diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..87b2180 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,37 @@ +--- +kind: pipeline +type: docker +name: arm32 images +platform: + os: linux + arch: arm +steps: +- name: squid image for dockerhub + image: plugins/docker + settings: + repo: docker.io/b4tman/squid + auto_tag: true + auto_tag_suffix: armhf + pull_image: true + registry: docker.io + username: b4tman + password: + from_secret: docker_password + config: + from_secret: docker_config +- name: squid-armhf image for github packages + image: plugins/docker + settings: + repo: ghcr.io/b4tman/squid-armhf + auto_tag: true + pull_image: true + registry: ghcr.io + username: b4tman + password: + from_secret: github_password + config: + from_secret: docker_config +trigger: + ref: + - refs/tags/** + - refs/heads/master diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..5010239 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +version: 2 +updates: + - package-ecosystem: docker + directory: "/" + schedule: + interval: monthly + time: "02:00" + open-pull-requests-limit: 10 + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: monthly + time: "03:00" diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 719d057..8e8b090 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -5,79 +5,213 @@ on: # Publish `master` as Docker `latest` image. branches: - master - + # Publish `v1.2.3` tags as releases. tags: - v* - - # Run tests for any PRs. + + # Run tests for PRs to `master` branch. pull_request: - + branches: + - "master" + jobs: - test: - runs-on: ubuntu-18.04 + test: + runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 - - - name: Build squid image - run: docker build . --file Dockerfile --tag b4tman/squid - - - name: Test image - run: docker-compose -f docker-compose.test.yml up sut - - - name: Build 'ssl-bump' image - run: docker build ssl-bump --tag b4tman/squid:ssl-bump - + - uses: actions/checkout@v2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v1 + with: + username: b4tman + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build squid image + uses: docker/build-push-action@v2 + with: + context: . + push: false + tags: b4tman/squid + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + outputs: type=image,name=b4tman/squid,push=false + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Test image + run: docker-compose -f docker-compose.test.yml up sut + + - name: Build 'ssl-bump' image + uses: docker/build-push-action@v2 + with: + context: ssl-bump + push: false + file: ssl-bump/Dockerfile + tags: b4tman/squid:ssl-bump + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + push: needs: test - runs-on: ubuntu-18.04 - if: github.event_name == 'push' + runs-on: ubuntu-20.04 + if: github.event_name != 'pull_request' steps: - - uses: actions/checkout@v2 - - - name: Build squid image - run: docker build . --file Dockerfile --tag b4tman/squid - - - name: Build 'ssl-bump' image - run: docker build ssl-bump --tag b4tman/squid:ssl-bump - - - name: Log into registry - run: echo "${{ secrets.GITHUB_PKGS_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin - - - name: Push squid image - run: | - IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/squid - - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use Docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - - docker tag b4tman/squid $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION - - - name: Push 'ssl-bump' image - run: | - IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/ssl-bump - - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use Docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - - docker tag b4tman/squid:ssl-bump $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION + - uses: actions/checkout@v2 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v3 + with: + images: | + b4tman/squid + ghcr.io/b4tman/squid + flavor: | + latest=${{ github.ref == 'refs/heads/master' }} + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - name: Docker meta (ssl-bump) + id: meta_ssl_bump + uses: docker/metadata-action@v3 + with: + images: | + b4tman/squid + ghcr.io/b4tman/squid + flavor: | + latest=false + suffix=-ssl-bump + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - name: Docker meta (ssl-bump ghcr) + id: meta_ssl_bump_ghcr + uses: docker/metadata-action@v3 + with: + images: | + ghcr.io/b4tman/squid-ssl-bump + flavor: | + latest=${{ github.ref == 'refs/heads/master' }} + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: b4tman + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GHCR + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.CR_PAT }} + + - name: Build squid image + uses: docker/build-push-action@v2 + with: + context: . + push: true + platforms: linux/amd64,linux/arm/v7 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Build 'ssl-bump' image + uses: docker/build-push-action@v2 + with: + context: ssl-bump + push: true + file: ssl-bump/Dockerfile + platforms: linux/amd64,linux/arm/v7 + tags: ${{ steps.meta_ssl_bump.outputs.tags }} + labels: ${{ steps.meta_ssl_bump.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Build 'ssl-bump' image for ghcr + uses: docker/build-push-action@v2 + with: + context: ssl-bump + push: true + file: ssl-bump/Dockerfile + platforms: linux/amd64,linux/arm/v7 + tags: ${{ steps.meta_ssl_bump_ghcr.outputs.tags }} + labels: ${{ steps.meta_ssl_bump_ghcr.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/Dockerfile b/Dockerfile index 7ec6079..2152807 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,11 @@ -FROM alpine:3.11.3 as build +FROM alpine:3.14.0 as build ENV SQUID_VER 5.0.1 -ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E + +# fix conflict with libretls and libressl +RUN set -x && \ + apk add --no-cache libretls && \ + apk upgrade --no-cache libretls RUN set -x && \ apk add --no-cache \ @@ -26,15 +30,13 @@ RUN set -x && \ cd /tmp/build && \ curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \ curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc - + +COPY squid-keys.asc /tmp + RUN set -x && \ cd /tmp/build && \ export GNUPGHOME="$(mktemp -d)" && \ - ( \ - gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys ${SQUID_SIG_KEY} || \ - gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys ${SQUID_SIG_KEY} || \ - gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys ${SQUID_SIG_KEY} \ - ) && \ + gpg --import /tmp/squid-keys.asc && \ gpg --batch --verify squid-${SQUID_VER}.tar.gz.asc squid-${SQUID_VER}.tar.gz && \ rm -rf "$GNUPGHOME" @@ -63,7 +65,7 @@ RUN set -x && \ --enable-epoll \ --enable-external-acl-helpers="file_userip,unix_group,wbinfo_group" \ --enable-auth-ntlm="fake" \ - --enable-auth-negotiate="wrapper" \ + --enable-auth-negotiate="kerberos,wrapper" \ --enable-silent-rules \ --disable-mit \ --enable-heimdal \ @@ -93,15 +95,18 @@ RUN set -x && \ --with-openssl \ --with-pidfile=/var/run/squid/squid.pid + RUN set -x && \ cd /tmp/build && \ - make -j $(grep -cs ^processor /proc/cpuinfo) && \ - make install - -RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf -RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf + nproc=$(n=$(nproc) ; max_n=6 ; [ $n -le $max_n ] && echo $n || echo $max_n) && \ + make -j $nproc && \ + make install && \ + cd tools/squidclient && make && make install-strip -FROM alpine:3.11.3 +RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf +RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf + +FROM alpine:3.14.0 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow @@ -110,18 +115,25 @@ RUN set -x && \ deluser squid 2>/dev/null; delgroup squid 2>/dev/null; \ addgroup -S squid -g 3128 && adduser -S -u 3128 -G squid -g squid -H -D -s /bin/false -h /var/cache/squid squid +# fix conflict with libretls and libressl +RUN set -x && \ + apk add --no-cache libretls && \ + apk upgrade --no-cache libretls + RUN apk add --no-cache \ libstdc++ \ heimdal-libs \ libcap \ - libressl3.0-libcrypto \ - libressl3.0-libssl \ + libressl3.3-libcrypto \ + libressl3.3-libssl \ libltdl COPY --from=build /etc/squid/ /etc/squid/ COPY --from=build /usr/lib/squid/ /usr/lib/squid/ COPY --from=build /usr/share/squid/ /usr/share/squid/ COPY --from=build /usr/sbin/squid /usr/sbin/squid +COPY --from=build /usr/bin/squidclient /usr/bin/squidclient + RUN install -d -o squid -g squid \ /var/cache/squid \ diff --git a/README.md b/README.md index 7ae3467..475cf94 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,19 @@ -[![](https://images.microbadger.com/badges/image/b4tman/squid.svg)](https://microbadger.com/images/b4tman/squid "Get your own image badge on microbadger.com") -[![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=b4tman/docker-squid)](https://dependabot.com) -![Docker Build Status](https://img.shields.io/docker/build/b4tman/squid) +[![Drone Build Status](https://cloud.drone.io/api/badges/b4tman/docker-squid/status.svg?ref=refs/heads/master)](https://cloud.drone.io/b4tman/docker-squid) +![Docker Build Status](https://img.shields.io/docker/cloud/build/b4tman/squid) ![Docker Image CI Status](https://github.com/b4tman/docker-squid/workflows/Docker%20Image%20CI/badge.svg) # docker-squid Docker Squid container based on Alpine Linux. -Automated builds of the image are available on [Dockerhub](https://hub.docker.com/r/b4tman/squid). +Automated builds of the image are available on: + +- DockerHub: + - [b4tman/squid](https://hub.docker.com/r/b4tman/squid) +- Github: + - [ghcr.io/b4tman/squid](https://github.com/users/b4tman/packages/container/package/squid) + - [ghcr.io/b4tman/squid-armhf](https://github.com/users/b4tman/packages/container/package/squid-armhf) + - [ghcr.io/b4tman/squid-ssl-bump](https://github.com/users/b4tman/packages/container/package/squid-ssl-bump) # Quick Start @@ -30,7 +36,6 @@ docker-compose up - **SQUID_CONFIG_FILE**: Specify the configuration file for squid. Defaults to `/etc/squid/squid.conf`. - ## Example: ```bash @@ -40,4 +45,4 @@ docker run -p 3128:3128 \ b4tman/squid ``` -This will start a squid container with your config file `/srv/docker/squid/squid.conf`. +This will start a squid container with your config file `/srv/docker/squid/squid.conf`. diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 7b48686..e0f80f8 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -1,11 +1,20 @@ -version: '2' +version: '2.3' services: proxy: - build: . + image: squidproxy + build: + context: . + dockerfile: Dockerfile + healthcheck: + test: ["CMD", "sh", "-exc", "squidclient -T 3 mgr:info 2> /dev/null | grep -qF '200 OK'"] + interval: 5s + timeout: 3s + retries: 5 + start_period: 1s sut: - image: alpine:3.10.1 + image: squidproxy links: - proxy depends_on: - proxy - command: sh -exc "apk add --update curl && sleep 5 && exec curl --proxy http://proxy:3128 -I http://google.com/" + command: sh -exc "sleep 10 && squidclient -h proxy -T 3 'https://postman-echo.com/get?squidtest=ok' 2> /dev/null | grep -qF '200 OK'" diff --git a/squid-keys.asc b/squid-keys.asc new file mode 100644 index 0000000..2f74573 Binary files /dev/null and b/squid-keys.asc differ