-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
initial commit of Docker build steps
- Loading branch information
Kyle Harding
committed
Feb 25, 2019
1 parent
8a16b82
commit 9fd635f
Showing
5 changed files
with
845 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# the following values must be set in https://travis-ci.com/<github-repo>/settings | ||
# - DOCKER_REPO (eg. myrepo/myapp) | ||
# - DOCKER_USERNAME | ||
# - DOCKER_PASSWORD | ||
|
||
services: docker | ||
language: go | ||
|
||
branches: | ||
only: | ||
- master | ||
- /^v\d+\.\d+\.\d+.*$/ | ||
|
||
env: | ||
- ARCH=amd64 | ||
- ARCH=arm | ||
- ARCH=arm64 | ||
|
||
before_script: | ||
- docker run --rm --privileged multiarch/qemu-user-static:register --reset | ||
|
||
script: | ||
- make build ARCH=${ARCH} DOCKER_REPO=${DOCKER_REPO} | ||
- make test ARCH=${ARCH} DOCKER_REPO=${DOCKER_REPO} | ||
|
||
after_success: | ||
# uncomment the following line to deploy only when a new git tag is pushed | ||
# otherwise it will deploy on every push | ||
# - test ${TRAVIS_TAG} =~ /^v\d+\.\d+\.\d+.*$/ || exit 0 | ||
- echo ${DOCKER_PASSWORD} | docker login -u "${DOCKER_USERNAME}" --password-stdin | ||
- make push ARCH=${ARCH} DOCKER_REPO=${DOCKER_REPO} | ||
- go get -v github.com/estesp/manifest-tool | ||
- make manifest DOCKER_REPO=${DOCKER_REPO} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
ARG ARCH=amd64 | ||
|
||
FROM alpine as qemu | ||
|
||
RUN apk add --no-cache curl | ||
|
||
RUN curl -fsSL https://github.com/multiarch/qemu-user-static/releases/download/v3.1.0-2/qemu-arm-static -O \ | ||
&& chmod +x qemu-arm-static | ||
|
||
RUN curl -fsSL https://github.com/multiarch/qemu-user-static/releases/download/v3.1.0-2/qemu-aarch64-static -O \ | ||
&& chmod +x qemu-aarch64-static | ||
|
||
# ---------------------------------------------------------------------------- | ||
|
||
FROM golang as gobuild | ||
|
||
ARG GOOS=linux | ||
ARG GOARCH=amd64 | ||
ARG GOARM | ||
ARG BUILD_VERSION | ||
|
||
WORKDIR $GOPATH/src | ||
|
||
RUN curl -fsSL https://github.com/jedisct1/dnscrypt-proxy/archive/${BUILD_VERSION}.tar.gz | tar xvz --strip 1 \ | ||
&& cd dnscrypt-proxy && go build -ldflags="-s -w" | ||
|
||
# ---------------------------------------------------------------------------- | ||
|
||
FROM ${ARCH}/alpine:3.9 | ||
|
||
ARG BUILD_DATE | ||
ARG BUILD_VERSION | ||
ARG VCS_REF | ||
|
||
LABEL maintainer="kylemharding@gmail.com" | ||
LABEL org.label-schema.schema-version="1.0" | ||
LABEL org.label-schema.name="klutchell/dnscrypt-proxy" | ||
LABEL org.label-schema.description="dnscrypt-proxy is a flexible DNS proxy, with support for encrypted DNS protocols" | ||
LABEL org.label-schema.url="https://github.com/jedisct1/dnscrypt-proxy" | ||
LABEL org.label-schema.vcs-url="https://github.com/klutchell/dnscrypt-proxy" | ||
LABEL org.label-schema.docker.cmd="docker run -p 53:53/udp klutchell/dnscrypt-proxy" | ||
LABEL org.label-schema.build-date="${BUILD_DATE}" | ||
LABEL org.label-schema.version="${BUILD_VERSION}" | ||
LABEL org.label-schema.vcs-ref="${VCS_REF}" | ||
|
||
COPY --from=qemu qemu-arm-static qemu-aarch64-static /usr/bin/ | ||
COPY --from=gobuild /go/src/dnscrypt-proxy/dnscrypt-proxy /usr/local/bin/dnscrypt-proxy | ||
COPY --from=gobuild /go/src/dnscrypt-proxy/example-blacklist.txt /config/ | ||
COPY --from=gobuild /go/src/dnscrypt-proxy/example-cloaking-rules.txt /config/ | ||
COPY --from=gobuild /go/src/dnscrypt-proxy/example-dnscrypt-proxy.toml /config/ | ||
COPY --from=gobuild /go/src/dnscrypt-proxy/example-forwarding-rules.txt /config/ | ||
COPY --from=gobuild /go/src/dnscrypt-proxy/example-whitelist.txt /config/ | ||
|
||
RUN sed -r "s/^listen_addresses = .+$/listen_addresses = ['0.0.0.0:53']/" \ | ||
/config/example-dnscrypt-proxy.toml > /config/dnscrypt-proxy.toml | ||
|
||
RUN apk add --no-cache libc6-compat ca-certificates | ||
|
||
EXPOSE 53/udp | ||
|
||
# run startup script | ||
CMD [ "dnscrypt-proxy", "-config", "/config/dnscrypt-proxy.toml" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,156 @@ | ||
# override these values at runtime as desired | ||
# eg. make build ARCH=arm32v6 BUILD_OPTIONS=--no-cache | ||
ARCH := amd64 | ||
DOCKER_REPO := klutchell/dnscrypt-proxy | ||
BUILD_OPTIONS += | ||
|
||
# ARCH to GOARCH mapping (don't change these) | ||
# supported ARCH values: https://github.com/docker-library/official-images#architectures-other-than-amd64 | ||
# supported GOARCH values: https://golang.org/doc/install/source#environment | ||
ifeq "${ARCH}" "amd64" | ||
GOARCH := amd64 | ||
GOARM := | ||
endif | ||
|
||
ifeq "${ARCH}" "arm32v6" | ||
GOARCH := arm | ||
GOARM := 6 | ||
endif | ||
|
||
ifeq "${ARCH}" "arm32v7" | ||
GOARCH := arm | ||
GOARM := 7 | ||
endif | ||
|
||
ifeq "${ARCH}" "arm64v8" | ||
GOARCH := arm64 | ||
GOARM := | ||
endif | ||
|
||
# these values are used for container labels at build time | ||
BUILD_DATE := $(strip $(shell docker run --rm busybox date -u +'%Y-%m-%dT%H:%M:%SZ')) | ||
# BUILD_VERSION := $(strip $(shell git describe --tags --always --dirty)) | ||
BUILD_VERSION := 2.0.19 | ||
VCS_REF := $(strip $(shell git rev-parse --short HEAD)) | ||
# VCS_TAG := $(strip $(shell git describe --abbrev=0 --tags)) | ||
VCS_TAG = 2.0.19 | ||
DOCKER_TAG := ${VCS_TAG}-${GOARCH} | ||
|
||
.DEFAULT_GOAL := build | ||
|
||
.EXPORT_ALL_VARIABLES: | ||
|
||
## -- General -- | ||
|
||
## Display this help message | ||
.PHONY: help | ||
help: | ||
@awk '{ \ | ||
if ($$0 ~ /^.PHONY: [a-zA-Z\-\_0-9]+$$/) { \ | ||
helpCommand = substr($$0, index($$0, ":") + 2); \ | ||
if (helpMessage) { \ | ||
printf "\033[36m%-20s\033[0m %s\n", \ | ||
helpCommand, helpMessage; \ | ||
helpMessage = ""; \ | ||
} \ | ||
} else if ($$0 ~ /^[a-zA-Z\-\_0-9.]+:/) { \ | ||
helpCommand = substr($$0, 0, index($$0, ":")); \ | ||
if (helpMessage) { \ | ||
printf "\033[36m%-20s\033[0m %s\n", \ | ||
helpCommand, helpMessage; \ | ||
helpMessage = ""; \ | ||
} \ | ||
} else if ($$0 ~ /^##/) { \ | ||
if (helpMessage) { \ | ||
helpMessage = helpMessage"\n "substr($$0, 3); \ | ||
} else { \ | ||
helpMessage = substr($$0, 3); \ | ||
} \ | ||
} else { \ | ||
if (helpMessage) { \ | ||
print "\n "helpMessage"\n" \ | ||
} \ | ||
helpMessage = ""; \ | ||
} \ | ||
}' \ | ||
$(MAKEFILE_LIST) | ||
|
||
.PHONY: qemu-user-static | ||
qemu-user-static: | ||
@docker run --rm --privileged multiarch/qemu-user-static:register --reset | ||
|
||
## -- Docker -- | ||
|
||
## Build an image for the selected platform | ||
## Usage: | ||
## make build [PARAM1=] [PARAM2=] [PARAM3=] | ||
## Optional parameters: | ||
## ARCH eg. amd64 or arm or arm64 | ||
## BUILD_OPTIONS eg. --no-cache | ||
## DOCKER_REPO eg. myrepo/myapp | ||
## | ||
.PHONY: build | ||
build: qemu-user-static | ||
@docker build ${BUILD_OPTIONS} \ | ||
--build-arg ARCH \ | ||
--build-arg GOARCH \ | ||
--build-arg GOARM \ | ||
--build-arg BUILD_VERSION \ | ||
--build-arg BUILD_DATE \ | ||
--build-arg VCS_REF \ | ||
--tag ${DOCKER_REPO}:${DOCKER_TAG} . | ||
|
||
## Test an image by running it locally and requesting DNSSEC lookups | ||
## Usage: | ||
## make test [PARAM1=] [PARAM2=] [PARAM3=] | ||
## Optional parameters: | ||
## ARCH eg. amd64 or arm or arm64 | ||
## DOCKER_REPO eg. myrepo/myapp | ||
## | ||
.PHONY: test | ||
test: qemu-user-static | ||
$(eval CONTAINER_ID=$(shell docker run --rm -d -p 5300:53/tcp -p 5300:53/udp ${DOCKER_REPO}:${DOCKER_TAG})) | ||
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5300 | grep NOERROR || (docker stop ${CONTAINER_ID}; exit 1) | ||
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5300 | grep SERVFAIL || (docker stop ${CONTAINER_ID}; exit 1) | ||
@docker stop ${CONTAINER_ID} | ||
|
||
## Push an image to the selected docker repo | ||
## Usage: | ||
## make push [PARAM1=] [PARAM2=] [PARAM3=] | ||
## Optional parameters: | ||
## ARCH eg. amd64 or arm or arm64 | ||
## DOCKER_REPO eg. myrepo/myapp | ||
## | ||
.PHONY: push | ||
push: | ||
@docker push ${DOCKER_REPO}:${DOCKER_TAG} | ||
|
||
## Create and push a multi-arch manifest list | ||
## Usage: | ||
## make manifest [PARAM1=] [PARAM2=] [PARAM3=] | ||
## Optional parameters: | ||
## DOCKER_REPO eg. myrepo/myapp | ||
## | ||
.PHONY: manifest | ||
manifest: | ||
@manifest-tool push from-args \ | ||
--platforms linux/amd64,linux/arm,linux/arm64 \ | ||
--template ${DOCKER_REPO}:${VCS_TAG}-ARCH \ | ||
--target ${DOCKER_REPO}:${VCS_TAG} \ | ||
--ignore-missing | ||
@manifest-tool push from-args \ | ||
--platforms linux/amd64,linux/arm,linux/arm64 \ | ||
--template ${DOCKER_REPO}:${VCS_TAG}-ARCH \ | ||
--target ${DOCKER_REPO}:latest \ | ||
--ignore-missing | ||
|
||
## Build, test, and push the image in one step | ||
## Usage: | ||
## make release [PARAM1=] [PARAM2=] [PARAM3=] | ||
## Optional parameters: | ||
## ARCH eg. amd64 or arm or arm64 | ||
## BUILD_OPTIONS eg. --no-cache | ||
## DOCKER_REPO eg. myrepo/myapp | ||
## | ||
.PHONY: release | ||
release: build test push |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,64 @@ | ||
# dnscrypt-proxy | ||
unofficial dnscrypt-proxy docker image | ||
# unofficial dnscrypt-proxy docker image | ||
|
||
([![Build Status](https://travis-ci.com/klutchell/dnscrypt-proxy.svg?branch=master)](https://travis-ci.com/klutchell/dnscrypt-proxy) | ||
[![Docker Pulls](https://img.shields.io/docker/pulls/klutchell/dnscrypt-proxy.svg?style=flat)](https://hub.docker.com/r/klutchell/dnscrypt-proxy/) | ||
|
||
[dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy) is a flexible DNS proxy, with support for encrypted DNS protocols. | ||
|
||
## Tags | ||
|
||
|tag|dnscrypt-proxy|image| | ||
|---|---|---|---| | ||
|`latest`|[`2.0.19`](https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19)|multi-arch manifest| | ||
|`2.0.19`|[`2.0.19`](https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19)|multi-arch manifest| | ||
|`2.0.19-amd64`|[`2.0.19`](https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19)|![Image Size](https://img.shields.io/microbadger/image-size/klutchell/dnscrypt-proxy/2.0.19-amd64.svg)| | ||
|`2.0.19-arm`|[`2.0.19`](https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19)|![Image Size](https://img.shields.io/microbadger/image-size/klutchell/dnscrypt-proxy/2.0.19-arm.svg)| | ||
|`2.0.19-arm64`|[`2.0.19`](https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19)|![Image Size](https://img.shields.io/microbadger/image-size/klutchell/dnscrypt-proxy/2.0.19-arm64.svg)| | ||
|
||
## Deployment | ||
|
||
```bash | ||
docker run -p -p 53:53/udp klutchell/dnscrypt-proxy | ||
``` | ||
|
||
## Parameters | ||
|
||
* `-p 53:53/udp` - expose udp port 53 on the container to udp port 53 on the host | ||
* `-v /path/to/config:/config` - (optional) mount a custom configuration directory | ||
|
||
## Building | ||
|
||
```bash | ||
# ARCH can be 'amd64', 'arm', or 'arm64' | ||
make build ARCH=arm | ||
``` | ||
|
||
## Testing | ||
|
||
```bash | ||
# ARCH can be 'amd64', 'arm', or 'arm64' | ||
make test ARCH=arm | ||
``` | ||
|
||
## Usage | ||
|
||
Check out the official dnscrypt-proxy project wiki | ||
|
||
* https://github.com/jedisct1/dnscrypt-proxy/wiki | ||
|
||
## Author | ||
|
||
Kyle Harding <kylemharding@gmail.com> | ||
|
||
## Contributing | ||
|
||
Feel free to send an email or submit a pull request with any features, fixes, or changes! | ||
|
||
## Acknowledgments | ||
|
||
* https://github.com/jedisct1/dnscrypt-proxy | ||
|
||
## License | ||
|
||
* klutchell/dnscrypt-proxy: [MIT License](./LICENSE) | ||
* jedisct1/dnscrypt-proxy: [ISC License](https://github.com/jedisct1/dnscrypt-proxy/blob/master/LICENSE) |
Oops, something went wrong.