diff --git a/.github/workflows/publish_docker.yaml b/.github/workflows/publish_docker.yaml new file mode 100644 index 0000000..bcb3d65 --- /dev/null +++ b/.github/workflows/publish_docker.yaml @@ -0,0 +1,42 @@ +name: Create and publish a Docker image + +on: + push: + branches: ["main"] + tags: ["*"] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + name: Push Docker image to GitHub container repository + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository }} + + - name: Build and push Docker images + uses: docker/build-push-action@v5 + with: + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..be33459 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,27 @@ +FROM debian:bullseye-slim + +# Set up work directory +WORKDIR /app + +# Install squid-deb-proxy then cleanup +RUN apt-get update -y \ + && apt-get install -y --no-install-recommends \ + squid-deb-proxy \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Add an entrypoint script +COPY entrypoint.sh /app/entrypoint.sh +RUN chmod +x /app/entrypoint.sh + +# Start with a blank set of allowed domains +RUN echo "# Default deny all" > /etc/squid-deb-proxy/mirror-dstdomain.acl + +# Set all files in /app/allowlists as allowed domains +RUN mkdir -p /app/allowlists && \ + rm -rf /etc/squid-deb-proxy/mirror-dstdomain.acl.d && \ + ln -sf /app/allowlists /etc/squid-deb-proxy/mirror-dstdomain.acl.d + +EXPOSE 8000/tcp + +ENTRYPOINT ["/app/entrypoint.sh"] \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..a88fd04 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,8 @@ +#! /usr/bin/env sh + +# Start the proxy +/etc/init.d/squid-deb-proxy restart + +# Watch the log +touch /var/log/squid-deb-proxy/access.log +tail -f /var/log/squid-deb-proxy/access.log \ No newline at end of file