diff --git a/.dockerignore b/.dockerignore index 1ff16c577e9..062169dc115 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1 @@ -* !coredns diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 890eb28a54a..5058b9345d8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,12 +8,12 @@ updates: groups: dev-dependencies: patterns: - - "*" + - "*" - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "monthly" groups: dev-dependencies: patterns: - - "*" + - "*" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000000..5b5a9bd2b1b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,52 @@ +--- +name: ci +on: + push: + branches: [ master ] + tags: [ v* ] + pull_request: + branches: [ master ] +jobs: + test: + name: test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + with: + go-version: '^1.20.0' + - run: go test -v ./... -covermode=atomic -coverprofile=coverage.out + - uses: codecov/codecov-action@v1 + with: + files: coverage.out + docker: + name: docker + runs-on: ubuntu-latest + needs: + - test + steps: + - uses: actions/checkout@v2 + - uses: docker/setup-qemu-action@v1 + - uses: docker/setup-buildx-action@v1 + - uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: docker/metadata-action@v3 + id: meta + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + - uses: docker/build-push-action@v2 + with: + file: "Dockerfile" + context: . + platforms: linux/amd64 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml deleted file mode 100644 index 1cc71736981..00000000000 --- a/.github/workflows/cifuzz.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: CIFuzz -on: - pull_request: - branches: - - master -jobs: - Fuzzing: - runs-on: ubuntu-latest - steps: - - name: Build Fuzzers - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # cifuzz can't be pinned https://github.com/google/oss-fuzz/issues/6836 - with: - oss-fuzz-project-name: "go-coredns" - dry-run: false - - name: Run Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master # cifuzz can't be pinned - with: - oss-fuzz-project-name: "go-coredns" - fuzz-seconds: 600 - dry-run: false - - name: Upload Crash - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 - if: failure() && steps.build.outcome == 'success' - with: - name: artifacts - path: ./out/artifacts diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index e157cc0e5bd..00000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - schedule: - - cron: '22 10 * * 4' - -permissions: - contents: read - -jobs: - analyze: - permissions: - actions: read # for github/codeql-action/init to get workflow details - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/autobuild to send a status report - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml deleted file mode 100644 index a6a5dee74c7..00000000000 --- a/.github/workflows/depsreview.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: 'Dependency Review' -on: [pull_request] - -permissions: - contents: read - -jobs: - dependency-review: - runs-on: ubuntu-latest - steps: - - name: 'Checkout Repository' - uses: actions/checkout@v4 - - name: 'Dependency Review' - uses: actions/dependency-review-action@fde92acd0840415674c16b39c7d703fc28bc511e diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index a74b81b6d73..00000000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Docker Release - -on: - release: - types: [published] - workflow_dispatch: - inputs: - release: - description: "Release (e.g., v1.9.0)" - required: true - -permissions: - contents: read - -jobs: - docker-release: - runs-on: ubuntu-latest - env: - DOCKER_LOGIN: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} - RELEASE: ${{ github.event.inputs.release || github.event.release.tag_name }} - steps: - - uses: actions/checkout@v4 - - name: Build Docker Images - run: make VERSION=${RELEASE:1} DOCKER=coredns -f Makefile.docker release - - name: Show Docker Images - run: docker images - - name: Publish Docker Images - run: make VERSION=${RELEASE:1} DOCKER=coredns -f Makefile.docker docker-push diff --git a/.github/workflows/go.coverage.yml b/.github/workflows/go.coverage.yml deleted file mode 100644 index e2ab1b2e42c..00000000000 --- a/.github/workflows/go.coverage.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Go Coverage -on: [pull_request] -permissions: - contents: read - -jobs: - test: - name: Coverage - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Install Go - uses: actions/setup-go@v4 - with: - go-version: '~1.21.0' - id: go - - - name: Build - run: go build -v ./... - - - name: Test With Coverage - run: | - go install github.com/fatih/faillint@latest - for d in request core coremain plugin test; do \ - ( cd $d; go test -coverprofile=cover.out -covermode=atomic -race ./...; [ -f cover.out ] && cat cover.out >> ../coverage.txt ); \ - done - - - name: Upload coverage to Codecov - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d diff --git a/.github/workflows/go.test.yml b/.github/workflows/go.test.yml deleted file mode 100644 index ea55583f4ef..00000000000 --- a/.github/workflows/go.test.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: Go Tests -on: [push, pull_request] -permissions: - contents: read - -jobs: - test: - name: Test - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Install Go - uses: actions/setup-go@v4 - with: - go-version: '~1.21.0' - id: go - - - name: Build - run: go build -v ./... - - - name: Test - run: | - ( cd request; go test -race ./... ) - ( cd core; go test -race ./... ) - ( cd coremain; go test -race ./... ) - - test-plugins: - name: Test Plugins - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Install Go - uses: actions/setup-go@v4 - with: - go-version: '~1.21.0' - id: go - - - name: Build - run: go build -v ./... - - - name: Test - run: ( cd plugin; go test -race ./... ) - - test-e2e: - name: Test e2e - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Install Go - uses: actions/setup-go@v4 - with: - go-version: '~1.21.0' - id: go - - - name: Build - run: go build -v ./... - - - name: Test - run: | - go install github.com/fatih/faillint@latest - ( cd test; go test -race ./... ) - - test-makefile-release: - name: Test Makefile.release - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Install dependencies - run: sudo apt-get install make curl - - - name: Test Makefile.release - run: make GITHUB_ACCESS_TOKEN=x -n release github-push -f Makefile.release - - - name: Test Makefile.docker - run: make VERSION=x DOCKER=x -n release docker-push -f Makefile.docker diff --git a/.github/workflows/make.doc.yml b/.github/workflows/make.doc.yml deleted file mode 100644 index 19faede9056..00000000000 --- a/.github/workflows/make.doc.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Make Doc - -on: - schedule: - - cron: '22 10 * * 0' - -permissions: read-all - -jobs: - fix: - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Go - uses: actions/setup-go@v4 - with: - go-version: '~1.21.0' - - - name: Update Docs - run: | - bash -x -e ./.github/fixup_file_mtime.sh - make -f Makefile.doc - - - name: Set up Git - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - git config user.name "coredns[bot]" - git config user.email "bot@bot.coredns.io" - git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git - - - name: Commit and push changes - run: | - git add . - if output=$(git status --porcelain) && [ ! -z "$output" ]; then - git commit -s -m 'auto make -f Makefile.doc' - git push - fi diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 26481291344..00000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: Release - -on: - workflow_dispatch: - inputs: - commit: - description: "Commit (e.g., 52f0348)" - default: "master" - -jobs: - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - with: - ref: ${{ github.event.inputs.commit }} - - name: Set up info - run: | - set -x -e - VERSION=$(make -f Makefile.release version) - COMMIT=$(git rev-parse --quiet --verify ${{ github.event.inputs.commit }}) - if [[ "$(git tag -l v${VERSION})" == "v${VERSION}" ]]; then - echo "v${VERSION} already released" - exit 1 - fi - echo "commit=${COMMIT}" >> $GITHUB_OUTPUT - echo "version=${VERSION}" >> $GITHUB_OUTPUT - id: info - - name: Build release binary - run: make -f Makefile.release release - - name: Build release binary sha256 - run: (cd release; for asset in `ls -A *tgz`; do sha256sum $asset > $asset.sha256; done) - - name: Remove hidden section - run: sed '/+++/,//d' notes/coredns-${{ steps.info.outputs.version}}.md > release.md - - name: Log release info - run: | - set -x -e - git log -1 - echo ${{ steps.info.outputs.commit }} - echo ${{ steps.info.outputs.version }} - cat release.md - sha256sum release/*.tgz - - name: Draft release - uses: softprops/action-gh-release@v1 - with: - body_path: release.md - name: v${{ steps.info.outputs.version }} - tag_name: v${{ steps.info.outputs.version }} - target_commitish: ${{ steps.info.outputs.commit }} - files: | - release/*.tgz - release/*.tgz.sha256 - draft: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml deleted file mode 100644 index 19bc896c641..00000000000 --- a/.github/workflows/scorecards.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: Scorecards supply-chain security -on: - # Only the default branch is supported. - branch_protection_rule: - schedule: - - cron: '36 10 * * 3' - push: - branches: [ master ] - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecards analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - actions: read - contents: read - id-token: write - - steps: - - name: "Checkout code" - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 - with: - results_file: results.sarif - results_format: sarif - # Read-only PAT token. To create it, - # follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation. - repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - # Publish the results to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, - # regardless of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). - - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a - with: - sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 7ffc8083ddd..00000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: 'Close Stale Issues and PRs' -on: - schedule: - - cron: '30 1 * * *' - -permissions: - contents: read - -jobs: - stale: - permissions: - issues: write # for actions/stale to close stale issues - pull-requests: write # for actions/stale to close stale PRs - runs-on: ubuntu-latest - steps: - - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 - with: - stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days' - stale-pr-message: 'This pull request is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days' - days-before-stale: 30 - days-before-close: 7 - exempt-issue-labels: 'enhancement' - exempt-all-milestones: true - labels-to-remove-when-unstale: 'answered,needs info,needs update' - any-of-issue-labels: 'answered,needs info' - any-of-pr-labels: 'needs update,needs info' diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml deleted file mode 100644 index 8dd7dfc8530..00000000000 --- a/.github/workflows/trivy-scan.yaml +++ /dev/null @@ -1,33 +0,0 @@ -name: Trivy Nightly Scan -on: - schedule: - - cron: '0 2 * * 5' # Run at 2AM UTC on every Friday - -permissions: read-all -jobs: - nightly-scan: - name: Trivy Scan nightly - strategy: - fail-fast: false - matrix: - # It will test for only the latest version as older version is not maintained - versions: [latest] - permissions: - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # master - with: - image-ref: 'docker.io/coredns/coredns:${{ matrix.versions }}' - severity: 'CRITICAL,HIGH' - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 - with: - sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml deleted file mode 100644 index 918d56f33d4..00000000000 --- a/.github/workflows/yamllint.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: 'Yamllint GitHub Actions' -on: - - pull_request -permissions: read-all -jobs: - yamllint: - name: 'Yamllint' - runs-on: ubuntu-latest - steps: - - name: 'Checkout' - uses: actions/checkout@v4 - - name: 'Yamllint' - uses: karancode/yamllint-github-action@fdef6bc189425ecc84cc4543b2674566c0827053 - with: - yamllint_file_or_dir: '.' - yamllint_strict: false - yamllint_comment: true - env: - GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index f75519b4b2e..d42f6b93a65 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,22 @@ -ARG DEBIAN_IMAGE=debian:stable-slim -ARG BASE=gcr.io/distroless/static-debian11:nonroot -FROM --platform=$BUILDPLATFORM ${DEBIAN_IMAGE} AS build -SHELL [ "/bin/sh", "-ec" ] +#build stage +FROM golang:1.20 AS builder +RUN mkdir -p /go/src/app +COPY go.sum go.mod /go/src/app/ +WORKDIR /go/src/app +RUN go mod download -RUN export DEBCONF_NONINTERACTIVE_SEEN=true \ - DEBIAN_FRONTEND=noninteractive \ - DEBIAN_PRIORITY=critical \ - TERM=linux ; \ - apt-get -qq update ; \ - apt-get -yyqq upgrade ; \ - apt-get -yyqq install ca-certificates libcap2-bin; \ - apt-get clean -COPY coredns /coredns -RUN setcap cap_net_bind_service=+ep /coredns +COPY . /go/src/app +RUN make + +FROM debian:stable-slim AS slim + +RUN apt-get update && apt-get -uy upgrade +RUN apt-get -y install ca-certificates && update-ca-certificates + +FROM scratch +COPY --from=slim /etc/ssl/certs /etc/ssl/certs +WORKDIR / +COPY --from=builder /go/src/app/coredns /coredns -FROM --platform=$TARGETPLATFORM ${BASE} -COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -COPY --from=build /coredns /coredns -USER nonroot:nonroot EXPOSE 53 53/udp ENTRYPOINT ["/coredns"] diff --git a/README.md b/README.md index c20ffead6a0..6d81b72f665 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ CoreDNS is a DNS server/forwarder, written in Go, that chains [plugins](https://coredns.io/plugins). Each plugin performs a (DNS) function. +This version has two plugin more than default named aaaa and retry. CoreDNS is a [Cloud Native Computing Foundation](https://cncf.io) graduated project. diff --git a/plugin.cfg b/plugin.cfg index e2d18fe563a..adff800272b 100644 --- a/plugin.cfg +++ b/plugin.cfg @@ -60,15 +60,17 @@ azure:azure clouddns:clouddns k8s_external:k8s_external kubernetes:kubernetes +retry:github.com/snapp-incubator/coredns-plugins/retry +fanout:github.com/snapp-incubator/fanout file:file auto:auto secondary:secondary etcd:etcd +etcdnx:github.com/snapp-incubator/coredns-plugins/etcdnx loop:loop -retry:github.com/snapp-incubator/coredns-plugins/retry -fanout:github.com/snapp-incubator/fanout forward:forward grpc:grpc +https:github.com/snapp-incubator/coredns-plugins/https erratic:erratic whoami:whoami on:github.com/coredns/caddy/onevent