Merge remote-tracking branch 'upstream/master'

Author: ewdurbin

.github/SECURITY.md

@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+The most recent version "release" version to appear on the
+[releases][1] page is currently supported.
+
+## Reporting a Vulnerability
+
+To report a vulnerability, please use the
+[Privately reporting a security vulnerability][2]
+facility.
+
+[1]: https://github.com/cactus/go-camo/releases
+[2]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability

.github/dependabot.yml

@@ -0,0 +1,14 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gomod" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    labels:
+      - dependencies
+    schedule:
+      interval: "weekly"
+      day: "monday"

.github/workflows/codeql-analysis.yml

@@ -2,7 +2,7 @@ name: "CodeQL"
 
 on:
   push:
-    branches: ['**']
+    branches: [master]
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [main]
@@ -13,23 +13,35 @@ jobs:
   analyse:
     name: Analyse
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
 
+    - name: Setup Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: '>=1.22.0'
+        check-latest: true
+      id: go
+
+    - name: Build
+      env:
+        GOPROXY: "https://proxy.golang.org"
+      run: make build
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: go
 
-    - name: build
-      run: make build
-
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/publish-docker-images.yml

@@ -0,0 +1,78 @@
+name: publish-docker-images
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  build:
+    name: docker-publish
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Src Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: write tags env vars
+        run: |
+          TAG=$(git describe --tags)
+          LATEST_TAG=$(git tag -l | grep -viE '(alpha|beta)' | sort -V | tail -n 1)
+          GITHASH="$(git rev-parse HEAD)"
+          echo "TAG=$TAG"
+          echo "TAG=${TAG}" >> "$GITHUB_ENV"
+          echo "LATEST_TAG=${LATEST_TAG}"
+          echo "LATEST_TAG=${LATEST_TAG}" >> "$GITHUB_ENV"
+          echo "GITHASH=${GITHASH}"
+          echo "GITHASH=${GITHASH}" >> "$GITHUB_ENV"
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            cactus4docker/go-camo
+            ghcr.io/cactus/go-camo
+          tags: |
+            # set latest tag for master branch
+            type=raw,value=${{ env.TAG }}
+            type=raw,value=latest,enable=${{ env.TAG == env.LATEST_TAG }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          provenance: false
+          sbom: false
+          file: ./docker/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          build-args: |
+            GITHASH=${{env.GITHASH}}
+            APP_VER=${{env.TAG}}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/publish-docker.yml

@@ -1,30 +1,28 @@
 name: unit-tests
 on:
+  workflow_dispatch:
   push:
-    branches: ['**']
+    branches: ["**"]
   pull_request:
     branches: [main]
 
 jobs:
-  build:
-    name: Build
-    strategy:
-      matrix:
-        go: ['1.19.x']
-        platform: [ubuntu-latest]
-    runs-on: ${{ matrix.platform }}
-    steps:
-      - name: Setup Go ${{ matrix.go }}
-        uses: actions/setup-go@v1
-        with:
-          go-version: ${{ matrix.go }}
-        id: go
+  test:
+    runs-on: ubuntu-latest
 
+    steps:
       - name: Src Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v4
         with:
           fetch-depth: 1
 
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ">=1.22.0"
+          check-latest: true
+        id: go
+
       - name: Build
         env:
           GOPROXY: "https://proxy.golang.org"
@@ -34,15 +32,46 @@ jobs:
         env:
           GOPROXY: "https://proxy.golang.org"
         run: |
-          go install honnef.co/go/tools/cmd/[email protected]
-          go install github.com/securego/gosec/v2/cmd/gosec@latest
-          hash -r
           make check
 
       - name: Tests
         env:
           GOPROXY: "https://proxy.golang.org"
           CI: true
-        run:
-          echo "skip"
-#        run: make test
+        run: make test
+
+  test-qemu:
+    needs: test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        arch: [arm64]
+
+    steps:
+      - name: Src Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ">=1.22.0"
+          check-latest: true
+        id: go
+
+      - name: Install QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Build
+        env:
+          GOPROXY: "https://proxy.golang.org"
+          GOARCH: ${{ matrix.arch }}
+        run: make build
+
+      - name: Tests
+        env:
+          GOPROXY: "https://proxy.golang.org"
+          GOARCH: ${{ matrix.arch }}
+          CI: true
+        run: make test

.github/workflows/unit-tests.yml

@@ -1,3 +1,4 @@
+/.vscode
 /build
 /config.json
 /diagrams
@@ -7,6 +8,7 @@
 /server.crt
 /server.csr
 *.py[co]
+/test.py
 /test-ruleset.conf
 /man/*.html
 /man/*.[1-9]

.gitignore

@@ -19,6 +19,54 @@ toc::[]
 
 == HEAD
 
+== v2.4.13 2024-04-22
+*   Release tagged for arm64 docker building only.
+
+== v2.4.12 2024-04-20
+*   Update library dependencies.
+*   Fix docker and github packages publishing issue.
+
+== v2.4.11 2024-04-03
+*   Update library dependencies.
+*   Build with Go-1.22.2
+
+== v2.4.10 2024-03-17
+*   Update library dependencies.
+
+== v2.4.9 2024-02-16
+*   Minimum Go version now 1.21 due to quic-go dependency, due to better
+    cryto/tls support for QUIC in Go-1.21.
+*   Update library dependencies.
+
+== v2.4.8 2023-12-19
+*   Add `--automaxprocs` flag to set GOMAXPROCS automatically to match Linux
+    container CPU quota/limits.
+*   Update library dependencies.
+
+== v2.4.7 - 2023-11-13
+*   Add http3/quic server support. New flag `--quic`. Requires `--ssl-listen`.
+
+== v2.4.6 - 2023-10-25
+*   Add `--no-debug-vars` flag to disable /debug/vars when `--metrics` is
+    enabled. (#66, #67)
+
+== v2.4.5 - 2023-10-23
+*   fix htrie matching of non punycode (eg. unicode) idna hostnames
+*   slightly faster logging (update to mlog dependency)
+*   address a logging issue with missing url path output in
+    `"built outgoing request"` debug log
+*   moderate improve performance of hostname rule processing
+    (approx 12-30% in microbenchmarks)
+*   slight improvement in request path url processing
+    (approx 2-4% in microbenchmarks)
+*   fix /debug/vars being enabled by default (#65) due to expvars import
+    side effect
+
+== v2.4.4 - 2023-07-25
+*   update dependencies
+*   bump version in go.mod (and fix all internal module references) +
+    ref: discussion link:https://github.com/cactus/go-camo/discussions/62[#62]
+
 == v2.4.3 - 2023-02-18
 *   update library dependency golang.org/x/net. +
     refs: