Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to latest alpine and smdb #458

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 73 additions & 0 deletions .github/workflows/docker-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
name: Docker Image CI

env:
GHCR: ghcr.io
DOCKER: docker.io
IMAGENAME: samba

on:
push:
branches: [ "master" ]
schedule:
- cron: '0 22 1 * *'

jobs:
vulerability-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Perform Scan
uses: ShiftLeftSecurity/scan-action@master
build-and-push:
runs-on: ubuntu-latest
needs:
- vulerability-scan
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Github container registry
uses: docker/login-action@v3
with:
registry: ${{ env.GHCR }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
registry: ${{ env.DOCKER }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get current date
id: date
run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest
${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:latest
${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
image-vulnerability-scan:
runs-on: ubuntu-latest
needs:
- build-and-push
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

9 changes: 5 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
FROM alpine
FROM alpine:latest
MAINTAINER David Personette <[email protected]>

# Install samba
RUN apk --no-cache --no-progress upgrade && \
apk --no-cache --no-progress add bash samba shadow tini tzdata && \
RUN apk update && \
apk upgrade && \
apk add bash samba shadow tini tzdata && \
addgroup -S smb && \
adduser -S -D -H -h /tmp -s /sbin/nologin -G smb -g 'Samba User' smbuser &&\
file="/etc/samba/smb.conf" && \
Expand Down Expand Up @@ -55,7 +56,7 @@ RUN apk --no-cache --no-progress upgrade && \
echo '' >>$file && \
rm -rf /tmp/*

COPY samba.sh /usr/bin/
ADD samba.sh /usr/bin/samba.sh

EXPOSE 137/udp 138/udp 139 445

Expand Down
4 changes: 2 additions & 2 deletions samba.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/env bash
#!/bin/bash
#===============================================================================
# FILE: samba.sh
#
Expand Down Expand Up @@ -293,5 +293,5 @@ elif ps -ef | egrep -v grep | grep -q smbd; then
echo "Service already running, please restart container to apply changes"
else
[[ ${NMBD:-""} ]] && ionice -c 3 nmbd -D
exec ionice -c 3 smbd -FS --no-process-group </dev/null
exec ionice -c 3 smbd -F --no-process-group </dev/null
fi