scriptos/3proxy-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Docker healthcheck added, CI updated, docker image build optimized (#10)

Browse Source
This commit is contained in:
Paramtamtam 2021-09-23 19:28:28 +05:00 committed by GitHub
parent f62172c9dc
commit 6e5b989498
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 87 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
.github/workflows/release.yml vendored
View File

@ -12,6 +12,11 @@ jobs:
- name: Check out code
uses: actions/checkout@v2
- uses: gacts/github-slug@v1
id: slug
- uses: docker/setup-buildx-action@v1
- name: Login to default Container Registry
uses: docker/login-action@v1 # Action page: <https://github.com/docker/login-action>
with:
@ -25,21 +30,13 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PASSWORD }}
- name: Generate image tag value
id: tag
run: echo "::set-output name=value::`echo ${GITHUB_REF##*/} | sed -e 's/^[vV ]*//'`" # `/refs/tags/v1.2.3` -> `1.2.3`
- name: Build image
run: |
docker build \
--tag "tarampampam/3proxy:${{ steps.tag.outputs.value }}" \
--tag "tarampampam/3proxy:latest" \
--tag "ghcr.io/${{ github.actor }}/3proxy:${{ steps.tag.outputs.value }}" \
--tag "ghcr.io/${{ github.actor }}/3proxy:latest" \
-f ./Dockerfile .
- name: Push into default registry
run: docker push "tarampampam/3proxy:${{ steps.tag.outputs.value }}" && docker push "tarampampam/3proxy:latest"
- name: Push into ghcr.io
run: docker push "ghcr.io/tarampampam/3proxy:${{ steps.tag.outputs.value }}" && docker push "ghcr.io/tarampampam/3proxy:latest"
- uses: docker/build-push-action@v2 # Action page: <https://github.com/docker/build-push-action>
with:
context: .
file: Dockerfile
push: true
tags: |
tarampampam/3proxy:${{ steps.slug.outputs.version-semantic }}
tarampampam/3proxy:latest
ghcr.io/${{ github.actor }}/${{ github.event.repository.name }}:${{ steps.slug.outputs.version-semantic }}
ghcr.io/${{ github.actor }}/${{ github.event.repository.name }}:latest

42
.github/workflows/tests.yml vendored
View File

@ -2,13 +2,23 @@ name: tests
on:
push:
branches:
- master
tags-ignore:
- '**'
pull_request:
branches: [master, main]
tags-ignore: ['**']
pull_request: {}
jobs: # Docs: <https://git.io/JvxXE>
gitleaks:
name: Gitleaks
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Check for GitLeaks
uses: zricethezav/gitleaks-action@v1.6.0 # Action page: <https://github.com/zricethezav/gitleaks-action>
build-image:
name: Build docker image
runs-on: ubuntu-20.04
@ -36,6 +46,28 @@ jobs: # Docs: <https://git.io/JvxXE>
path: ./docker-image.tar
retention-days: 1
scan-image:
name: Scan docker image
runs-on: ubuntu-20.04
needs: [build-image]
steps:
- name: Download built docker image
uses: actions/download-artifact@v2
with:
name: docker-image
path: .artifact
- name: Prepare image to run
working-directory: .artifact
run: docker load < docker-image.tar
- name: Scan image
uses: anchore/scan-action@v3 # action page: <https://github.com/anchore/scan-action>
with:
image: 3proxy:local
fail-build: true
severity-cutoff: low # negligible, low, medium, high or critical
try-to-use:
name: Build and use docker image (auth ${{ matrix.auth }})
runs-on: ubuntu-20.04

10
CHANGELOG.md
View File

@ -4,6 +4,16 @@ All notable changes to this package will be documented in this file.
The format is based on [Keep a Changelog][keepachangelog] and this project adheres to [Semantic Versioning][semver].
## v1.5.0
### Fixed
- Docker image building optimized
### Added
- Healthcheck in the dockerfile
## v1.4.0
### Changed

56
Dockerfile
View File

@ -36,37 +36,27 @@ RUN set -x \
# Prepare filesystem for 3proxy running
FROM busybox:1.34.0-glibc as buffer
# create a directory for the future root filesystem
WORKDIR /tmp/rootfs
# prepare the root filesystem
RUN set -x \
&& mkdir -p ./etc ./bin ./usr/local/3proxy/libexec ./etc/3proxy \
&& echo '3proxy:x:10001:10001::/nonexistent:/sbin/nologin' > ./etc/passwd \
&& echo '3proxy:x:10001:' > ./etc/group \
&& wget -O ./bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64" \
&& chmod +x ./bin/dumb-init
# Copy binaries
COPY --from=builder /lib/x86_64-linux-gnu/libdl.so.* /lib/
COPY --from=builder /tmp/3proxy/bin/3proxy /bin/
COPY --from=builder /tmp/3proxy/bin/*.ld.so /usr/local/3proxy/libexec/
COPY --from=builder /lib/x86_64-linux-gnu/libdl.so.* ./lib/
COPY --from=builder /tmp/3proxy/bin/3proxy ./bin/3proxy
COPY --from=builder /tmp/3proxy/bin/*.ld.so ./usr/local/3proxy/libexec/
COPY 3proxy.cfg ./etc/3proxy/3proxy.cfg
COPY docker-entrypoint.sh ./docker-entrypoint.sh
# Create unprivileged user
RUN set -x \
&& adduser \
--disabled-password \
--gecos "" \
--home /nonexistent \
--shell /sbin/nologin \
--no-create-home \
--uid 10001 \
3proxy
RUN chown -R 10001:10001 ./etc/3proxy
# Prepare files and directories
RUN set -x \
&& chown -R 10001:10001 /usr/local/3proxy \
&& chmod -R 550 /usr/local/3proxy \
&& chmod -R 555 /usr/local/3proxy/libexec \
&& chown -R root /usr/local/3proxy/libexec \
&& mkdir /etc/3proxy \
&& chown -R 10001:10001 /etc/3proxy
# Copy our config and entrypoint script
COPY 3proxy.cfg /etc/3proxy/3proxy.cfg
COPY docker-entrypoint.sh /docker-entrypoint.sh
# Split all buffered layers into one
FROM scratch
FROM busybox:1.34.0-glibc
LABEL \
org.opencontainers.image.title="3proxy" \
@ -77,11 +67,15 @@ LABEL \
org.opencontainers.image.licenses="WTFPL"
# Import from builder
COPY --from=buffer / /
COPY --from=buffer /tmp/rootfs /
# Use an unprivileged user
USER 3proxy:3proxy
ENTRYPOINT ["/docker-entrypoint.sh"]
# Docs: <https://docs.docker.com/engine/reference/builder/#healthcheck>
HEALTHCHECK --interval=5s --timeout=2s --retries=2 --start-period=2s CMD \
netstat -ltn | grep 3128 && netstat -ltn | grep 1080
CMD ["/bin/3proxy", "/etc/3proxy/3proxy.cfg"]
ENTRYPOINT ["/bin/dumb-init", "--"]
CMD ["/docker-entrypoint.sh", "/bin/3proxy", "/etc/3proxy/3proxy.cfg"]