rolodato · tmaier · Jan 15, 2018 · Jan 15, 2018 · Jan 16, 2018 · Jan 16, 2018
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,27 @@
+FROM node:9.4-alpine
+
+LABEL \
+      io.whalebrew.name="gitlab-le" \
+      maintainer="Tobias L. Maier <[email protected]>" \
+      org.label-schema.description="CLI Tool to easily generate a Let's Encrypt certificate for GitLab.com hosted pages" \
+      org.label-schema.docker.cmd.help="docker container run --rm rolodato/gitlab-letsencrypt --help" \
+      org.label-schema.docker.cmd="docker container run --rm rolodato/gitlab-letsencrypt --domain example.com --email [email protected] --repository https://gitlab.com/my-user/my-repo --token GITLAB_TOKEN" \
+      org.label-schema.docker.schema-version="1.0" \
+      org.label-schema.name="gitlab-letsencrypt" \
+      org.label-schema.url="https://github.com/rolodato/gitlab-letsencrypt" \
+      org.label-schema.usage="https://github.com/rolodato/gitlab-letsencrypt/blob/master/README.markdown" \
+      org.label-schema.vcs-url="https://github.com/rolodato/gitlab-letsencrypt" \
+      org.label-schema.vendor="Tobias L. Maier <[email protected]>"
+
+ENV PATH="/home/node/.npm-global/bin:${PATH}"
+ENV NPM_CONFIG_PREFIX=/home/node/.npm-global
+
+RUN apk add --no-cache --virtual build-dependencies \
+      build-base \
+      python \
+  && su node -c "npm install --quiet --production --no-progress -g gitlab-letsencrypt" \
+  && apk del build-dependencies
+
+USER node
+
+ENTRYPOINT ["gitlab-le"]
diff --git a/README.markdown b/README.markdown
@@ -1,4 +1,5 @@
-# gitlab-letsencrypt [![Build Status](https://travis-ci.org/rolodato/gitlab-letsencrypt.svg?branch=master)](https://travis-ci.org/rolodato/gitlab-letsencrypt)
+# gitlab-letsencrypt [![Build Status](https://travis-ci.org/rolodato/gitlab-letsencrypt.svg?branch=master)](https://travis-ci.org/rolodato/gitlab-letsencrypt) [![Docker Automated build](https://img.shields.io/docker/automated/rolodato/gitlab-letsencrypt.svg)](https://hub.docker.com/r/rolodato/gitlab-letsencrypt/) [![Docker Pulls](https://img.shields.io/docker/pulls/rolodato/gitlab-letsencrypt.svg)](https://hub.docker.com/r/rolodato/gitlab-letsencrypt/) [![GitHub stars](https://img.shields.io/github/stars/rolodato/gitlab-letsencrypt.svg?style=social&label=Star)](https://github.com/rolodato/gitlab-letsencrypt)
+
 
 Command-line tool to generate a [Let's Encrypt](https://letsencrypt.org) certificate for use with [GitLab Pages](https://pages.gitlab.io/).
 
@@ -45,6 +46,57 @@ Try it out: https://example.com https://www.example.com (GitLab might take a few
 This certificate expires on Sat Apr 14 2018 03:09:06 GMT+0100 (BST). You will need to run gitlab-le again at some time before this date.
 ```
 
+## Docker image
+
+There is also a [Docker image](https://hub.docker.com/r/rolodato/gitlab-letsencrypt/) available.
+This means the Command-line tool can be used without installing all the dependencies required to run the application.
+
+Example:
+```text
+docker container run --rm -it rolodato/gitlab-letsencrypt \
+  --domain example.com \
+  --email [email protected] \
+  --repository https://gitlab.com/my/repo \
+  --jekyll \
+  --path /acme-challenge \
+  --token $GITLAB_TOKEN
+```
+
+## Automatic renewal of the certificate
+
+Let's Encrypt certificates have a comparatively short life-span.
+They need to be renewed regularly.
+
+Use the [GitLab Pipeline Schedule](https://docs.gitlab.com/ce/user/project/pipelines/schedules.html) feature to automate the renewal process.
+
+```yaml
+ssl:renew certificate:
+  image:
+    name: rolodato/gitlab-letsencrypt
+    entrypoint: ["/bin/sh", "-c"]
+  variables:
+    GIT_STRATEGY: none
+  before_script: []
+  script: |-
+    gitlab-le \
+      --domain example.com \
+      --email $LETS_ENCRYPT_EMAIL \
+      --jekyll \
+      --path /acme-challenge \
+      --production \
+      --repository $CI_PROJECT_URL \
+      --token $GITLAB_TOKEN
+  only:
+    - schedules
+```
+
+Add the following variables to your GitLab project: `LETS_ENCRYPT_EMAIL` and your secret `GITLAB_TOKEN`.
+
+Consider to add `except: [schedules]` to all other jobs in your `.gitlab-ci.yml` file, as they will be anyway triggered when gitlab-le adds and removes the ACME challenge.
+
+Schedule then a new pipeline to run for example every month.
+See <https://docs.gitlab.com/ce/user/project/pipelines/schedules.html> for details.
+
 ## How it works
 
 `gitlab-le` uses the [ACME HTTP Challenge](https://tools.ietf.org/html/draft-ietf-acme-acme-09#section-8.3) to prove ownership of a given set of domains.
@@ -77,4 +129,4 @@ However, GitLab does not provide a way to automatically renew certificates, so t
 
 ## Automation
 
-Since 10.2, GitLab provides an API to configure HTTPS certificates on a GitLab page, which means `gitlab-le` can be configured to obtain new certificates when your existing ones are about to expire.
+Since 10.2, GitLab provides an API to configure HTTPS certificates on a GitLab page, which means `gitlab-le` can be configured to obtain new certificates when your existing ones are about to expire.