release: version 3.4.0

docker: run as non-root user by default
ci: test building Docker image on push
2025-08-08 08:33:56 +02:00 · 2021-04-02 11:01:01 +02:00 · 2021-04-02 10:59:54 +02:00 · 2021-04-02 10:59:54 +02:00 · 2021-04-01 09:38:43 +02:00 · 2021-04-01 09:37:59 +02:00
5 changed files with 33 additions and 6 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -30,3 +30,12 @@ jobs:
    - name: Lint and Test
      run: |
        bundle exec rake ci
+
+    # https://github.com/marketplace/actions/build-and-push-docker-images
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+
+    - name: Test building Docker image for dyndnsd
+      uses: docker/build-push-action@v2
+      with:
+        context: docker
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,18 @@
 # Changelog

-## 3.3.2
+## 3.4.0 (April 2, 2021)
+
+IMPROVEMENTS:
+
+- **change** Docker image to run as non-root user `65534` by default, limits attack surface for security and gives OpenShift compatibility
+
+## 3.3.3 (April 1, 2021)
+
+OTHER:
+
+- update base of Docker image to Alpine 3.13.4 to fix security vulnerabilities
+
+## 3.3.2 (February 20, 2021)

 OTHER:

--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,8 +1,8 @@
-FROM alpine:3.13.2
+FROM alpine:3.13.4

 EXPOSE 5353 8080

-ARG DYNDNSD_VERSION=3.3.1
+ARG DYNDNSD_VERSION=3.4.0

 RUN apk --no-cache add openssl ca-certificates && \
    apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
@@ -12,4 +12,10 @@ RUN apk --no-cache add openssl ca-certificates && \
    cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
    apk del .build-deps

+# Follow the principle of least privilege: run as unprivileged user.
+# Running as non-root enables running this image in platforms like OpenShift
+# that do not allow images running as root.
+# User ID 65534 is usually user 'nobody'.
+USER 65534
+
 ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]
--- a/dyndnsd.gemspec
+++ b/dyndnsd.gemspec
@@ -36,11 +36,11 @@ Gem::Specification.new do |s|
  s.add_runtime_dependency 'webrick', '>= 1.6.1'

  s.add_development_dependency 'bundler'
-  s.add_development_dependency 'bundler-audit', '~> 0.7.0'
+  s.add_development_dependency 'bundler-audit', '~> 0.8.0'
  s.add_development_dependency 'rack-test'
  s.add_development_dependency 'rake'
  s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rubocop', '~> 1.10.0'
+  s.add_development_dependency 'rubocop', '~> 1.12.0'
  s.add_development_dependency 'rubocop-rake', '~> 0.5.1'
  s.add_development_dependency 'rubocop-rspec', '~> 2.2.0'
  s.add_development_dependency 'solargraph', '~> 0.40.0'
--- a/lib/dyndnsd/version.rb
+++ b/lib/dyndnsd/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true

 module Dyndnsd
-  VERSION = '3.3.2.rc1'
+  VERSION = '3.4.0'
 end
Author	SHA1	Message	Date
cn	0e96359429	release: version 3.4.0	2021-04-02 11:01:01 +02:00
cn	6374837156	docker: run as non-root user by default	2021-04-02 10:59:54 +02:00
cn	53af02398d	ci: test building Docker image on push	2021-04-02 10:59:54 +02:00
cn	16706071b7	release: 3.3.3	2021-04-01 09:38:43 +02:00
cn	43f089ce70	docker: update base image to Alpine 3.13.4	2021-04-01 09:37:59 +02:00
depfu[bot]	15c3e587ff	gems: update rubocop to version 1.12.0	2021-03-25 17:22:38 +01:00
depfu[bot]	b438ed097f	gems: update bundler-audit to version 0.8.0	2021-03-11 17:19:11 +01:00
depfu[bot]	337c779410	gems: update rubocop to version 1.11.0	2021-03-02 12:32:01 +01:00
cn	b004b4d1e7	release: 3.3.2	2021-02-20 10:06:12 +01:00