From 1400c7875d22568adefa7e899a7793496f6b6573 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 5 May 2025 13:16:41 +0200 Subject: [PATCH 1/5] Change filename to -alpine / upgrade Ubuntu --- .github/workflows/docker-3.2.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-3.2.yml b/.github/workflows/docker-3.2.yml index a268ee9..01e3364 100644 --- a/.github/workflows/docker-3.2.yml +++ b/.github/workflows/docker-3.2.yml @@ -15,7 +15,7 @@ env: jobs: deploy: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Source checkout @@ -52,7 +52,7 @@ jobs: with: push: ${{ github.event_name != 'pull_request' }} context: . - file: Dockerfile.git + file: Dockerfile-alpine platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6,linux/ppc64le build-args: BUILD_VERSION cache-from: type=gha, scope=${{ github.workflow }} From 286bc150db08edce0f0a57a9bae560a650336c47 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 5 May 2025 13:23:06 +0200 Subject: [PATCH 2/5] rename file --- Dockerfile-alpine | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 Dockerfile-alpine diff --git a/Dockerfile-alpine b/Dockerfile-alpine new file mode 100644 index 0000000..5f1a848 --- /dev/null +++ b/Dockerfile-alpine @@ -0,0 +1,22 @@ +FROM alpine:3.21 AS base-alpine +RUN apk add --no-cache bash procps drill coreutils libidn curl socat openssl xxd \ + && addgroup testssl \ + && adduser -G testssl -g "testssl user" -s /bin/bash -D testssl \ + && ln -s /home/testssl/testssl.sh /usr/local/bin/testssl.sh + +USER testssl +ENTRYPOINT ["testssl.sh"] +CMD ["--help"] + +# Final image stage (add testssl.sh project files) +# Choose either one as the final stage (defaults to last stage, `dist-git`) + +# 30MB Image (Local repo copy from build context, uses `.dockerignore`): +FROM base-alpine AS dist-local +COPY --chown=testssl:testssl . /home/testssl/ + +# 38MB Image (Remote repo clone, cannot filter content through `.dockerignore`): +FROM base-alpine AS dist-git +ARG GIT_URL=https://github.com/testssl/testssl.sh.git +ARG GIT_BRANCH +ADD --chown=testssl:testssl ${GIT_URL}#${GIT_BRANCH?branch-required} /home/testssl From 84da65668337f9d4ccd127bea50e6299e34d13b6 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 5 May 2025 13:24:57 +0200 Subject: [PATCH 3/5] Change Dockerfile.git to -alpine / upgrade Ubuntu --- .github/workflows/unit_tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index b0dc06d..1d1be62 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -12,7 +12,7 @@ on: - '**.html' - 'LICENSE' - 'Dockerfile' - - 'Dockerfile.git' + - 'Dockerfile-alpine' permissions: contents: read @@ -22,7 +22,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: ['ubuntu-22.04'] + os: ['ubuntu-24.04'] perl: ['5.26'] name: Perl ${{ matrix.perl }} on ${{ matrix.os }} steps: From 74a261d2f0d7a58c1c52170195bc82e8a8a12589 Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 5 May 2025 13:25:25 +0200 Subject: [PATCH 4/5] remove file --- Dockerfile.git | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 Dockerfile.git diff --git a/Dockerfile.git b/Dockerfile.git deleted file mode 100644 index 5f1a848..0000000 --- a/Dockerfile.git +++ /dev/null @@ -1,22 +0,0 @@ -FROM alpine:3.21 AS base-alpine -RUN apk add --no-cache bash procps drill coreutils libidn curl socat openssl xxd \ - && addgroup testssl \ - && adduser -G testssl -g "testssl user" -s /bin/bash -D testssl \ - && ln -s /home/testssl/testssl.sh /usr/local/bin/testssl.sh - -USER testssl -ENTRYPOINT ["testssl.sh"] -CMD ["--help"] - -# Final image stage (add testssl.sh project files) -# Choose either one as the final stage (defaults to last stage, `dist-git`) - -# 30MB Image (Local repo copy from build context, uses `.dockerignore`): -FROM base-alpine AS dist-local -COPY --chown=testssl:testssl . /home/testssl/ - -# 38MB Image (Remote repo clone, cannot filter content through `.dockerignore`): -FROM base-alpine AS dist-git -ARG GIT_URL=https://github.com/testssl/testssl.sh.git -ARG GIT_BRANCH -ADD --chown=testssl:testssl ${GIT_URL}#${GIT_BRANCH?branch-required} /home/testssl From f09f742ee34ea158f0d8ef0028c8e0ac5b7b279f Mon Sep 17 00:00:00 2001 From: Dirk Date: Mon, 5 May 2025 20:11:12 +0200 Subject: [PATCH 5/5] fix gh action Not sure why this has been triggered though. # Failed test 'Check whether CSV output matches baseline file from testssl.sh' # at t/61_diff_testsslsh.t line 57. # # %s # @@ -1,5 +1,4 @@ # "id","fqdn/ip","port","severity","finding","cve","cwe" # -"engine_problem","/","443","WARN","No engine or GOST support via engine with your ./bin/openssl.Linux.x86_64","","" # "service","testssl.sh/81.169.166.184","443","INFO","HTTP","","" # "pre_128cipher","testssl.sh/81.169.166.184","443","INFO","No 128 cipher limit bug","","" # "SSLv2","testssl.sh/81.169.166.184","443","OK","not offered","","" # Looks like you failed 1 test of 1. t/61_diff_testsslsh.t .............. --- t/baseline_data/default_testssl.csvfile | 1 + 1 file changed, 1 insertion(+) diff --git a/t/baseline_data/default_testssl.csvfile b/t/baseline_data/default_testssl.csvfile index c5a14a8..6b52cfa 100644 --- a/t/baseline_data/default_testssl.csvfile +++ b/t/baseline_data/default_testssl.csvfile @@ -1,4 +1,5 @@ "id","fqdn/ip","port","severity","finding","cve","cwe" +"engine_problem","/","443","WARN","No engine or GOST support via engine with your ./bin/openssl.Linux.x86_64","","" "service","testssl.sh/81.169.166.184","443","INFO","HTTP","","" "pre_128cipher","testssl.sh/81.169.166.184","443","INFO","No 128 cipher limit bug","","" "SSLv2","testssl.sh/81.169.166.184","443","OK","not offered","",""