diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..f45a811 --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,73 @@ +steps: + build: + image: plugins/kaniko + settings: + repo: ${FORGE_NAME}/${CI_REPO} + registry: + from_secret: container_registry + tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG} + username: + from_secret: container_registry_username + password: + from_secret: container_registry_password + dockerfile: Dockerfile + when: + - event: [push, tag] + + scan_image: + image: aquasec/trivy + commands: + - env TRIVY_DISABLE_VEX_NOTICE=1 trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1 + when: + - event: [push, tag] + + generate_sbom: + image: quay.io/wollud1969/woodpecker-helper:0.5.1 + environment: + TRIVY_TOKEN: + from_secret: trivy_token + TRIVY_URL: + from_secret: trivy_url + DTRACK_API_KEY: + from_secret: dtrack_api_key + DTRACK_API_URL: + from_secret: dtrack_api_url + commands: + - HOME=/home/`id -nu` + - TAG="${CI_COMMIT_TAG:-$CI_COMMIT_SHA}" + - | + trivy image \ + --server $TRIVY_URL \ + --token $TRIVY_TOKEN \ + --format cyclonedx \ + --scanners license \ + --output /tmp/sbom.xml \ + $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA + - cat /tmp/sbom.xml + - | + curl -X "POST" \ + -H "Content-Type: multipart/form-data" \ + -H "X-Api-Key: $DTRACK_API_KEY" \ + -F "autoCreate=true" \ + -F "projectName=$CI_REPO" \ + -F "projectVersion=$TAG" \ + -F "bom=@/tmp/sbom.xml"\ + "$DTRACK_API_URL/api/v1/bom" + when: + - event: [push, tag] + + build: + image: plugins/kaniko + settings: + repo: quay.io/wollud1969/tinyproxy-docker + registry: quay.io + tags: + - latest + - ${CI_COMMIT_TAG} + username: + from_secret: quay_username + password: + from_secret: quay_password + dockerfile: Dockerfile + when: + - event: [tag] diff --git a/Dockerfile b/Dockerfile index 8eb11ff..0301c80 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.21.3 LABEL Maintainer="Wolfgang Hottgenroth " -ENV ALLOWED_NETWORK="127.0.0.1/32" +ENV ALLOWED_NETWORKS="127.0.0.1/32" RUN apk add --no-cache tinyproxy m4 diff --git a/start.sh b/start.sh index cea8698..ba6c947 100755 --- a/start.sh +++ b/start.sh @@ -1,4 +1,7 @@ #!/bin/sh -m4 tinyproxy.conf.m4 > tinyproxy.conf && tinyproxy -d -c /etc/tinyproxy/tinyproxy.conf +m4 tinyproxy.conf.m4 > tinyproxy.conf && \ + cat tinyproxy.conf && \ + echo "------------------------------------" && \ + tinyproxy -d -c /etc/tinyproxy/tinyproxy.conf diff --git a/tinyproxy.conf.m4 b/tinyproxy.conf.m4 index 4c279d2..14dbf1c 100644 --- a/tinyproxy.conf.m4 +++ b/tinyproxy.conf.m4 @@ -1,9 +1,19 @@ -dnl values -define(`ALLOWED_NETWORK', esyscmd(`echo -n $ALLOWED_NETWORK'))dnl +divert(-1) +dnl === Load allowed networks from environment === +define(`ALLOWED_NETWORKS', `esyscmd(`echo $ALLOWED_NETWORKS')')dnl +dnl === Split into tokens === +define(`_firstword', `substr(`$1', `0', index(`$1 ', ` '))')dnl +define(`_restwords', `substr(`$1', incr(index(`$1 ', ` ')))')dnl + +dnl === Recursive loop === +define(`_foreach', ` +ifelse(`$1', `', `', ` +Allow $1 +_foreach(_firstword(_restwords($2)), _restwords($2))')')dnl +define(`foreach', `_foreach(_firstword($1), $1)')dnl +divert -dnl -------------------------------------------------------------- -dnl template for tinyproxy.conf Port 3128 Listen 0.0.0.0 @@ -13,9 +23,8 @@ Group nobody LogLevel Info -Allow ALLOWED_NETWORK +foreach(ALLOWED_NETWORKS) ConnectPort 443 - Timeout 600