.gitlab-ci.yml

@@ -0,0 +1,34 @@
+stages:
+  - test
+  - build
+  - release
+
+# Test if the image can be built
+test:build:
+  stage: build
+  tags:
+    - build
+  image: docker:stable
+  script:
+    - docker build .
+  interruptible: true
+  only:
+    - master
+
+# Push images of tags to private registry
+release:image:
+  stage: release
+  tags:
+    - build
+    - release
+  image: docker:stable
+  script:
+    - docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}" "${DOCKER_REGISTRY_HOST}"
+    - echo "Building image..."
+    - docker build -t "${DOCKER_REGISTRY_HOST}"/gkcld/unbound:"${CI_COMMIT_TAG}" -t "${DOCKER_REGISTRY_HOST}"/gkcld/unbound:latest .
+    - echo "Pushing tags..."
+    - docker push "${DOCKER_REGISTRY_HOST}"/gkcld/unbound:"${CI_COMMIT_TAG}"
+    - docker push "${DOCKER_REGISTRY_HOST}"/gkcld/unbound:latest
+  interruptible: false
+  only:
+    - tags

CHANGELOG.md

@@ -3,18 +3,6 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
-## [1.22.0]
-- Updated Unbound to version `1.22.0`
-- Fixed configuration for local healthcheck record
-- Added `bootstrap-image.sh` to clean up the `Dockerfile`
-- Moved the entrypoint definition inline within the `Dockerfile`
-
-## [1.21.0]
-- Updated Unbound to version `1.21.0`
-
-## [1.20.0]
-- Updated Unbound to version `1.20.0`
-
 ## [1.19.0]
 - Updated Unbound to version `1.19.0`
 

Dockerfile

@@ -1,11 +1,29 @@
 FROM alpine:3.15.5
-ARG UNBOUND_VERSION=1.22.0
 
-COPY bootstrap-image.sh /tmp/
-RUN sh /tmp/bootstrap-image.sh -x && rm -rf /tmp/*
+ARG UNBOUND_VERSION=1.19.0
 
+# Install dependencies and build unbound, clean up after
+RUN apk --update add --no-cache alpine-sdk bison dns-root-hints expat-dev flex git openssl-dev && \
+    # Clone tag and build unbound source (https://github.com/NLnetLabs/unbound)
+    git clone --depth 1 --branch "release-${UNBOUND_VERSION}" https://github.com/NLnetLabs/unbound.git /tmp/unbound && \
+    cd /tmp/unbound && \
+    ./configure && \
+    make && \
+    make install && \
+    # Clean up build dependencies
+    make clean && \
+    cd /srv && \
+    rm -rf /tmp/* && \
+    apk del alpine-sdk bison expat-dev flex git openssl-dev
+
+# Prepare image
+COPY entrypoint.sh /srv/
 COPY healthcheck.sh /srv/
+
+# Prepare unbound
+RUN addgroup -S unbound && adduser -S -G unbound unbound
+RUN mkdir -p /srv/unbound/conf
 COPY unbound.conf /srv/unbound/unbound.conf
 
-HEALTHCHECK --interval=10s --timeout=1s --retries=1 CMD ["sh", "/srv/healthcheck.sh"]
-ENTRYPOINT ["sh", "-c", "unbound -V && unbound -c /srv/unbound/unbound.conf -d"]
+HEALTHCHECK --interval=10s --timeout=1s --retries=1 CMD sh /srv/healthcheck.sh
+ENTRYPOINT ["sh", "/srv/entrypoint.sh"]

bootstrap-image.sh

@@ -1,30 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Refuse to run without -x
-if [ "$1" != "-x" ]; then
-  exit 1
-fi
-
-# Upgrade packages & install dependencies
-apk --no-cache update && apk --no-cache upgrade
-apk --no-cache add alpine-sdk bison dns-root-hints expat-dev flex git openssl-dev
-
-# Clone Unbound source at given tag
-git clone --depth 1 --branch "release-${UNBOUND_VERSION}" https://github.com/NLnetLabs/unbound.git /tmp/unbound
-cd /tmp/unbound
-
-# Build Unbound
-sh configure
-make
-make install
-
-# Clean up dependencies
-make clean
-apk --purge del -r alpine-sdk bison expat-dev flex git openssl-dev
-
-# Prepare Unbound
-addgroup -S unbound
-adduser -S -G unbound unbound
-mkdir -p /srv/unbound/conf

entrypoint.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+echo 'Starting unbound...'
+unbound -V
+unbound -c /srv/unbound/unbound.conf -d

unbound.conf

@@ -59,5 +59,5 @@ server:
     access-control: 0.0.0.0/0 allow
 
     # Record used for container healthcheck
-    local-zone: "healthcheck.unbound" nodefault
+    local-zone: "healthrecord.unbound" nodefault
     local-data: "healthcheck.unbound. A 127.0.0.1"