Update to latest alpine and smdb

.github/workflows/docker-image.yml

@@ -0,0 +1,73 @@
+name: Docker Image CI
+
+env:
+  GHCR: ghcr.io
+  DOCKER: docker.io
+  IMAGENAME: samba
+
+on:
+  push:
+    branches: [ "master" ]
+  schedule:
+    - cron: '0 22 1 * *'
+
+jobs:
+  vulerability-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Perform Scan
+        uses: ShiftLeftSecurity/scan-action@master
+  build-and-push:
+    runs-on: ubuntu-latest
+    needs:
+      - vulerability-scan
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Log in to the Github container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GHCR }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.DOCKER }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: | 
+            ${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest
+            ${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
+            ${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:latest
+            ${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
+  image-vulnerability-scan:
+    runs-on: ubuntu-latest
+    needs:
+      - build-and-push
+    steps:
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: '${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+

Dockerfile

@@ -1,9 +1,10 @@
-FROM alpine
+FROM alpine:latest
 MAINTAINER David Personette <dperson@gmail.com>
 
 # Install samba
-RUN apk --no-cache --no-progress upgrade && \
-    apk --no-cache --no-progress add bash samba shadow tini tzdata && \
+RUN apk update && \
+    apk upgrade && \
+    apk add bash samba shadow tini tzdata && \
     addgroup -S smb && \
     adduser -S -D -H -h /tmp -s /sbin/nologin -G smb -g 'Samba User' smbuser &&\
     file="/etc/samba/smb.conf" && \
@@ -55,7 +56,7 @@ RUN apk --no-cache --no-progress upgrade && \
     echo '' >>$file && \
     rm -rf /tmp/*
 
-COPY samba.sh /usr/bin/
+ADD samba.sh /usr/bin/samba.sh
 
 EXPOSE 137/udp 138/udp 139 445
 

samba.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
 #===============================================================================
 #          FILE: samba.sh
 #
@@ -293,5 +293,5 @@ elif ps -ef | egrep -v grep | grep -q smbd; then
     echo "Service already running, please restart container to apply changes"
 else
     [[ ${NMBD:-""} ]] && ionice -c 3 nmbd -D
-    exec ionice -c 3 smbd -FS --no-process-group </dev/null
+    exec ionice -c 3 smbd -F --no-process-group </dev/null
 fi