-site/netlify_site.go

@@ -0,0 +1,101 @@
+package netlifysite
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"log/slog"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+	"github.com/netlify/open-api/v2/go/porcelain"
+	porcelainctx "github.com/netlify/open-api/v2/go/porcelain/context"
+
+	"github.com/usual2970/certimate/internal/pkg/core/deployer"
+	certutil "github.com/usual2970/certimate/internal/pkg/utils/cert"
+)
+
+type DeployerConfig struct {
+	// netlify API Token。
+	ApiToken string `json:"apiToken"`
+	// netlify 网站 ID。
+	SiteId string `json:"siteId"`
+}
+
+type DeployerProvider struct {
+	config          *DeployerConfig
+	logger          *slog.Logger
+	sdkClient       *porcelain.Netlify
+	sdkClientAuther runtime.ClientAuthInfoWriter
+}
+
+var _ deployer.Deployer = (*DeployerProvider)(nil)
+
+func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
+	if config == nil {
+		panic("config is nil")
+	}
+
+	client, clientAuther, err := createSdkClient(config.ApiToken)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
+	}
+
+	return &DeployerProvider{
+		config:          config,
+		logger:          slog.Default(),
+		sdkClient:       client,
+		sdkClientAuther: clientAuther,
+	}, nil
+}
+
+func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
+	if logger == nil {
+		d.logger = slog.Default()
+	} else {
+		d.logger = logger
+	}
+	return d
+}
+
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
+	if d.config.SiteId == "" {
+		return nil, errors.New("config `siteId` is required")
+	}
+
+	// 提取服务器证书和中间证书
+	serverCertPEM, intermediaCertPEM, err := certutil.ExtractCertificatesFromPEM(certPEM)
+	if err != nil {
+		return nil, fmt.Errorf("failed to extract certs: %w", err)
+	}
+
+	// 上传网站证书
+	// REF: https://open-api.netlify.com/#tag/sniCertificate/operation/provisionSiteTLSCertificate
+	configureSiteTLSCertificateCtx := porcelainctx.WithAuthInfo(context.TODO(), d.sdkClientAuther)
+	configureSiteTLSCertificateReq := &porcelain.CustomTLSCertificate{
+		Certificate:    serverCertPEM,
+		CACertificates: intermediaCertPEM,
+		Key:            privkeyPEM,
+	}
+	configureSiteTLSCertificateResp, err := d.sdkClient.ConfigureSiteTLSCertificate(configureSiteTLSCertificateCtx, d.config.SiteId, configureSiteTLSCertificateReq)
+	d.logger.Debug("sdk request 'netlify.provisionSiteTLSCertificate'", slog.String("siteId", d.config.SiteId), slog.Any("request", configureSiteTLSCertificateReq), slog.Any("response", configureSiteTLSCertificateResp))
+	if err != nil {
+		return nil, fmt.Errorf("failed to execute sdk request 'netlify.provisionSiteTLSCertificate': %w", err)
+	}
+
+	return &deployer.DeployResult{}, nil
+}
+
+func createSdkClient(apiToken string) (*porcelain.Netlify, runtime.ClientAuthInfoWriter, error) {
+	if apiToken == "" {
+		return nil, nil, errors.New("invalid netlify api token")
+	}
+
+	creds := runtime.ClientAuthInfoWriterFunc(func(r runtime.ClientRequest, _ strfmt.Registry) error {
+		r.SetHeaderParam("User-Agent", "Certimate")
+		r.SetHeaderParam("Authorization", "Bearer "+apiToken)
+		return nil
+	})
+
+	return porcelain.Default, creds, nil
+}

internal/pkg/core/deployer/providers/netlify-site/netlify_site_test.go

@@ -0,0 +1,70 @@
+package netlifysite_test
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/netlify-site"
+)
+
+var (
+	fInputCertPath string
+	fInputKeyPath  string
+	fApiToken      string
+	fSiteId        int64
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_DEPLOYER_NETLIFYSITE_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fApiToken, argsPrefix+"APITOKEN", "", "")
+	flag.Int64Var(&fSiteId, argsPrefix+"SITEID", 0, "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./netlify_site_test.go -args \
+	--CERTIMATE_DEPLOYER_NETLIFYSITE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_DEPLOYER_NETLIFYSITE_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_DEPLOYER_NETLIFYSITE_APITOKEN="your-api-token" \
+	--CERTIMATE_DEPLOYER_NETLIFYSITE_SITEID="your-site-id"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("APITOKEN: %v", fApiToken),
+			fmt.Sprintf("SITEID: %v", fSiteId),
+		}, "\n"))
+
+		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
+			ApiToken: fApiToken,
+			SiteId:   fSiteId,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		t.Logf("ok: %v", res)
+	})
+}