Migrate to Alpine Linux (#2)

* Alpine base image

* Update to v3

* chore: autopublish 2023-10-11T18:44:52Z

* Copy rinetd.conf + use wg-start.sh

* Auto update image when new packages are available

* chore: autopublish 2023-10-11T19:40:13Z

* Bump actions/checkout from 3 to 4

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump docker/login-action from 2 to 3

Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump docker/build-push-action from 4 to 5

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump docker/setup-buildx-action from 2.4.0 to 3.0.0

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.0 to 3.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@15c905b...f95db51)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump docker/setup-qemu-action from 2 to 3

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump to v3

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: eiqnepm <86803173+eiqnepm@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/docker-image-built-against

@@ -1 +1 @@
-3565a89d9e81
+8ca4688f4f35

.github/docker-rinetd-built-against

@@ -0,0 +1 @@
+d4e0a60119a575b851d6b5e6268491f432d91089	refs/heads/main

.github/workflows/build-and-push.yml

@@ -11,37 +11,38 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - name: Save base image ID
+      - name: Save image build info
         run: |
-          docker pull ubuntu:jammy
-          docker images --format '{{.ID}}' ubuntu:jammy > .github/docker-image-built-against
+          docker pull alpine:3.18
+          docker images --format '{{.ID}}' alpine:3.18 > .github/docker-image-built-against
+          git ls-remote https://github.com/samhocevar/rinetd.git main > .github/docker-rinetd-built-against
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@15c905b16b06416d2086efa066dd8e3a35cc7f98
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
         with:
           driver-opts: 'image=moby/buildkit:v0.10.5'
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ secrets.GHCR_USERNAME }}
           password: ${{ secrets.GHCR_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/arm/v7
           push: true
           tags: |
             ghcr.io/digitallyrefined/docker-wireguard-tunnel:latest
-            ghcr.io/digitallyrefined/docker-wireguard-tunnel:v2
+            ghcr.io/digitallyrefined/docker-wireguard-tunnel:v3
 
       - name: Commit and push changes
         uses: actions-js/push@master

.github/workflows/check-for-updates.yml

@@ -10,13 +10,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - name: Check if base image update available
+      - name: Check if image needs updating
         id: image-update
         run: |
-          docker pull ubuntu:jammy
-          docker images --format '{{.ID}}' ubuntu:jammy > .github/docker-image-built-against
+          docker pull alpine:3.18
+          docker images --format '{{.ID}}' alpine:3.18 > .github/docker-image-built-against
+          git ls-remote https://github.com/samhocevar/rinetd.git main > .github/docker-rinetd-built-against
           img_needs_updating=`git status --porcelain`
           set -x
           echo "needs-updating=`[[ $img_needs_updating ]] && echo true || echo false`" >>$GITHUB_OUTPUT
@@ -25,39 +26,38 @@ jobs:
         id: pkg-update
         run: |
           docker pull ghcr.io/digitallyrefined/docker-wireguard-tunnel
-          pkgs_to_update=`docker run --rm ghcr.io/digitallyrefined/docker-wireguard-tunnel bash -c ' \
-          apt update > /dev/null && \
-          apt -s -o Debug::NoLocking=true upgrade | { grep ^Inst || true; }'`
+          pkgs_to_update=`docker run --rm ghcr.io/digitallyrefined/docker-wireguard-tunnel sh -c ' \
+          apk upgrade --simulate --no-cache | { grep Upgrading || true; }'`
           set -x
           echo "needs-updating=`[[ $pkgs_to_update ]] && echo true || echo false`" >>$GITHUB_OUTPUT
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         if: steps.image-update.outputs.needs-updating == 'true' || steps.pkg-update.outputs.needs-updating == 'true'
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@15c905b16b06416d2086efa066dd8e3a35cc7f98
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
         with:
           driver-opts: 'image=moby/buildkit:v0.10.5'
         if: steps.image-update.outputs.needs-updating == 'true' || steps.pkg-update.outputs.needs-updating == 'true'
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ secrets.GHCR_USERNAME }}
           password: ${{ secrets.GHCR_TOKEN }}
         if: steps.image-update.outputs.needs-updating == 'true' || steps.pkg-update.outputs.needs-updating == 'true'
 
       - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/arm/v7
           push: true
           tags: |
             ghcr.io/digitallyrefined/docker-wireguard-tunnel:latest
-            ghcr.io/digitallyrefined/docker-wireguard-tunnel:v2
+            ghcr.io/digitallyrefined/docker-wireguard-tunnel:v3
         if: steps.image-update.outputs.needs-updating == 'true' || steps.pkg-update.outputs.needs-updating == 'true'
 
       - name: Commit and push changes

Dockerfile

@@ -1,37 +1,37 @@
 # syntax=docker/dockerfile:1
 
-FROM ubuntu:jammy
+FROM alpine:3.18 AS builder
+
+RUN set -ex \
+  && apk upgrade --no-cache \
+  && apk add --no-cache \
+    build-base \
+    git \
+    autoconf \
+    automake \
+  && cd /tmp \
+  && git clone --depth=1 "https://github.com/samhocevar/rinetd" \
+  && cd rinetd \
+  && ./bootstrap \
+  && ./configure --prefix=/usr \
+  && make -j $(nproc) \
+  && strip rinetd
+
+FROM alpine:3.18
 
 ARG TARGETPLATFORM
 
 LABEL org.opencontainers.image.source=https://github.com/DigitallyRefined/docker-wireguard-tunnel
 LABEL org.opencontainers.image.description="docker-wireguard-tunnel ${TARGETPLATFORM}"
 
-ENV DEBIAN_FRONTEND=noninteractive
-ENV TERM=xterm
-
-RUN \
-  apt update && \
-  apt dist-upgrade -y && \
-  apt install -y --no-install-recommends \
-    ca-certificates \
-    curl \
-    ifupdown \
-    iproute2 \
-    iputils-ping \
-    openresolv \
-    rinetd \
-    wireguard-tools && \
-  apt autoremove -y && \
-  rm -rf \
-    /tmp/* \
-    /var/lib/apt/lists/* \
-    /var/tmp/*
-
-RUN cp /etc/rinetd.conf /etc/rinetd.conf.ori
-
-COPY wg-start.sh /usr/local/bin/wireguard
-
-CMD ["wireguard"]
+COPY --from=builder /tmp/rinetd/rinetd /usr/sbin/rinetd
+COPY --from=builder /tmp/rinetd/rinetd.conf /etc/rinetd.conf.ori
+
+RUN apk upgrade --no-cache
+RUN apk add --no-cache wireguard-tools
+
+COPY wg-start.sh /usr/sbin/wg-start.sh
+
+CMD ["/usr/sbin/wg-start.sh"]
 
 EXPOSE 51820/udp

README.md

@@ -23,7 +23,7 @@ Will accept connections on behalf of a peer and tunnel them to the designated pe
 ```yml
 services:
   wireguard-tunnel-server:
-    image: ghcr.io/digitallyrefined/docker-wireguard-tunnel:v2
+    image: ghcr.io/digitallyrefined/docker-wireguard-tunnel:v3
     container_name: wireguard-tunnel-server
     environment:
       # Update to your domain
@@ -62,7 +62,7 @@ Move the `config/peer1.conf` file from the server that was automatically generat
 ```yml
 services:
   wireguard-tunnel-peer:
-    image: ghcr.io/digitallyrefined/docker-wireguard-tunnel:v2
+    image: ghcr.io/digitallyrefined/docker-wireguard-tunnel:v3
     container_name: wireguard-tunnel-peer
     environment:
       # Note that DOMAIN & PEERS are not required for the peer

example-tls-fly-io.md

@@ -20,7 +20,7 @@ Will accept connections on behalf of a peer and tunnel them to the designated pe
 app = "my-app-1234"
 
 [build]
-  image = "ghcr.io/digitallyrefined/docker-wireguard-tunnel:v2"
+  image = "ghcr.io/digitallyrefined/docker-wireguard-tunnel:v3"
 
 [env]
   DOMAIN = "my-app-1234.fly.dev" # Update this to match your subdomain
@@ -85,7 +85,7 @@ Paste the `peer1.conf` contents from the Fly.io server into a file named `config
 ```yml
 services:
   wireguard-tunnel-peer:
-    image: ghcr.io/digitallyrefined/docker-wireguard-tunnel:v2
+    image: ghcr.io/digitallyrefined/docker-wireguard-tunnel:v3
     container_name: wireguard-tunnel-peer
     environment:
       # Note that DOMAIN & PEERS are not required for the peer

example-tls-traefik.md

@@ -29,7 +29,7 @@ services:
       - "traefik"
 
   wireguard-tunnel-server:
-    image: ghcr.io/digitallyrefined/docker-wireguard-tunnel:v2
+    image: ghcr.io/digitallyrefined/docker-wireguard-tunnel:v3
     container_name: wireguard-tunnel-server
     environment:
       # Update to your domain
@@ -154,7 +154,7 @@ Move the `config/peer1.conf` file from the server that was automatically generat
 ```yml
 services:
   wireguard-tunnel-peer:
-    image: ghcr.io/digitallyrefined/docker-wireguard-tunnel:v2
+    image: ghcr.io/digitallyrefined/docker-wireguard-tunnel:v3
     container_name: wireguard-tunnel-peer
     environment:
       # Note that DOMAIN & PEERS are not required for the peer