add scan in ci

.woodpecker.yml

@@ -28,3 +28,38 @@ steps:
       dockerfile: Dockerfile
     when:
       - event: [tag]
+  scan:
+    image: quay.io/wollud1969/woodpecker-helper:0.5.1
+    environment:
+      TRIVY_TOKEN:
+        from_secret: trivy_token
+      TRIVY_URL:
+        from_secret: trivy_url
+      DTRACK_API_KEY:
+        from_secret: dtrack_api_key
+      DTRACK_API_URL:
+        from_secret: dtrack_api_url
+    commands:
+      - HOME=/home/`id -nu`
+      - IMAGE=quay.io/wollud1969/exim-docker:$CI_COMMIT_TAG
+      - |
+        trivy image \
+              --server $TRIVY_URL \
+              --token $TRIVY_TOKEN \
+              --format cyclonedx \
+              --scanners license \
+              --output /tmp/sbom.xml \
+              $IMAGE
+      - cat /tmp/sbom.xml
+      - |
+        curl -X "POST" \
+             -H "Content-Type: multipart/form-data" \
+             -H "X-Api-Key: $DTRACK_API_KEY" \
+             -F "autoCreate=true" \
+             -F "projectName=$CI_REPO" \
+             -F "projectVersion=$CI_COMMIT_TAG" \
+             -F "bom=@/tmp/sbom.xml"\
+             "$DTRACK_API_URL/api/v1/bom"        
+    when:
+      - event: [tag]
+

Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:bookworm
+FROM alpine:3.21.3
 
 LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
 LABEL ImageName=""
@@ -7,23 +7,15 @@ LABEL ImageName=""
 ENV LOCALMAILNAME=""
 # smarthost to send mail to
 ENV SMARTHOST=""
-# recipient addresses for root aliases, separate multiple addresses by space
-ENV ROOT=""
 # ip addresses or networks to allow for relaying, separate multiple ones by semicolon
 ENV RELAYNETS=""
 
-RUN \
-  apt update && \
-  apt upgrade -y --autoremove && \
-  apt install -y exim4-daemon-light ca-certificates curl && \ 
-  rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache exim bash
 
-COPY update-exim4.conf.tmpl /etc/exim4/
-COPY aliases.tmpl /etc/exim4/
-COPY adjust-config.sh /etc/exim4/
-COPY start.sh /etc/exim4/
+COPY exim.conf.tmpl /etc/exim
+COPY start.sh /etc/exim
 
-WORKDIR /etc/exim4
+WORKDIR /etc/exim
 
 EXPOSE 25
 

adjust-config.sh

@@ -1,15 +0,0 @@
-#!/bin/bash
-
-cat update-exim4.conf.tmpl \
-  | sed -e 's/%HOSTNAME%/'$HOSTNAME'/' \
-        -e 's#%RELAYNETS%#'$RELAYNETS'#' \
-        -e 's/%LOCALMAILNAME%/'$LOCALMAILNAME'/' \
-        -e 's/%SMARTHOST%/'$SMARTHOST'/' \
-  > update-exim4.conf.conf 
-cat aliases.tmpl \
-  | sed -e 's/%ROOT%/'"$ROOT"'/' \
-  > ../aliases && \
-newaliases
-
-/usr/sbin/update-exim4.conf -v
-

aliases.tmpl

@@ -1,14 +0,0 @@
-mailer-daemon: postmaster
-postmaster: root
-nobody: root
-hostmaster: root
-usenet: root
-news: root
-webmaster: root
-www: root
-ftp: root
-abuse: root
-noc: root
-security: root
-root: %ROOT%
-

exim.conf.tmpl

@@ -0,0 +1,28 @@
+primary_hostname = %HOSTNAME%
+qualify_domain = %LOCALMAILNAME%
+
+acl_smtp_rcpt = acl_check_rcpt
+
+begin routers
+smarthost_route:
+  driver = manualroute
+  domains = *
+  transport = smarthost_smtp
+  route_list = * %SMARTHOST%
+
+begin transports
+smarthost_smtp:
+  driver = smtp
+  port = 25
+  multi_domain
+
+begin acl
+acl_check_rcpt:
+  accept
+    hosts = %RELAYNETS%
+  deny
+    message = "Relaying denied"
+
+begin rewrite
+*@* ${1}@${qualify_domain} Ffrs
+

start.sh

@@ -1,5 +1,13 @@
 #!/bin/bash
 
-./adjust-config.sh
-exim -bd -q15m 
+rm exim.conf
+
+cat exim.conf.tmpl \
+  | sed -e 's/%HOSTNAME%/'$HOSTNAME'/' \
+        -e 's#%RELAYNETS%#'$RELAYNETS'#' \
+        -e 's/%LOCALMAILNAME%/'$LOCALMAILNAME'/' \
+        -e 's/%SMARTHOST%/'$SMARTHOST'/' \
+  > exim.conf 
+
+exim -bd -q15m -v
 

update-exim4.conf.tmpl

@@ -1,14 +0,0 @@
-dc_eximconfig_configtype='satellite'
-dc_other_hostnames='%HOSTNAME%'
-dc_local_interfaces='0.0.0.0'
-dc_readhost='%LOCALMAILNAME%'
-dc_relay_domains=''
-dc_minimaldns='false'
-dc_relay_nets='%RELAYNETS%'
-dc_smarthost='%SMARTHOST%'
-CFILEMODE='644'
-dc_use_split_config='false'
-dc_hide_mailname='true'
-dc_mailname_in_oh='true'
-dc_localdelivery='mail_spool'
-