release: 3.3.2.rc1

- now seems to need linux-headers, see https://github.com/socketry/nio4r/issues/225

.github/workflows/cd.yml

@@ -10,17 +10,26 @@ jobs:
   release-dockerimage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
     - name: Extract dyndnsd version from tag name
       run: |
-        echo ::set-env name=DYNDNSD_VERSION::${GITHUB_REF#refs/*/v}
+        echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV
+
     # https://github.com/marketplace/actions/build-and-push-docker-images
-    - name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
+    - name: Set up Docker Buildx
-      uses: docker/build-push-action@v1
+      uses: docker/setup-buildx-action@v1
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v1
       with:
         username: cmur2
         password: ${{ secrets.DOCKER_TOKEN }}
-        repository: cmur2/dyndnsd
+
-        path: docker
+    - name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
-        build_args: DYNDNSD_VERSION=${{ env.DYNDNSD_VERSION }}
+      uses: docker/build-push-action@v2
-        tag_with_ref: true
+      with:
+        context: docker
+        build-args: |
+          DYNDNSD_VERSION=${{ env.DYNDNSD_VERSION }}
+        push: true
+        tags: cmur2/dyndnsd:v${{ env.DYNDNSD_VERSION }}

.github/workflows/ci.yml

@@ -0,0 +1,32 @@
+---
+name: ci
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+  schedule:
+  - cron: '35 4 * * 4'  # weekly on thursday morning
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version:
+        - '2.5'
+        - '2.6'
+        - '2.7'
+        - '3.0'
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby ${{ matrix.ruby-version }}
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true  # runs 'bundle install' and caches installed gems automatically
+    - name: Lint and Test
+      run: |
+        bundle exec rake ci

.github/workflows/dockerhub.yml

@@ -0,0 +1,19 @@
+---
+name: dockerhub
+
+on:
+  schedule:
+  - cron: '7 4 * * 4'  # weekly on thursday morning
+  workflow_dispatch:
+
+jobs:
+  pull-released-dockerimages:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Avoid stale tags by pulling
+      run: |
+        ALL_IMAGES="$(curl -s https://hub.docker.com/v2/repositories/cmur2/dyndnsd/tags?page_size=1000 | jq -r '.results[].name | "cmur2/dyndnsd:" + .' | grep -e 'cmur2/dyndnsd:v')"
+        for image in $ALL_IMAGES; do
+          echo "Pulling $image to avoid staleness..."
+          docker pull "$image"
+        done

.github/workflows/vulnscan.yml

@@ -17,22 +17,25 @@ jobs:
     - name: Install Trivy
       run: |
         mkdir -p $GITHUB_WORKSPACE/bin
-        echo "::add-path::$GITHUB_WORKSPACE/bin"
+        echo "$GITHUB_WORKSPACE/bin" >> "$GITHUB_PATH"
         curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b $GITHUB_WORKSPACE/bin
     - name: Download Trivy DB
       run: |
         trivy image --download-db-only
     - name: Scan vulnerabilities using Trivy
+      env:
+        TRIVY_SKIP_DIRS: 'usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock,usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.0.0/crossdock,usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.1.0/crossdock'
       run: |
         trivy --version
 
-        ALL_IMAGES="$(curl -s https://hub.docker.com/v2/repositories/cmur2/dyndnsd/tags?page_size=1000 | jq -r '.results[].name | "cmur2/dyndnsd:" + .' | grep -e 'cmur2/dyndnsd:v' | sort -r)"
+        # semver sorting as per https://stackoverflow.com/a/40391207/2148786
+        ALL_IMAGES="$(curl -s https://hub.docker.com/v2/repositories/cmur2/dyndnsd/tags?page_size=1000 | jq -r '.results[].name | "cmur2/dyndnsd:" + .' | grep -e 'cmur2/dyndnsd:v' | sed '/-/!{s/$/_/}' | sort -r -V | sed 's/_$//')"
         EXIT_CODE=0
         set -e
         for major_version in $(seq 1 10); do
           for image in $ALL_IMAGES; do
             if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
-              echo -n "\nScanning newest patch release $image of major v$major_version...\n"
+              echo -e "\nScanning newest patch release $image of major v$major_version...\n"
               if ! trivy image --skip-update --exit-code 1 "$image"; then
                 EXIT_CODE=1
               fi

.rubocop.yml

@@ -1,3 +1,7 @@
+require:
+- rubocop-rake
+- rubocop-rspec
+
 AllCops:
   TargetRubyVersion: '2.5'
   NewCops: enable
@@ -86,3 +90,9 @@ Style/SymbolArray:
 
 Style/TrailingCommaInArrayLiteral:
   Enabled: false
+
+RSpec/ExampleLength:
+  Max: 20
+
+RSpec/MultipleExpectations:
+  Max: 20

.travis.yml

@@ -1,10 +0,0 @@
----
-os: linux
-language: ruby
-rvm:
-- 2.7
-- 2.6
-- 2.5
-
-script:
-- bundle exec rake travis

CHANGELOG.md

@@ -1,5 +1,48 @@
 # Changelog
 
+## 3.3.2
+
+OTHER:
+
+- update to use `docker/build-push-action@v2` for releasing Docker image in GHA
+
+## 3.3.1 (February 18, 2021)
+
+OTHER:
+
+- update base of Docker image to Alpine 3.13.2 to fix security vulnerabilities
+
+## 3.3.0 (January 18, 2021)
+
+OTHER:
+
+- update base of Docker image to Alpine 3.13
+
+## 3.2.0 (January 14, 2021)
+
+IMPROVEMENTS:
+
+- Add Ruby 3.0 support
+
+## 3.1.3 (December 20, 2020)
+
+OTHER:
+
+- fix Docker image release process in Github Actions CI, 3.1.2 was not released as a Docker image
+
+## 3.1.2 (December 20, 2020)
+
+OTHER:
+
+- fixes vulnerabilities in Docker image by using updated Alpine base image
+- start using Github Actions CI for tests and drop Travis CI
+
+## 3.1.1 (October 3, 2020)
+
+IMPROVEMENTS:
+
+- Use webrick gem which contains fixes against [CVE-2020-25613](https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/)
+
 ## 3.1.0 (August 19, 2020)
 
 IMPROVEMENTS:

README.md

@@ -1,6 +1,6 @@
 # dyndnsd.rb
 
-[![Build Status](https://travis-ci.org/cmur2/dyndnsd.svg?branch=master)](https://travis-ci.org/cmur2/dyndnsd) [![Dependencies](https://badges.depfu.com/badges/4f25da8493f7a29f652ac892fbf9227b/overview.svg)](https://depfu.com/github/cmur2/dyndnsd)
+![ci](https://github.com/cmur2/dyndnsd/workflows/ci/badge.svg) [![Dependencies](https://badges.depfu.com/badges/4f25da8493f7a29f652ac892fbf9227b/overview.svg)](https://depfu.com/github/cmur2/dyndnsd)
 
 A small, lightweight and extensible DynDNS server written with Ruby and Rack.
 

Rakefile

@@ -9,16 +9,24 @@ RSpec::Core::RakeTask.new(:spec)
 RuboCop::RakeTask.new
 Bundler::Audit::Task.new
 
-desc 'Should be run by developer once to prepare initial solargraph usage (fill caches etc.)'
-task :'solargraph:init' do
-  sh 'solargraph download-core'
-end
-
 desc 'Run experimental solargraph type checker'
-task :'solargraph:tc' do
+task :solargraph do
   sh 'solargraph typecheck'
 end
 
-task default: [:rubocop, :spec, 'bundle:audit']
+namespace :solargraph do
+  desc 'Should be run by developer once to prepare initial solargraph usage (fill caches etc.)'
+  task :init do
+    sh 'solargraph download-core'
+  end
+end
 
-task travis: [:default, :'solargraph:init', :'solargraph:tc']
+desc 'Run hadolint for Dockerfile linting'
+task :hadolint do
+  sh 'docker run --rm -i hadolint/hadolint:v1.18.0 hadolint --ignore DL3018 - < docker/Dockerfile'
+end
+
+task default: [:rubocop, :spec, 'bundle:audit', :solargraph]
+
+desc 'Run all tasks desired for CI'
+task ci: ['solargraph:init', :default, :hadolint]

docker/Dockerfile

@@ -1,12 +1,12 @@
-FROM alpine:3.12
+FROM alpine:3.13.2
 
 EXPOSE 5353 8080
 
-ARG DYNDNSD_VERSION=3.0.0
+ARG DYNDNSD_VERSION=3.3.1
 
 RUN apk --no-cache add openssl ca-certificates && \
     apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
-    apk --no-cache add --virtual .build-deps ruby-dev build-base tzdata && \
+    apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
     gem install --no-document dyndnsd -v ${DYNDNSD_VERSION} && \
     # set timezone to Berlin
     cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \

dyndnsd.gemspec

@@ -28,17 +28,20 @@ Gem::Specification.new do |s|
   s.required_ruby_version = '>= 2.5'
 
   s.add_runtime_dependency 'async-dns', '~> 1.2.0'
-  s.add_runtime_dependency 'jaeger-client', '~> 1.0.0'
+  s.add_runtime_dependency 'jaeger-client', '~> 1.1.0'
   s.add_runtime_dependency 'metriks'
   s.add_runtime_dependency 'opentracing', '~> 0.5.0'
   s.add_runtime_dependency 'rack', '~> 2.0'
   s.add_runtime_dependency 'rack-tracer', '~> 0.9.0'
+  s.add_runtime_dependency 'webrick', '>= 1.6.1'
 
   s.add_development_dependency 'bundler'
   s.add_development_dependency 'bundler-audit', '~> 0.7.0'
   s.add_development_dependency 'rack-test'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rubocop', '~> 0.89.0'
+  s.add_development_dependency 'rubocop', '~> 1.10.0'
-  s.add_development_dependency 'solargraph'
+  s.add_development_dependency 'rubocop-rake', '~> 0.5.1'
+  s.add_development_dependency 'rubocop-rspec', '~> 2.2.0'
+  s.add_development_dependency 'solargraph', '~> 0.40.0'
 end

lib/dyndnsd/helper.rb

@@ -60,7 +60,7 @@ module Dyndnsd
           message: e.message,
           stack: e.backtrace&.join("\n") || ''
         )
-        raise
+        raise e
       ensure
         scope.close
       end

lib/dyndnsd/textfile_reporter.rb

@@ -18,7 +18,7 @@ module Dyndnsd
 
       @registry  = options[:registry] || Metriks::Registry.default
       @interval  = options[:interval] || 60
-      @on_error  = options[:on_error] || proc { |ex| }
+      @on_error  = options[:on_error] || proc { |ex| } # default: ignore errors
     end
 
     # @return [void]

lib/dyndnsd/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dyndnsd
-  VERSION = '3.1.0'
+  VERSION = '3.3.2.rc1'
 end

spec/dyndnsd/daemon_spec.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative 'spec_helper'
+require_relative '../spec_helper'
 
 describe Dyndnsd::Daemon do
   include Rack::Test::Methods