name: Continuous Integration on: push: branches: - main schedule: - cron: "0 0 * * TUE" concurrency: ${{ github.workflow }} jobs: build: name: Publish runs-on: ubuntu-latest permissions: contents: read packages: write timeout-minutes: 10 steps: - name: Checkout code uses: actions/checkout@v4 - name: Get date id: date uses: josStorer/get-current-time@v2 with: format: YYYY-MM-DD - name: Install wireguard run: sudo apt-get install wireguard - name: Download WireGuard config run: echo "${{ secrets.WIREGUARD_CONF }}" > wireguard.conf - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Buildx uses: docker/setup-buildx-action@v3 - name: Build local image for testing uses: docker/build-push-action@v5 with: pull: true load: true tags: wireguard - name: Test curl run: | docker run --rm -d --name wireguard --cap-add NET_ADMIN --cap-add SYS_MODULE --sysctl net.ipv4.conf.all.src_valid_mark=1 -v ${{ github.workspace }}/wireguard.conf:/etc/wireguard/wg0.conf wireguard docker run --rm --net=container:wireguard curlimages/curl --retry 3 --retry-delay 5 ifconfig.io docker stop wireguard - name: Test kill switch run: | docker run --rm -d --name wireguard --cap-add NET_ADMIN --cap-add SYS_MODULE --sysctl net.ipv4.conf.all.src_valid_mark=1 -v ${{ github.workspace }}/wireguard.conf:/etc/wireguard/wg0.conf wireguard docker run --rm --net=container:wireguard curlimages/curl --retry 3 --retry-delay 5 ifconfig.io docker exec wireguard wg-quick down wg0 ! docker run --rm --net=container:wireguard curlimages/curl --retry 3 --retry-delay 5 ifconfig.io docker stop wireguard - name: Test local subnets run: | ip_address=$(ip route get 1.2.3.4 | awk '{print $7}') docker run --rm -d --name nginx -p 8080:80 nginx docker run --rm -d --name wireguard --cap-add NET_ADMIN --cap-add SYS_MODULE --sysctl net.ipv4.conf.all.src_valid_mark=1 -v ${{ github.workspace }}/wireguard.conf:/etc/wireguard/wg0.conf -e LOCAL_SUBNETS=$ip_address/32 wireguard sleep 3 docker run --rm --net=container:wireguard curlimages/curl --retry 3 --retry-delay 5 $ip_address:8080 docker stop wireguard nginx - name: Test exposed ports run: | docker run --rm -d --name wireguard --cap-add NET_ADMIN --cap-add SYS_MODULE --sysctl net.ipv4.conf.all.src_valid_mark=1 -v ${{ github.workspace }}/wireguard.conf:/etc/wireguard/wg0.conf -p 8080:80 wireguard docker run --rm -d --name nginx --net=container:wireguard nginx sleep 3 curl --retry 3 --retry-delay 5 localhost:8080 docker stop wireguard nginx - name: Log into Docker Hub uses: docker/login-action@v3 with: username: jordanpotter password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} - name: Log into GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Get metadata for image id: metadata uses: docker/metadata-action@v5 with: images: | jordanpotter/wireguard ghcr.io/${{ github.repository }} tags: | type=raw,value=${{ steps.date.outputs.formattedTime }} type=raw,value=latest,enable={{ is_default_branch }} - name: Build and push images uses: docker/build-push-action@v5 with: pull: true push: true tags: ${{ steps.metadata.outputs.tags }} labels: ${{ steps.metadata.outputs.labels }} platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 - name: Update Docker Hub description uses: peter-evans/dockerhub-description@v3 with: repository: jordanpotter/wireguard username: jordanpotter password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} short-description: ${{ github.event.repository.description }}