From be8865eeb1cdf9eddbfebd9fa4a32c42cb2cec01 Mon Sep 17 00:00:00 2001 From: Jordan Webb Date: Fri, 19 Aug 2022 23:17:22 -0500 Subject: [PATCH 1/8] Redo Dockerfile - Build the currently checked-out code, instead of cloning the repo inside the Dockerfile. This makes it much easier to build a container for a particular branch or commit; people working on personal forks will be able to build containers for their forks without modifying the Dockerfile. - Switch from Alpine to distroless; I couldn't actually get the current version of the Dockerfile to build, it kept dying with some error about gvisor. Aside from building with no trouble, the new Dockerfile reduces the size of the image from 23MB to 9MB. - Move Dockerfile into the root; this is a matter of taste, but allows one to simply `docker build` the directory instead of having to also specify the path to the Dockerfile. As part of this, I removed the `config` and `Makefile` from the `docker` directory, since they seemed specific to someone's setup and incomplete without that context. --- .dockerignore | 6 ++++++ Dockerfile | 15 +++++++++++++++ docker/Dockerfile | 14 -------------- docker/Makefile | 10 ---------- docker/config | 12 ------------ 5 files changed, 21 insertions(+), 36 deletions(-) create mode 100644 .dockerignore create mode 100644 Dockerfile delete mode 100644 docker/Dockerfile delete mode 100644 docker/Makefile delete mode 100644 docker/config diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..fc3c142 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,6 @@ +.dockerignore +.github +.gitignore +Dockerfile +LICENSE +README.md diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0a3313a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,15 @@ +# Start by building the application. +FROM golang:1.18 as build + +WORKDIR /usr/src/wireproxy +COPY . . + +RUN CGO_ENABLED=0 go build ./cmd/wireproxy + +# Now copy it into our base image. +FROM gcr.io/distroless/static-debian11:nonroot +COPY --from=build /usr/src/wireproxy/wireproxy /usr/bin/wireproxy + +VOLUME [ "/etc/wireproxy"] +ENTRYPOINT [ "/usr/bin/wireproxy" ] +CMD [ "--config", "/etc/wireproxy/config" ] diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index c435176..0000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM golang:alpine AS go-build - -RUN apk --no-cache add --update git -RUN git clone https://github.com/octeep/wireproxy.git -RUN cd ./wireproxy && go build ./cmd/wireproxy - - -FROM alpine:latest - -RUN apk upgrade -COPY --from=go-build /go/wireproxy/wireproxy /usr/bin/ - -VOLUME [ "/etc/wireproxy"] -ENTRYPOINT [ "/usr/bin/wireproxy", "--config", "/etc/wireproxy/config" ] diff --git a/docker/Makefile b/docker/Makefile deleted file mode 100644 index f22f322..0000000 --- a/docker/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -build: - docker build -t wireproxy . - -run: - docker run \ - --rm --tty --interactive \ - --name=wireproxy \ - --publish 2534:2534 \ - --volume "${PWD}/config:/etc/wireproxy/config:ro" \ - wireproxy \ No newline at end of file diff --git a/docker/config b/docker/config deleted file mode 100644 index 0e5362f..0000000 --- a/docker/config +++ /dev/null @@ -1,12 +0,0 @@ -[Interface] -Address = ###Interface - Address### -PrivateKey = ###Interface - PrivateKey### -DNS = ###Interface - DNS### - -[Peer] -PublicKey = ###Peer - PublicKey### -Endpoint = ###Peer - Endpoint### - -# Socks5 create a socks5 proxy on your LAN, and any traffic would be routed via wireguard -[Socks5] -BindAddress = 0.0.0.0:2534 From d238fef2e9e993f404377b9a9d5ed98173c0b58d Mon Sep 17 00:00:00 2001 From: Jordan Webb Date: Sat, 20 Aug 2022 08:38:58 -0500 Subject: [PATCH 2/8] Add workflow to build container --- .github/workflows/container.yml | 58 +++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 .github/workflows/container.yml diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml new file mode 100644 index 0000000..1215292 --- /dev/null +++ b/.github/workflows/container.yml @@ -0,0 +1,58 @@ +name: Build container +on: + push: + branches: + - master + pull_request: + + # Allow for manually running + workflow_dispatch: + inputs: + container_tag: + description: Tag for container + default: "latest" + required: true + +jobs: + container: + runs-on: ubuntu-20.04 + env: + CONTAINER_NAME: ghcr.io/${{ github.repository }} + BUILD_PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x + RAW_CONTAINER_TAG: ${{ github.event.inputs.container_tag || github.event.pull_request.head.ref || 'latest' }} + + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2.0.0 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/checkout@v3 + with: + submodules: recursive + + # Needed for buildx gha cache to work + - name: Expose GitHub Runtime + uses: crazy-max/ghaction-github-runtime@v2 + + - name: Build container + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + CONTAINER_TAG=$(echo "$RAW_CONTAINER_TAG" | sed 's/[^a-zA-Z0-9]\+/-/') + + docker buildx build \ + --platform "$BUILD_PLATFORMS" \ + --tag "$CONTAINER_NAME:$CONTAINER_TAG" \ + --cache-from type=gha \ + --cache-to type=gha,mode=max \ + --pull --push . From 704fc1dbe5d18d9a6c6e3b786119ef47f22d8b37 Mon Sep 17 00:00:00 2001 From: Jordan Webb Date: Sat, 20 Aug 2022 09:26:17 -0500 Subject: [PATCH 3/8] Add metadata to image --- .github/workflows/container.yml | 9 +++++++++ Dockerfile | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 1215292..4bc6c93 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -20,6 +20,7 @@ jobs: CONTAINER_NAME: ghcr.io/${{ github.repository }} BUILD_PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x RAW_CONTAINER_TAG: ${{ github.event.inputs.container_tag || github.event.pull_request.head.ref || 'latest' }} + RAW_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref }} steps: - name: Set up QEMU @@ -49,10 +50,18 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | CONTAINER_TAG=$(echo "$RAW_CONTAINER_TAG" | sed 's/[^a-zA-Z0-9]\+/-/') + REF_NAME=$(echo "$RAW_REF_NAME" | sed -r 's#^refs/(heads|tags)/##') docker buildx build \ --platform "$BUILD_PLATFORMS" \ --tag "$CONTAINER_NAME:$CONTAINER_TAG" \ + --label "org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}" \ + --label "org.opencontainers.image.documentation=${{ github.server_url }}/${{ github.repository }}" \ + --label "org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}/packages" \ + --label "org.opencontainers.image.ref.name=$REF_NAME" \ + --label "org.opencontainers.image.revision=${{ github.sha }}" \ + --label "org.opencontainers.image.vendor=${{ github.repository_owner }}" \ + --label "org.opencontainers.image.created=$(date -u --rfc-3339=seconds)" \ --cache-from type=gha \ --cache-to type=gha,mode=max \ --pull --push . diff --git a/Dockerfile b/Dockerfile index 0a3313a..cfe3f48 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,3 +13,7 @@ COPY --from=build /usr/src/wireproxy/wireproxy /usr/bin/wireproxy VOLUME [ "/etc/wireproxy"] ENTRYPOINT [ "/usr/bin/wireproxy" ] CMD [ "--config", "/etc/wireproxy/config" ] + +LABEL org.opencontainers.image.title wireproxy +LABEL org.opencontainers.image.description "Wireguard client that exposes itself as a socks5 proxy" +LABEL org.opencontainers.image.licenses ISC From 2ac9fad93ed86867ad69fb04d61c36e20c99b8d9 Mon Sep 17 00:00:00 2001 From: Jordan Webb Date: Sun, 21 Aug 2022 09:03:58 -0500 Subject: [PATCH 4/8] Try giving the workflow packages: write --- .github/workflows/container.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 4bc6c93..7d731cf 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -16,6 +16,10 @@ on: jobs: container: runs-on: ubuntu-20.04 + + permissions: + packages: write + env: CONTAINER_NAME: ghcr.io/${{ github.repository }} BUILD_PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x From 9c5b2622aff7c75b20c0ccbe18156919a63e9290 Mon Sep 17 00:00:00 2001 From: Jordan Webb Date: Sun, 21 Aug 2022 09:18:14 -0500 Subject: [PATCH 5/8] Try moving permissions key to top-level --- .github/workflows/container.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 7d731cf..4e3dd36 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -13,13 +13,13 @@ on: default: "latest" required: true +permissions: + packages: write + jobs: container: runs-on: ubuntu-20.04 - permissions: - packages: write - env: CONTAINER_NAME: ghcr.io/${{ github.repository }} BUILD_PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x From b2546b3219ea4735c99f14151f04dbdab060aa5f Mon Sep 17 00:00:00 2001 From: Jordan Webb Date: Sun, 21 Aug 2022 23:04:34 -0500 Subject: [PATCH 6/8] Try publishing to Docker Hub instead --- .github/workflows/container.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 4e3dd36..7302e7a 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-20.04 env: - CONTAINER_NAME: ghcr.io/${{ github.repository }} + CONTAINER_NAME: docker.io/${{ secrets.DOCKER_HUB_USERNAME }}/wireproxy BUILD_PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x RAW_CONTAINER_TAG: ${{ github.event.inputs.container_tag || github.event.pull_request.head.ref || 'latest' }} RAW_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref }} @@ -34,12 +34,12 @@ jobs: id: buildx uses: docker/setup-buildx-action@v2.0.0 - - name: Login to GitHub Container Registry + - name: Login to Docker Hub uses: docker/login-action@v2 with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + registry: docker.io + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - uses: actions/checkout@v3 with: From b035e2b7dd826d74fa5621080f515e2445e7832a Mon Sep 17 00:00:00 2001 From: octeep Date: Tue, 23 Aug 2022 19:37:37 +0800 Subject: [PATCH 7/8] Revert "Try publishing to Docker Hub instead" This reverts commit b2546b3219ea4735c99f14151f04dbdab060aa5f. --- .github/workflows/container.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 7302e7a..4e3dd36 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-20.04 env: - CONTAINER_NAME: docker.io/${{ secrets.DOCKER_HUB_USERNAME }}/wireproxy + CONTAINER_NAME: ghcr.io/${{ github.repository }} BUILD_PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x RAW_CONTAINER_TAG: ${{ github.event.inputs.container_tag || github.event.pull_request.head.ref || 'latest' }} RAW_REF_NAME: ${{ github.event.pull_request.head.ref || github.ref }} @@ -34,12 +34,12 @@ jobs: id: buildx uses: docker/setup-buildx-action@v2.0.0 - - name: Login to Docker Hub + - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: - registry: docker.io - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - uses: actions/checkout@v3 with: From b59274187293bb5a762db02b3442677c3203749f Mon Sep 17 00:00:00 2001 From: octeep Date: Tue, 23 Aug 2022 19:40:09 +0800 Subject: [PATCH 8/8] Do not push to registry on PRs --- .github/workflows/container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 4e3dd36..3600a36 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -68,4 +68,4 @@ jobs: --label "org.opencontainers.image.created=$(date -u --rfc-3339=seconds)" \ --cache-from type=gha \ --cache-to type=gha,mode=max \ - --pull --push . + --pull ${{ github.event_name == 'push' && '--push' || '' }} .