Merge pull request #12 from tmknight/develop

Alpine 3.17.3; code cleanup
tmknight · Mar 30, 2023 · 5a3f246 · 5a3f246
2 parents 8291cd1 + 67e22a2
commit 5a3f246
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 49 deletions.
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -22,10 +22,12 @@ on:
 env:
   # Use docker.io for Docker Hub if empty
   REGISTRY: docker.io
-  # github.repository as <account>/<repo>
   USER: tmknight88
   IMAGE: privoxy
-
+  BUILD_ARGS: |
+    "ALPINE_VER=3.17.3"
+    "PRIVOXY_VER=3.0.34"
+
 jobs:
   build:
 
@@ -36,30 +38,20 @@ jobs:
       # This is used to complete the identity challenge
       # with sigstore/fulcio when running outside of PRs.
       id-token: write
-        
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
-        with:
-          # cosign-release: 'v1.11.0'
-          cosign-release: 'v1.13.1'
-
-
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+        uses: docker/setup-buildx-action@v2
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ secrets.DOCKERHUB_USERNAME }}
@@ -69,34 +61,21 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        uses: docker/metadata-action@v4
         with:
           images: ${{ env.REGISTRY }}/${{ env.USER }}/${{ env.IMAGE }}
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
+        uses: docker/build-push-action@v4
         with:
           context: .
           file: ${{ env.IMAGE }}.dockerfile
+          build-args: ${{ env.BUILD_ARGS }}
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
-
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      ## - name: Sign the published Docker image
-        ## if: ${{ github.event_name != 'pull_request' }}
-        ## env:
-          ## COSIGN_EXPERIMENTAL: "true"
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        ## run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
diff --git a/.github/workflows/github-package.yml b/.github/workflows/github-package.yml
@@ -26,11 +26,16 @@ on:
 env:
   # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
+  # name of image
+  IMAGE: privoxy
   # github.repository as <account>/<repo>
-  # IMAGE_NAME: ${{ github.repository }}
   IMAGE_NAME: tmknight/privoxy
-
-
+  # cosign version
+  COSIGN_VER: 'v1.13.1'
+  # Build args
+  BUILD_ARGS: |
+    "ALPINE_VER=3.17.3"
+    "PRIVOXY_VER=3.0.34"
 
 jobs:
   build:
@@ -52,20 +57,20 @@ jobs:
       - name: Install cosign
         if: github.event_name != 'pull_request'
         ## uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
-        uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b #2.8.1
+        uses: sigstore/cosign-installer@v3
         with:
           ## cosign-release: 'v1.11.0'
-          cosign-release: 'v1.13.1'
+          cosign-release: ${{ env.COSIGN_VER }}
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+        uses: docker/setup-buildx-action@v2
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -75,18 +80,19 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        uses: docker/metadata-action@v4
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
+        uses: docker/build-push-action@v4
         with:
           context: .
-          file: privoxy.dockerfile
+          file: ${{ env.IMAGE }}.dockerfile
+          build-args: ${{ env.BUILD_ARGS }}
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ A companion project leveraging [Docker NordVPN](https://github.com/tmknight/dock
 
 Build based on
 
-- Alpine `3.17.2`
+- Alpine `3.17.3`
 - [Privoxy](https://www.privoxy.org/) `3.0.34`
   - Built from [source](https://www.privoxy.org/gitweb/?p=privoxy.git;a=summary)
   - With support for [SSL inspection](https://www.privoxy.org/faq/misc.html#SSL)

diff --git a/privoxy.dockerfile b/privoxy.dockerfile
@@ -1,13 +1,13 @@
-ARG ALPINE_VER=3.17.2
+ARG ALPINE_VER
 FROM alpine:${ALPINE_VER}
 ARG ALPINE_VER
+ARG PRIVOXY_VER
 LABEL org.opencontainers.image.base.name="alpine:${ALPINE_VER}"
-LABEL org.opencontainers.image.description="Privoxy for Docker"
+LABEL org.opencontainers.image.description DESCRIPTION
 LABEL org.opencontainers.image.licenses=GPL-3.0
 LABEL org.opencontainers.image.source=https://github.com/tmknight/docker-privoxy
 LABEL org.opencontainers.image.title=privoxy
 LABEL autoheal=true
-ARG PRIVOXY_VER=3.0.34
 ENV CONFFILE=/etc/privoxy/config \
   PIDFILE=/var/run/privoxy.pid
 ## Build privoxy
@@ -74,6 +74,6 @@ RUN chmod -R +x \
   /usr/local/bin/
 EXPOSE 8118
 VOLUME [ "/etc/privoxy", "/var/lib/privoxy/certs" ]
-HEALTHCHECK --interval=1m \
+HEALTHCHECK --start-period=10s --timeout=3s \
   CMD /usr/local/bin/healthcheck
 CMD /usr/local/bin/start
diff --git a/scripts/healthcheck b/scripts/healthcheck
@@ -2,9 +2,9 @@
 ## Assumes routed through NordVPN connection
 ## API Call
 CODE=99
-URI=https://nordvpn.com/wp-admin/admin-ajax.php?action=get_user_info_data
-TEST=$(curl -fs ${URI} | jq .status) || CODE=1
-if [[ ${TEST:-unknown} != unknown && ${CODE} -eq 99 ]]
+URI="https://nordvpn.com/wp-admin/admin-ajax.php?action=get_user_info_data"
+TEST=$(curl -fs "${URI}" | jq .status) || CODE=1
+if [[ "${TEST:-unknown}" != unknown && ${CODE} -eq 99 ]]
 then
     CODE=0
 else