initial commit of Docker build steps

.travis.yml

@@ -0,0 +1,33 @@
+# the following values must be set in https://travis-ci.com/<github-repo>/settings
+# - DOCKER_REPO (eg. myrepo/myapp)
+# - DOCKER_USERNAME
+# - DOCKER_PASSWORD
+
+services: docker
+language: go
+
+branches:
+  only:
+    - master
+    - /^v\d+\.\d+\.\d+.*$/
+
+env:
+  - ARCH=amd64
+  - ARCH=arm
+  - ARCH=arm64
+
+before_script:
+  - docker run --rm --privileged multiarch/qemu-user-static:register --reset
+
+script:
+  - make build ARCH=${ARCH} DOCKER_REPO=${DOCKER_REPO}
+  - make test ARCH=${ARCH} DOCKER_REPO=${DOCKER_REPO}
+
+after_success:
+  # uncomment the following line to deploy only when a new git tag is pushed
+  # otherwise it will deploy on every push
+  # - test ${TRAVIS_TAG} =~ /^v\d+\.\d+\.\d+.*$/ || exit 0
+  - echo ${DOCKER_PASSWORD} | docker login -u "${DOCKER_USERNAME}" --password-stdin
+  - make push ARCH=${ARCH} DOCKER_REPO=${DOCKER_REPO}
+  - go get -v github.com/estesp/manifest-tool
+  - make manifest DOCKER_REPO=${DOCKER_REPO}

Dockerfile

@@ -0,0 +1,62 @@
+ARG ARCH=amd64
+
+FROM alpine as qemu
+
+RUN apk add --no-cache curl
+
+RUN curl -fsSL https://github.com/multiarch/qemu-user-static/releases/download/v3.1.0-2/qemu-arm-static -O \
+	&& chmod +x qemu-arm-static
+
+RUN curl -fsSL https://github.com/multiarch/qemu-user-static/releases/download/v3.1.0-2/qemu-aarch64-static -O \
+	&& chmod +x qemu-aarch64-static
+
+# ----------------------------------------------------------------------------
+
+FROM golang as gobuild
+
+ARG GOOS=linux
+ARG GOARCH=amd64
+ARG GOARM
+ARG BUILD_VERSION
+
+WORKDIR $GOPATH/src
+
+RUN curl -fsSL https://github.com/jedisct1/dnscrypt-proxy/archive/${BUILD_VERSION}.tar.gz | tar xvz --strip 1 \
+	&& cd dnscrypt-proxy && go build -ldflags="-s -w"
+
+# ----------------------------------------------------------------------------
+
+FROM ${ARCH}/alpine:3.9
+
+ARG BUILD_DATE
+ARG BUILD_VERSION
+ARG VCS_REF
+
+LABEL maintainer="kylemharding@gmail.com"
+LABEL org.label-schema.schema-version="1.0"
+LABEL org.label-schema.name="klutchell/dnscrypt-proxy"
+LABEL org.label-schema.description="dnscrypt-proxy is a flexible DNS proxy, with support for encrypted DNS protocols"
+LABEL org.label-schema.url="https://github.com/jedisct1/dnscrypt-proxy"
+LABEL org.label-schema.vcs-url="https://github.com/klutchell/dnscrypt-proxy"
+LABEL org.label-schema.docker.cmd="docker run -p 53:53/udp klutchell/dnscrypt-proxy"
+LABEL org.label-schema.build-date="${BUILD_DATE}"
+LABEL org.label-schema.version="${BUILD_VERSION}"
+LABEL org.label-schema.vcs-ref="${VCS_REF}"
+
+COPY --from=qemu qemu-arm-static qemu-aarch64-static /usr/bin/
+COPY --from=gobuild /go/src/dnscrypt-proxy/dnscrypt-proxy /usr/local/bin/dnscrypt-proxy
+COPY --from=gobuild /go/src/dnscrypt-proxy/example-blacklist.txt /config/
+COPY --from=gobuild /go/src/dnscrypt-proxy/example-cloaking-rules.txt /config/
+COPY --from=gobuild /go/src/dnscrypt-proxy/example-dnscrypt-proxy.toml /config/
+COPY --from=gobuild /go/src/dnscrypt-proxy/example-forwarding-rules.txt /config/
+COPY --from=gobuild /go/src/dnscrypt-proxy/example-whitelist.txt /config/
+
+RUN sed -r "s/^listen_addresses = .+$/listen_addresses = ['0.0.0.0:53']/" \
+	/config/example-dnscrypt-proxy.toml > /config/dnscrypt-proxy.toml
+
+RUN apk add --no-cache libc6-compat ca-certificates
+
+EXPOSE 53/udp
+
+# run startup script
+CMD [ "dnscrypt-proxy", "-config", "/config/dnscrypt-proxy.toml" ]

Makefile

@@ -0,0 +1,156 @@
+# override these values at runtime as desired
+# eg. make build ARCH=arm32v6 BUILD_OPTIONS=--no-cache
+ARCH := amd64
+DOCKER_REPO := klutchell/dnscrypt-proxy
+BUILD_OPTIONS +=
+
+# ARCH to GOARCH mapping (don't change these)
+# supported ARCH values: https://github.com/docker-library/official-images#architectures-other-than-amd64
+# supported GOARCH values: https://golang.org/doc/install/source#environment
+ifeq "${ARCH}" "amd64"
+GOARCH := amd64
+GOARM :=
+endif
+
+ifeq "${ARCH}" "arm32v6"
+GOARCH := arm
+GOARM := 6
+endif
+
+ifeq "${ARCH}" "arm32v7"
+GOARCH := arm
+GOARM := 7
+endif
+
+ifeq "${ARCH}" "arm64v8"
+GOARCH := arm64
+GOARM :=
+endif
+
+# these values are used for container labels at build time
+BUILD_DATE := $(strip $(shell docker run --rm busybox date -u +'%Y-%m-%dT%H:%M:%SZ'))
+# BUILD_VERSION := $(strip $(shell git describe --tags --always --dirty))
+BUILD_VERSION := 2.0.19
+VCS_REF := $(strip $(shell git rev-parse --short HEAD))
+# VCS_TAG := $(strip $(shell git describe --abbrev=0 --tags))
+VCS_TAG = 2.0.19
+DOCKER_TAG := ${VCS_TAG}-${GOARCH}
+
+.DEFAULT_GOAL := build
+
+.EXPORT_ALL_VARIABLES:
+
+## -- General --
+
+## Display this help message
+.PHONY: help
+help:
+	@awk '{ \
+			if ($$0 ~ /^.PHONY: [a-zA-Z\-\_0-9]+$$/) { \
+				helpCommand = substr($$0, index($$0, ":") + 2); \
+				if (helpMessage) { \
+					printf "\033[36m%-20s\033[0m %s\n", \
+						helpCommand, helpMessage; \
+					helpMessage = ""; \
+				} \
+			} else if ($$0 ~ /^[a-zA-Z\-\_0-9.]+:/) { \
+				helpCommand = substr($$0, 0, index($$0, ":")); \
+				if (helpMessage) { \
+					printf "\033[36m%-20s\033[0m %s\n", \
+						helpCommand, helpMessage; \
+					helpMessage = ""; \
+				} \
+			} else if ($$0 ~ /^##/) { \
+				if (helpMessage) { \
+					helpMessage = helpMessage"\n                     "substr($$0, 3); \
+				} else { \
+					helpMessage = substr($$0, 3); \
+				} \
+			} else { \
+				if (helpMessage) { \
+					print "\n                     "helpMessage"\n" \
+				} \
+				helpMessage = ""; \
+			} \
+		}' \
+		$(MAKEFILE_LIST)
+
+.PHONY: qemu-user-static
+qemu-user-static:
+	@docker run --rm --privileged multiarch/qemu-user-static:register --reset
+
+## -- Docker --
+
+## Build an image for the selected platform
+## Usage:
+##    make build [PARAM1=] [PARAM2=] [PARAM3=]
+## Optional parameters:
+##    ARCH               eg. amd64 or arm or arm64
+##    BUILD_OPTIONS      eg. --no-cache
+##    DOCKER_REPO        eg. myrepo/myapp
+##
+.PHONY: build
+build: qemu-user-static
+	@docker build ${BUILD_OPTIONS} \
+		--build-arg ARCH \
+		--build-arg GOARCH \
+		--build-arg GOARM \
+		--build-arg BUILD_VERSION \
+		--build-arg BUILD_DATE \
+		--build-arg VCS_REF \
+		--tag ${DOCKER_REPO}:${DOCKER_TAG} .
+
+## Test an image by running it locally and requesting DNSSEC lookups
+## Usage:
+##    make test [PARAM1=] [PARAM2=] [PARAM3=]
+## Optional parameters:
+##    ARCH               eg. amd64 or arm or arm64
+##    DOCKER_REPO        eg. myrepo/myapp
+##
+.PHONY: test
+test: qemu-user-static
+	$(eval CONTAINER_ID=$(shell docker run --rm -d -p 5300:53/tcp -p 5300:53/udp ${DOCKER_REPO}:${DOCKER_TAG}))
+	dig sigok.verteiltesysteme.net @127.0.0.1 -p 5300 | grep NOERROR || (docker stop ${CONTAINER_ID}; exit 1)
+	dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5300 | grep SERVFAIL || (docker stop ${CONTAINER_ID}; exit 1)
+	@docker stop ${CONTAINER_ID}
+
+## Push an image to the selected docker repo
+## Usage:
+##    make push [PARAM1=] [PARAM2=] [PARAM3=]
+## Optional parameters:
+##    ARCH               eg. amd64 or arm or arm64
+##    DOCKER_REPO        eg. myrepo/myapp
+##
+.PHONY: push
+push:
+	@docker push ${DOCKER_REPO}:${DOCKER_TAG}
+
+## Create and push a multi-arch manifest list
+## Usage:
+##    make manifest [PARAM1=] [PARAM2=] [PARAM3=]
+## Optional parameters:
+##    DOCKER_REPO        eg. myrepo/myapp
+##
+.PHONY: manifest
+manifest:
+	@manifest-tool push from-args \
+		--platforms linux/amd64,linux/arm,linux/arm64 \
+		--template ${DOCKER_REPO}:${VCS_TAG}-ARCH \
+		--target ${DOCKER_REPO}:${VCS_TAG} \
+		--ignore-missing
+	@manifest-tool push from-args \
+		--platforms linux/amd64,linux/arm,linux/arm64 \
+		--template ${DOCKER_REPO}:${VCS_TAG}-ARCH \
+		--target ${DOCKER_REPO}:latest \
+		--ignore-missing
+
+## Build, test, and push the image in one step
+## Usage:
+##    make release [PARAM1=] [PARAM2=] [PARAM3=]
+## Optional parameters:
+##    ARCH               eg. amd64 or arm or arm64
+##    BUILD_OPTIONS      eg. --no-cache
+##    DOCKER_REPO        eg. myrepo/myapp
+##
+.PHONY: release
+release: build test push

README.md

@@ -1,2 +1,64 @@
-# dnscrypt-proxy
-unofficial dnscrypt-proxy docker image
+# unofficial dnscrypt-proxy docker image
+
+([![Build Status](https://travis-ci.com/klutchell/dnscrypt-proxy.svg?branch=master)](https://travis-ci.com/klutchell/dnscrypt-proxy)
+[![Docker Pulls](https://img.shields.io/docker/pulls/klutchell/dnscrypt-proxy.svg?style=flat)](https://hub.docker.com/r/klutchell/dnscrypt-proxy/)
+
+[dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy) is a flexible DNS proxy, with support for encrypted DNS protocols.
+
+## Tags
+
+|tag|dnscrypt-proxy|image|
+|---|---|---|---|
+|`latest`|[`2.0.19`](https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19)|multi-arch manifest|
+|`2.0.19`|[`2.0.19`](https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19)|multi-arch manifest|
+|`2.0.19-amd64`|[`2.0.19`](https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19)|![Image Size](https://img.shields.io/microbadger/image-size/klutchell/dnscrypt-proxy/2.0.19-amd64.svg)|
+|`2.0.19-arm`|[`2.0.19`](https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19)|![Image Size](https://img.shields.io/microbadger/image-size/klutchell/dnscrypt-proxy/2.0.19-arm.svg)|
+|`2.0.19-arm64`|[`2.0.19`](https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19)|![Image Size](https://img.shields.io/microbadger/image-size/klutchell/dnscrypt-proxy/2.0.19-arm64.svg)|
+
+## Deployment
+
+```bash
+docker run -p -p 53:53/udp klutchell/dnscrypt-proxy
+```
+
+## Parameters
+
+* `-p 53:53/udp` - expose udp port 53 on the container to udp port 53 on the host
+* `-v /path/to/config:/config` - (optional) mount a custom configuration directory
+
+## Building
+
+```bash
+# ARCH can be 'amd64', 'arm', or 'arm64'
+make build ARCH=arm
+```
+
+## Testing
+
+```bash
+# ARCH can be 'amd64', 'arm', or 'arm64'
+make test ARCH=arm
+```
+
+## Usage
+
+Check out the official dnscrypt-proxy project wiki
+
+* https://github.com/jedisct1/dnscrypt-proxy/wiki
+
+## Author
+
+Kyle Harding <kylemharding@gmail.com>
+
+## Contributing
+
+Feel free to send an email or submit a pull request with any features, fixes, or changes!
+
+## Acknowledgments
+
+* https://github.com/jedisct1/dnscrypt-proxy
+
+## License
+
+* klutchell/dnscrypt-proxy: [MIT License](./LICENSE)
+* jedisct1/dnscrypt-proxy: [ISC License](https://github.com/jedisct1/dnscrypt-proxy/blob/master/LICENSE)