From 59b95570138a727f4e943984f55b96f724c5af80 Mon Sep 17 00:00:00 2001
From: Michael Reber <michael.reber@swissmakers.ch>
Date: Thu, 13 Nov 2025 22:29:13 +0100
Subject: [PATCH] add openssh to container and add CICD harbor file

---
 .gitea/workflows/build-harbor.yml | 38 +++++++++++++++++++++++++++++++
 Dockerfile                        |  4 ++--
 pkg/web/handlers.go               | 19 ++++++++++++----
 3 files changed, 54 insertions(+), 7 deletions(-)
 create mode 100644 .gitea/workflows/build-harbor.yml

diff --git a/.gitea/workflows/build-harbor.yml b/.gitea/workflows/build-harbor.yml
new file mode 100644
index 0000000..feab31b
--- /dev/null
+++ b/.gitea/workflows/build-harbor.yml
@@ -0,0 +1,38 @@
+name: Build and Push to Harbor when new commit to main-branch
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: linux_amd64
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Login to Harbor (Robot)
+        if: ${{ secrets.HARBOR_REGISTRY && secrets.HARBOR_USERNAME && secrets.HARBOR_PASSWORD }}
+        env:
+          REGISTRY: ${{ secrets.HARBOR_REGISTRY }}
+          ROBOT_USER: ${{ secrets.HARBOR_USERNAME }}
+          ROBOT_PASS: ${{ secrets.HARBOR_PASSWORD }}
+        run: |
+          mkdir -p "$HOME/.config/containers"
+          echo "$ROBOT_PASS" | podman login --username "$ROBOT_USER" --password-stdin "$REGISTRY"
+
+
+      - name: Build & tag
+        env:
+          REG:  ${{ secrets.HARBOR_REGISTRY }}
+          PROJ: ${{ secrets.HARBOR_PROJECT }}
+        run: |
+          podman build -t $REG/$PROJ/fail2ban-ui:${{ github.sha }} .
+          podman tag  $REG/$PROJ/fail2ban-ui:${{ github.sha }} $REG/$PROJ/fail2ban-ui:latest
+
+      - name: Push
+        env:
+          REG:  ${{ secrets.HARBOR_REGISTRY }}
+          PROJ: ${{ secrets.HARBOR_PROJECT }}
+        run: |
+          podman push $REG/$PROJ/fail2ban-ui:${{ github.sha }}
+          podman push $REG/$PROJ/fail2ban-ui:latest
diff --git a/Dockerfile b/Dockerfile
index 43c1646..1a9bd91 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,10 +22,10 @@ FROM alpine:latest AS standalone-ui
 
 # Install required container dependencies
 RUN apk --update --no-cache add \
-    bash curl wget whois tzdata jq ca-certificates htop fail2ban geoip \
+    bash curl wget whois tzdata jq ca-certificates htop fail2ban geoip openssh-client \
     && adduser -D -u 1000 -G root fail2ban
 
-RUN mkdir -p /app /config \
+RUN mkdir -p /app /config /config/.ssh \
     /etc/fail2ban/jail.d \
     /etc/fail2ban/filter.d \
     /etc/fail2ban/action.d \
diff --git a/pkg/web/handlers.go b/pkg/web/handlers.go
index 5c09d5c..3b2545f 100644
--- a/pkg/web/handlers.go
+++ b/pkg/web/handlers.go
@@ -324,12 +324,21 @@ func SetDefaultServerHandler(c *gin.Context) {
 
 // ListSSHKeysHandler returns SSH keys available on the UI host.
 func ListSSHKeysHandler(c *gin.Context) {
-	home, err := os.UserHomeDir()
-	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
-		return
+	var dir string
+	// Check if running inside a container
+	if _, container := os.LookupEnv("CONTAINER"); container {
+		// In container, check /config/.ssh
+		dir = "/config/.ssh"
+	} else {
+		// On host, check ~/.ssh
+		home, err := os.UserHomeDir()
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+			return
+		}
+		dir = filepath.Join(home, ".ssh")
 	}
-	dir := filepath.Join(home, ".ssh")
+
 	entries, err := os.ReadDir(dir)
 	if err != nil {
 		if os.IsNotExist(err) {