Psr 6310 squid base image (#57)

* initial commit

* added squid.conf to gitignore

* squid ubuntu initally commit

* added squid alpine

* squid alpine working - permissions open

* tidied up dockerfile and removed cert logic

* removed ubuntu

* changed directory structure

* added squid to github actions

* changed entrypoint due to hadolint flag

* fixed typo

* combined dockerfile run stages

* clean up

* clean up

* added labels

---------

Co-authored-by: Lewis Brown <Lewis.Brown@m-gdt6n2nm91.fritz.box>

.github/workflows/cd.yaml

@@ -73,13 +73,15 @@ jobs:
           - php/8.2/cli
           - php/8.3/cli
           - logstash/8.16.0/batch
+          - squid/6.12
         exclude:
           - base: ${{ github.event_name == 'schedule' || needs.release-please.outputs.release_created || contains(needs.orchestrator.outputs.changed-directories, 'php/8.2/fpm-nginx') && 'ignored' || 'php/8.2/fpm-nginx' }}
           - base: ${{ github.event_name == 'schedule' || needs.release-please.outputs.release_created || contains(needs.orchestrator.outputs.changed-directories, 'php/8.2/fpm-apache') && 'ignored' || 'php/8.2/fpm-apache' }}
           - base: ${{ github.event_name == 'schedule' || needs.release-please.outputs.release_created || contains(needs.orchestrator.outputs.changed-directories, 'php/8.3/fpm-nginx') && 'ignored' || 'php/8.3/fpm-nginx' }}
           - base: ${{ github.event_name == 'schedule' || needs.release-please.outputs.release_created || contains(needs.orchestrator.outputs.changed-directories, 'php/8.2/cli') && 'ignored' || 'php/8.2/cli' }}
           - base: ${{ github.event_name == 'schedule' || needs.release-please.outputs.release_created || contains(needs.orchestrator.outputs.changed-directories, 'php/8.3/cli') && 'ignored' || 'php/8.3/cli' }}
           - base: ${{ github.event_name == 'schedule' || needs.release-please.outputs.release_created || contains(needs.orchestrator.outputs.changed-directories, 'logstash/8.16.0/batch') && 'ignored' || 'logstash/8.16.0/batch' }}
+          - base: ${{ github.event_name == 'schedule' || needs.release-please.outputs.release_created || contains(needs.orchestrator.outputs.changed-directories, 'squid/6.12') && 'ignored' || 'squid/6.12' }}
     uses: ./.github/workflows/docker.yaml
     with:
       image-version: ${{ (needs.release-please.outputs.release_created || github.event_name == 'schedule') && needs.release-please.outputs.tag_name || github.sha }}

.github/workflows/ci.yaml

@@ -39,13 +39,15 @@ jobs:
           - php/8.2/cli
           - php/8.3/cli
           - logstash/8.16.0/batch
+          - squid/6.12
         exclude:
           - base: ${{ contains(needs.orchestrator.outputs.changed-directories, 'php/8.2/fpm-nginx') && 'ignored' || 'php/8.2/fpm-nginx' }}
           - base: ${{ contains(needs.orchestrator.outputs.changed-directories, 'php/8.2/fpm-apache') && 'ignored' || 'php/8.2/fpm-apache' }}
           - base: ${{ contains(needs.orchestrator.outputs.changed-directories, 'php/8.3/fpm-nginx') && 'ignored' || 'php/8.3/fpm-nginx' }}
           - base: ${{ contains(needs.orchestrator.outputs.changed-directories, 'php/8.2/cli') && 'ignored' || 'php/8.2/cli' }}
           - base: ${{ contains(needs.orchestrator.outputs.changed-directories, 'php/8.3/cli') && 'ignored' || 'php/8.3/cli' }}
           - base: ${{ contains(needs.orchestrator.outputs.changed-directories, 'logstash/8.16.0/batch') && 'ignored' || 'logstash/8.16.0/batch' }}
+          - base: ${{ contains(needs.orchestrator.outputs.changed-directories, 'squid/6.12') && 'ignored' || 'squid/6.12' }}
     uses: ./.github/workflows/docker.yaml
     with:
       image-version: ${{ github.event.pull_request.head.sha }}

.gitignore

@@ -70,3 +70,6 @@ typings/
 *.tfstate
 *.tfstate.backup
 *.tfstate.lock.info
+
+# Squid config file
+*squid.conf

squid/6.12/.dockerignore

@@ -0,0 +1 @@
+*squid-alpine.conf

squid/6.12/Dockerfile

@@ -0,0 +1,35 @@
+FROM alpine:3.21.0
+
+ENV SQUID_VERSION=6.12-r0 \
+    SQUID_LOG_DIR=/var/log/squid \
+    SQUID_CACHE_DIR=/var/spool/squid \
+    SQUID_CONF_DIR=/etc/squid/conf.d \
+    ENTRYPOINT=/usr/local/bin/entrypoint.sh \
+    SQUID_USER=squid
+
+LABEL title="squid-alpine"
+LABEL version="1.0"
+LABEL organisation="DVSA"
+LABEL description="Builds Alpine Squid base image that does not include bespoke Squid.conf file. This file should be added to /etc/squid/conf.d/ directory"
+
+# Copy required scripts. The squid-alpine.conf should be mounted to /etc/squid/conf.d/squid.conf at container runtime.
+COPY entrypoint.sh ${ENTRYPOINT}
+
+# Install Squid
+RUN apk update \
+ && apk --no-cache add squid=${SQUID_VERSION} \
+# Create required directories and set permissions
+ && mkdir -p ${SQUID_LOG_DIR} ${SQUID_CACHE_DIR} ${SQUID_CONF_DIR} \
+ && chmod -R 755 ${SQUID_LOG_DIR} ${SQUID_CACHE_DIR} ${SQUID_CONF_DIR} ${ENTRYPOINT} \
+ && chown -R ${SQUID_USER}:${SQUID_USER} ${SQUID_LOG_DIR} ${SQUID_CACHE_DIR} ${SQUID_CONF_DIR} ${ENTRYPOINT} \
+# Reference squid-alpine.conf in default squid.conf
+ && sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf
+
+# Set non root user
+# When Squid is installed a user called squid is automatically created 
+USER ${SQUID_USER}
+
+EXPOSE 3128/tcp
+
+# Cannot use entrypoint env var without flagging hadolint
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

squid/6.12/entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+  if [[ ! -d ${SQUID_CACHE_DIR}/00 ]]; then
+    echo "Initialising cache..."
+    squid -N -f /etc/squid/conf.d/squid.conf -z
+  fi
+  echo "Starting squid..."
+  squid -NYC -f /etc/squid/conf.d/squid.conf

squid/6.12/squid-alpine.conf

@@ -0,0 +1,10 @@
+# This is a dummy squid.conf that is not included in the Docker image. 
+# It should be mounted in /etc/squid/conf.d
+# This squid.conf allows all traffic and should only be use for testing. 
+acl all src all
+http_port 3128
+pid_filename none
+logfile_rotate 0
+access_log stdio:/dev/stdout
+cache_log stdio:/dev/stderr
+http_access allow all