Bump actions/cache from 4.2.2 to 4.2.3

Bumps [actions/cache](https://github.com/actions/cache) from 4.2.2 to 4.2.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4.2.2...v4.2.3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 4.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: ['https://boosty.to/0xffff', 'https://www.donationalerts.com/r/b4tman1']

.github/workflows/dockerimage.yml

@@ -4,7 +4,8 @@ on:
   push:
     # Publish `master` as Docker `latest` image.
     branches:
-      - master
+      - master
+      - v5
 
     # Publish `v1.2.3` tags as releases.
     tags:
@@ -15,27 +16,30 @@ on:
     branches:
       - "master"
 
+env:
+  TEST_TAG: b4tman/squid:test
+
 jobs:
   test:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: b4tman
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.3
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -43,14 +47,14 @@ jobs:
             ${{ runner.os }}-buildx-
 
       - name: Build squid image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: false
-          tags: b4tman/squid
+          load: true # automatically load the single-platform build result to docker images
+          tags: ${{ env.TEST_TAG }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
-          outputs: type=image,name=b4tman/squid,push=false
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
       # Temp fix
       # https://github.com/docker/build-push-action/issues/252
@@ -61,17 +65,24 @@ jobs:
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Test image
-        run: docker-compose -f docker-compose.test.yml up sut
+        run: |
+          set -ex
+          docker compose -f docker-compose.test.yml up --pull never sut --exit-code-from sut
+          docker compose -f docker-compose.test.yml down
 
+      - name: set base image for 'ssl-bump'
+        run: |
+          sed -i "s%FROM b4tman/squid%FROM $TEST_TAG%" ssl-bump/Dockerfile
+      
       - name: Build 'ssl-bump' image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
-          context: ssl-bump
+          context: .
           push: false
-          file: ssl-bump/Dockerfile
-          tags: b4tman/squid:ssl-bump
+          load: true
+          tags: ${{ env.TEST_TAG }}-ssl-bump
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
       # Temp fix
       # https://github.com/docker/build-push-action/issues/252
@@ -80,17 +91,22 @@ jobs:
         run: |
           rm -rf /tmp/.buildx-cache
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
-
+          
+      - name: Test 'ssl-bump' image
+        run: |
+          set -ex
+          TEST_TAG="${TEST_TAG}-ssl-bump" docker compose -f docker-compose.test.yml up --pull never sut --exit-code-from sut
+          docker compose -f docker-compose.test.yml down
   push:
     needs: test
     runs-on: ubuntu-20.04
     if: github.event_name != 'pull_request'
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           images: |
             b4tman/squid
@@ -104,7 +120,7 @@ jobs:
 
       - name: Docker meta (ssl-bump)
         id: meta_ssl_bump
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           images: |
             b4tman/squid
@@ -119,7 +135,7 @@ jobs:
 
       - name: Docker meta (ssl-bump ghcr)
         id: meta_ssl_bump_ghcr
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           images: |
             ghcr.io/b4tman/squid-ssl-bump
@@ -131,13 +147,13 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
 
       - name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.3
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -145,20 +161,20 @@ jobs:
             ${{ runner.os }}-buildx-
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: b4tman
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GHCR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.CR_PAT }}
 
       - name: Build squid image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: true
@@ -166,7 +182,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
       # Temp fix
       # https://github.com/docker/build-push-action/issues/252
@@ -177,7 +193,7 @@ jobs:
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Build 'ssl-bump' image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           context: ssl-bump
           push: true
@@ -197,7 +213,7 @@ jobs:
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Build 'ssl-bump' image for ghcr
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           context: ssl-bump
           push: true
@@ -206,7 +222,7 @@ jobs:
           tags: ${{ steps.meta_ssl_bump_ghcr.outputs.tags }}
           labels: ${{ steps.meta_ssl_bump_ghcr.outputs.labels }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
       # Temp fix
       # https://github.com/docker/build-push-action/issues/252

.github/workflows/stale.yml

@@ -18,7 +18,7 @@ jobs:
       pull-requests: write
 
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@v9
       with:
         days-before-stale: 182
         days-before-close: 7

Dockerfile

@@ -1,6 +1,6 @@
-FROM alpine:3.14.2 as build
+FROM alpine:3.21.3 as build
 
-ENV SQUID_VER 5.2
+ARG SQUID_VER=6.13
 
 RUN set -x && \
 	apk add --no-cache  \
@@ -9,7 +9,8 @@ RUN set -x && \
 		libc-dev \
 		curl \
 		gnupg \
-		libressl-dev \
+		openssl-dev \
+		openssl-libs-static \
 		perl-dev \
 		autoconf \
 		automake \
@@ -20,32 +21,33 @@ RUN set -x && \
 		libcap-dev \
 		linux-headers
 
-RUN set -x && \
-	mkdir -p /tmp/build && \
-	cd /tmp/build && \
-    curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \
-	curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc
-
-COPY squid-keys.asc /tmp
+WORKDIR /tmp/build
 
 RUN set -x && \
-	cd /tmp/build && \
-	export GNUPGHOME="$(mktemp -d)" && \
-	gpg --import /tmp/squid-keys.asc && \
+	curl -fSsL "https://github.com/squid-cache/squid/releases/download/SQUID_${SQUID_VER//./_}/squid-${SQUID_VER}.tar.gz" -o squid-${SQUID_VER}.tar.gz && \
+	curl -fSsL "https://github.com/squid-cache/squid/releases/download/SQUID_${SQUID_VER//./_}/squid-${SQUID_VER}.tar.gz.asc" -o squid-${SQUID_VER}.tar.gz.asc
+
+COPY squid-keys.asc /tmp/build
+
+RUN set -x && \
+	GNUPGHOME="$(mktemp -d)" && \
+	export GNUPGHOME && \
+	gpg --import squid-keys.asc && \
 	gpg --batch --verify squid-${SQUID_VER}.tar.gz.asc squid-${SQUID_VER}.tar.gz && \
 	rm -rf "$GNUPGHOME"
-	
+
 RUN set -x && \
-	cd /tmp/build && \	
 	tar --strip 1 -xzf squid-${SQUID_VER}.tar.gz && \
 	\
+	MACHINE=$(uname -m) && \
+	\
 	CFLAGS="-g0 -O2" \
 	CXXFLAGS="-g0 -O2" \
 	LDFLAGS="-s" \
 	\
 	./configure \
-		--build="$(uname -m)" \
-		--host="$(uname -m)" \
+		--build="$MACHINE" \
+		--host="$MACHINE" \
 		--prefix=/usr \
 		--datadir=/usr/share/squid \
 		--sysconfdir=/etc/squid \
@@ -56,7 +58,8 @@ RUN set -x && \
 		--disable-arch-native \
 		--enable-removal-policies="lru,heap" \
 		--enable-auth-digest \
-		--enable-auth-basic="getpwnam,NCSA" \
+		--enable-auth-basic="getpwnam,NCSA,DB,RADIUS" \
+		--enable-basic-auth-helpers="DB" \
 		--enable-epoll \
 		--enable-external-acl-helpers="file_userip,unix_group,wbinfo_group" \
 		--enable-auth-ntlm="fake" \
@@ -83,29 +86,27 @@ RUN set -x && \
 		--enable-storeio="diskd rock" \
 		--enable-ipv6 \
 		--enable-translation \
-		--disable-snmp \
+		--enable-snmp \
 		--disable-dependency-tracking \
 		--with-large-files \
 		--with-default-user=squid \
 		--with-openssl \
 		--with-pidfile=/var/run/squid/squid.pid
 
-# fix build
 RUN set -x && \
-    mkdir -p /tmp/build/tools/squidclient/tests && \
-    mkdir -p /tmp/build/tools/tests
-
-RUN set -x && \
-	cd /tmp/build && \
-	nproc=$(n=$(nproc) ; max_n=6 ; [ $n -le $max_n ] && echo $n || echo $max_n) && \
+	nproc=$(n=$(nproc) ; max_n=6 ; echo $(( n <= max_n ? n : max_n )) ) && \
 	make -j $nproc && \
-	make install && \
-	cd tools/squidclient && make && make install-strip
+	make install
 
-RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf
-RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf
+WORKDIR /tmp/build/tools/squidclient
+RUN make && make install-strip
 
-FROM alpine:3.14.2
+RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf && \
+	echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf
+
+# --- --- --- --- --- --- --- --- ---
+
+FROM alpine:3.21.3
 	
 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf
 ENV TZ Europe/Moscow
@@ -118,37 +119,31 @@ RUN apk add --no-cache \
 		libstdc++ \
 		heimdal-libs \
 		libcap \
-		libressl3.3-libcrypto \
-		libressl3.3-libssl \
-		libltdl	
+		libltdl \
+		tzdata
 
 COPY --from=build /etc/squid/ /etc/squid/
 COPY --from=build /usr/lib/squid/ /usr/lib/squid/
 COPY --from=build /usr/share/squid/ /usr/share/squid/
 COPY --from=build /usr/sbin/squid /usr/sbin/squid
 COPY --from=build /usr/bin/squidclient /usr/bin/squidclient
+
+COPY --chmod=755 run.sh /
 
-		
 RUN install -d -o squid -g squid \
 		/var/cache/squid \
 		/var/log/squid \
 		/var/run/squid && \
-	chmod +x /usr/lib/squid/*
-	
-RUN install -d -m 755 -o squid -g squid \
+	chmod +x /usr/lib/squid/* && \
+	install -d -m 755 -o squid -g squid \
 		/etc/squid/conf.d \
-		/etc/squid/conf.d.tail
-RUN touch /etc/squid/conf.d/placeholder.conf 
+		/etc/squid/conf.d.tail && \
+	touch /etc/squid/conf.d/placeholder.conf
 COPY squid-log.conf /etc/squid/conf.d.tail/
 
-RUN	set -x && \
-	apk add --no-cache --virtual .tz alpine-conf tzdata && \ 
-	/sbin/setup-timezone -z $TZ && \
-	apk del .tz 	
-	
-VOLUME ["/var/cache/squid"]	
+VOLUME ["/var/cache/squid"]
 EXPOSE 3128/tcp
 
 USER squid
 
-CMD ["sh", "-c", "/usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -z && exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -YCd 1"]
+CMD ["/run.sh"]

README.md

@@ -1,5 +1,3 @@
-[![Drone Build Status](https://cloud.drone.io/api/badges/b4tman/docker-squid/status.svg?ref=refs/heads/master)](https://cloud.drone.io/b4tman/docker-squid)
-![Docker Build Status](https://img.shields.io/docker/cloud/build/b4tman/squid)
 ![Docker Image CI Status](https://github.com/b4tman/docker-squid/workflows/Docker%20Image%20CI/badge.svg)
 
 # docker-squid

docker-compose.test.yml

@@ -1,10 +1,9 @@
 version: '2.3'
 services:
   proxy:
-    image: squidproxy
-    build:
-      context: .
-      dockerfile: Dockerfile
+    image: "${TEST_TAG}"
+    volumes:
+      - './test_localnet.conf:/etc/squid/conf.d/test_localnet.conf:ro'
     healthcheck:
       test: ["CMD", "sh", "-exc", "squidclient -T 3 mgr:info 2> /dev/null | grep -qF '200 OK'"]
       interval: 5s
@@ -12,9 +11,10 @@ services:
       retries: 5
       start_period: 1s
   sut:
-    image: squidproxy
+    image: "${TEST_TAG}"
     links: 
       - proxy
     depends_on:
       - proxy
     command: sh -exc "sleep 10 && squidclient -h proxy -T 3 'https://postman-echo.com/get?squidtest=ok' 2> /dev/null | grep -qF '200 OK'"
+

run.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -x
+
+# force remove pid
+if [ -e /var/run/squid/squid.pid ]; then
+	rm -f /var/run/squid/squid.pid
+fi
+
+# init cache
+/usr/sbin/squid -f "${SQUID_CONFIG_FILE}" --foreground -z
+
+# run squid
+exec /usr/sbin/squid -f "${SQUID_CONFIG_FILE}" --foreground -YCd 1

ssl-bump/Dockerfile

@@ -1,4 +1,9 @@
 FROM b4tman/squid
 
+COPY run.sh /
 USER root
-CMD ["sh", "-c", "(test -d /var/cache/squid/ssl_db || /usr/lib/squid/security_file_certgen -c -s /var/cache/squid/ssl_db -M 4MB) && /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -z && exec /usr/sbin/squid -f ${SQUID_CONFIG_FILE} --foreground -YCd 1"]
+RUN chmod 755 /run.sh
+
+USER squid
+
+CMD ["/run.sh"]

ssl-bump/run.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -x
+
+# init ssl_db
+if [ ! -d /var/cache/squid/ssl_db ]; then
+	/usr/lib/squid/security_file_certgen -c -s /var/cache/squid/ssl_db -M 4MB
+fi
+
+# init cache
+/usr/sbin/squid -f "${SQUID_CONFIG_FILE}" --foreground -z
+
+# run squid
+exec /usr/sbin/squid -f "${SQUID_CONFIG_FILE}" --foreground -YCd 1

test_localnet.conf

@@ -0,0 +1,11 @@
+acl localnet1 src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
+acl localnet1 src 10.0.0.0/8            # RFC 1918 local private network (LAN)
+acl localnet1 src 100.64.0.0/10         # RFC 6598 shared address space (CGN)
+acl localnet1 src 169.254.0.0/16        # RFC 3927 link-local (directly plugged) machines
+acl localnet1 src 172.16.0.0/12         # RFC 1918 local private network (LAN)
+acl localnet1 src 192.168.0.0/16                # RFC 1918 local private network (LAN)
+acl localnet1 src fc00::/7              # RFC 4193 local private network range
+acl localnet1 src fe80::/10             # RFC 4291 link-local (directly plugged) machines
+
+http_access allow localnet1
+http_access allow localhost manager