paspo/docker-powerdns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

Compare commits

base: paspo:142b6e3a75465e4e8c68193ae4bec8a7c14030d3
Branches Tags
paspo:master
paspo:latest
..
compare: paspo:master
Branches Tags
paspo:master
paspo:latest

10 Commits
142b6e3a75 ... master

Author SHA1 Message Date
paspo
dee7298fbc disable apk cache
All checks were successful
Container Publish / on-success-skip (push) Has been skipped
Details
Container Publish / build-image (amd64) (push) Successful in 29s
Details
Container Publish / build-image (arm64) (push) Successful in 21s
Details
Container Publish / update docker manifest (push) Successful in 10s
Details
Vulnerability Scan / Daily Vulnerability Scan (amd64) (push) Successful in 23s
Details
Vulnerability Scan / Daily Vulnerability Scan (arm64) (push) Successful in 5s
Details
2025-10-02 23:22:29 +02:00
paspo
debef1b7f0 disable docker cache 2025-10-02 23:21:52 +02:00
paspo
906240fb9d build on wednesday 2025-10-02 23:21:35 +02:00
paspo
285ec54017 better vulnscan message 2025-10-02 23:21:20 +02:00
paspo
5d793524c3 build every push 2025-10-02 23:21:10 +02:00
paspo
a5446b782d switched from drone to gitea actions
Some checks failed
Container Publish / on-success-skip (push) Has been skipped
Details
Container Publish / build-image (arm64) (push) Successful in 12s
Details
Container Publish / build-image (amd64) (push) Successful in 32s
Details
Container Publish / update docker manifest (push) Successful in 9s
Details
Vulnerability Scan / Daily Vulnerability Scan (arm64) (push) Failing after 5s
Details
Vulnerability Scan / Daily Vulnerability Scan (amd64) (push) Failing after 7s
Details
2025-06-08 13:36:13 +02:00
paspo
30e458be26 test new actions
All checks were successful
Container Publish / on-success-skip (push) Has been skipped
Details
Container Publish / build-image (push) Successful in 16s
Details
2025-06-07 21:18:48 +02:00
paspo
160d389192 healthcheck fix
Some checks failed
Vulnerability Scan / Daily Vulnerability Scan (push) Failing after 13s
Details
Container Publish / build-image (push) Successful in 34s
Details
2025-05-06 09:30:00 +02:00
paspo
40ec940bad allow webserver access from everywhere 2025-05-06 09:27:33 +02:00
paspo
b267419a8f separate config for launch 2025-05-06 09:23:17 +02:00
6 changed files with 73 additions and 17 deletions
Expand all files Collapse all files

57
.gitea/workflows/build_and_publish.yaml
View File

@@ -1,30 +1,73 @@
--- ---
name: Container Publish name: Container Publish
env:
REGISTRY: docker.asperti.com
REPOSITORY: paspo/powerdns
on: on:
push: push:
tags:
- '*'
schedule: schedule:
- cron: "0 12 3 * *" - cron: "0 12 * * 3"
workflow_dispatch: workflow_dispatch:
workflow_call:
workflow_run:
workflows: [vulnscan.yaml]
types: [completed]
jobs: jobs:
on-success-skip:
runs-on:
labels: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- run: exit_with_success
build-image: build-image:
runs-on: ubuntu-latest runs-on:
labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
container: container:
image: catthehacker/ubuntu:act-latest image: catthehacker/ubuntu:act-latest
strategy:
matrix:
arch: [amd64, arm64]
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Login to registry - name: Login to registry
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
registry: docker.asperti.com registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }} username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }} password: ${{ secrets.REGISTRY_TOKEN }}
- name: Build and publish - name: Build and publish
run: | run: |
docker build -t docker.asperti.com/paspo/powerdns:latest --platform linux/amd64 -f Dockerfile . docker build \
docker push docker.asperti.com/paspo/powerdns:latest --tag ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }} \
--platform linux/${{ matrix.arch }} --no-cache -f Dockerfile .
docker push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }}
manifest:
name: update docker manifest
needs: build-image
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
steps:
- name: Login to registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: latest
run: |
docker manifest create \
${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest \
--amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-amd64 \
--amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-arm64
docker manifest push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest

22
.gitea/workflows/vulnscan.yaml
View File

@@ -1,21 +1,33 @@
--- ---
name: Vulnerability Scan name: Vulnerability Scan
env:
REGISTRY: docker.asperti.com
REPOSITORY: paspo/powerdns
on: on:
schedule: schedule:
- cron: "0 14 * * *" - cron: "0 14 * * *"
workflow_dispatch: workflow_dispatch:
workflow_call:
workflow_run:
workflows: [build_and_publish.yaml]
types: [completed]
jobs: jobs:
scan: scan:
name: Daily Vulnerability Scan name: Daily Vulnerability Scan
runs-on: ubuntu-latest runs-on:
labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
container: container:
image: catthehacker/ubuntu:act-latest image: catthehacker/ubuntu:act-latest
strategy:
matrix:
arch: [amd64, arm64]
steps: steps:
- name: Pull docker image - name: Pull docker image
run: docker pull docker.asperti.com/paspo/powerdns:latest run: docker pull ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest
- name: Setup trivy - name: Setup trivy
run: | run: |
@@ -32,9 +44,7 @@ jobs:
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
id: scan id: scan
run: | run: |
trivy --server ${{ secrets.TRIVY_SERVER }} \ trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest > trivy-results.json
--token ${{ secrets.TRIVY_TOKEN }} image --format json \
docker.asperti.com/paspo/powerdns:latest > trivy-results.json
# if some vulnerability is found, we fail # if some vulnerability is found, we fail
- name: check output - name: check output
@@ -51,4 +61,4 @@ jobs:
token: ${{ secrets.TELEGRAM_TOKEN }} token: ${{ secrets.TELEGRAM_TOKEN }}
format: markdown format: markdown
message: | message: |
Found **${{ steps.vulncount.outputs.VULNCOUNT }}** vulnerabilities in `${{ github.repository }}` Found **${{ steps.vulncount.outputs.VULNCOUNT }}** vulnerabilities in `${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest`

6
Dockerfile
View File

@@ -1,12 +1,12 @@
FROM alpine:latest FROM alpine:latest
RUN \ RUN \
apk --update upgrade && \ apk --no-cache upgrade && \
apk add tini pdns pdns-backend-sqlite3 apk --no-cache add tini curl pdns pdns-backend-sqlite3
COPY rootfs / COPY rootfs /
HEALTHCHECK --interval=30s --start-period=5s --timeout=10s \ HEALTHCHECK --interval=30s --start-period=5s --timeout=10s \
CMD /usr/bin/host -T -p 1053 asperti.com 127.0.0.1 CMD curl http://127.0.0.1:8081/metrics
ENTRYPOINT ["/sbin/tini", "--", "/bin/sh", "/app/entrypoint.sh"] ENTRYPOINT ["/sbin/tini", "--", "/bin/sh", "/app/entrypoint.sh"]

1
rootfs/app/entrypoint.sh
View File

@@ -17,7 +17,6 @@ EOF
# database setup # database setup
cat >> /etc/pdns/pdns.conf.d/sqlite.conf << EOF cat >> /etc/pdns/pdns.conf.d/sqlite.conf << EOF
launch=gsqlite3
gsqlite3-database=${DB_PATH} gsqlite3-database=${DB_PATH}
EOF EOF
DB_DIR=$(dirname "${DB_PATH}") DB_DIR=$(dirname "${DB_PATH}")

1
rootfs/etc/pdns/pdns.conf.d/launch.conf Normal file
View File

@@ -0,0 +1 @@
launch=gsqlite3

3
rootfs/etc/pdns/pdns.conf.d/webserver.conf Normal file
View File

@@ -0,0 +1,3 @@
webserver=yes
webserver-address=0.0.0.0
webserver-allow-from=0.0.0.0/0,::/0