--- # template source: https://github.com/bretfisher/docker-build-workflow/blob/main/templates/call-docker-build.yaml name: Docker Build on: workflow_dispatch: {} push: branches: - main paths-ignore: - 'README.md' - 'chart/**' # cancel any previously-started, yet still active runs of this workflow on the same branch concurrency: group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true jobs: build-and-push-image: runs-on: ubuntu-latest steps: - name: Login to Gitea Container Registry run: | mkdir -p ~/.docker cat < /root/.docker/config.json { "auths": { "gitea.arcodange.duckdns.org": { "auth": "$(echo ${{ github.actor }}:${{ secrets.PACKAGES_TOKEN }} | base64)" } } } EOF chmod 644 /root/.docker/config.json chmod 755 /root/.docker/ - name: git checkout uses: actions/checkout@v4 - name: prepare proxy run: | apt update apt install python3-requests python3-socks -y cat < /tmp/pyproxy import socket import http.server import socketserver from urllib.parse import urlparse import requests PIHOLE_IP = "192.168.1.201" # IP de Pi-hole PROXY_PORT = 8888 def resolve_via_pihole(hostname): """Résout un nom d'hôte via Pi-hole.""" try: # Force la résolution DNS via Pi-hole socket.setdefaulttimeout(5) return socket.gethostbyname(hostname) except socket.gaierror: return None class ProxyHandler(http.server.BaseHTTPRequestHandler): def do_GET(self): url = urlparse(self.path) hostname = url.hostname if not hostname: self.send_error(400, "Bad Request: No hostname") return # Résolution DNS via Pi-hole resolved_ip = resolve_via_pihole(hostname) if not resolved_ip: self.send_error(404, f"DNS resolution failed for {hostname}") return # Relayer la requête vers la destination try: response = requests.get(f"http://{hostname}{url.path}", timeout=10) self.send_response(response.status_code) for header, value in response.headers.items(): self.send_header(header, value) self.end_headers() self.wfile.write(response.content) except Exception as e: self.send_error(500, f"Proxy error: {str(e)}") def do_CONNECT(self): # Gestion des requêtes HTTPS (tunnel) hostname = self.path.split(":")[0] resolved_ip = resolve_via_pihole(hostname) if not resolved_ip: self.send_error(404, f"DNS resolution failed for {hostname}") return try: self.send_response(200) self.end_headers() # Établir un tunnel vers la destination remote_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) remote_socket.connect((resolved_ip, 443)) self._tunnel(remote_socket) except Exception as e: self.send_error(500, f"Tunnel error: {str(e)}") def _tunnel(self, remote_socket): """Relaye les données entre le client et le serveur distant.""" while True: data = self.rfile.read(8192) if not data: break remote_socket.sendall(data) response = remote_socket.recv(8192) if not response: break self.wfile.write(response) if __name__ == "__main__": with socketserver.TCPServer(("", PROXY_PORT), ProxyHandler) as httpd: print(f"Proxy démarré sur le port {PROXY_PORT}") httpd.serve_forever() EOT - name: Build and push image to Gitea Container Registry run: |- python3 /tmp/pyproxy & TAGS="latest ${{ github.ref_name }}" docker build -t app . for TAG in $TAGS; do docker tag app gitea.arcodange.duckdns.org/${{ github.repository }}:$TAG # export HTTPS_PROXY=192.168.1.201:8082 export HTTPS_PROXY=http://127.0.0.1:8888 docker push gitea.arcodange.duckdns.org/${{ github.repository }}:$TAG unset HTTPS_PROXY done