diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml new file mode 100644 index 00000000..662bd4df --- /dev/null +++ b/.github/workflows/docker-image.yml @@ -0,0 +1,73 @@ +name: Docker Image CI + +env: + GHCR: ghcr.io + DOCKER: docker.io + IMAGENAME: samba + +on: + push: + branches: [ "master" ] + schedule: + - cron: '0 22 1 * *' + +jobs: + vulerability-scan: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Perform Scan + uses: ShiftLeftSecurity/scan-action@master + build-and-push: + runs-on: ubuntu-latest + needs: + - vulerability-scan + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to the Github container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.GHCR }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + registry: ${{ env.DOCKER }} + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Get current date + id: date + run: echo "::set-output name=date::$(date +'%Y-%m-%d')" + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest + ${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }} + ${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:latest + ${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }} + image-vulnerability-scan: + runs-on: ubuntu-latest + needs: + - build-and-push + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: '${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index d0e13116..b064a3a7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,10 @@ -FROM alpine +FROM alpine:latest MAINTAINER David Personette # Install samba -RUN apk --no-cache --no-progress upgrade && \ - apk --no-cache --no-progress add bash samba shadow tini tzdata && \ +RUN apk update && \ + apk upgrade && \ + apk add bash samba shadow tini tzdata && \ addgroup -S smb && \ adduser -S -D -H -h /tmp -s /sbin/nologin -G smb -g 'Samba User' smbuser &&\ file="/etc/samba/smb.conf" && \ @@ -55,7 +56,7 @@ RUN apk --no-cache --no-progress upgrade && \ echo '' >>$file && \ rm -rf /tmp/* -COPY samba.sh /usr/bin/ +ADD samba.sh /usr/bin/samba.sh EXPOSE 137/udp 138/udp 139 445 diff --git a/samba.sh b/samba.sh index ebb4e20b..4df80499 100755 --- a/samba.sh +++ b/samba.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash #=============================================================================== # FILE: samba.sh # @@ -293,5 +293,5 @@ elif ps -ef | egrep -v grep | grep -q smbd; then echo "Service already running, please restart container to apply changes" else [[ ${NMBD:-""} ]] && ionice -c 3 nmbd -D - exec ionice -c 3 smbd -FS --no-process-group