Fix errors in auto-released docker images (#399)

* Refactor core

* Re-added tests

* Small fixes

* Add tests for acmetxt cidrslice and util funcs

* Remove the last dangling reference to old logging package

* Refactoring (#327)

* chore: enable more linters and fix linter issues

* ci: enable linter checks on all branches and disable recurring checks

recurring linter checks don't make that much sense. The code & linter checks should not change on their own over night ;)

* chore: update packages

* Revert "chore: update packages"

This reverts commit 30250bf28c4b39e9e5b3af012a4e28ab036bf9af.

* chore: manually upgrade some packages

* Updated dependencies, wrote changelog entry and fixed namespace for release

* Refactoring - improving coverage (#371)

* Increase code coverage in acmedns

* More testing of ReadConfig() and its fallback mechanism

* Found that if someone put a '"' double quote into the filename that we configure zap to log to, it would cause the the JSON created to be invalid. I have replaced the JSON string with proper config

* Better handling of config options for api.TLS - we now error on an invalid value instead of silently failing.

added a basic test for api.setupTLS() (to increase test coverage)

* testing nameserver isOwnChallenge and isAuthoritative methods

* add a unit test for nameserver answerOwnChallenge

* fix linting errors

* bump go and golangci-lint versions in github actions

* Update golangci-lint.yml

Bumping github-actions workflow versions to accommodate some changes in upstream golanci-lint

* Bump Golang version to 1.23 (currently the oldest supported version)

Bump golanglint-ci to 2.0.2 and migrate the config file.

This should resolve the math/rand/v2 issue

* bump golanglint-ci action version

* Fixing up new golanglint-ci warnings and errors

---------

Co-authored-by: Joona Hoikkala <5235109+joohoi@users.noreply.github.com>

* Minor refactoring, error returns and e2e testing suite

* Add a few tests

* Fix linter and umask setting

* Update github actions

* Refine concurrency configuration for GitHub actions

* HTTP timeouts to API, and self-validation mutex to nameserver ops

---------

Co-authored-by: Florian Ritterhoff <32478819+fritterhoff@users.noreply.github.com>
Co-authored-by: Jason Playne <jason@jasonplayne.com>

.github/workflows/release.yml

@@ -0,0 +1,43 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: stable
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

.goreleaser.yml

@@ -1,7 +1,7 @@
 builds:
   - binary: acme-dns
     env:
-      - CGO_ENABLED=1
+      - CGO_ENABLED=0
     goos:
       - linux
     goarch:
@@ -19,3 +19,17 @@ archives:
 
 signs:
   - artifacts: checksum
+    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
+
+dockers:
+  - image_templates:
+    - "joohoi/acme-dns:{{ .Tag }}"
+    - "joohoi/acme-dns:latest"
+    dockerfile: Dockerfile.release
+    build_flag_templates:
+    - "--pull"
+    - "--label=org.opencontainers.image.created={{.Date}}"
+    - "--label=org.opencontainers.image.name={{.ProjectName}}"
+    - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+    - "--label=org.opencontainers.image.version={{.Version}}"
+

CHANGELOG.md

@@ -0,0 +1,59 @@
+# Changelog
+
+## v2.0
+- Update goreleaser configuration and add a GitHub action to build a release on new version tags (#395)
+- Huge refactoring and modernization (#325)
+
+## v1.1
+- Add timeout to golangci job (#369)
+- Update deps to support go 1.23 (#368)
+- Bump dependencies (#334)
+
+## v1.0 
+   - New
+      - Refactoring of the codebase to something more robust
+   - Changed
+      - Updated dependencies
+- v0.8
+   - NOTE: configuration option: "api_domain" deprecated!
+   - New
+      - Automatic HTTP API certificate provisioning using DNS challenges making acme-dns able to acquire certificates even with HTTP api not being accessible from public internet.
+      - Configuration value for "tls": "letsencryptstaging". Setting it will help you to debug possible issues with HTTP API certificate acquiring process. This is the new default value.
+   - Changed
+      - Fixed: EDNS0 support
+      - Migrated from autocert to [certmagic](https://github.com/mholt/certmagic) for HTTP API certificate handling
+- v0.7.2
+   - Changed
+      - Fixed: Regression error of not being able to answer to incoming random-case requests.
+      - Fixed: SOA record added to a correct header field in NXDOMAIN responses.
+- v0.7.1
+   - Changed
+      - Fixed: SOA record correctly added to the TCP DNS server when using both, UDP and TCP servers.
+- v0.7
+   - New
+      - Added an endpoint to perform health checks
+   - Changed
+      - A new protocol selection for DNS server "both", that binds both - UDP and TCP ports.
+      - Refactored DNS server internals.
+      - Handle some aspects of DNS spec better.
+- v0.6
+   - New
+      - Command line flag `-c` to specify location of config file.
+      - Proper refusal of dynamic update requests.
+      - Release signing
+   - Changed
+      - Better error messages for goroutines
+- v0.5
+   - New
+      - Configurable certificate cache directory
+   - Changed
+      - Process wide umask to ensure created files are only readable by the user running acme-dns
+      - Replaced package that handles UUIDs because of a flaw in the original package
+      - Updated dependencies
+      - Better error messages
+- v0.4 Clear error messages for bad TXT record content, proper handling of static CNAME records, fixed IP address parsing from the request, added option to disable registration endpoint in the configuration.
+- v0.3.2 Dockerfile was fixed for users using autocert feature
+- v0.3.1 Added goreleaser for distributing binary builds of the releases
+- v0.3 Changed autocert to use HTTP-01 challenges, as TLS-SNI is disabled by Let's Encrypt
+- v0.2 Now powered by httprouter, support wildcard certificates, Docker images
+- v0.1 Initial release

Dockerfile

@@ -1,12 +1,12 @@
 FROM golang:alpine AS builder
 LABEL maintainer="joona@kuori.org"
 
-RUN apk add --update gcc musl-dev git
+RUN apk add --update git
 
 ENV GOPATH /tmp/buildcache
 RUN git clone https://github.com/joohoi/acme-dns /tmp/acme-dns
 WORKDIR /tmp/acme-dns
-RUN CGO_ENABLED=1 go build
+RUN CGO_ENABLED=0 go build
 
 FROM alpine:latest
 

Dockerfile.release

@@ -0,0 +1,12 @@
+FROM alpine:latest
+
+RUN apk --no-cache add ca-certificates && update-ca-certificates
+RUN mkdir -p /etc/acme-dns
+RUN mkdir -p /var/lib/acme-dns
+
+COPY acme-dns /usr/local/bin/acme-dns
+
+VOLUME ["/etc/acme-dns", "/var/lib/acme-dns"]
+ENTRYPOINT ["acme-dns"]
+EXPOSE 53 80 443
+EXPOSE 53/udp

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2016 Joona Hoikkala
+Copyright (c) 2016-2026 Joona Hoikkala
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -338,55 +338,6 @@ use for the renewal.
 - Generic client library in Go: [https://github.com/cpu/goacmedns](https://github.com/cpu/goacmedns)
 
 
-## Changelog
-- v1.0 
-   - New
-      - Refactoring of the codebase to something more robust
-   - Changed
-      - Updated dependencies
-- v0.8
-   - NOTE: configuration option: "api_domain" deprecated!
-   - New
-      - Automatic HTTP API certificate provisioning using DNS challenges making acme-dns able to acquire certificates even with HTTP api not being accessible from public internet.
-      - Configuration value for "tls": "letsencryptstaging". Setting it will help you to debug possible issues with HTTP API certificate acquiring process. This is the new default value.
-   - Changed
-      - Fixed: EDNS0 support
-      - Migrated from autocert to [certmagic](https://github.com/mholt/certmagic) for HTTP API certificate handling
-- v0.7.2
-   - Changed
-      - Fixed: Regression error of not being able to answer to incoming random-case requests.
-      - Fixed: SOA record added to a correct header field in NXDOMAIN responses.
-- v0.7.1
-   - Changed
-      - Fixed: SOA record correctly added to the TCP DNS server when using both, UDP and TCP servers.
-- v0.7
-   - New
-      - Added an endpoint to perform health checks
-   - Changed
-      - A new protocol selection for DNS server "both", that binds both - UDP and TCP ports.
-      - Refactored DNS server internals.
-      - Handle some aspects of DNS spec better.
-- v0.6
-   - New
-      - Command line flag `-c` to specify location of config file.
-      - Proper refusal of dynamic update requests.
-      - Release signing
-   - Changed
-      - Better error messages for goroutines
-- v0.5
-   - New
-      - Configurable certificate cache directory
-   - Changed
-      - Process wide umask to ensure created files are only readable by the user running acme-dns
-      - Replaced package that handles UUIDs because of a flaw in the original package
-      - Updated dependencies
-      - Better error messages
-- v0.4 Clear error messages for bad TXT record content, proper handling of static CNAME records, fixed IP address parsing from the request, added option to disable registration endpoint in the configuration.
-- v0.3.2 Dockerfile was fixed for users using autocert feature
-- v0.3.1 Added goreleaser for distributing binary builds of the releases
-- v0.3 Changed autocert to use HTTP-01 challenges, as TLS-SNI is disabled by Let's Encrypt
-- v0.2 Now powered by httprouter, support wildcard certificates, Docker images
-- v0.1 Initial release
 
 ## TODO
 
@@ -401,4 +352,4 @@ If you have an idea for improvement, please open an new issue or feel free to wr
 
 ## License
 
-acme-dns is released under the [MIT License](http://www.opensource.org/licenses/MIT).
+acme-dns is released under the [MIT License](https://www.opensource.org/licenses/MIT).