better vulnscan message

.dockerignore

@@ -1,5 +1,3 @@
 LICENSE
 README.md
-manifest.tmpl
 .gitea/
-.drone*

.gitea/workflows/build_and_publish.yaml

@@ -8,10 +8,8 @@ env:
 
 on:
   push:
-    tags:
-      - '*'
   schedule:
-    - cron: "0 12 3 * *"
+    - cron: "0 12 * * 3"
   workflow_dispatch:
   workflow_call:
   workflow_run:
@@ -50,7 +48,7 @@ jobs:
           docker build \
             --tag ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }} \
             --build-arg "ALPINE_VERSION=${{ env.ALPINE_VERSION }}" \
-            --platform linux/${{ matrix.arch }} -f Dockerfile .
+            --platform linux/${{ matrix.arch }} --no-cache -f Dockerfile .
           docker push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }}
 
   manifest:

.gitea/workflows/vulnscan.yaml

@@ -61,4 +61,4 @@ jobs:
           token: ${{ secrets.TELEGRAM_TOKEN }}
           format: markdown
           message: |
-            Found **${{ steps.vulncount.outputs.VULNCOUNT }}** vulnerabilities in `${{ github.repository }}`
+            Found **${{ steps.vulncount.outputs.VULNCOUNT }}** vulnerabilities in `${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest`

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.22.1-alpine AS build
+FROM golang:1.25.1-alpine AS build
 
 WORKDIR /src
 COPY src /src
@@ -10,14 +10,14 @@ RUN \
 FROM alpine:latest
 
 RUN \
-  apk --update upgrade && \
+  apk --no-cache upgrade && \
-  apk add unbound bind-tools tini && \
+  apk --no-cache add unbound bind-tools tini && \
   wget -O /etc/unbound/named.cache ftp://ftp.internic.net//domain/named.cache
 
 COPY rootfs /
 COPY --from=build /dnsproxy /app/
 
 HEALTHCHECK --interval=30s --start-period=5s --timeout=10s \
-  CMD /usr/bin/host -T -p 1053 asperti.com 127.0.0.1
+  CMD /usr/bin/host -T -p ${PORT} asperti.com 127.0.0.1
 
 ENTRYPOINT ["/sbin/tini", "--", "/bin/sh", "/app/entrypoint.sh"]

README.md

@@ -1,7 +1,5 @@
 # Dockerized Unbound for caching purposes
 
-[![Build Status](https://drone.asperti.com/api/badges/paspo/docker-dnscache/status.svg)](https://drone.asperti.com/paspo/docker-dnscache)
-
 ## Usage with docker compose
 
 ```yaml
@@ -33,9 +31,3 @@ docker run --rm --name zabbix-dns \
   -p "1053:1053" -p "1053:1053/udp" \
   -ti docker.asperti.com/paspo/dnscache:latest
 ```
-
-## test drone config
-
-```sh
-drone starlark --format  --stdout 
-```

rootfs/app/entrypoint.sh

@@ -32,9 +32,9 @@ EOF
 fi
 
 # set port
-cat >> /etc/unbound/unbound.conf.d/port.conf << EOF
+cat > /etc/unbound/unbound.conf.d/port.conf << EOF
 server:
-    interface: 0.0.0.0:${PORT}
+    port: ${PORT}
 EOF
 
 if [ "${DNSPROXY}" = true ] ; then

rootfs/etc/unbound/unbound.conf

@@ -1,6 +1,5 @@
 server:
     interface: 0.0.0.0
-    port: 53
     do-ip4: yes
     do-ip6: no
     do-udp: yes

rootfs/etc/unbound/unbound.conf.d/port.conf

@@ -0,0 +1,2 @@
+server:
+    port:  1053

src/.gitignore

@@ -0,0 +1 @@
+vendor/

src/go.mod

@@ -1,6 +1,6 @@
 module asperti.com/dnsproxy
 
-go 1.22.1
+go 1.25.1
 
 require github.com/gin-gonic/gin v1.10.0
 
@@ -25,10 +25,10 @@ require (
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/crypto v0.42.0 // indirect
-	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
-	golang.org/x/text v0.15.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
 	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

src/go.sum

@@ -66,16 +66,16 @@ github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZ
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
 golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
-golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
-golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
-golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=