-
-
Notifications
You must be signed in to change notification settings - Fork 207
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #334 from NOXCIS/main
Fixed Docker Image
- Loading branch information
Showing
12 changed files
with
293 additions
and
222 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
name: Docker Image Build and Analysis | ||
|
||
on: | ||
schedule: | ||
- cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed. | ||
workflow_dispatch: # Manual run trigger | ||
inputs: | ||
trigger-build: | ||
description: 'Trigger a manual build and push' | ||
default: 'true' | ||
|
||
jobs: | ||
build-and-analyze: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
- name: Log in to Docker Hub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
||
- name: Build Docker image | ||
id: build-image | ||
run: | | ||
echo "Building Docker image..." | ||
docker build -t my-app-image:latest . | ||
echo "Docker image built successfully." | ||
- name: Install Docker Scout | ||
run: | | ||
echo "Installing Docker Scout..." | ||
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- | ||
echo "Docker Scout installed successfully." | ||
- name: Analyze Docker image with Docker Scout | ||
id: analyze-image | ||
run: | | ||
echo "Analyzing Docker image with Docker Scout..." | ||
docker scout cves my-app-image:latest > scout-results.txt | ||
cat scout-results.txt # Print the report to the workflow logs for easy viewing | ||
echo "Docker Scout analysis completed." | ||
- name: Post Comment on Issue or PR | ||
run: | | ||
COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`" | ||
# Post comment using GitHub API | ||
curl -X POST \ | ||
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | ||
-H "Accept: application/vnd.github.v3+json" \ | ||
-d "{\"body\": \"$COMMENT\"}" \ | ||
"https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments" # Replace '1' with the issue or PR number |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# Pull from small Debian stable image. | ||
FROM alpine:latest AS builder | ||
|
||
LABEL maintainer="dselen@nerthus.nl" | ||
|
||
WORKDIR /opt/wireguarddashboard/src | ||
|
||
RUN apk update && \ | ||
apk add --no-cache sudo gcc musl-dev rust cargo linux-headers | ||
|
||
COPY ./docker/alpine/builder.sh /opt/wireguarddashboard/src/ | ||
COPY ./docker/alpine/requirements.txt /opt/wireguarddashboard/src/ | ||
RUN chmod u+x /opt/wireguarddashboard/src/builder.sh | ||
RUN /opt/wireguarddashboard/src/builder.sh | ||
|
||
|
||
FROM alpine:latest | ||
WORKDIR /opt/wireguarddashboard/src | ||
|
||
COPY ./src /opt/wireguarddashboard/src/ | ||
COPY --from=builder /opt/wireguarddashboard/src/venv /opt/wireguarddashboard/src/venv | ||
COPY --from=builder /opt/wireguarddashboard/src/log /opt/wireguarddashboard/src/log/ | ||
|
||
RUN apk update && \ | ||
apk add --no-cache wireguard-tools sudo && \ | ||
apk add --no-cache iptables ip6tables && \ | ||
chmod u+x /opt/wireguarddashboard/src/entrypoint.sh | ||
|
||
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1 | ||
|
||
ENTRYPOINT ["/opt/wireguarddashboard/src/entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
services: | ||
|
||
wireguard-dashboard: | ||
build: ./ | ||
container_name: wiregate | ||
cap_add: | ||
- NET_ADMIN | ||
- SYS_MODULE | ||
restart: unless-stopped | ||
environment: | ||
- wg_net=10.0.0.1/24 | ||
- wg_port=51820 | ||
volumes: | ||
- wgd_configs:/etc/wireguard | ||
- wgd_app:/opt/wireguarddashboard/src | ||
ports: | ||
- 10086:10086/tcp | ||
- 51820:51820/udp | ||
sysctls: | ||
- net.ipv4.ip_forward=1 | ||
- net.ipv4.conf.all.src_valid_mark=1 | ||
|
||
|
||
volumes: | ||
wgd_configs: | ||
wgd_app: |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
venv_python="./venv/bin/python3" | ||
venv_gunicorn="./venv/bin/gunicorn" | ||
pythonExecutable="python3" | ||
|
||
|
||
_check_and_set_venv(){ | ||
VIRTUAL_ENV="./venv" | ||
if [ ! -d $VIRTUAL_ENV ]; then | ||
printf "[WGDashboard] Creating Python Virtual Environment under ./venv\n" | ||
{ $pythonExecutable -m venv $VIRTUAL_ENV; } >> ./log/install.txt | ||
fi | ||
|
||
if ! $venv_python --version > /dev/null 2>&1 | ||
then | ||
printf "[WGDashboard] %s Python Virtual Environment under ./venv failed to create. Halting now.\n" "$heavy_crossmark" | ||
kill $TOP_PID | ||
fi | ||
|
||
source ${VIRTUAL_ENV}/bin/activate | ||
|
||
} | ||
|
||
build_core () { | ||
if [ ! -d "log" ] | ||
then | ||
printf "[WGDashboard] Creating ./log folder\n" | ||
mkdir "log" | ||
fi | ||
|
||
|
||
apk add --no-cache python3 net-tools python3-dev py3-virtualenv | ||
_check_and_set_venv | ||
printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n" | ||
{ date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt | ||
printf "[WGDashboard] Building Bcrypt & Psutil\n" | ||
{ date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt | ||
printf "[WGDashboard] Build Successfull!\n" | ||
printf "[WGDashboard] Clean Up Pip!\n" | ||
{ date; rm -rf /opt/wireguarddashboard/src/venv/lib/python3.12/site-packages/pip* ; printf "\n\n"; } >> ./log/install.txt | ||
|
||
} | ||
|
||
build_core |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
bcrypt | ||
psutil |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.