Initial commit

.github/dependabot.yml

@@ -0,0 +1,17 @@
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: "docker"
+  directory: "/"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies

.github/workflows/docker-build.yml

@@ -0,0 +1,42 @@
+name: Docker Build and Publish
+
+on:
+  workflow_dispatch:
+    inputs:
+      tagName:
+        description: "Tag name"
+        required: true
+        default: 'v1'
+
+jobs:
+  push_to_registry:
+    runs-on: ubuntu-latest
+
+    name: Build docker image and push to dockerhub
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build container image
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          context: './'
+          no-cache: true
+          file: 'Dockerfile'
+          tags: szaimen/aio-fail2ban:${{ github.event.inputs.tagName }}
+          provenance: false

.github/workflows/docker-lint.yml

@@ -0,0 +1,37 @@
+name: Docker Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  docker-lint:
+    runs-on: ubuntu-latest
+
+    name: docker-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install hadolint
+        run: |
+          sudo wget https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -O /usr/bin/hadolint
+          sudo chmod +x /usr/bin/hadolint
+
+      - name: run lint
+        run: |
+          DOCKERFILES="$(find ./ -name Dockerfile)"
+          mapfile -t DOCKERFILES <<< "$DOCKERFILES"
+          for file in "${DOCKERFILES[@]}"; do
+            # DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
+            hadolint "$file" --ignore DL4006 | tee -a ./hadolint.log
+          done
+          if grep -q "DL[0-9]\+\|SC[0-9]\+" ./hadolint.log; then
+            exit 1
+          fi

.github/workflows/shellcheck.yml

@@ -0,0 +1,24 @@
+name: Shellcheck
+
+on:
+  pull_request:
+    paths:
+      - '**.sh'
+  push:
+    branches:
+      - main
+    paths:
+      - '**.sh'
+
+jobs:
+  shellcheck:
+    name: Check Shell
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Shellcheck
+      uses: ludeeus/[email protected]
+      with:
+        check_together: 'yes'
+      env:
+        SHELLCHECK_OPTS: --shell bash

Dockerfile

@@ -0,0 +1,15 @@
+FROM alpine:3.18.4
+
+# hadolint ignore=DL3018
+RUN set -ex; \
+    apk add --no-cache fail2ban tzdata util-linux-misc bash nftables ip6tables; \
+    mv /etc/fail2ban/filter.d/common.conf /tmp/; \
+    rm -r /etc/fail2ban/jail.d/*; \
+    rm -r /etc/fail2ban/filter.d/*; \
+    mv /tmp/common.conf /etc/fail2ban/filter.d/
+
+COPY --chmod=775 start.sh /start.sh
+
+# hadolint ignore=DL3002
+USER root
+ENTRYPOINT [ "/start.sh" ]