Merge pull request #2768 from polarathene/fix/ci-docker-3.2

ci(fix): 3.2 - Docker support adjustments

.github/workflows/docker-3.2.yml

@@ -5,12 +5,14 @@ on:
     branches:
       - 3.2
   workflow_dispatch:
+  # Every week at 8am on Mondays, publish the 3.2 branch:
+  # NOTE: `schedule` event is only triggered for the default branch:
+  # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#schedule
   schedule:
     - cron: "0 8 * * 1"
 
 env:
-  BUILD_VERSION: "3.2"
+  GIT_BRANCH: "3.2"
-  DOCKER_CLI_EXPERIMENTAL: enabled
 
 jobs:
 
@@ -23,7 +25,7 @@ jobs:
 
       - name: Setup QEMU
         id: qemu
-        uses: docker/setup-qemu-action@v3.6.0
+        uses: docker/setup-qemu-action@v3
 
       - name: Setup Buildx
         id: buildx
@@ -35,29 +37,30 @@ jobs:
         with:
           images: ${{ github.repository }}
           labels: |
-            org.opencontainers.image.version=${{ env.BUILD_VERSION }}
+            org.opencontainers.image.version=${{ env.GIT_BRANCH }}
             org.opencontainers.image.revision=${{ github.sha }}
             org.opencontainers.image.title=${{ github.repository }}
 
       - name: GitHub login
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v3.4.0
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ github.actor }}
+          username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v6.16.0
+        uses: docker/build-push-action@v6
         with:
           push: ${{ github.event_name != 'pull_request' }}
           context: .
-          file: Dockerfile-alpine
+          file: Dockerfile.alpine
           platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6,linux/ppc64le
-          build-args: BUILD_VERSION
+          build-args:
+            - GIT_BRANCH
           cache-from: type=gha, scope=${{ github.workflow }}
           cache-to: type=gha, scope=${{ github.workflow }}
           labels: ${{ steps.docker_meta.outputs.labels }}
           tags: |
-            ghcr.io/${{ github.repository }}:${{ env.BUILD_VERSION }}
+            ghcr.io/${{ github.repository }}:${{ env.GIT_BRANCH }}
             ghcr.io/${{ github.repository }}:latest

Dockerfile.md

@@ -17,11 +17,13 @@ Use a volume bind mount to a local host directory to access the files outside of
 docker run --rm -it -v /tmp:/data --workdir /data ghcr.io/testssl/testssl.sh:3.2 --htmlfile ./ example.com
 ```
 
-**NOTE:**
+> [!NOTE]
-- The UID/GID ownership of the file will be created by the container user `testssl` (`1000:1000`), with permissions `644`.
+> - The UID/GID ownership of the file will be created by the container user `testssl` (`1000:1000`), with permissions `644`.
-- Your host directory must permit the `testssl` container user or group to write to that host volume. You could alternatively use [`docker cp`](https://docs.docker.com/reference/cli/docker/container/cp/).
+> - Your host directory must permit the `testssl` container user or group to write to that host volume. You could alternatively use [`docker cp`](https://docs.docker.com/reference/cli/docker/container/cp/).
 
-### From DockerHub or GHCR
+## Images
+
+### Available at DockerHub and GHCR
 
 You can pull the image from either of these registries:
 - DockerHub: [`drwetter/testssl.sh`](https://hub.docker.com/r/drwetter/testssl.sh)
@@ -31,7 +33,7 @@ Supported tags:
 - `3.2` / `latest`
 - `3.0` is the old stable version ([soon to become EOL](https://github.com/testssl/testssl.sh/tree/3.0#status))
 
-### Building
+### Building the `testssl.sh` container image
 
 You can build with a standard `git clone` + `docker build`. Tagging the image will make it easier to reference.
 
@@ -41,26 +43,30 @@ git clone --branch 3.2 --depth 1 https://github.com/testssl/testssl.sh .
 docker build --tag localhost/testssl.sh:3.2 .
 ```
 
-There are two base images available:
+There are two base images supported:
-- `Dockerfile` (openSUSE Leap), glibc-based + faster.
+- openSUSE Leap ([`Dockerfile`](./Dockerfile)), glibc-based + faster.
-- `Dockerfile-alpine` (Alpine), musl-based + half the size.
+- Alpine ([`Dockerfile`](./Dockerfile.alpine)), musl-based + half the size.
 
-Alpine is made available if you need broarder platform support or an image about 30MB smaller at the expense of speed.
+The Alpine variant is made available if you need broarder platform support, or an image about 30MB smaller at the expense of slightly slower performance.
+
+#### Tip - Remote build context + `Dockerfile`
 
-#### Remote build context + `Dockerfile`
 You can build with a single command instead via:
 
 ```bash
 docker build --tag localhost/testssl.sh:3.2 https://github.com/testssl/testssl.sh.git#3.2
 ```
 
-This will produce a slightly larger image however as `.dockerignore` is not supported with remote build contexts.
+> [!NOTE]
+> This will produce a slightly larger image as [`.dockerignore` is not supported with remote build contexts](https://github.com/docker/buildx/issues/3169).
 
-If you would like to build the Alpine image instead this way, just provide the alternative `Dockerfile` via `--file`:
+---
+
+To build the Alpine image instead, additionally provide the ([alternative `Dockerfile`](./Dockerfile.alpine)) via the `--file` option:
 
 ```bash
 docker build \
   --tag localhost/testssl.sh:3.2-alpine \
-  --file https://raw.githubusercontent.com/testssl/testssl.sh/3.2/Dockerfile-alpine \
+  --file https://raw.githubusercontent.com/testssl/testssl.sh/3.2/Dockerfile.alpine \
   https://github.com/testssl/testssl.sh.git#3.2
 ```