Updated workflow actions, now all images running with user nginx or uid 10001

.gitea/workflows/alpine-dockerio.yaml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   build:
-    name: Build and push image (root user)
+    name: Build and push image
     runs-on: ubuntu-latest
     container:
       image: ghcr.io/catthehacker/ubuntu:act-latest
@@ -19,42 +19,36 @@ jobs:
           registry: docker.io
           username: aprimediet
           password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push
+      - name: Build and push 1.22
         uses: docker/build-push-action@v5
         with:
           context: .
           file: Dockerfile.alpine
           build-args: |
-            REGISTRY_URL=aprimediet
+            ALPINE_VERSION=3.17
           push: true
           tags: |
-            aprimediet/nginx:alpine
+            aprimediet/nginx:1.22-alpine
-            aprimediet/nginx:latest-alpine
+      - name: Build and push 1.24
-            aprimediet/nginx:latest
-  build-rootless:
-    name: Build and push image (rootless)
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Login to docker.io Registry
-        uses: docker/login-action@v3
-        with:
-          registry: docker.io
-          username: aprimediet
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push
         uses: docker/build-push-action@v5
         with:
           context: .
-          file: Dockerfile.alpine-rootless
+          file: Dockerfile.alpine
           build-args: |
-            REGISTRY_URL=aprimediet
+            ALPINE_VERSION=3.19
           push: true
           tags: |
-            aprimediet/nginx:rootless-alpine
+            aprimediet/nginx:1.24-alpine
-            aprimediet/nginx:rootless
+      - name: Build and push 1.26
-            aprimediet/nginx:latest-rootless-alpine
+        uses: docker/build-push-action@v5
-            aprimediet/nginx:latest-rootless
+        with:
+          context: .
+          file: Dockerfile.alpine
+          build-args: |
+            ALPINE_VERSION=3.21
+          push: true
+          tags: |
+            aprimediet/nginx:1.26-alpine
+            aprimediet/nginx:1.26
+            aprimediet/nginx:alpine
+            aprimediet/nginx:latest

.gitea/workflows/alpine-winter.yaml

@@ -1,4 +1,4 @@
-name: Build and Push Alpine NodeJS Image to Winter Access Registry
+name: Build and Push Alpine NGINX Image to docker.io Registry
 on:
   push:
     branches:
@@ -6,51 +6,52 @@ on:
 
 jobs:
   build:
-    name: Build and push image (Root User)
+    name: Build and push image
     runs-on: ubuntu-latest
     container:
       image: ghcr.io/catthehacker/ubuntu:act-latest
     steps:
       - name: Check out repository code
         uses: actions/checkout@v3
-      - name: Login to Docker Winter Access Git Registry
+      - name: Login to docker.io Registry
         uses: docker/login-action@v3
         with:
           registry: git.winteraccess.id
-          username: aditya.prima
+          username: ${{ vars.REGISTRY_USERNAME }}
-          password: ${{ secrets.PATOKEN }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
-      - name: Build and push
+      - name: Build and push 1.22
         uses: docker/build-push-action@v5
         with:
           context: .
           file: Dockerfile.alpine
+          build-args: |
+            REGISTRY_URL=git.winteraccess.id/docker
+            ALPINE_VERSION=3.17
           push: true
           tags: |
-            git.winteraccess.id/${{ gitea.repository }}:alpine
+            git.winteraccess.id/${{ gitea.repository }}:1.22-alpine
-            git.winteraccess.id/${{ gitea.repository }}:latest-alpine
+      - name: Build and push 1.24
-            git.winteraccess.id/${{ gitea.repository }}:latest
-  build-rootless:
-    name: Build and push image (rootless)
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Login to Docker Winter Access Git Registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.winteraccess.id
-          username: aditya.prima
-          password: ${{ secrets.PATOKEN }}
-      - name: Build and push
         uses: docker/build-push-action@v5
         with:
           context: .
-          file: Dockerfile.alpine-rootless
+          file: Dockerfile.alpine
+          build-args: |
+            REGISTRY_URL=git.winteraccess.id/docker
+            ALPINE_VERSION=3.19
           push: true
           tags: |
-            git.winteraccess.id/${{ gitea.repository }}:rootless-alpine
+            git.winteraccess.id/${{ gitea.repository }}:1.24-alpine
-            git.winteraccess.id/${{ gitea.repository }}:rootless
+      - name: Build and push 1.26
-            git.winteraccess.id/${{ gitea.repository }}:latest-rootless-alpine
+        uses: docker/build-push-action@v5
-            git.winteraccess.id/${{ gitea.repository }}:latest-rootless
+        with:
+          context: .
+          file: Dockerfile.alpine
+          build-args: |
+            REGISTRY_URL=git.winteraccess.id/docker
+            ALPINE_VERSION=3.21
+          push: true
+          tags: |
+            git.winteraccess.id/${{ gitea.repository }}:1.26-alpine
+            git.winteraccess.id/${{ gitea.repository }}:1.26
+            git.winteraccess.id/${{ gitea.repository }}:alpine
+            git.winteraccess.id/${{ gitea.repository }}:latest

.gitea/workflows/ubi9-dockerio.yaml

@@ -0,0 +1,79 @@
+name: Build and Push Alpine NGINX Image to docker.io Registry
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Build and push ubi9 image
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Login to docker.io Registry
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: aprimediet
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Build and push 1.22
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9
+          build-args: |
+            NGINX_VERSION=1.22
+          push: true
+          tags: |
+            aprimediet/nginx:1.22-ubi9
+      - name: Build and push 1.24
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9
+          build-args: |
+            NGINX_VERSION=1.24
+          push: true
+          tags: |
+            aprimediet/nginx:1.24-ubi9
+            aprimediet/nginx:ubi9
+  build-micro:
+    name: Build and push ubi9-micro image
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    needs:
+      - build
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Login to docker.io Registry
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: aprimediet
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Build and push 1.22
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9-micro
+          build-args: |
+            NGINX_VERSION=1.22
+          push: true
+          tags: |
+            aprimediet/nginx:1.22-ubi9-micro
+      - name: Build and push 1.24
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9-micro
+          build-args: |
+            NGINX_VERSION=1.24
+          push: true
+          tags: |
+            aprimediet/nginx:1.24-ubi9-micro
+            aprimediet/nginx:ubi9-micro

.gitea/workflows/ubi9-winter.yaml

@@ -0,0 +1,79 @@
+name: Build and Push Alpine NGINX Image to git.winteraccess.id Registry
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Build and push ubi9 image
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Login to git.winteraccess.id Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.winteraccess.id
+          username: ${{ vars.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Build and push 1.22
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9
+          build-args: |
+            NGINX_VERSION=1.22
+          push: true
+          tags: |
+            git.winteraccess.id/${{ gitea.repository }}:1.22-ubi9
+      - name: Build and push 1.24
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9
+          build-args: |
+            NGINX_VERSION=1.24
+          push: true
+          tags: |
+            git.winteraccess.id/${{ gitea.repository }}:1.24-ubi9
+            git.winteraccess.id/${{ gitea.repository }}:ubi9
+  build-micro:
+    name: Build and push ubi9-micro image
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    needs:
+      - build
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Login to git.winteraccess.id Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.winteraccess.id
+          username: ${{ vars.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Build and push 1.22
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9-micro
+          build-args: |
+            NGINX_VERSION=1.22
+          push: true
+          tags: |
+            git.winteraccess.id/${{ gitea.repository }}:1.22-ubi9-micro
+      - name: Build and push 1.24
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9-micro
+          build-args: |
+            NGINX_VERSION=1.24
+          push: true
+          tags: |
+            git.winteraccess.id/${{ gitea.repository }}:1.24-ubi9-micro
+            git.winteraccess.id/${{ gitea.repository }}:ubi9-micro

Dockerfile.alpine

@@ -1,7 +1,7 @@
 # 1.22.1 Alpine 3.17
 # 1.24.0 Alpine 3.19
 # 1.26.2 Alpine 3.21
-ARG REGISTRY_URL=git.winteraccess.id/docker
+ARG REGISTRY_URL=docker.io/aprimediet
 ARG ALPINE_VERSION=3.21
 
 FROM ${REGISTRY_URL}/alpine:${ALPINE_VERSION}
@@ -9,34 +9,33 @@ LABEL maintainer="<Muhamad Aditya Prima> aprimediet@gmail.com"
 
 USER root
 
-WORKDIR /app
-
 # Add nginx user and group
-RUN addgroup -g 10001 nginx && adduser -D -u 10001 -G nginx -s /sbin/nologin -h /app nginx
+RUN addgroup -g 10001 nginx && \
+    adduser -D -u 10001 -G nginx -s /sbin/nologin -h /app nginx && \
+    mkdir -p /var/run/nginx && \
+    chown nginx:nginx /var/run/nginx
 
 # INSTALL WGET AND REQUIRED BUILD TOOLS
 RUN --mount=type=cache,target=/var/cache/apk \
     apk update && apk upgrade && apk add \
-    nginx nginx-mod-http-naxsi
+    nginx
 
 # COPY CONFIGURATION FILES
-ADD ./etc/nginx/nginx-rootless.conf /etc/nginx/nginx.conf
+ADD ./etc/alpine /etc/nginx
-ADD ./etc/nginx/naxsi_core.rules /etc/nginx/
+ADD ./app /app
-ADD ./etc/nginx/proxy_params /etc/nginx/
-ADD ./etc/nginx/ssl_params /etc/nginx/
-ADD ./etc/nginx/conf.d /etc/nginx/conf.d
-
-ADD ./app .
 
 RUN chown -R nginx:nginx /app && \
     chown -R nginx:nginx /var/lib/nginx
 
 # CLEAR CACHE
 RUN apk del curl && \
-    rm -rf /var/cache/apk/*
+    rm -rf /var/cache/apk/* && \
+    rm -rf /etc/nginx/http.d
 
 USER nginx
 
-CMD ["nginx"]
+WORKDIR /app
 
-EXPOSE 80
+EXPOSE 80
+
+CMD ["nginx"]