From 9f3a172af08b437ab6af1cf629ab88b9db9ca840 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 10:00:12 -0700 Subject: [PATCH 1/5] docker: bump golang from `ffd95dd` to `dba79eb` in /pwru (#3833) Bumps golang from `ffd95dd` to `dba79eb`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pwru/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pwru/Dockerfile b/pwru/Dockerfile index 2384317a182d..7a2ec6a42244 100644 --- a/pwru/Dockerfile +++ b/pwru/Dockerfile @@ -1,5 +1,5 @@ #FROM ubuntu:24.10@sha256:67541378af7d535606e684a8234d56ca0725b6a4d8b0bbf19cebefed98e06f42 AS build -FROM golang:1.23.1-bookworm@sha256:ffd95dd933460a35f276d923c1c426dfe3d5e956ad07d3dd0963b148af875ad3 AS build +FROM golang:1.23.1-bookworm@sha256:dba79eb312528369dea87532a65dbe9d4efb26439a0feacc9e7ac9b0f1c7f607 AS build WORKDIR /go/src/github.com/cilium/pwru/ From 777fbcd60bfc7e44d30754abd5b08db281f6c3ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 10:00:15 -0700 Subject: [PATCH 2/5] docker: bump nginx from `048a795` to `287ff32` in /nginx-distroless (#3832) Bumps nginx from `048a795` to `287ff32`. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- nginx-distroless/Dockerfile | 2 +- nginx-distroless/Dockerfile.stable | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx-distroless/Dockerfile b/nginx-distroless/Dockerfile index 036f18a754bd..5233c93538ee 100644 --- a/nginx-distroless/Dockerfile +++ b/nginx-distroless/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.27.1@sha256:048a7956e28dab88182e23e04aeb872bebb43bdecc4860485456bd154c3e8a55 AS base +FROM nginx:1.27.1@sha256:287ff321f9e3cde74b600cc26197424404157a72043226cbbf07ee8304a2c720 AS base # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones ARG TIME_ZONE diff --git a/nginx-distroless/Dockerfile.stable b/nginx-distroless/Dockerfile.stable index 5e866d32e7ab..9eec8531dd27 100644 --- a/nginx-distroless/Dockerfile.stable +++ b/nginx-distroless/Dockerfile.stable @@ -1,4 +1,4 @@ -FROM nginx:1.27.1@sha256:048a7956e28dab88182e23e04aeb872bebb43bdecc4860485456bd154c3e8a55 AS base +FROM nginx:1.27.1@sha256:287ff321f9e3cde74b600cc26197424404157a72043226cbbf07ee8304a2c720 AS base # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones ARG TIME_ZONE From 71e0e5c110781f25a62cafc5999eaf60e7c1a8fa Mon Sep 17 00:00:00 2001 From: Jauder Ho Date: Mon, 30 Sep 2024 17:28:25 +0000 Subject: [PATCH 3/5] First commit of adding adguardhome Signed-off-by: Jauder Ho --- .github/workflows/adguardhome.yml | 105 ++++++++++++++++++++++++++++++ adguardhome/Dockerfile | 65 ++++++++++++++++++ adguardhome/README.md | 6 ++ scripts/PROGRAMS | 1 + scripts/SOURCE_REPOS | 1 + 5 files changed, 178 insertions(+) create mode 100644 .github/workflows/adguardhome.yml create mode 100644 adguardhome/Dockerfile create mode 100644 adguardhome/README.md diff --git a/.github/workflows/adguardhome.yml b/.github/workflows/adguardhome.yml new file mode 100644 index 000000000000..e709846c7317 --- /dev/null +++ b/.github/workflows/adguardhome.yml @@ -0,0 +1,105 @@ +name: adguardhome + +on: + push: + branches: + - main + paths: + - adguardhome/* + - .github/workflows/adguardhome.yml + workflow_dispatch: + schedule: + - cron: "0 8 * * 1" + +env: + BUILD_VERSION: "v0.107.52" + DOCKER_CLI_EXPERIMENTAL: enabled + REPOSITORY: ${{ github.actor }}/${{ github.workflow }} + +permissions: read-all + +jobs: + deploy: + runs-on: ubuntu-24.04 + permissions: + packages: write + + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v1 + with: + egress-policy: audti + disable-telemetry: false + allowed-endpoints: + 95s5acprodeus1file6.blob.core.windows.net:443 + api.github.com:443 + artifactcache.actions.githubusercontent.com:443 + auth.docker.io:443 + codeload.github.com:443 + dl-cdn.alpinelinux.org:443 + ghcr.io:443 + github.com:443 + pkg-containers.githubusercontent.com:443 + production.cloudflare.docker.com:443 + proxy.golang.org:443 + registry-1.docker.io:443 + sum.golang.org:443 + + - name: Source checkout + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v2.4.0 + + - name: Setup QEMU + id: qemu + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v1.2.0 + + - name: Setup Buildx + id: buildx + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v1 + + - name: Set Docker metadata + id: docker_meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v3 + with: + images: ${{ env.REPOSITORY }} + labels: | + org.opencontainers.image.version=${{ env.BUILD_VERSION }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.title=${{ env.REPOSITORY }} + + - name: GitHub login + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v1.12.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: DockerHub login + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v1.12.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Build and push + uses: docker/build-push-action@32945a339266b759abcbdc89316275140b0fc960 # v2.8.0 + with: + push: ${{ github.event_name != 'pull_request' }} + context: ${{ github.workflow }} + #platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/ppc64le,linux/s390x + #platforms: linux/amd64,linux/arm64 + #platforms: linux/amd64 + platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/arm/v7,linux/arm/v6,linux/s390x + #platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/arm/v7,linux/arm/v6,linux/s390x + build-args: | + BUILD_VERSION + sbom: true + provenance: true + cache-from: type=gha, scope=${{ github.workflow }} + cache-to: type=gha, scope=${{ github.workflow }} + labels: ${{ steps.docker_meta.outputs.labels }} + tags: | + docker.io/${{ env.REPOSITORY }}:${{ env.BUILD_VERSION }} + docker.io/${{ env.REPOSITORY }}:latest + ghcr.io/${{ env.REPOSITORY }}:${{ env.BUILD_VERSION }} + ghcr.io/${{ env.REPOSITORY }}:latest diff --git a/adguardhome/Dockerfile b/adguardhome/Dockerfile new file mode 100644 index 000000000000..2f20d9dbe18a --- /dev/null +++ b/adguardhome/Dockerfile @@ -0,0 +1,65 @@ +FROM ghcr.io/jauderho/golang:1.23.1-alpine3.20@sha256:027a986ddfba3c8d80138db345dc9382ba1ccbb3bd27a0ae61714e2b9018f105 AS build + +WORKDIR /go/src/github.com/adguardteam/adguardhome/ + +ARG BUILD_VERSION +ARG ARCHIVE_URL=https://github.com/adguardteam/adguardhome/archive/ +ARG GIT_URL=https://github.com/adguardteam/adguardhome.git + +ENV CGO_ENABLED 0 + +RUN test -n "${BUILD_VERSION}" \ + && apk update \ + && apk upgrade -a \ + && apk add --no-cache ca-certificates curl git gcc musl-dev \ + && update-ca-certificates \ + && git clone --depth 1 ${GIT_URL} --branch ${BUILD_VERSION} /go/src/github.com/adguardteam/adguardhome \ + && cd /go/src/github.com/adguardteam/adguardhome \ + && go get -u golang.org/x/crypto golang.org/x/net \ + && go build -v -trimpath -ldflags="-s -w -X github.com/AdguardTeam/AdGuardHome/internal/version.version=${BUILD_VERSION}" . + + +# ---------------------------------------------------------------------------- + + +#FROM scratch +FROM ghcr.io/jauderho/alpine:3.20.3@sha256:7d51dd030c8c83a805f71a1487c8bc5673771985842515dc468ef52ace748ffe + +LABEL org.opencontainers.image.authors="Jauder Ho " +LABEL org.opencontainers.image.url="https://github.com/jauderho/dockerfiles" +LABEL org.opencontainers.image.documentation="https://github.com/jauderho/dockerfiles" +LABEL org.opencontainers.image.source="https://github.com/jauderho/dockerfiles" +LABEL org.opencontainers.image.title="jauderho/adguardhome" +LABEL org.opencontainers.image.description="Network-wide ads & trackers blocking DNS server" + +RUN apk update \ + && apk upgrade -a \ + && apk --no-cache add ca-certificates libcap tzdata \ + && mkdir -p /opt/adguardhome/conf /opt/adguardhome/work \ + && chown -R nobody: /opt/adguardhome + +COPY --chown=nobody:nogroup --from=build /go/src/github.com/adguardteam/adguardhome/AdGuardHome /opt/adguardhome/AdGuardHome + +RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome + +# 53 : TCP, UDP : DNS +# 67 : UDP : DHCP (server) +# 68 : UDP : DHCP (client) +# 80 : TCP : HTTP (main) +# 443 : TCP, UDP : HTTPS, DNS-over-HTTPS (incl. HTTP/3), DNSCrypt (main) +# 853 : TCP, UDP : DNS-over-TLS, DNS-over-QUIC +# 3000 : TCP, UDP : HTTP(S) (alt, incl. HTTP/3) +# 5443 : TCP, UDP : DNSCrypt (alt) +# 6060 : TCP : HTTP (pprof) +EXPOSE 53/tcp 53/udp 67/udp 68/udp 80/tcp 443/tcp 443/udp 853/tcp\ + 853/udp 3000/tcp 3000/udp 5443/tcp 5443/udp 6060/tcp + +WORKDIR /opt/adguardhome/work + +ENTRYPOINT ["/opt/adguardhome/AdGuardHome"] + +CMD [ \ + "--no-check-update", \ + "-c", "/opt/adguardhome/conf/AdGuardHome.yaml", \ + "-w", "/opt/adguardhome/work" \ +] diff --git a/adguardhome/README.md b/adguardhome/README.md new file mode 100644 index 000000000000..89c22ebc6a8e --- /dev/null +++ b/adguardhome/README.md @@ -0,0 +1,6 @@ + +[![Build Status](https://github.com/jauderho/dockerfiles/workflows/adguardhome/badge.svg)](https://github.com/jauderho/dockerfiles/actions) +[![Version](https://img.shields.io/docker/v/jauderho/adguardhome/latest)](https://github.com/adguardteam/adguardhome/) +[![Docker Pulls](https://img.shields.io/docker/pulls/jauderho/adguardhome)](https://hub.docker.com/r/jauderho/adguardhome/) +[![Image Size](https://img.shields.io/docker/image-size/jauderho/adguardhome/latest)](https://hub.docker.com/r/jauderho/adguardhome/) + diff --git a/scripts/PROGRAMS b/scripts/PROGRAMS index e0950af9792a..b012c13e2222 100644 --- a/scripts/PROGRAMS +++ b/scripts/PROGRAMS @@ -1,3 +1,4 @@ +adguardhome age ali amass diff --git a/scripts/SOURCE_REPOS b/scripts/SOURCE_REPOS index f94eec3e6722..5c7e050c3c48 100644 --- a/scripts/SOURCE_REPOS +++ b/scripts/SOURCE_REPOS @@ -1,3 +1,4 @@ +adguardteam/adguardhome FiloSottile/age nakabonne/ali ansible/ansible From 1ff42aa3f0f4f2b3a83b02b28210aefe5fc4b8f0 Mon Sep 17 00:00:00 2001 From: Jauder Ho Bot Date: Mon, 30 Sep 2024 18:33:21 +0000 Subject: [PATCH 4/5] Update requirements for dkimpy ... Signed-off-by: Jauder Ho Bot --- dkimpy/Pipfile.lock | 1 - 1 file changed, 1 deletion(-) diff --git a/dkimpy/Pipfile.lock b/dkimpy/Pipfile.lock index 5d69443cbe23..1838b286e839 100644 --- a/dkimpy/Pipfile.lock +++ b/dkimpy/Pipfile.lock @@ -204,7 +204,6 @@ "sha256:a422368fc821589c228f4c49438a368831cb5bbc0eab5ebe1d7fac9dded6567b", "sha256:e46dae94e34b085175f8abb3b0aaa7da40767865ac82c928eeb9e57e1ea8a543" ], - "markers": "python_version >= '3.6'", "version": "==1.5.0" } }, From 2af0b5a7a4b0df54a7abad2efc2e1b865b959fde Mon Sep 17 00:00:00 2001 From: Jauder Ho Bot Date: Mon, 30 Sep 2024 18:34:07 +0000 Subject: [PATCH 5/5] Update requirements for ansible ... Signed-off-by: Jauder Ho Bot --- ansible/Pipfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/Pipfile.lock b/ansible/Pipfile.lock index 7a61fb901253..0468d863732e 100644 --- a/ansible/Pipfile.lock +++ b/ansible/Pipfile.lock @@ -537,7 +537,7 @@ "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3", "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.9.0.post0" }, "pywinrm": { @@ -824,7 +824,7 @@ "sha256:f481f16baec5290e45aebdc2a5168ebc6d35189ae6fea7a58787613a25f6e875", "sha256:fff3573c2db359f091e1589c3d7c5fc2f86f5bdb6f24252c2d8e539d4e45f412" ], - "markers": "python_version < '3.13' and platform_python_implementation == 'CPython'", + "markers": "platform_python_implementation == 'CPython' and python_version < '3.13'", "version": "==0.2.8" }, "six": { @@ -832,7 +832,7 @@ "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926", "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", "version": "==1.16.0" }, "storops": {