pr to upstream

.github/workflows/docker-hub-description.yml

@@ -4,18 +4,26 @@ on:
   push:
     tags:
       - '*'
+  workflow_call:
+    secrets:
+      DOCKERHUB_TOKEN:
+        required: true
+
+env:
+  DOCKERHUB_USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
+  DOCKERHUB_REPOSITORY: ${{ vars.DOCKERHUB_REPOSITORY }}
 
 jobs:
   update:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - uses: actions/checkout@v4
 
       - name: Update docker hub description
         uses: peter-evans/dockerhub-description@v4
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: ${{ env.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-          repository: visibilityspots/cloudflared
+          repository: ${{ github.repository_owner }}/${{ env.DOCKERHUB_REPOSITORY }}
           short-description: ${{ github.event.repository.description }}

.github/workflows/main.yml

@@ -0,0 +1,91 @@
+name: CI
+
+on:
+  push:
+    tags:
+      - '*'
+  workflow_call:
+    inputs:
+      platforms:
+        required: false
+        type: string
+    secrets:
+      DOCKERHUB_TOKEN:
+        required: true
+      GOSS_CMD:
+        required: false
+env:
+  DOCKERHUB_USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
+  DOCKERHUB_REPOSITORY: ${{ vars.DOCKERHUB_REPOSITORY }}
+  DOCKERHUB_PLATFORMS: ${{ inputs.platforms || 'linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64' }}
+
+jobs:
+  test:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build ${{ env.DOCKERHUB_REPOSITORY }}:dev image
+        run: docker build -t ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_REPOSITORY }}:dev .
+
+      - uses: e1himself/goss-installation-action@v1.2.1
+        with:
+          version: 'v0.4.9'
+
+      - name: Execute dgoss run on ${{ env.DOCKERHUB_REPOSITORY }}:dev image
+        env:
+          GOSS_FILES_STRATEGY: cp
+        run: dgoss run ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_REPOSITORY }}:dev ${{ secrets.GOSS_CMD }}
+
+  deploy:
+    needs: test
+
+    runs-on: ubuntu-24.04
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/login-action@v3.4.0
+        with:
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - uses: docker/setup-qemu-action@v3
+
+      - uses: docker/setup-buildx-action@v3
+
+      - name: Build and push ${{ env.DOCKERHUB_REPOSITORY }} image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: ${{ env.DOCKERHUB_PLATFORMS }}
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_REPOSITORY }}:latest
+            ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_REPOSITORY }}:${{ github.ref_name }}
+          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_REPOSITORY }}:buildcache
+          cache-to: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_REPOSITORY }}:buildcache,mode=max
+
+      - name: Generate CHANGELOG
+        id: changelog
+        uses: requarks/changelog-action@v1
+        with:
+          token: ${{ github.token }}
+          tag: ${{ github.ref_name }}
+
+      - name: Create github ${{ github.ref_name }} release
+        uses: ncipollo/release-action@v1
+        with:
+          makeLatest: true
+          allowUpdates: true
+          body: ${{ steps.changelog.output.changes }}
+          token: ${{ github.token }}
+
+      - name: Commit updated CHANGELOG.md for ${{ github.ref_name }}
+        uses: stefanzweifel/git-auto-commit-action@v6
+        with:
+          branch: main
+          commit_message: 'docs: update CHANGELOG.md for ${{ github.ref_name }} [skip ci]'
+          file_pattern: CHANGELOG.md

.github/workflows/trivy.yml

@@ -6,37 +6,45 @@ on:
       - '*'
   schedule:
     - cron: '44 19 * * 4'
+  workflow_call:
 
 permissions:
   contents: read
 
+env:
+  DOCKERHUB_USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
+  DOCKERHUB_REPOSITORY: ${{ vars.DOCKERHUB_REPOSITORY }}
+  TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db'
+  TRIVY_JAVA_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-java-db'
+
 jobs:
   scan:
     permissions:
       contents: read
       security-events: write
-    runs-on: "ubuntu-latest"
+
+    runs-on: ubuntu-24.04
+
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
       - name: Build an image from Dockerfile
         run: |
-          docker build -t visibilityspots/cloudflared:dev .
+          docker build -t ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_REPOSITORY }}:dev .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.24.0
+        uses: aquasecurity/trivy-action@0.31.0
         with:
-          image-ref: 'visibilityspots/cloudflared:dev'
+          image-ref: '${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_REPOSITORY }}:dev'
           format: 'table'
           exit-code: 0
           ignore-unfixed: true
           severity: 'CRITICAL,HIGH'
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.24.0
+      - name: Store Trivy vulnerability scanner output
+        uses: aquasecurity/trivy-action@0.31.0
         with:
-          image-ref: 'visibilityspots/cloudflared:dev'
+          image-ref: '${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_REPOSITORY }}:dev'
           format: 'sarif'
           output: 'trivy-results.sarif'
           ignore-unfixed: true

CHANGELOG.md

@@ -4,6 +4,112 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+
+## [v2025.6.1] - 2025-06-17
+### :wrench: Chores
+- [`1fa9b6e`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/1fa9b6ef67ab8f14cd4ff6f9b34309ff207cd90e) - **update**: Cloudflared v2025.6.1 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2025.6.0] - 2025-06-11
+### :wrench: Chores
+- [`93a2a95`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/93a2a95ffcc5f79545a0457f2afedf22e28308e4) - **update**: Cloudflared v2025.6.0 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2025.5.0] - 2025-05-15
+### :wrench: Chores
+- [`784a116`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/784a116c0505ec694a54c1bd288ed261b95a8147) - **update**: Cloudflared v2025.5.0 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2025.4.2] - 2025-04-30
+### :wrench: Chores
+- [`0cc2e1e`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/0cc2e1e54188ddb6d4f12c84570aff9f3bb6d4b8) - **update**: Cloudflared v2025.4.2 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2025.4.0] - 2025-04-06
+### :wrench: Chores
+- [`6839f99`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/6839f9910cc548eb83058bc43cec45c6b0d5e8fc) - **update**: Cloudflared v2025.4.0 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2025.2.1] - 2025-02-27
+### :wrench: Chores
+- [`df22578`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/df22578a728da77e1399bf0cda10b88a609e228a) - **update**: chore(update): golang v1.24.0 + cloudflared v2025.2.1 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2025.2.0] - 2025-02-05
+### :wrench: Chores
+- [`e97e76a`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/e97e76a4ace6d831fa58e138004e58b1bc1a8987) - **doc**: using udp port forwarding over net host mode in docker run commands *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`5d4b3b5`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/5d4b3b5faa539a2706bcfd81b7af0fb8aeb0bc54) - **update**: golang v1.23.6 + cloudflared v2025.2.0 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2025.1.1] - 2025-01-30
+### :wrench: Chores
+- [`2a045a0`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/2a045a0396042712dd6a874697db27faa164a7a2) - **update**: Cloudflared v2025.1.1 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2025.1.0] - 2025-01-07
+### :wrench: Chores
+- [`e77a264`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/e77a264c0e25679fbd9f7fd0eabfe47939c0854c) - **update**: Cloudflared v2025.1.0 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2024.12.2] - 2024-12-19
+### :wrench: Chores
+- [`2c82345`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/2c82345f4c3a224549719af7264f1944f2717543) - **ci**: using ubuntu-24.04 for github action runners *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`8d621d5`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/8d621d57ddf75339bde40d930970742519d334f4) - **update**: Cloudflared v2024.12.2 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2024.12.1] - 2024-12-11
+### :wrench: Chores
+- [`5ce16f6`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/5ce16f6492d93f23b49e5e81eafde8efedd32c9a) - **update**: Cloudflared v2024.12.1 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2024.12.0] - 2024-12-10
+### :sparkles: New Features
+- [`3c1fce0`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/3c1fce03236cd9197c4b0adde0293724a663843d) - **ci**: introducing parameterized DOCKERHUB_PLATFORMS *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+### :wrench: Chores
+- [`396f777`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/396f7773c5a1e8d4829811ef607556d0ab6ac9c3) - **ci**: disable requirement on DOCKERHUB_TOKEN to test inheritance *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`a4132ca`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/a4132caa25d33213ae83633a04953d75f5053e4e) - **update**: Cloudflared v2024.12.0 + Golang v1.23.4 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2024.11.1] - 2024-11-19
+### :wrench: Chores
+- [`13e7bb9`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/13e7bb9686da741b394ffd6b591e5b75ffbd999a) - **ci**: using secret for GOSS_CMD *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`efaa11d`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/efaa11d47f46b038a708d0ff3a71f17d961a14c5) - **update**: Cloudflared v2024.11.1 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2024.11.0] - 2024-11-08
+### :sparkles: New Features
+- [`b2f7347`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/b2f7347c442194c83ed6db0103c66530e89a9c1d) - **ci**: adding reusable workflow parameters + refactored some of them *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`6a91e0d`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/6a91e0de3c03156c72a349ea5974557b19253325) - **ci**: make trivy workflow reusable *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`37a80e8`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/37a80e8432880ed7de135abb0ace0f56ac85452a) - **ci**: make main workflow reusable *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`f4a8d30`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/f4a8d30434d9b9b3ed013e6f7b1724a2dcd6459b) - **ci**: make GOSS_CMD vars param *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+### :bug: Bug Fixes
+- [`2eb1c3f`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/2eb1c3fd43921dea1ebbdc30a098fa3523290671) - **ci**: short-description indentation fixed *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`9a603da`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/9a603da8532ff99f533edd5b3d5fddf14b205ac0) - **ci**: using var for DOCKERHUB_USERNAME instead of default *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`53bea8d`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/53bea8d5d08c41235d6c2e53cc9333700b701dc1) - **ci**: using env var over inputs *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`edab8f3`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/edab8f31cfbd55a603089c6e8e9a98f57399b755) - **ci**: used wrong DOCKERHUB_REPOSITORY value due to copy paste *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`52d3450`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/52d34500edd9384105647adb273d70024e3bba49) - **README**: referring to yml main workflow over yaml one *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+### :wrench: Chores
+- [`a80a2cd`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/a80a2cd9044c9a3c33667a8cd9e3afcc6ef4f3b5) - **update**: Golang v1.23.3 + Cloudflared v2024.11.0 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`fd2bdb7`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/fd2bdb75da3b9201fc81913fef8f082f0fa54586) - **ci**: trigger docker-hub-description on every push *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`efbfdab`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/efbfdab6784e531e748f57a4edfe54348a820b85) - **ci**: figuring out parameters *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`72aa91f`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/72aa91f316c3ab8ea27b42337f37898ebab8eeae) - **revert**: removed last release to test ci chain *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`a859394`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/a85939415eca220518bbb62524263934442e3b1e) - **ci**: refactored workflows *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`c709aa9`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/c709aa983149e06ea76a69c8515d96f57d436293) - **revert**: removed last release to test ci chain *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`dd577e7`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/dd577e75cad4ce45759d029e7739485e51a84318) - **ci**: standardized yml extension *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+- [`af0505a`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/af0505a9ecf510b6a023635b425d502f978258be) - **ci**: renamed a few actions + playing around with GOSS_CMD parameter *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
+## [v2024.10.1] - 2024-10-24
+### :bug: Bug Fixes
+- [`c4bc296`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/c4bc29623a89a8e9ead3734f0d5291a66f20964f) - **ci**: using AWS based trivy repositories to mitigate TOOMANYREQUESTS from GHCR based ones *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+### :wrench: Chores
+- [`ad8eb0a`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/ad8eb0a2a050298a26d648f15e6b9198513546d4) - **update**: cloudflared v2024.10.1 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
+
+
 ## [v2024.10.0] - 2024-10-10
 ### :wrench: Chores
 - [`ea05d70`](https://github.com/visibilityspots/dockerfile-cloudflared/commit/ea05d70aff2c2dd429577aec4f6ad98cc46ae6bf) - **update**: cloudflared v2024.10.0 + golang v1.23.2 *(commit by [@visibilityspots](https://github.com/visibilityspots))*
@@ -26,3 +132,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [v2024.8.3]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.8.2...v2024.8.3
 [v2024.9.1]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.9.0...v2024.9.1
 [v2024.10.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.9.1...v2024.10.0
+[v2024.10.1]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.10.0...v2024.10.1
+[v2024.11.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.10.1...v2024.11.0
+[v2024.11.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.10.1...v2024.11.0
+[v2024.11.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.10.1...v2024.11.0
+[v2024.11.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.10.1...v2024.11.0
+[v2024.11.1]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.11.0...v2024.11.1
+[v2024.12.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.11.1...v2024.12.0
+[v2024.12.1]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.12.0...v2024.12.1
+[v2024.12.2]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.12.1...v2024.12.2
+[v2025.1.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2024.12.2...v2025.1.0
+[v2025.1.1]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2025.1.0...v2025.1.1
+[v2025.2.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2025.1.1...v2025.2.0
+[v2025.2.1]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2025.2.0...v2025.2.1
+[v2025.4.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2025.2.1...v2025.4.0
+[v2025.4.2]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2025.4.0...v2025.4.2
+[v2025.5.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2025.4.2...v2025.5.0
+[v2025.6.0]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2025.5.0...v2025.6.0
+[v2025.6.1]: https://github.com/visibilityspots/dockerfile-cloudflared/compare/v2025.6.0...v2025.6.1