chore 🤖: Release v1.2.3 [skip ci]

chore: adjust Docker build workflow to conditionally push images
Merge branch 'main' of github.com:dangeroustech/ZeroTierBridge
2025-12-06 09:06:58 +00:00 · 2025-10-26 16:28:50 +00:00 · 2025-10-26 16:24:01 +00:00 · 2025-10-26 16:21:53 +00:00 · 2025-10-26 16:19:47 +00:00 · 2025-10-26 16:19:28 +00:00
9 changed files with 423 additions and 41 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+    labels:
+      - dependencies
+      - github-actions
+
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+    labels:
+      - dependencies
+      - docker
+
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -0,0 +1,134 @@
+name: Publish Docker Image
+permissions:
+  actions: read
+  checks: read
+  contents: write
+  deployments: read
+  issues: read
+  discussions: read
+  packages: read
+  pages: read
+  pull-requests: read
+  repository-projects: read
+  security-events: write
+  statuses: read
+
+concurrency:
+  group: docker-release-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+env:
+  REGISTRY_IMAGE: registry.dangerous.tech/dangeroustech/zerotierbridge
+
+jobs:
+  Docker_Build:
+    name: Docker Build And Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v5
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Registry
+        if: github.event_name != 'pull_request'
+        id: login
+        uses: docker/login-action@v3
+        with:
+          registry: registry.dangerous.tech
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Build
+        id: docker_build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          build-args: |
+            VERSION=1.12.2
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ env.REGISTRY_IMAGE }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+
+  MergeRefs:
+    name: Publish Multi-Arch Image And Release
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    needs:
+      - Docker_Build
+    steps:
+      - name: Login to Registry
+        id: login
+        uses: docker/login-action@v3
+        with:
+          registry: registry.dangerous.tech
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Generate SBOM
+        uses: anchore/sbom-action@v0
+        id: sbom
+        with:
+          image: registry.dangerous.tech/dangeroustech/zerotierbridge:latest
+          registry-username: ${{ secrets.REGISTRY_USERNAME }}
+          registry-password: ${{ secrets.REGISTRY_PASSWORD }}
+          format: spdx-json
+          output-file: ./sbom.spdx.json
+
+      - name: Scan SBOM
+        uses: anchore/scan-action@v7
+        id: scan
+        with:
+          sbom: sbom.spdx.json
+          severity-cutoff: medium
+          fail-build: false
+          only-fixed: true
+
+      - name: upload Anchore scan SARIF report
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
+
+      - name: Checkout Repository
+        uses: actions/checkout@v5
+
+      - name: Changelog
+        uses: TriPSs/conventional-changelog-action@v6
+        id: changelog
+        if: ${{ github.event_name != 'pull_request' }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          git-message: "chore 🤖: Release {version}"
+          output-file: CHANGELOG.md
+          tag-prefix: v
+          fallback-version: 1.0.0
+          release-count: 0 # preserve all versions in changelog
+          skip-on-empty: false # otherwise we don't publish fixes
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        id: release
+        if: ${{ steps.changelog.outputs.skipped == 'false' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ steps.changelog.outputs.tag }}
+          name: ${{ steps.changelog.outputs.tag }}
+          body: ${{ steps.changelog.outputs.clean_changelog }}
+          files: |
+            sbom.spdx.json
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+sbom.spdx.json
+results.sarif
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,149 @@
+## [1.2.3](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.2.2...v1.2.3) (2025-10-26)
+
+
+
+## [1.2.2](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.2.1...v1.2.2) (2025-10-26)
+
+
+
+## [1.2.1](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.2.0...v1.2.1) (2025-10-26)
+
+
+
+# [1.2.0](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.1.2...v1.2.0) (2025-10-26)
+
+
+### Bug Fixes
+
+* **workflow:** update artifact naming and handling in docker-build.yml ([96ebbf8](https://github.com/dangeroustech/ZeroTierBridge/commit/96ebbf805d2cb3bb4089a5a0dc70114e3c16cc1b))
+
+
+### Features
+
+* **docker:** add health check to Dockerfile for zerotier-cli ([7d643e3](https://github.com/dangeroustech/ZeroTierBridge/commit/7d643e3ff6c0683d335baae5138ceef475cd37c3))
+
+
+
+## [1.1.2](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.1.1...v1.1.2) (2023-10-18)
+
+
+
+## [1.1.1](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.1.0...v1.1.1) (2023-10-17)
+
+
+### Bug Fixes
+
+* 401 ([bca9ec3](https://github.com/dangeroustech/ZeroTierBridge/commit/bca9ec3df76f9c6ea114e099dd9317c58489d0b2))
+* correct deps ([be55349](https://github.com/dangeroustech/ZeroTierBridge/commit/be55349cefbf291a9ce4233e65a785dad4ec3830))
+* correct multiplatform builds ([593036c](https://github.com/dangeroustech/ZeroTierBridge/commit/593036c8ad8099a3a4e7b1ac9b1dcfbdb8e04a98))
+* push by digest again ([8d55074](https://github.com/dangeroustech/ZeroTierBridge/commit/8d550748cde552ef5552e02770842d4e91f99253))
+* push by digest is breaking things ([2c987a3](https://github.com/dangeroustech/ZeroTierBridge/commit/2c987a3bbe0492aaf22b26e446cb7d96a6c9115d))
+* re-setup buildx ([f8d7326](https://github.com/dangeroustech/ZeroTierBridge/commit/f8d73263fdfd328ad38a77ff381e93bd8bda5750))
+* remove tag to hopefully fix digest pushing ([5cd683c](https://github.com/dangeroustech/ZeroTierBridge/commit/5cd683cb7a83e37eb5b4717309d672f35b256c25))
+* set latest tag ([46ee60c](https://github.com/dangeroustech/ZeroTierBridge/commit/46ee60cbc9091e93f977701a771ba9ce0216e5d1))
+
+
+
+# [1.1.0](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.13...v1.1.0) (2023-09-23)
+
+
+### Features
+
+* multi-platform builds ([aab5c07](https://github.com/dangeroustech/ZeroTierBridge/commit/aab5c079dcd559b7c3123aa72d02f7691827083e))
+
+
+
+## [1.0.13](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.12...v1.0.13) (2023-09-22)
+
+
+
+## [1.0.12](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.11...v1.0.12) (2023-09-22)
+
+
+### Bug Fixes
+
+* correct double message ([6e3c269](https://github.com/dangeroustech/ZeroTierBridge/commit/6e3c2690fc612e42c1d2818cc8d4bdfb9d5e39ba))
+
+
+
+## [1.0.11](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.10...v1.0.11) (2023-09-22)
+
+
+### Bug Fixes
+
+* only alert on CVEs that have a fix ([977df48](https://github.com/dangeroustech/ZeroTierBridge/commit/977df48644e0a7112dc25f9f04afa6d84ce87db9))
+* pull correct deb package ([fed1c28](https://github.com/dangeroustech/ZeroTierBridge/commit/fed1c2860230d39aeb80178c79697c1c41fed23d))
+
+
+
+## [1.0.10](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.9...v1.0.10) (2023-09-22)
+
+
+### Bug Fixes
+
+* upload sarif file ([89e2953](https://github.com/dangeroustech/ZeroTierBridge/commit/89e29531f070539935a93b6f55d791170ea42e72))
+
+
+
+## [1.0.9](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.8...v1.0.9) (2023-09-22)
+
+
+
+## [1.0.8](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.7...v1.0.8) (2023-09-22)
+
+
+
+## [1.0.7](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.6...v1.0.7) (2023-09-22)
+
+
+
+## [1.0.6](https://github.com/dangeroustech/ZeroTierBridge/compare/v0.0.1...v1.0.6) (2023-09-22)
+
+
+
+## [1.0.5](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.4...v1.0.5) (2023-09-22)
+
+
+
+## [1.0.4](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.3...v1.0.4) (2023-09-22)
+
+
+
+## [1.0.3](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.2...v1.0.3) (2023-09-22)
+
+
+
+## [1.0.2](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.1...v1.0.2) (2023-09-22)
+
+
+### Bug Fixes
+
+* quick filter to not release on PRs ([c34324b](https://github.com/dangeroustech/ZeroTierBridge/commit/c34324b998690edeadd3d680987587c0fe93c525))
+
+
+
+## [1.0.1](https://github.com/dangeroustech/ZeroTierBridge/compare/v1.0.0...v1.0.1) (2023-09-22)
+
+
+
+# [1.0.0](https://github.com/dangeroustech/ZeroTierBridge/compare/f902dcc0c4615801fb65e6c90342efe96789319f...v1.0.0) (2023-09-22)
+
+
+### Bug Fixes
+
+* add openssl dep and remove pinning ([1298cea](https://github.com/dangeroustech/ZeroTierBridge/commit/1298cea4fa1bad3141754e5218f449ec15e8469a))
+* allow bi-directional traffic initiation ([90cf5b1](https://github.com/dangeroustech/ZeroTierBridge/commit/90cf5b1684b6221797b39af306c3fee9ce5bdb9e))
+* ci: lowercase tag names ([fc24b78](https://github.com/dangeroustech/ZeroTierBridge/commit/fc24b78d4a1046ebc2b01560ed4b67e33418c30e))
+* ci: use correct registry ([3b29bee](https://github.com/dangeroustech/ZeroTierBridge/commit/3b29bee4c642cf04c3af89a7c16f004531f83622))
+* ci: use full registry name ([3a5eb50](https://github.com/dangeroustech/ZeroTierBridge/commit/3a5eb50b13cf7cab7939c4b49c14093189aae330))
+* set proper workdir ([7f56fec](https://github.com/dangeroustech/ZeroTierBridge/commit/7f56fec6897635e37b3e5aa13e7c3bbfddbce5da))
+* standardise network env again ([3e65156](https://github.com/dangeroustech/ZeroTierBridge/commit/3e65156a3c955fa6c6715a7d9e15a799c6f3f735))
+
+
+### Features
+
+* add docker-compose.yml ([f902dcc](https://github.com/dangeroustech/ZeroTierBridge/commit/f902dcc0c4615801fb65e6c90342efe96789319f))
+* support multiple zt network joins ([556195c](https://github.com/dangeroustech/ZeroTierBridge/commit/556195cd64f33fbbc9244022c8a99af5284ffbb9))
+
+
+
--- a/41
+++ b/41
@@ -1,17 +1,36 @@
-FROM debian:buster as stage
-ARG PACKAGE_BASEURL=https://download.zerotier.com/debian/buster/pool/main/z/zerotier-one
-ARG ARCH=amd64
-ARG VERSION=1.6.5
-RUN apt-get update -qq && apt-get install -qq --no-install-recommends -y ca-certificates=20200601~deb10u2 curl=7.64.0-4+deb10u2
-RUN curl -sSL -o zerotier-one.deb "${PACKAGE_BASEURL}/zerotier-one_${VERSION}_${ARCH}.deb"
+FROM debian:12.6 AS stage
+ARG PACKAGE_BASEURL=https://download.zerotier.com/debian/bookworm/pool/main/z/zerotier-one
+ARG TARGETARCH
+ARG VERSION=1.12.2
+RUN apt-get update -qq && apt-get install -qq --no-install-recommends -y \
+    ca-certificates=20230311+deb12u1 \
+    curl=7.88.1-10+deb12u14
+RUN set -e; \
+    DETECTED_ARCH="${TARGETARCH:-}"; \
+    if [ -z "$DETECTED_ARCH" ]; then DETECTED_ARCH="$(dpkg --print-architecture)"; fi; \
+    case "$DETECTED_ARCH" in \
+      amd64|x86_64) ARCH_MAPPING=amd64 ;; \
+      arm64|aarch64) ARCH_MAPPING=arm64 ;; \
+      armhf|armv7*) ARCH_MAPPING=armhf ;; \
+      *) echo "Unsupported architecture: $DETECTED_ARCH" >&2; exit 1 ;; \
+    esac; \
+    echo "Downloading ZeroTier: arch=$ARCH_MAPPING version=$VERSION"; \
+    curl -fsSL -o zerotier-one.deb "${PACKAGE_BASEURL}/zerotier-one_${VERSION}_${ARCH_MAPPING}.deb"

-FROM debian:buster
+FROM debian:12.6
+ARG VERSION
+RUN mkdir /app
+WORKDIR /app
 COPY --from=stage zerotier-one.deb .
-RUN apt-get update -qq && apt-get install -qq --no-install-recommends -y procps=2:3.3.15-2 iptables=1.8.2-4 \
+RUN apt-get update -qq && apt-get install -qq --no-install-recommends -y \
+    procps=2:4.0.2-3 \
+    iptables=1.8.9-2 \
+    openssl=3.0.17-1~deb12u3 \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 RUN dpkg -i zerotier-one.deb && rm -f zerotier-one.deb
 RUN echo "${VERSION}" >/etc/zerotier-version
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod 755 /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
+COPY entrypoint.sh entrypoint.sh
+RUN chmod 755 entrypoint.sh
+HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 CMD sh -c 'zerotier-cli info 2>/dev/null | grep -q ONLINE'
+ENTRYPOINT ["/app/entrypoint.sh"]
--- a/README.md
+++ b/README.md
@@ -4,9 +4,11 @@ A container to provide out-of-the-box bridging functionality to a ZeroTier netwo

 ## Running

-`docker build -t zerotierbridge .`
+### Prerequisites

-`docker run --privileged -e ZT_NETWORK=NETWORK_ID_HERE zerotierbridge:latest`
+- Docker running as your logged in user (if `docker ps` runs then you're good, if not follow the link ->) - [Linux instructions here](https://docs.docker.com/engine/install/linux-postinstall/)
+
+### ZeroTier UI Changes

 Once running, log into your ZeroTier interface and approve the new device. Click the wrench next to the name and select 'Allow Ethernet Bridging.'

@@ -16,13 +18,30 @@ You also need to add a static route into ZeroTier so that the traffic is routed

 ![brave_4wHd9zo193](https://user-images.githubusercontent.com/1135584/129230132-11bcfb72-7d9b-4b40-a4e5-72130c583077.png)

-### Caveat: Architecture
+### Docker Compose

-If you need to run this on a device with different architecture (a raspberry pi, for instance), then just edit line 3 of the Dockerfile.
+Edit the `ZT_NETWORKS` variable in `docker-compose.yml` to add your networks. Multi-arch images are published automatically; no architecture changes are needed.

-If you were using a Raspberry Pi 4, you would change this to `ARCH=arm64` and the container will pull the correct ZeroTier installer.
+Easiest way to bring up is via Docker Compose. Rename `docker-compose.yml.example` to `docker-compose.yml` and run `docker compose up -d`.

-## TODO
+If you want to disable bridging, set `ZT_BRIDGE=false`. This can be done after the initial networks have been joined (just change the environment variable in the `docker-compose.yml` file and restart), as the ZeroTier config persists but IPTables forwarding is done on each container startup.

- Add docker-compose.yml
- Add kubernetes deployment YAML
+### OG Docker
+
+`docker build -t zerotierbridge .`
+
+`docker run --cap-add NET_ADMIN --cap-add NET_RAW --sysctl net.ipv4.ip_forward=1 -e ZT_NETWORKS="NETWORK_1 NETWORK_2" -e ZT_BRIDGE=true zerotierbridge:latest`
+
+Add your network ID(s) into the `ZT_NETWORKS` argument, space separated.
+
+Disable bridging by passing `ZT_BRIDGE=false`. This can be done after the initial networks have been joined (just restart the container), as the ZeroTier config persists but IPTables forwarding is done on each container startup.
+
+#### Persistent Storage
+
+If you would like the container to retain the same ZeroTier client ID on reboot, attach a volume as per the below.
+
+`docker run --privileged -e ZT_NETWORKS=NETWORK_ID_HERE ZT_BRIDGE=true -v zt_config:/var/lib/zerotier-one/ zerotierbridge:latest`
+
+#### Notes
+
+If your host requires additional privileges for networking, you may need to add device and capabilities in your runtime configuration. The provided Docker Compose example includes `cap_add: [NET_ADMIN, NET_RAW]` and `sysctls` for IP forwarding.
--- a/docker-compose.yml.example
+++ b/docker-compose.yml.example
@@ -0,0 +1,19 @@
+version: "3"
+
+services:
+  zerotierbridge:
+    container_name: zerotierbridge
+    image: registry.dangerous.tech/dangeroustech/zerotierbridge
+    restart: always
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    sysctls:
+      net.ipv4.ip_forward: "1"
+    volumes:
+      - zt_config:/var/lib/zerotier-one
+    environment:
+      ZT_NETWORKS: "NETWORK_ID_1 NETWORK_ID_2 NETWORK_ID_3"
+      ZT_BRIDGE: "true"
+volumes:
+  zt_config:
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,40 +1,57 @@
 #!/bin/sh

-grepzt() {
-  (find /proc -name exe | xargs -I{} readlink {}) 2>/dev/null | grep -q zerotier-one
-  return $?
+set -eu
+
+terminate() {
+  # Try to terminate zerotier-one gracefully
+  if [ -n "${ZT_PID:-}" ]; then
+    kill -TERM "$ZT_PID" 2>/dev/null || true
+    wait "$ZT_PID" 2>/dev/null || true
+  fi
 }
+trap terminate INT TERM

 echo "starting zerotier"
 setsid /usr/sbin/zerotier-one &
+ZT_PID=$!

-while ! grepzt
-do
+# Wait for zerotier to be responsive
+until zerotier-cli info >/dev/null 2>&1; do
  echo "zerotier hasn't started, waiting a second"
  sleep 1
 done

-echo "joining networks: $ZT_NETWORK"
+# Set IPTables to allow NATting
+sysctl -w net.ipv4.ip_forward=1 > /dev/null

-echo "joining $ZT_NETWORK"
+echo "joining networks: ${ZT_NETWORKS:-}"

-while ! zerotier-cli join "$ZT_NETWORK"
-do 
-    echo "joining $ZT_NETWORK failed; trying again in 1s"
+for n in ${ZT_NETWORKS:-}; do
+  echo "joining $n"
+
+  until zerotier-cli join "$n"; do
+    echo "joining $n failed; trying again in 1s"
    sleep 1
  done

+  if [ "${ZT_BRIDGE:-true}" = "true" ]; then
+    ZT_IFACE=$(zerotier-cli get "$n" portDeviceName)
+    PHY_IFACE=eth0
+    echo "Configuring iptables on ${ZT_IFACE}"

-### Set IPTables to allow NATting
-echo "setting up NATting"
-sysctl -w net.ipv4.ip_forward=1
-PHY_IFACE=eth0; ZT_IFACE=$(ls /sys/class/net | grep ^zt)
+    # idempotent rules
+    iptables -t nat -C POSTROUTING -o "$PHY_IFACE" -j MASQUERADE 2>/dev/null || iptables -t nat -A POSTROUTING -o "$PHY_IFACE" -j MASQUERADE
+    iptables -t nat -C POSTROUTING -o "$ZT_IFACE" -j MASQUERADE 2>/dev/null || iptables -t nat -A POSTROUTING -o "$ZT_IFACE" -j MASQUERADE
+    iptables -C FORWARD -i "$PHY_IFACE" -o "$ZT_IFACE" -j ACCEPT 2>/dev/null || iptables -A FORWARD -i "$PHY_IFACE" -o "$ZT_IFACE" -j ACCEPT
+    iptables -C FORWARD -i "$ZT_IFACE" -o "$PHY_IFACE" -j ACCEPT 2>/dev/null || iptables -A FORWARD -i "$ZT_IFACE" -o "$PHY_IFACE" -j ACCEPT
+  fi
+done

-iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
-iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
-iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT
+# Give ZT a second to realise it's online
+sleep 10

-echo "iptables --list-rules"
-echo "$(ip a)"
+# Print Client Info
+zerotier-cli info || true

-sleep infinity
+# Keep the container running while zerotier-one is alive
+wait "$ZT_PID"
--- a/package.json
+++ b/package.json
@@ -0,0 +1,3 @@
+{
+  "version": "1.2.3"
+}
Author	SHA1	Message	Date
Conventional Changelog Action	57afc23fd7	chore 🤖: Release v1.2.3 [skip ci]	2025-10-26 16:28:50 +00:00
Josh Jacobs	ab60a1c20e	chore: adjust Docker build workflow to conditionally push images	2025-10-26 16:24:01 +00:00
Josh Jacobs	e0c38935ba	Merge branch 'main' of github.com:dangeroustech/ZeroTierBridge	2025-10-26 16:21:53 +00:00
Conventional Changelog Action	b4e2f4c92a	chore 🤖: Release v1.2.2 [skip ci]	2025-10-26 16:19:47 +00:00
Josh Jacobs	57390dc7c1	chore: standardize Dockerfile syntax for clarity	2025-10-26 16:19:28 +00:00
Josh J	4fd71dafa3	Merge pull request #36 from dangeroustech/general-updates General Best Practise Updates	2025-10-26 16:17:36 +00:00
Josh Jacobs	e0cd6af05f	chore: enhance Dockerfile architecture detection for ZeroTier installation - Improved architecture detection logic to support additional ARM variants (armhf, armv7). - Added error handling for unsupported architectures. - Updated download command to provide clearer output during the installation process. No functional changes intended; enhances robustness and maintainability of the Dockerfile.	2025-10-26 15:54:34 +00:00
Josh Jacobs	2756d3b0c8	chore: harden compose + entrypoint; docs refresh; ignore artifacts; dependabot - docker-compose.yml.example: drop privileged; add cap_add (NET_ADMIN, NET_RAW) and sysctls; quote env vars - entrypoint.sh: add strict mode + traps; wait for service; idempotent iptables; graceful shutdown - README.md: update to multi-arch + non-privileged run guidance; fix examples - .gitignore: ignore sbom.spdx.json and results.sarif - .github/dependabot.yml: monitor Dockerfiles weekly No functional changes intended; improves security, robustness, and maintainability.	2025-10-26 15:50:49 +00:00
Josh Jacobs	efd0c51fcf	chore: add .gitignore to exclude SBOM and SARIF files from version control	2025-10-26 15:48:16 +00:00
Josh Jacobs	07d0fe437e	chore: remove SARIF and SPDX files from the repository to streamline project structure and reduce unnecessary artifacts	2025-10-26 15:46:14 +00:00
Conventional Changelog Action	be8a266eb4	chore 🤖: Release v1.2.1 [skip ci]	2025-10-26 15:42:35 +00:00
Josh Jacobs	9ab36f2593	ci: simplify multi-arch build, add cache & concurrency; fix release token - Add workflow-level concurrency to avoid overlapping releases - Enable BuildKit cache (GHA) for faster Docker builds - Simplify to a single multi-arch build (linux/amd64, linux/arm64) - Remove digest export/upload and manifest merge steps - Push manifest directly from buildx with tag `latest` - Fix GitHub Release token casing to use `secrets.GITHUB_TOKEN` - Update Dockerfile to use TARGETARCH for correct package selection - Pass VERSION consistently; write version to image No functional change to runtime behavior expected; improves speed, reliability, and maintainability of the release pipeline.	2025-10-26 15:38:44 +00:00
Josh Jacobs	aa8459d5e7	Merge branch 'main' of github.com:dangeroustech/ZeroTierBridge	2025-10-26 15:26:46 +00:00
Josh Jacobs	2e84ed575c	refactor(workflow): rename MergeRefs job to clarify purpose	2025-10-26 15:26:41 +00:00
Conventional Changelog Action	efc5c3aadb	chore 🤖: Release v1.2.0 [skip ci]	2025-10-26 15:22:59 +00:00
Josh Jacobs	96ebbf805d	fix(workflow): update artifact naming and handling in docker-build.yml - Changed artifact name to include architecture in upload step. - Updated download step to use a pattern for artifact names and enabled merging of multiple artifacts.	2025-10-26 15:19:15 +00:00
Josh Jacobs	7d643e3ff6	feat(docker): add health check to Dockerfile for zerotier-cli	2025-10-26 15:16:30 +00:00
Josh Jacobs	07cefedf03	chore(docker): pin package versions in Dockerfile	2025-10-26 15:13:13 +00:00
dependabot[bot]	9a725ba61f	chore(deps): bump softprops/action-gh-release from 1 to 2 Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: '2' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-26 15:04:48 +00:00
dependabot[bot]	c82c86099a	chore(deps): bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-26 15:04:37 +00:00
dependabot[bot]	13f56130ca	chore(deps): bump anchore/scan-action from 3 to 7 Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 3 to 7. - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/scan-action/compare/v3...v7) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-26 15:04:10 +00:00
dependabot[bot]	6a3d0a9f23	chore(deps): bump docker/build-push-action from 5 to 6 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-26 15:02:58 +00:00
dependabot[bot]	b08ce9f821	chore(deps): bump github/codeql-action from 2 to 4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-26 15:02:47 +00:00
dependabot[bot]	e987eeb8f4	chore(deps): bump TriPSs/conventional-changelog-action from 3 to 6 Bumps [TriPSs/conventional-changelog-action](https://github.com/tripss/conventional-changelog-action) from 3 to 6. - [Release notes](https://github.com/tripss/conventional-changelog-action/releases) - [Changelog](https://github.com/TriPSs/conventional-changelog-action/blob/releases/v6/CHANGELOG.md) - [Commits](https://github.com/tripss/conventional-changelog-action/compare/v3...v6) --- updated-dependencies: - dependency-name: TriPSs/conventional-changelog-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-26 15:02:32 +00:00
dependabot[bot]	85cd3af0ff	chore(deps): bump actions/download-artifact from 3 to 6 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 6. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3...v6) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-26 15:02:08 +00:00
dependabot[bot]	3c0a4bb93e	chore(deps): bump actions/upload-artifact from 3 to 5 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-26 14:58:09 +00:00
Josh Jacobs	8a260aebd1	chore: add dependabot configuration for GitHub Actions updates	2025-10-26 14:54:23 +00:00
Josh Jacobs	4d565215c5	chore: update base image in Dockerfile to Debian 12.6	2025-10-26 14:47:09 +00:00
Conventional Changelog Action	a831772404	chore 🤖: Release v1.1.2 [skip ci]	2023-10-18 07:59:04 +00:00
Josh J	7ad182fba6	docs: update docs fixes: #22	2023-10-18 08:55:29 +01:00
Conventional Changelog Action	fbdc16952c	chore 🤖: Release v1.1.1 [skip ci]	2023-10-17 08:13:35 +00:00
Josh J	704859e91a	ci: changelog needs permissions to commit to repo consider breaking this out into another workflow to segregate permission	2023-10-17 09:09:03 +01:00
Josh J	63e3bea752	ci: must checkout before changelog	2023-10-17 08:59:47 +01:00
Josh J	fdd8bbbdda	ci: needs to be able to publish security reports	2023-10-17 08:52:23 +01:00
Josh J	546eeac920	Merge pull request #24 from dangeroustech/biodrone/issue22 ci: add permissions to actions file	2023-10-17 08:47:21 +01:00
Josh J	ffea17e8e8	ci: only do final build on main branch oitherwise there's no tag to pull from	2023-10-17 08:43:10 +01:00
josh	b144c39680	ci: only build PRs with main as base	2023-10-03 07:21:37 +00:00
josh	a48a9286a2	ci: only build issue branches	2023-10-03 07:19:51 +00:00
josh	511a78b182	ci: only build assigned PRs	2023-10-03 07:18:49 +00:00
josh	2d7d9c7f3b	ci: add permissions to actions file	2023-10-03 07:08:31 +00:00
josh	46ee60cbc9	fix: set latest tag	2023-09-23 22:31:27 +00:00
josh	bca9ec3df7	fix: 401	2023-09-23 21:49:35 +00:00
josh	5cd683cb7a	fix: remove tag to hopefully fix digest pushing	2023-09-23 21:44:42 +00:00
josh	8d550748cd	fix: push by digest again	2023-09-23 21:39:53 +00:00
josh	f8d73263fd	fix: re-setup buildx	2023-09-23 21:33:13 +00:00
josh	2c987a3bbe	fix: push by digest is breaking things	2023-09-23 21:30:17 +00:00
josh	be55349cef	fix: correct deps	2023-09-23 21:28:42 +00:00
josh	593036c8ad	fix: correct multiplatform builds because apparently manifests are too difficult	2023-09-23 21:27:47 +00:00
Conventional Changelog Action	74c33dff3e	chore 🤖: Release v1.1.0 [skip ci]	2023-09-23 21:07:49 +00:00
josh	aab5c079dc	feat: multi-platform builds	2023-09-23 21:06:25 +00:00
Conventional Changelog Action	344e30a1f0	chore 🤖: Release v1.0.13 [skip ci]	2023-09-22 21:10:45 +00:00
josh	d3f10891c8	sec: lower vuln threshold	2023-09-22 21:09:20 +00:00
Conventional Changelog Action	7eb72f78f3	chore 🤖: Release v1.0.12 [skip ci]	2023-09-22 21:04:55 +00:00
josh	6e3c2690fc	fix: correct double message	2023-09-22 21:03:32 +00:00
Conventional Changelog Action	b651c5f8e9	chore 🤖: Release v1.0.11 [skip ci] [skip ci]	2023-09-22 20:59:18 +00:00
Josh J	9908f656e7	Merge pull request #21 from dangeroustech/biodrone/issue20 Biodrone/issue20	2023-09-22 21:57:40 +01:00
josh	977df48644	fix: only alert on CVEs that have a fix	2023-09-22 20:54:49 +00:00
josh	fed1c28602	fix: pull correct deb package	2023-09-22 20:50:14 +00:00
josh	b5e79ae24d	Fix Grype Detected Security Problemos Fixes #20	2023-09-22 20:49:29 +00:00
Conventional Changelog Action	09370a89a7	chore 🤖: Release v1.0.10 [skip ci] [skip ci]	2023-09-22 20:46:03 +00:00
Josh J	1c41eb9e1b	Merge pull request #19 from dangeroustech/biodrone/issue11 Integrate Grype for Scanning	2023-09-22 21:44:42 +01:00
josh	89e29531f0	fix: upload sarif file	2023-09-22 20:37:00 +00:00
josh	ec84d91bc3	Integrate Grype for Scanning Fixes #11	2023-09-22 20:31:11 +00:00
Conventional Changelog Action	9cc7d36434	chore 🤖: Release v1.0.9 [skip ci] [skip ci]	2023-09-22 20:27:17 +00:00
josh	ab9c1c4816	ci: remove duplicate artifact upload	2023-09-22 20:26:27 +00:00
Conventional Changelog Action	f94f69a8f7	chore 🤖: Release v1.0.8 [skip ci] [skip ci]	2023-09-22 20:25:23 +00:00
josh	24c26bea0d	ci: specify file output	2023-09-22 20:24:38 +00:00
Conventional Changelog Action	3b4b067420	chore 🤖: Release v1.0.7 [skip ci] [skip ci]	2023-09-22 20:22:45 +00:00
josh	8e6724ef25	ci: simplify sbom	2023-09-22 20:21:51 +00:00
Conventional Changelog Action	dfc86697e4	chore 🤖: Release v1.0.6 [skip ci] [skip ci]	2023-09-22 20:12:09 +00:00
josh	3a0be9b7dd	ci: running on published instead of just created	2023-09-22 20:11:06 +00:00
Conventional Changelog Action	e9b9340604	chore 🤖: Release v1.0.5 [skip ci] [skip ci]	2023-09-22 20:08:08 +00:00
josh	c47edea183	ci: move sbom into it's own file	2023-09-22 20:07:21 +00:00
Conventional Changelog Action	ffb7b6f1db	chore 🤖: Release v1.0.4 [skip ci] [skip ci]	2023-09-22 20:02:19 +00:00
josh	44e70e01be	ci: test shifting sbom around	2023-09-22 20:01:20 +00:00
Conventional Changelog Action	c35e2e6641	chore 🤖: Release v1.0.3 [skip ci] [skip ci]	2023-09-22 19:48:20 +00:00
Josh J	22a62a4c6f	Merge pull request #18 from dangeroustech/biodrone/issue12 Integrate syft for SBOM	2023-09-22 20:47:13 +01:00
josh	ad8063651d	Integrate syft for SBOM Fixes #12	2023-09-22 19:41:17 +00:00
Conventional Changelog Action	8537d1c215	chore 🤖: Release v1.0.2 [skip ci] [skip ci]	2023-09-22 19:35:17 +00:00
josh	c34324b998	fix: quick filter to not release on PRs	2023-09-22 19:34:26 +00:00
Conventional Changelog Action	278abf43b9	chore 🤖: Release v1.0.1 [skip ci] [skip ci]	2023-09-22 19:25:03 +00:00
josh	bc56fb09ad	ci: update workflow name	2023-09-22 19:23:33 +00:00
Conventional Changelog Action	9794058682	chore 🤖: Release v1.0.0 [skip ci] [skip ci]	2023-09-22 19:21:37 +00:00
Josh J	48318331c8	Merge pull request #17 from dangeroustech/biodrone/issue16 Add a CI Release Process	2023-09-22 20:20:29 +01:00
josh	ab80272f60	Add a CI Release Process Fixes #16	2023-09-22 19:18:19 +00:00
Josh J	d25c3a6c78	Merge pull request #15 from dangeroustech/biodrone/issue10 Update Actions Workflow to Push to registry.dangerous.tech	2023-09-22 16:19:55 +01:00
josh	3a5eb50b13	fix: ci: use full registry name	2023-09-22 13:13:59 +00:00
josh	f461592cbf	chore: update dep versions	2023-09-22 13:11:59 +00:00
josh	fc24b78d4a	fix: ci: lowercase tag names	2023-09-22 13:03:36 +00:00
josh	3b29bee4c6	fix: ci: use correct registry	2023-09-22 13:00:14 +00:00
josh	7755601a81	Update Actions Workflow to Push to registry.dangerous.tech Fixes #10	2023-09-22 12:58:31 +00:00
Josh J	2fd87a92bd	Merge pull request #14 from dangeroustech/add_pr_workflow ci: run workflow on PR	2023-09-22 13:41:07 +01:00
Josh J	b147b64d47	ci: run workflow on PR	2023-09-22 13:39:53 +01:00
Josh J	b68f0a7027	Merge pull request #13 from dangeroustech/biodrone/issue9 Update ZeroTier Default Version	2023-09-22 13:25:57 +01:00
josh	1298cea4fa	fix: add openssl dep and remove pinning will re-add pinning as a future task once the container works again	2023-09-22 12:23:33 +00:00
josh	7f56fec689	fix: set proper workdir	2023-09-22 12:18:33 +00:00
josh	dd0e88bbcf	Update to latest ZT version Fixes #9	2023-09-22 12:17:02 +00:00
Josh J	c9f0407e8e	Merge pull request #7 from dangeroustech/docs/formatting docs📚 : spaces aren't spaces sometimes...	2021-10-27 11:35:12 +01:00
josh.jacobs	8e628a0c0d	docs📚 : spaces aren't spaces sometimes...	2021-10-27 11:34:37 +01:00
Josh J	8c691ddae6	Merge pull request #6 from dangeroustech/docs/add-prerequisites docs 📚: add prerequisites	2021-10-27 10:53:27 +01:00
Josh J	7f3784df9a	docs 📚: add prerequisites	2021-10-27 10:52:30 +01:00
Josh J	672005dfc7	Merge pull request #5 from dangeroustech/chore/1.6.6-bump chore 🤖: bump binary version to 1.6.6	2021-10-27 10:47:51 +01:00
Josh J	3cd18b4324	chore 🤖: bump binary version to 1.6.6	2021-10-27 10:46:47 +01:00
Josh Jacobs	90cf5b1684	fix: allow bi-directional traffic initiation	2021-10-21 19:05:36 +01:00
Josh Jacobs	5c7a14da17	ci: cleanup	2021-10-21 18:03:53 +01:00
Josh J	a9fb0015ff	ci: im tired forgive me	2021-08-17 16:26:01 +01:00
Josh J	a72e845fc7	ci: sigh 2 electric boogaloo	2021-08-17 16:24:27 +01:00
Josh J	0122360312	ci: sigh	2021-08-17 16:23:27 +01:00
Josh J	2fc784c0ae	ci: fix ci	2021-08-17 16:22:19 +01:00
Josh J	97a4179d8e	ci: add github action to push image	2021-08-17 16:14:14 +01:00
Josh J	7d16c2b66d	Merge pull request #4 from dangeroustech/feature/multiple_networks feat: support multiple zt network joins	2021-08-13 12:44:41 +01:00
Josh Jacobs	09424b35b4	docs: update readme to reflect changes	2021-08-13 12:44:19 +01:00
Josh Jacobs	556195cd64	feat: support multiple zt network joins feat: add ZT_BRIDGE to control bridge functionality	2021-08-13 12:31:24 +01:00
Josh Jacobs	64e4a473e7	docs: TODO cleanup	2021-08-13 11:30:08 +01:00
Josh Jacobs	3e65156a3c	fix: standardise network env again	2021-08-13 11:28:16 +01:00
Josh J	c3876c3251	Merge pull request #1 from dangeroustech/add-compose add docker-compose.yml	2021-08-13 11:26:24 +01:00
Josh Jacobs	f902dcc0c4	feat: add docker-compose.yml	2021-08-13 11:24:20 +01:00
Josh Jacobs	0745296487	docs: comment formatting	2021-08-13 11:24:08 +01:00
Josh Jacobs	6c4a1a6c1c	style: cleaned up some useless debug info	2021-08-13 11:23:12 +01:00
Josh J	6d4e2031cd	Update README.md	2021-08-12 19:28:53 +01:00