Now added entrypoint scripts, and refactored workflow actions

.dockerignore

@@ -0,0 +1 @@
+parameters

.gitea/workflows/alpine-dockerio.yaml

@@ -1,56 +0,0 @@
-name: Build and Push Alpine NGINX Image to docker.io Registry
-on:
-  push:
-    branches:
-      - master
-
-jobs:
-  build:
-    name: Build and push image
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Login to docker.io Registry
-        uses: docker/login-action@v3
-        with:
-          registry: docker.io
-          username: aprimediet
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push 1.22
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.alpine
-          build-args: |
-            ALPINE_VERSION=3.17
-          push: true
-          tags: |
-            aprimediet/nginx:1.22-alpine
-            aprimediet/nginx:1.22
-      - name: Build and push 1.24
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.alpine
-          build-args: |
-            ALPINE_VERSION=3.19
-          push: true
-          tags: |
-            aprimediet/nginx:1.24-alpine
-            aprimediet/nginx:1.24
-      - name: Build and push 1.26
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.alpine
-          build-args: |
-            ALPINE_VERSION=3.21
-          push: true
-          tags: |
-            aprimediet/nginx:1.26-alpine
-            aprimediet/nginx:1.26
-            aprimediet/nginx:alpine
-            aprimediet/nginx:latest

.gitea/workflows/alpine-winter.yaml

@@ -1,59 +0,0 @@
-name: Build and Push Alpine NGINX Image to docker.io Registry
-on:
-  push:
-    branches:
-      - master
-
-jobs:
-  build:
-    name: Build and push image
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Login to docker.io Registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.winteraccess.id
-          username: ${{ vars.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
-      - name: Build and push 1.22
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.alpine
-          build-args: |
-            REGISTRY_URL=git.winteraccess.id/docker
-            ALPINE_VERSION=3.17
-          push: true
-          tags: |
-            git.winteraccess.id/${{ gitea.repository }}:1.22-alpine
-            git.winteraccess.id/${{ gitea.repository }}:1.22
-      - name: Build and push 1.24
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.alpine
-          build-args: |
-            REGISTRY_URL=git.winteraccess.id/docker
-            ALPINE_VERSION=3.19
-          push: true
-          tags: |
-            git.winteraccess.id/${{ gitea.repository }}:1.24-alpine
-            git.winteraccess.id/${{ gitea.repository }}:1.24
-      - name: Build and push 1.26
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.alpine
-          build-args: |
-            REGISTRY_URL=git.winteraccess.id/docker
-            ALPINE_VERSION=3.21
-          push: true
-          tags: |
-            git.winteraccess.id/${{ gitea.repository }}:1.26-alpine
-            git.winteraccess.id/${{ gitea.repository }}:1.26
-            git.winteraccess.id/${{ gitea.repository }}:alpine
-            git.winteraccess.id/${{ gitea.repository }}:latest

.gitea/workflows/alpine.yaml

@@ -0,0 +1,85 @@
+name: Build and push Nginx on alpine based container images
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Build nginx container images
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    strategy:
+      matrix:
+        version:
+          - alpine: "3.17"
+            nginx: "1.22.1"
+            nginx_short: "1.22"
+          - alpine: "3.19"
+            nginx: "1.24.0"
+            nginx_short: "1.24"
+          - alpine: "3.21"
+            nginx: "1.26.2"
+            nginx_short: "1.26"
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Login to docker.io
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      # - name: Set up QEMU
+      #   uses: docker/setup-qemu-action@v3
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push nginx on alpine base
+        uses: docker/build-push-action@v5
+        with:
+          # platforms: linux/amd64,linux/arm64
+          push: true
+          context: .
+          file: Dockerfile.alpine
+          build-args: |
+            ALPINE_VERSION=${{ matrix.version.alpine }}
+            NGINX_VERSION=${{ matrix.version.nginx }}
+          tags: |
+            ${{ vars.DOCKERHUB_USERNAME }}/nginx:${{ matrix.version.nginx }}-alpine
+            ${{ vars.DOCKERHUB_USERNAME }}/nginx:${{ matrix.version.nginx_short }}-alpine
+      - name: Scan container image with Trivy
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: '${{ vars.DOCKERHUB_USERNAME }}/nginx:${{ matrix.version.nginx }}-alpine'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+  build-latest:
+    name: Build latest nginx alpine based container images
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Login to docker.io
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      # - name: Set up QEMU
+      #   uses: docker/setup-qemu-action@v3
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push latest nginx
+        uses: docker/build-push-action@v5
+        with:
+          # platforms: linux/amd64,linux/arm64
+          push: true
+          context: .
+          file: Dockerfile.alpine
+          tags: |
+            ${{ vars.DOCKERHUB_USERNAME }}/nginx:alpine
+            ${{ vars.DOCKERHUB_USERNAME }}/nginx:latest

.gitea/workflows/ubi9-dockerio.yaml

@@ -1,79 +0,0 @@
-name: Build and Push Alpine NGINX Image to docker.io Registry
-on:
-  push:
-    branches:
-      - master
-
-jobs:
-  build:
-    name: Build and push ubi9 image
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Login to docker.io Registry
-        uses: docker/login-action@v3
-        with:
-          registry: docker.io
-          username: aprimediet
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push 1.22
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.ubi9
-          build-args: |
-            NGINX_VERSION=1.22
-          push: true
-          tags: |
-            aprimediet/nginx:1.22-ubi9
-      - name: Build and push 1.24
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.ubi9
-          build-args: |
-            NGINX_VERSION=1.24
-          push: true
-          tags: |
-            aprimediet/nginx:1.24-ubi9
-            aprimediet/nginx:ubi9
-  build-micro:
-    name: Build and push ubi9-micro image
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    needs:
-      - build
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Login to docker.io Registry
-        uses: docker/login-action@v3
-        with:
-          registry: docker.io
-          username: aprimediet
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push 1.22
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.ubi9-micro
-          build-args: |
-            NGINX_VERSION=1.22
-          push: true
-          tags: |
-            aprimediet/nginx:1.22-ubi9-micro
-      - name: Build and push 1.24
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.ubi9-micro
-          build-args: |
-            NGINX_VERSION=1.24
-          push: true
-          tags: |
-            aprimediet/nginx:1.24-ubi9-micro
-            aprimediet/nginx:ubi9-micro

.gitea/workflows/ubi9-winter.yaml

@@ -1,83 +0,0 @@
-name: Build and Push Alpine NGINX Image to git.winteraccess.id Registry
-on:
-  push:
-    branches:
-      - master
-
-jobs:
-  build:
-    name: Build and push ubi9 image
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Login to git.winteraccess.id Registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.winteraccess.id
-          username: ${{ vars.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
-      - name: Build and push 1.22
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.ubi9
-          build-args: |
-            REGISTRY_URL=git.winteraccess.id/docker
-            NGINX_VERSION=1.22
-          push: true
-          tags: |
-            git.winteraccess.id/${{ gitea.repository }}:1.22-ubi9
-      - name: Build and push 1.24
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.ubi9
-          build-args: |
-            REGISTRY_URL=git.winteraccess.id/docker
-            NGINX_VERSION=1.24
-          push: true
-          tags: |
-            git.winteraccess.id/${{ gitea.repository }}:1.24-ubi9
-            git.winteraccess.id/${{ gitea.repository }}:ubi9
-  build-micro:
-    name: Build and push ubi9-micro image
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    needs:
-      - build
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Login to git.winteraccess.id Registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.winteraccess.id
-          username: ${{ vars.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
-      - name: Build and push 1.22
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.ubi9-micro
-          build-args: |
-            REGISTRY_URL=git.winteraccess.id/docker
-            NGINX_VERSION=1.22
-          push: true
-          tags: |
-            git.winteraccess.id/${{ gitea.repository }}:1.22-ubi9-micro
-      - name: Build and push 1.24
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile.ubi9-micro
-          build-args: |
-            REGISTRY_URL=git.winteraccess.id/docker
-            NGINX_VERSION=1.24
-          push: true
-          tags: |
-            git.winteraccess.id/${{ gitea.repository }}:1.24-ubi9-micro
-            git.winteraccess.id/${{ gitea.repository }}:ubi9-micro

Dockerfile.alpine

@@ -1,41 +1,59 @@
 # 1.22.1 Alpine 3.17
 # 1.24.0 Alpine 3.19
 # 1.26.2 Alpine 3.21
-ARG REGISTRY_URL=docker.io/aprimediet
 ARG ALPINE_VERSION=3.21
 
-FROM ${REGISTRY_URL}/alpine:${ALPINE_VERSION}
+FROM docker.io/aprimediet/alpine:${ALPINE_VERSION} AS builder
 LABEL maintainer="<Muhamad Aditya Prima> aprimediet@gmail.com"
 
 USER root
 
-# Add nginx user and group
-RUN addgroup -g 10001 nginx && \
-    adduser -D -u 10001 -G nginx -s /sbin/nologin -h /app nginx && \
-    mkdir -p /var/run/nginx && \
-    chown nginx:nginx /var/run/nginx
+ENV NGINX_ROOT_DIR=/app
 
-# INSTALL WGET AND REQUIRED BUILD TOOLS
-RUN --mount=type=cache,target=/var/cache/apk \
-    apk update && apk upgrade && apk add \
-    nginx
+# Add nginx user and group and install nginx
+RUN /usr/sbin/addgroup -g 10001 nginx; \
+    /usr/sbin/adduser -D -u 10001 -G nginx -s /sbin/nologin -h ${NGINX_ROOT_DIR}/htdocs nginx; \
+    /sbin/apk --no-cache upgrade; \
+    /sbin/apk --no-cache --update add \
+        nginx;
 
-# COPY CONFIGURATION FILES
-ADD ./etc/alpine /etc/nginx
-ADD ./app /app
+# Required files
+ADD ./etc/nginx /etc/nginx
+ADD ./scripts/entrypoint.sh /usr/local/bin/
+ADD ./htdocs /app/htdocs
 
-RUN chown -R nginx:nginx /app && \
-    chown -R nginx:nginx /var/lib/nginx
+RUN /bin/chmod +x /usr/local/bin/entrypoint.sh; \
+    /bin/chown -R nginx:nginx /app ; \
+    /sbin/apk del curl ; \
+    /bin/rm -rf /var/cache/apk/* ;
 
-# CLEAR CACHE
-RUN apk del curl && \
-    rm -rf /var/cache/apk/* && \
-    rm -rf /etc/nginx/http.d
+FROM scratch
+
+ARG NGINX_VERSION=1.26.2
+
+ENV NGINX_VERSION=${NGINX_VERSION}
+
+LABEL maintainer="Muhamad Aditya Prima <aprimediet@gmail.com>"
+LABEL name="nginx"
+LABEL version="${NGINX_VERSION}"
+LABEL distribution-scope="public"
+
+#labels for container catalog
+LABEL summary="Nginx ${NGINX_VERSION} on alpine based container image"
+LABEL description="Provide nginx on alpine based container base image"
+LABEL io.k8s.description="Very small alpine linux container image"
+LABEL io.k8s.display-name="Nginx ${NGINX_VERSION}"
+
+COPY --from=builder / /
 
 USER nginx
 
-WORKDIR /app
+WORKDIR /app/htdocs
 
 EXPOSE 80
 
-CMD ["nginx"]
+STOPSIGNAL SIGQUIT
+
+# ENTRYPOINT ["/bin/sh"]
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

Dockerfile.ubi9-micro

@@ -10,6 +10,11 @@ LABEL maintainer="<Muhamad Aditya Prima> aprimediet@gmail.com"
 
 USER root
 
+# Create user and group
+RUN echo "nginx:x:10001:" >> /etc/group && \
+    echo "nginx:x:10001:10001:nginx:/app:/sbin/nologin" >> /etc/passwd && \
+    echo "nginx:!!:20070::::::" >> /etc/shadow
+
 # Create nginx run and logs directory
 RUN mkdir -p /var/run/nginx && \
     mkdir -p /var/log/nginx && \

etc/alpine/nginx.conf

@@ -8,7 +8,7 @@ worker_rlimit_nofile 100000;
 
 # Set log to stderr
 error_log stderr warn;
-pid       /var/run/nginx/nginx.pid;
+pid       #NGINX_RUN_DIR#/nginx.pid;
 
 include /etc/nginx/modules/*.conf;
 
@@ -19,6 +19,7 @@ events {
 http {
   include /etc/nginx/mime.types;
   default_type application/octet-stream;
+
   server_tokens off;
   keepalive_timeout 15;
   sendfile on;
@@ -64,5 +65,29 @@ http {
   # gzip_types text/plain application/x-javascript text/xml text/css application/xml;
   gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/bmp;
 
+  server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    server_name _;
+    root #NGINX_ROOT_DIR#;
+    index index.html;
+
+    error_log stderr warn;
+
+    location / {
+      try_files $uri $uri/ index.html;
+    }
+
+    #NGINX_ENABLE_STATIC_CACHE#location ~* .(jpg|jpeg|png|gif|ico|css|js|flv|mp4)$ {
+    #NGINX_ENABLE_STATIC_CACHE#  expires 30d;
+    #NGINX_ENABLE_STATIC_CACHE#}
+
+    #NGINX_ENABLE_STUB#location /nginx-status {
+    #NGINX_ENABLE_STUB#  stub_status on;
+    #NGINX_ENABLE_STUB#  allow all;
+    #NGINX_ENABLE_STUB#}
+  }
+  
   include /etc/nginx/conf.d/*.conf;
 }

etc/nginx/nginx.conf

@@ -0,0 +1,93 @@
+# /etc/nginx/nginx.conf
+
+# Do not start as daemon
+daemon off;
+
+worker_processes auto;
+worker_rlimit_nofile 100000;
+
+# Set log to stderr
+error_log stderr warn;
+pid       /var/run/nginx/nginx.pid;
+
+include /etc/nginx/modules/*.conf;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  server_tokens off;
+  keepalive_timeout 15;
+  sendfile on;
+  tcp_nodelay on;
+
+  log_format custom_log '[$time_local] [NGINX] - $remote_addr - $remote_user - '
+                        '"$request" $status $body_bytes_sent '
+                        '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"';
+
+  # Log access to stdout
+  access_log /dev/stdout custom_log;
+
+  # SSL
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:2m;
+
+  # buffering causes issues, disable it
+  # increase buffer size. still useful even when buffering is off
+  proxy_buffering off;
+  proxy_buffer_size 4k;
+
+  # Buffer size
+  client_body_buffer_size 10k;
+  client_header_buffer_size 1k;
+  client_max_body_size 8m;
+  large_client_header_buffers 2 1k;
+
+  # Timeouts
+  client_body_timeout 12;
+  client_header_timeout 12;
+  send_timeout 10;
+
+  # GZip Compression
+  gzip on;
+  gzip_http_version 1.0;
+  gzip_vary on;
+  gzip_comp_level 4;
+  gzip_min_length 1280;
+  gzip_buffers 128 4k;
+  # gzip_proxied expired no-cache no-store private auth;
+  gzip_proxied any;
+  gzip_disable "msie6";
+  # gzip_types text/plain application/x-javascript text/xml text/css application/xml;
+  gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/bmp;
+
+  server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    server_name _;
+    root /app/htdocs;
+    index index.html;
+
+    error_log stderr warn;
+
+    location / {
+      try_files $uri $uri/ index.html;
+    }
+
+    location ~* .(jpg|jpeg|png|gif|ico|css|js|flv|mp4)$ {
+      expires 30d;
+    }
+
+    location /nginx-status {
+      stub_status on;
+      allow all;
+    }
+  }
+  
+  include /etc/nginx/conf.d/*.conf;
+}

scripts/entrypoint.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+/bin/echo "### Nginx version :$NGINX_VERSION ###";
+/bin/echo "### Maintainer: aprimediet@gmail.com ###";
+/bin/echo "";
+# /bin/echo "### Configuring nginx ###";
+
+# /bin/mkdir -p $NGINX_RUN_DIR;
+
+# /bin/sed -i "s|#NGINX_RUN_DIR#|$NGINX_RUN_DIR|" /app/conf/nginx.conf;
+# /bin/sed -i "s|#NGINX_ROOT_DIR#|$NGINX_ROOT_DIR|" /app/conf/nginx.conf;
+# /bin/sed -i "s|#NGINX_RUN_DIR#|$NGINX_RUN_DIR|" /app/conf/nginx.conf;
+
+# if [[ "$ENABLE_STATIC_CACHE" == "true" ]]; then
+#     /bin/sed -i "s|#NGINX_ENABLE_STATIC_CACHE#||" /app/conf/nginx.conf;
+# fi
+
+# if [[ "$ENABLE_STUB" == "true" ]]; then
+#     /bin/sed -i "s|#NGINX_ENABLE_STUB#||" /app/conf/nginx.conf;
+# fi
+
+/bin/echo "";
+/bin/echo "### Starting Nginx $NGINX_VERSION ###";
+/bin/echo "";
+
+/usr/sbin/nginx