mirror of
https://github.com/cmur2/dyndnsd.git
synced 2024-12-21 14:54:22 +01:00
docker: add image release on tag and periodic vulnerability scan
This commit is contained in:
parent
5cce42f4c7
commit
617fbf538b
26
.github/workflows/cd.yml
vendored
Normal file
26
.github/workflows/cd.yml
vendored
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
name: cd
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'v*.*.*'
|
||||
|
||||
jobs:
|
||||
release-dockerimage:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- name: Extract dyndnsd version from tag name
|
||||
run: |
|
||||
echo ::set-env name=DYNDNSD_VERSION::${GITHUB_REF#refs/*/v}
|
||||
# https://github.com/marketplace/actions/build-and-push-docker-images
|
||||
- name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
|
||||
uses: docker/build-push-action@v1
|
||||
with:
|
||||
username: cmur2
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
repository: cmur2/dyndnsd
|
||||
path: docker
|
||||
build_args: DYNDNSD_VERSION=${{ env.DYNDNSD_VERSION }}
|
||||
tag_with_ref: true
|
42
.github/workflows/vulnscan.yml
vendored
Normal file
42
.github/workflows/vulnscan.yml
vendored
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
name: vulnscan
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '7 4 * * 4' # weekly on thursday morning
|
||||
|
||||
jobs:
|
||||
scan-released-dockerimages:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
TRIVY_LIGHT: 'true'
|
||||
TRIVY_IGNORE_UNFIXED: 'true'
|
||||
TRIVY_REMOVED_PKGS: 'true'
|
||||
steps:
|
||||
- name: Install Trivy
|
||||
run: |
|
||||
mkdir -p $GITHUB_WORKSPACE/bin
|
||||
echo "::add-path::$GITHUB_WORKSPACE/bin"
|
||||
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b $GITHUB_WORKSPACE/bin
|
||||
- name: Download Trivy DB
|
||||
run: |
|
||||
trivy image --download-db-only
|
||||
- name: Scan vulnerabilities using Trivy
|
||||
run: |
|
||||
trivy --version
|
||||
|
||||
ALL_IMAGES="$(curl -s https://hub.docker.com/v2/repositories/cmur2/dyndnsd/tags?page_size=1000 | jq -r '.results[].name | "cmur2/dyndnsd:" + .' | grep -e 'cmur2/dyndnsd:v' | sort -r)"
|
||||
EXIT_CODE=0
|
||||
set -e
|
||||
for major_version in $(seq 1 10); do
|
||||
for image in $ALL_IMAGES; do
|
||||
if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
|
||||
echo -n "\nScanning newest patch release $image of major v$major_version...\n"
|
||||
if ! trivy image --skip-update --exit-code 1 "$image"; then
|
||||
EXIT_CODE=1
|
||||
fi
|
||||
break
|
||||
fi
|
||||
done
|
||||
done
|
||||
exit "$EXIT_CODE"
|
@ -1,5 +1,11 @@
|
||||
# Changelog
|
||||
|
||||
## 3.1.0
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- Add officially maintained [Docker image for dyndnsd](https://hub.docker.com/r/cmur2/dyndnsd)
|
||||
|
||||
## 3.0.0 (July 29, 2020)
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
37
README.md
37
README.md
@ -64,7 +64,42 @@ users:
|
||||
|
||||
Run dyndnsd.rb by:
|
||||
|
||||
dyndnsd /path/to/config.yaml
|
||||
```bash
|
||||
dyndnsd /path/to/config.yml
|
||||
```
|
||||
|
||||
|
||||
### Docker image
|
||||
|
||||
There is an officially maintained [Docker image for dyndnsd](https://hub.docker.com/r/cmur2/dyndnsd) available at Dockerhub. The goal is to have a minimal secured image available (currently based on Alpine) that works well for the `zone_transfer_server` updater use case.
|
||||
|
||||
Users can make extensions by deriving from the official Docker image or building their own.
|
||||
|
||||
The Docker image consumes the same configuration file in YAML format as the gem, inside the container it needs to be mounted/available as `/etc/dyndnsd/config.yml`. the following YAML should be used as a base and extended with user's settings:
|
||||
|
||||
```yaml
|
||||
host: "0.0.0.0"
|
||||
port: 8080
|
||||
# omit the logfile: option so logging to STDOUT will happen automatically
|
||||
db: "/var/lib/db.json"
|
||||
|
||||
# User's settings for updater and permissions follow here!
|
||||
```
|
||||
|
||||
more ports might be needed depending on if DNS zone transfer is needed
|
||||
|
||||
Run the Docker image exposing the DynDNS-API on host port 8080 via:
|
||||
|
||||
```bash
|
||||
docker run -d --name dyndnsd \
|
||||
-p 8080:8080 \
|
||||
-v /host/path/to/dyndnsd/config.yml:/etc/dyndnsd/config.yml \
|
||||
-v /host/path/to/dyndnsd/db.json:/var/lib/db.json \
|
||||
cmur2/dyndnsd:vX.Y.Z
|
||||
```
|
||||
|
||||
*Note*: You may need to expose more then just port 8080 e.g. if you use the `zone_transfer_server` which can be done by appending additional `-p 5353:5353` flags to the `docker run` command.
|
||||
|
||||
|
||||
|
||||
## Using dyndnsd.rb with any nameserver via DNS zone transfers (AXFR)
|
||||
|
@ -2,12 +2,12 @@ FROM alpine:3.12
|
||||
|
||||
EXPOSE 5353 8080
|
||||
|
||||
ENV VERSION=3.0.0
|
||||
ARG DYNDNSD_VERSION=3.0.0
|
||||
|
||||
RUN apk --no-cache add openssl ca-certificates && \
|
||||
apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
|
||||
apk --no-cache add --virtual .build-deps ruby-dev build-base tzdata && \
|
||||
gem install --no-document dyndnsd -v ${VERSION} && \
|
||||
gem install --no-document dyndnsd -v ${DYNDNSD_VERSION} && \
|
||||
# set timezone to Berlin
|
||||
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
|
||||
apk del .build-deps
|
Loading…
Reference in New Issue
Block a user