beevelop · beevelop · Feb 13, 2021 · Feb 13, 2021 · Feb 13, 2021
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,67 @@
+name: Docker Image
+
+on:
+  schedule:
+    - cron: "0 10 * * *" # everyday at 10am
+  push:
+    branches: ["**"]
+    tags: ["v*.*.*"]
+
+env:
+  platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6
+
+jobs:
+  main:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+      - name: Set imageName based on the repository name
+        id: step_one
+        run: |
+            imageName="${GITHUB_REPOSITORY/docker-/}"
+            echo $imageName
+            echo "imageName=$imageName" >> $GITHUB_ENV
+      - name: Docker meta
+        id: docker_meta
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          images: ${{ env.imageName }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to Harbor
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Buildx cache
+        uses: actions/cache@v1
+        with:
+          path: ${{ github.workspace }}/cache
+          key: ${{ runner.os }}-docker-${{ hashfiles('cache/**') }}
+          restore-keys: |
+            ${{ runner.os }}-docker
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          platforms: ${{ env.platforms }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          cache-from: type=local,src=${{ github.workspace }}/cache
+          cache-to: type=local,dest=${{ github.workspace }}/cache
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.imageName }}:${{ steps.docker_meta.outputs.version }}
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: "trivy-results.sarif"
diff --git a/.travis.yml b/.travis.yml
diff --git a/Dockerfile b/Dockerfile
@@ -1,29 +1,5 @@
 FROM nginx:alpine
 
-ARG BUILD_DATE
-ARG BUILD_VERSION
-ARG VCS_REF
-
-LABEL maintainer="Maik Hummel <hi@beevelop.com>" \
-      org.label-schema.build-date=$BUILD_DATE \
-      org.label-schema.version=$BUILD_VERSION \
-      org.label-schema.vcs-ref=$VCS_REF \
-      org.label-schema.schema-version="1.0" \
-      org.label-schema.vcs-url="https://github.com/beevelop/docker-nginx-basic-auth.git" \
-      org.label-schema.name="beevelop/nginx-basic-auth" \
-      org.label-schema.vendor="Maik Hummel (beevelop)" \
-      org.label-schema.description="Simple Docker image for basic authentication" \
-      org.label-schema.url="https://beevelop.com/" \
-      org.label-schema.license="MIT" \
-      org.opencontainers.image.title="beevelop/nginx-basic-auth" \
-      org.opencontainers.image.description="Simple Docker image for basic authentication" \
-      org.opencontainers.image.licenses="MIT" \
-      org.opencontainers.image.authors="Maik Hummel (beevelop)" \
-      org.opencontainers.image.vendor="Maik Hummel (beevelop)" \
-      org.opencontainers.image.url="https://github.com/beevelop/docker-nginx-basic-auth" \
-      org.opencontainers.image.documentation="https://github.com/beevelop/docker-nginx-basic-auth/blob/master/README.md" \
-      org.opencontainers.image.source="https://github.com/beevelop/docker-nginx-basic-auth.git"
-
 ENV HTPASSWD='foo:$apr1$odHl5EJN$KbxMfo86Qdve2FH4owePn.' \
     FORWARD_PORT=80 \
     FORWARD_HOST=web

diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016-2020 Maik Hummel (beevelop)
+Copyright (c) 2016-2021 Maik Hummel (beevelop)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -1,15 +1,17 @@
-[![Travis](https://shields.beevelop.com/travis/beevelop/docker-nginx-basic-auth.svg?style=flat-square)](https://travis-ci.org/beevelop/docker-nginx-basic-auth)
 [![Pulls](https://shields.beevelop.com/docker/pulls/beevelop/nginx-basic-auth.svg?style=flat-square)](https://links.beevelop.com/d-nginx-basic-auth)
 [![Size](https://shields.beevelop.com/docker/image/size/beevelop/nginx-basic-auth/latest.svg?style=flat-square)](https://links.beevelop.com/d-nginx-basic-auth)
 [![Layers](https://shields.beevelop.com/docker/image/layers/beevelop/nginx-basic-auth/latest.svg?style=flat-square)](https://links.beevelop.com/d-nginx-basic-auth)
 ![Badges](https://shields.beevelop.com/badge/badges-6-brightgreen.svg?style=flat-square)
 [![Beevelop](https://links.beevelop.com/honey-badge)](https://beevelop.com)
 
 # nginx-basic-auth
-----
+
+---
+
 > Simple Docker image to provide basic authentication for a single other container.
 
 ## Quickstart
+
 ```bash
 docker run -d --name web dockercloud/hello-world
 docker run -d -p 80:80 --link web:web --name auth beevelop/nginx-basic-auth
@@ -18,6 +20,7 @@ docker run -d -p 80:80 --link web:web --name auth beevelop/nginx-basic-auth
 Try accessing and logging in with username `foo` and password `bar`.
 
 ## Advanced
+
 ```bash
 docker run -d \
            -e HTPASSWD='foo:$apr1$odHl5EJN$KbxMfo86Qdve2FH4owePn.' \
@@ -26,28 +29,36 @@ docker run -d \
            --name auth \
            beevelop/nginx-basic-auth
 ```
+
 > Use single quotes to prevent unwanted interpretation of `$` signs!
 
 ## Configuration
+
 - `HTPASSWD` (default: `foo:$apr1$odHl5EJN$KbxMfo86Qdve2FH4owePn.`): Will be written to the .htpasswd file on launch (non-persistent)
 - `FORWARD_PORT` (default: `80`): Port of the **source** container that should be forwarded
 - `FORWARD_HOST` (default: `web`): Hostname of the **source** container that should be forwarded
-> The container does not need any volumes to be mounted! Nonetheless you will find all interesting files at `/etc/nginx/*`.
+  > The container does not need any volumes to be mounted! Nonetheless you will find all interesting files at `/etc/nginx/*`.
 
 ## Multiple Users
+
 Multiple Users are possible by separating the users by newline. To pass the newlines properly you need to use Shell Quoting (like `$'foo\nbar'`):
+
 ```
 docker run -d --link web:web --name auth \
            -e HTPASSWD=$'foo:$apr1$odHl5EJN$KbxMfo86Qdve2FH4owePn.\ntest:$apr1$LKkW8P4Y$P1X/r2YyaexhVL1LzZAQm.' \
            beevelop/nginx-basic-auth
 ```
+
 results in 2 users (`foo:bar` and `test:test`).
 
 ## Troubleshooting
+
 ```
 nginx: [emerg] host not found in upstream "web" in /etc/nginx/conf.d/auth.conf:80
 ```
+
 - You need to link the container as `web` (`--link foobar:web`)
 
 ---
+
 - SSL is unsupported ATM, but might be available in the near future. For now it might be a suitable solution to use another reverse proxy (e.g. `jwilder/nginx-proxy`) that acts as a central gateway. You just need to configure the `VIRTUAL_HOST` env and disable port forwarding.