Merge branch 'main' into main

.github/workflows/main.yml

@@ -0,0 +1,56 @@
+name: Docker Image Build and Analysis
+
+on:
+ schedule:
+ - cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed.
+ workflow_dispatch: # Manual run trigger
+ inputs:
+ trigger-build:
+ description: 'Trigger a manual build and push'
+ default: 'true'
+
+jobs:
+ build-and-analyze:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ - name: Log in to Docker Hub
+ uses: docker/login-action@v3
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Build Docker image
+ id: build-image
+ run: |
+ echo "Building Docker image..."
+ docker build -t my-app-image:latest .
+ echo "Docker image built successfully."
+
+ - name: Install Docker Scout
+ run: |
+ echo "Installing Docker Scout..."
+ curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
+ echo "Docker Scout installed successfully."
+
+ - name: Analyze Docker image with Docker Scout
+ id: analyze-image
+ run: |
+ echo "Analyzing Docker image with Docker Scout..."
+ docker scout cves my-app-image:latest > scout-results.txt
+ cat scout-results.txt # Print the report to the workflow logs for easy viewing
+ echo "Docker Scout analysis completed."
+
+ - name: Post Comment on Issue or PR
+ run: |
+ COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`"
+ 
+ # Post comment using GitHub API
+ curl -X POST \
+ -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+ -H "Accept: application/vnd.github.v3+json" \
+ -d "{\"body\": \"$COMMENT\"}" \
+ "https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments" # Replace '1' with the issue or PR number

Dockerfile

@@ -1,63 +0,0 @@
-# Pull from small Debian stable image.
-FROM alpine:latest AS build
-LABEL maintainer="[email protected]"
-
-# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet.
-ARG wg_net="10.0.0.1"
-ARG wg_port="51820"
-
-# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info.
-ENV TZ="Europe/Amsterdam"
-ENV global_dns="1.1.1.1"
-ENV enable="none"
-ENV isolate="wg0"
-ENV public_ip="0.0.0.0"
-
-# Doing package management operations, such as upgrading
-RUN apk update \
- && apk add --no-cache bash git tzdata \
- iptables ip6tables openrc curl wireguard-tools \
- sudo py3-psutil py3-bcrypt
-
-# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable.
-ENV WGDASH=/opt/wireguarddashboard
-
-# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update.
-
-# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example.
-RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH}
-COPY ./src /setup/app/src
-#COPY src /setup/app/src
-
-# Set the volume to be used for WireGuard configuration persistency.
-VOLUME /etc/wireguard
-VOLUME ${WGDASH}
-
-# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency.
-# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006.
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN out_adapt=$(ip -o -4 route show to default | awk '{print $NF}') \
- && echo -e "[Interface]\n\
-Address = ${wg_net}/24\n\
-PrivateKey =\n\
-PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\
-PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP\n\
-PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o ${out_adapt} -j MASQUERADE\n\
-PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP\n\
-ListenPort = ${wg_port}\n\
-SaveConfig = true\n\
-DNS = ${global_dns}" > /setup/conf/wg0.conf
-
-
-
-# Defining a way for Docker to check the health of the container. In this case: checking the login URL.
-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
- CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1
-
-
-# Copy the basic entrypoint.sh script.
-COPY entrypoint.sh /entrypoint.sh
-
-# Exposing the default WireGuard Dashboard port for web access.
-EXPOSE 10086
-ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]