diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..b9b5496 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "monthly" diff --git a/.github/workflows/check_version.yml b/.github/workflows/check_version.yml index dfdb694..8fb69c9 100644 --- a/.github/workflows/check_version.yml +++ b/.github/workflows/check_version.yml @@ -6,7 +6,8 @@ name: Fetch and Compare NxFilter version on: schedule: - - cron: '0 0 * * *' + - cron: '0 13 * * *' + # push: # branches: [ nxfilter-pi-experimental ] # pull_request: @@ -32,7 +33,7 @@ jobs: - name: Push back to branch uses: Automattic/action-commit-to-branch@master with: - branch: 'nxfilter-debian' + branch: 'nxfilter-debian-experimental' commit_message: 'GitHub Actions update version.txt' env: GITHUB_TOKEN: ${{ secrets.PAT }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 71c4708..bf560da 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -39,5 +39,5 @@ jobs: file: ./Dockerfile platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm/v6,linux/arm64/v8 push: true - tags: packetworks/nxfilter-base:debian + tags: packetworks/nxfilter-base:debian-experimental labels: ${{ steps.docker_meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index dad81cb..0198348 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,30 +1,48 @@ -FROM debian +FROM debian AS builder MAINTAINER Charles Gunzelman -LABEL org.label-schema.docker.dockerfile="/Dockerfile" \ - org.label-schema.vcs-type="Git" \ - org.label-schema.vcs-url="https://github.com/packetworks/docker-nxfilter" -ENV container docker - -# Include the SSL-Split binary, not used by default. -COPY --from=vimagick/sslsplit /usr/local/bin/sslsplit /usr/local/bin/ -RUN apt -y update \ +RUN apt -y update \ && apt -y upgrade \ - && apt -y install wget unzip default-jre-headless libtcnative-1 libapr1 libapr1-dev \ - && apt -y clean autoclean \ - && apt -y autoremove \ - && rm -rf /var/lib/apt && rm -rf /var/lib/dpkg && rm -rf /var/lib/cache && rm -rf /var/lib/log + && apt -y install wget unzip libtcnative-1 libapr1 libapr1-dev # Populate ingredients from Git repo. -COPY entrypoint.sh url.txt / +COPY url.txt / -# Download and unzip nxfilter +# Download and unzip nxfilter from nxfilter.org RUN wget -nv -i url.txt -O nxfilter.zip \ && mkdir /nxfilter \ - && unzip nxfilter.zip -d /nxfilter \ - && chmod +x /nxfilter/bin/startup.sh \ + && unzip -q nxfilter.zip -d /nxfilter \ && rm -f nxfilter.zip -ENTRYPOINT ["/entrypoint.sh"] -CMD ["/nxfilter/bin/startup.sh"] + +######## +######## + +FROM gcr.io/distroless/java:8 + +MAINTAINER Charles Gunzelman +LABEL org.label-schema.docker.dockerfile="/Dockerfile" \ + org.label-schema.vcs-type="Git" \ + org.label-schema.vcs-url="https://github.com/packetworks/docker-nxfilter" + +# Deconstruct startup.sh +ENV container=docker \ + PATH=$PATH:/usr/bin:/usr/local/bin \ + CLASSPATH=$NX_HOME/nxd.jar:$NX_HOME/lib/*: \ + NX_HOME=/ + +# Include SSL-Split binary, not used by default. +COPY --from=vimagick/sslsplit /usr/local/bin/sslsplit /usr/local/bin/ + +# Copy packages from Builder. +# COPY --from=builder /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/ #got an error with this one at build time +COPY --from=builder /usr/share/lintian/overrides /usr/share/lintian/overrides +COPY --from=builder /usr/bin/apr-1-config /usr/bin/apr-config /usr/bin/ +COPY --from=builder /usr/include/apr-1.0 /usr/include/apr-1.0 +COPY --from=builder /nxfilter / +COPY --from=builder /bin/hostname /bin/ + +# Deconstruct startup.sh +ENTRYPOINT ["java"] +CMD [ "-Djava.net.preferIPv4Stack=true", "-Xmx768m", "-Djava.security.egd=file:/dev/./urandom", "nxd.Main" ]