Merge pull request #334 from NOXCIS/main

Fixed Docker Image

Author: donaldzou

.github/workflows/main.yml

@@ -0,0 +1,56 @@
+name: Docker Image Build and Analysis
+
+on:
+  schedule:
+    - cron: "0 0 * * *"  # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed.
+  workflow_dispatch:  # Manual run trigger
+    inputs:
+      trigger-build:
+        description: 'Trigger a manual build and push'
+        default: 'true'
+
+jobs:
+  build-and-analyze:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build Docker image
+        id: build-image
+        run: |
+          echo "Building Docker image..."
+          docker build -t my-app-image:latest .
+          echo "Docker image built successfully."
+
+      - name: Install Docker Scout
+        run: |
+          echo "Installing Docker Scout..."
+          curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
+          echo "Docker Scout installed successfully."
+
+      - name: Analyze Docker image with Docker Scout
+        id: analyze-image
+        run: |
+          echo "Analyzing Docker image with Docker Scout..."
+          docker scout cves my-app-image:latest > scout-results.txt
+          cat scout-results.txt  # Print the report to the workflow logs for easy viewing
+          echo "Docker Scout analysis completed."
+
+      - name: Post Comment on Issue or PR
+        run: |
+          COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`"
+          
+          # Post comment using GitHub API
+          curl -X POST \
+            -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+            -H "Accept: application/vnd.github.v3+json" \
+            -d "{\"body\": \"$COMMENT\"}" \
+            "https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments"  # Replace '1' with the issue or PR number

Dockerfile

@@ -0,0 +1,31 @@
+# Pull from small Debian stable image.
+FROM alpine:latest AS builder
+
+LABEL maintainer="[email protected]"
+
+WORKDIR /opt/wireguarddashboard/src
+
+RUN    apk update && \
+    apk add --no-cache sudo gcc musl-dev rust cargo linux-headers 
+
+COPY ./docker/alpine/builder.sh /opt/wireguarddashboard/src/
+COPY ./docker/alpine/requirements.txt /opt/wireguarddashboard/src/
+RUN   chmod u+x /opt/wireguarddashboard/src/builder.sh
+RUN  /opt/wireguarddashboard/src/builder.sh
+
+
+FROM alpine:latest
+WORKDIR /opt/wireguarddashboard/src
+
+COPY ./src /opt/wireguarddashboard/src/
+COPY --from=builder /opt/wireguarddashboard/src/venv /opt/wireguarddashboard/src/venv
+COPY --from=builder /opt/wireguarddashboard/src/log /opt/wireguarddashboard/src/log/
+
+RUN    apk update && \
+    apk add --no-cache wireguard-tools sudo && \
+    apk add --no-cache  iptables ip6tables && \
+    chmod u+x /opt/wireguarddashboard/src/entrypoint.sh 
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1
+
+ENTRYPOINT ["/opt/wireguarddashboard/src/entrypoint.sh"]

compose.yaml

@@ -0,0 +1,26 @@
+services:
+  
+  wireguard-dashboard:
+    build: ./
+    container_name: wiregate
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    restart: unless-stopped
+    environment:
+      - wg_net=10.0.0.1/24
+      - wg_port=51820
+    volumes:
+      - wgd_configs:/etc/wireguard
+      - wgd_app:/opt/wireguarddashboard/src
+    ports:
+      - 10086:10086/tcp
+      - 51820:51820/udp
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+   
+
+volumes:
+    wgd_configs:
+    wgd_app:

docker/Dockerfile

@@ -0,0 +1,43 @@
+venv_python="./venv/bin/python3"
+venv_gunicorn="./venv/bin/gunicorn"
+pythonExecutable="python3"
+
+
+_check_and_set_venv(){
+    VIRTUAL_ENV="./venv"
+    if [ ! -d $VIRTUAL_ENV ]; then
+    	printf "[WGDashboard] Creating Python Virtual Environment under ./venv\n"
+        { $pythonExecutable -m venv  $VIRTUAL_ENV; } >> ./log/install.txt
+    fi
+    
+    if ! $venv_python --version > /dev/null 2>&1
+    then
+    	printf "[WGDashboard] %s Python Virtual Environment under ./venv failed to create. Halting now.\n" "$heavy_crossmark"	
+    	kill  $TOP_PID
+    fi
+    
+    source ${VIRTUAL_ENV}/bin/activate
+
+}
+
+build_core () {
+    if [ ! -d "log" ]
+	  then 
+		printf "[WGDashboard] Creating ./log folder\n"
+		mkdir "log"
+	fi
+
+
+    apk add --no-cache python3 net-tools python3-dev py3-virtualenv
+    _check_and_set_venv
+    printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n"
+    { date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt
+    printf "[WGDashboard] Building Bcrypt & Psutil\n"
+    { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt
+    printf "[WGDashboard] Build Successfull!\n"
+    printf "[WGDashboard] Clean Up Pip!\n"
+    { date; rm -rf /opt/wireguarddashboard/src/venv/lib/python3.12/site-packages/pip* ; printf "\n\n"; } >> ./log/install.txt
+
+}
+
+build_core

docker/alpine/builder.sh

@@ -0,0 +1,2 @@
+bcrypt
+psutil