Update build docker image actions, fix username

Update github actions that build docker iamges
Build multi-arch docker images
2025-05-10 21:48:30 +02:00 · 2025-01-13 11:31:05 +08:00 · 2025-01-13 11:24:08 +08:00 · 2025-01-13 11:01:15 +08:00 · 2024-11-11 18:08:27 +08:00 · 2024-11-11 18:07:06 +08:00
6 changed files with 131 additions and 23 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -0,0 +1,35 @@
 name: Build Images
 on:
  push:
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      - name: Log into DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ github.actor }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ github.actor }}/ufw-docker-agent
      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          push: ${{ github.event_name != 'pull_request' }}
          platforms: linux/amd64,linux/arm64/v8
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
--- a/7
+++ b/7
@ -1,6 +1,6 @@
-FROM ubuntu:20.04
+FROM ubuntu:24.04
-ARG docker_version="20.10.17"
+ARG docker_version="27.3.1"
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update \
@ -12,8 +12,7 @@ RUN apt-get update \
            | tee /etc/apt/sources.list.d/docker.list > /dev/null \
    && apt-get update \
    && apt-get install -y --no-install-recommends locales ufw \
-    && ( apt-get install -y --no-install-recommends "docker-ce=5:${docker_version}~*" || \
+    && apt-get install -y --no-install-recommends "docker-ce=$(apt-cache madison docker-ce | grep -m1 -F "${docker_version}" | cut -d'|' -f2 | tr -d '[[:blank:]]')" \
         apt-get install -y --no-install-recommends "docker-ce=${docker_version}~*" ) \
    && locale-gen en_US.UTF-8 \
    && apt-get clean autoclean \
    && apt-get autoremove --yes \
--- a/45
+++ b/45
@ -6,9 +6,15 @@
 ENV['VAGRANT_NO_PARALLEL']="true"
 Vagrant.configure('2') do |config|
  ubuntu_version = File.readlines("Dockerfile").filter { |line|
    line.start_with?("FROM ")
  }.first.match(/\d\d\.\d\d/)[0]
-  #config.vm.box = "chaifeng/ubuntu-22.04-docker-#{(`uname -m`.strip == "arm64")?"20.10.17-arm64":"19.03.13"}"
+  docker_version = File.readlines("Dockerfile").filter { |line|
-  config.vm.box = "chaifeng/ubuntu-20.04-docker-#{(`uname -m`.strip == "arm64")?"19.03.13-arm64":"19.03.13"}"
+    line.start_with?("ARG docker_version=")
  }.first.match(/"([\d\.]+)"/)[1]
  config.vm.box = "chaifeng/ubuntu-#{ubuntu_version}-docker-#{docker_version}"
  config.vm.provider 'virtualbox' do |vb|
    vb.memory = '1024'
@ -81,14 +87,15 @@ Vagrant.configure('2') do |config|
            daemonize: true
    end
-    ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test"
+    ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test-legacy"
    master.vm.provision "docker-build-ufw-docker-agent", preserve_order: true, type: 'shell', inline: <<-SHELL
      set -euo pipefail
-      docker build -t #{ufw_docker_agent_image}-legacy /vagrant
+      suffix="$(iptables --version | grep -o '\\(nf_tables\\|legacy\\)')"
-      docker push #{ufw_docker_agent_image}-legacy
+      docker build -t "#{ufw_docker_agent_image}-${suffix}" /vagrant
      docker push "#{ufw_docker_agent_image}-${suffix}"
-      echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}-nf_tables" > /etc/profile.d/ufw-docker.sh
+      echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}-${suffix}" > /etc/profile.d/ufw-docker.sh
      echo "export DEBUG=true" >> /etc/profile.d/ufw-docker.sh
      echo "Defaults env_keep += UFW_DOCKER_AGENT_IMAGE" > /etc/sudoers.d/98_ufw-docker
@ -110,6 +117,8 @@ FROM httpd:alpine
 RUN { echo '#!/bin/sh'; \\
    echo 'set -e; (echo -n "${name:-Hi} "; hostname;) > /usr/local/apache2/htdocs/index.html'; \\
    echo 'grep "^Listen 7000" || echo Listen 7000 >> /usr/local/apache2/conf/httpd.conf'; \\
    echo 'grep "^Listen 8080" || echo Listen 8080 >> /usr/local/apache2/conf/httpd.conf'; \\
    echo 'exec "$@"'; \\
    } > /entrypoint.sh; chmod +x /entrypoint.sh
@ -167,6 +176,14 @@ DOCKERFILE
        done
        ufw-docker service allow public_service 80/tcp
        docker service inspect "public_multiport" ||
            docker service create --name "public_multiport" \
                --publish "40080:80" --publish "47000:7000" --publish "48080:8080" \
                --env name="public_multiport" --replicas 3 #{private_registry}/chaifeng/hostname-webapp
        ufw-docker service allow public_multiport 80/tcp
        ufw-docker service allow public_multiport 8080/tcp
    SHELL
  end
@ -185,6 +202,11 @@ DOCKERFILE
    end
  end
  config.vm.define "node-internal" do |node|
    node.vm.hostname = "node-internal"
    node.vm.network "private_network", ip: "#{ip_prefix}.142"
  end
  config.vm.define "external" do |external|
    external.vm.hostname = "external"
    external.vm.network "private_network", ip: "#{ip_prefix}.127"
@ -193,7 +215,12 @@ DOCKERFILE
        set -euo pipefail
        set -x
        server="http://#{ip_prefix}.130"
-        function test-webapp() { timeout 3 curl --silent "$@"; }
+        function test-webapp() {
          if timeout 3 curl --silent "$@"
          then echo "Success: $*"
          else echo "Cannot visit: $*"; return 1
          fi
        }
        test-webapp "$server:18080"
        ! test-webapp "$server:8000"
@ -203,6 +230,10 @@ DOCKERFILE
        test-webapp "$server:29090"
        ! test-webapp "$server:9000"
        test-webapp "$server:40080"
        test-webapp "$server:48080"
        ! test-webapp "$server:47000"
        echo "====================="
        echo "      TEST DONE      "
        echo "====================="
--- a/test/bach
+++ b/test/bach
@ -1 +1 @@
-Subproject commit 447edb60db232d3dbc2267f37c49bd7a070cc83d
+Subproject commit 27885eb79c11e4652dede994c886ae5f9e30994f
--- a/test/ufw-docker.test.sh
+++ b/test/ufw-docker.test.sh
@ -15,7 +15,10 @@ source "$working_dir"/bach/bach.sh
    @mock iptables --version
    @mocktrue grep -F '(legacy)'
-    @ignore remove_blank_lines
+    @mocktrue docker -v
    @mock docker -v === @stdout Docker version 0.0.0, build dummy
    @mockpipe remove_blank_lines
    @ignore echo
    @ignore err
@ -98,6 +101,17 @@ test-ufw-is-disabled-assert() {
 }
 test-docker-is-installed() {
    @mockfalse docker -v
    ufw-docker
 }
 test-docker-is-installed-assert() {
    die "Docker executable not found."
    ufw-docker--help
 }
 test-ufw-docker-status() {
    ufw-docker status
 }
@ -451,7 +465,7 @@ test-ufw-docker--instance-name-found-a-name() {
 }
 test-ufw-docker--instance-name-found-a-name-assert() {
    docker inspect --format="{{.Name}}" foo
-    echo -n foo
+    @dryrun echo -n foo
 }
@ -474,7 +488,7 @@ test-ufw-docker--list-name() {
    ufw-docker--list foo
 }
 test-ufw-docker--list-name-assert() {
-    grep "# allow foo\\( [[:digit:]]\\+\\/\\(tcp\\|udp\\)\\)\\?\\( [[:graph:]]*\\)\\?\$"
+    grep "# allow foo\\( [[:digit:]]\\+\\/\\(tcp\\|udp\\)\\)\\( [[:graph:]]*\\)\$"
 }
 test-ufw-docker--list-name-udp() {
@ -483,7 +497,7 @@ test-ufw-docker--list-name-udp() {
    ufw-docker--list foo "" udp
 }
 test-ufw-docker--list-name-udp-assert() {
-    grep "# allow foo\\( [[:digit:]]\\+\\/\\(tcp\\|udp\\)\\)\\?\\( [[:graph:]]*\\)\\?\$"
+    grep "# allow foo\\( [[:digit:]]\\+\\/\\(tcp\\|udp\\)\\)\\( [[:graph:]]*\\)\$"
 }
@ -493,7 +507,7 @@ test-ufw-docker--list-name-80() {
    ufw-docker--list foo 80
 }
 test-ufw-docker--list-name-80-assert() {
-    grep "# allow foo\\( 80\\/tcp\\)\\?\\( [[:graph:]]*\\)\\?\$"
+    grep "# allow foo\\( 80\\/tcp\\)\\( [[:graph:]]*\\)\$"
 }
@ -503,7 +517,30 @@ test-ufw-docker--list-name-80-udp() {
    ufw-docker--list foo 80 udp
 }
 test-ufw-docker--list-name-80-udp-assert() {
-    grep "# allow foo\\( 80\\/udp\\)\\?\\( [[:graph:]]*\\)\\?\$"
+    grep "# allow foo\\( 80\\/udp\\)\\( [[:graph:]]*\\)\$"
 }
 test-ufw-docker--list-grep-without-network() {
    @mocktrue ufw status numbered
    @mockfalse grep "# allow foo\\( 80\\/udp\\)\\( [[:graph:]]*\\)\$"
    load-ufw-docker-function ufw-docker--list
    ufw-docker--list foo 80 udp
 }
 test-ufw-docker--list-grep-without-network-assert() {
    grep "# allow foo\\( 80\\/udp\\)\$"
 }
 test-ufw-docker--list-grep-without-network-and-port() {
    @mocktrue ufw status numbered
    @mockfalse grep "# allow foo\\( 80\\/udp\\)\\( [[:graph:]]*\\)\$"
    @mockfalse grep "# allow foo\\( 80\\/udp\\)\$"
    load-ufw-docker-function ufw-docker--list
    ufw-docker--list foo 80 udp
 }
 test-ufw-docker--list-grep-without-network-and-port-assert() {
    grep "# allow foo\$"
 }
@ -520,7 +557,7 @@ test-ufw-docker--list-number-assert() {
 test-ufw-docker--delete-empty-result() {
    @mock ufw-docker--list-number webapp 80 tcp === @stdout ""
-    @mock sort -rn
+    @mockpipe sort -rn
    load-ufw-docker-function ufw-docker--delete
    ufw-docker--delete webapp 80 tcp
@ -532,7 +569,7 @@ test-ufw-docker--delete-empty-result-assert() {
 test-ufw-docker--delete-all() {
    @mock ufw-docker--list-number webapp 80 tcp === @stdout 5 8 9
-    @mock sort -rn
+    @mockpipe sort -rn
    load-ufw-docker-function ufw-docker--delete
    ufw-docker--delete webapp 80 tcp
--- a/12
+++ b/12
@ -5,13 +5,13 @@ set -euo pipefail
 LANG=en_US.UTF-8
 LANGUAGE=en_US:
 LC_ALL=en_US.UTF-8
-PATH="/bin:/usr/bin:/sbin:/usr/sbin"
+PATH="/bin:/usr/bin:/sbin:/usr/sbin:/snap/bin/"
 GREP_REGEXP_INSTANCE_NAME="[-_.[:alnum:]]\\+"
 DEFAULT_PROTO=tcp
 ufw_docker_agent=ufw-docker-agent
-ufw_docker_agent_image="${UFW_DOCKER_AGENT_IMAGE:-chaifeng/${ufw_docker_agent}:220920-legacy}"
+ufw_docker_agent_image="${UFW_DOCKER_AGENT_IMAGE:-chaifeng/${ufw_docker_agent}:221002-nf_tables}"
 if [[ "${ufw_docker_agent_image}" = *-@(legacy|nf_tables) ]]; then
    if iptables --version | grep -F '(legacy)' &>/dev/null; then
@ -42,7 +42,9 @@ function ufw-docker--list() {
       NETWORK="[[:graph:]]*"
    fi
-    ufw status numbered | grep "# allow ${INSTANCE_NAME}\\( ${INSTANCE_PORT}\\/${PROTO}\\)\\?\\( ${NETWORK}\\)\\?\$"
+    ufw status numbered | grep "# allow ${INSTANCE_NAME}\\( ${INSTANCE_PORT}\\/${PROTO}\\)\\( ${NETWORK}\\)\$" ||  \
    ufw status numbered | grep "# allow ${INSTANCE_NAME}\\( ${INSTANCE_PORT}\\/${PROTO}\\)\$" || \
    ufw status numbered | grep "# allow ${INSTANCE_NAME}\$"
 }
 function ufw-docker--list-number() {
@ -422,6 +424,10 @@ if ! ufw status 2>/dev/null | grep -Fq "Status: active" ; then
    die "UFW is disabled or you are not root user, or mismatched iptables legacy/nf_tables, current $(iptables --version)"
 fi
 if ! docker -v &> /dev/null; then
  die "Docker executable not found."
 fi
 ufw_action="${1:-help}"
 case "$ufw_action" in
Author	SHA1	Message	Date
Chai Feng	1a51b59cf8	Update build docker image actions, fix username Some checks failed Build Images / docker (push) Has been cancelled Details Unit Testing ufw-docker / Unit Testing (push) Has been cancelled Details	2025-01-13 11:31:05 +08:00
Chai Feng	5908cde296	Update github actions that build docker iamges	2025-01-13 11:24:08 +08:00
Chai Feng	8f9335326f	Build multi-arch docker images	2025-01-13 11:01:15 +08:00
Chai Feng	c9547cb4ec	Refactor Vagrantfile with getting docker version automatically Some checks failed Unit Testing ufw-docker / Unit Testing (push) Has been cancelled Details	2024-11-11 18:08:27 +08:00
Chai Feng	9474084f3f	Update Dockerfile with improved version matching	2024-11-11 18:07:06 +08:00
Chai Feng	1fa425bf17	Add node-internal	2024-11-08 10:25:22 +08:00
Chai Feng	3d6896cdd1	Update Bach to the latest unreleased version	2024-09-29 10:25:06 +08:00
anuragpeshne	6cdd4dfd2f	adds test for docker exist	2023-02-21 19:20:42 +08:00
anuragpeshne	17e6047590	Adds check for docker executable and adds snap to path	2023-02-21 19:20:42 +08:00
Chai Feng	a273ac9d51	221002-nf_tables	2022-10-02 17:03:51 +08:00
Chai Feng	cdad5e2a02	221002-legacy	2022-10-02 17:01:24 +08:00
Chai Feng	9d890ee3ee	Add integration tests related to PR #71	2022-09-26 22:00:05 +08:00
Radosław Kłos	a1d3517aeb	Add integration tests for multiport app	2022-09-26 21:43:22 +08:00
Radosław Kłos	d1e6c13156	Add unit tests for alternative greps in ufw-docker--list	2022-09-26 21:43:22 +08:00
Radosław Kłos	682d8b363f	Fix existing unit tests	2022-09-26 21:43:22 +08:00
Radosław Kłos	a689c4eb6e	Fix (almost) always truthy regexp in ufw-docker--list	2022-09-26 21:43:22 +08:00
Chai Feng	e99858510d	Update Bach Testing Framework	2022-09-21 08:43:58 +08:00
Chai Feng	712b0e8075	Change to iptables (nf_tables), using Ubuntu 22.04	2022-09-20 21:51:39 +08:00
		`@ -1 +1 @@`
			`Subproject commit 447edb60db232d3dbc2267f37c49bd7a070cc83d`				`Subproject commit 27885eb79c11e4652dede994c886ae5f9e30994f`