feat: initial implementation

.github/docker/entrypoint.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+user=p2pforge
+
+if [ -n "$DOCKER_DEBUG" ]; then
+   set -x
+fi
+
+if [ `id -u` -eq 0 ]; then
+    echo "Changing user to $user"
+    exec su-exec "$user" "$0" $@
+fi
+
+# Only supported user can get here
+p2p-forge --version
+
+exec p2p-forge $@

.github/docker/get-docker-tags.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+# get-docker-tags.sh produces Docker tags for the current build
+#
+# Usage:
+#   ./get-docker-tags.sh <build number> <git commit sha1> <git branch name> [git tag name]
+#
+# Example:
+#
+#   # get tag for the main branch
+#   ./get-docker-tags.sh $(date -u +%F) testingsha main
+#
+#   # get tag for a release tag
+#   ./get-docker-tags.sh $(date -u +%F) testingsha release v0.5.0
+#
+#   # Serving suggestion in CI
+#   ./get-docker-tags.sh $(date -u +%F) "$CI_SHA1" "$CI_BRANCH" "$CI_TAG"
+#
+set -euo pipefail
+
+if [[ $# -lt 1 ]] ; then
+  echo 'At least 1 arg required.'
+  echo 'Usage:'
+  echo './get-docker-tags.sh <build number> [git commit sha1] [git branch name] [git tag name]'
+  exit 1
+fi
+
+BUILD_NUM=$1
+GIT_SHA1=${2:-$(git rev-parse HEAD)}
+GIT_SHA1_SHORT=$(echo "$GIT_SHA1" | cut -c 1-7)
+GIT_BRANCH=${3:-$(git symbolic-ref -q --short HEAD || echo "unknown")}
+GIT_TAG=${4:-$(git describe --tags --exact-match 2> /dev/null || echo "")}
+
+IMAGE_NAME=${IMAGE_NAME:-ipshipyard/p2p-forge}
+
+echoImageName () {
+  local IMAGE_TAG=$1
+  echo "$IMAGE_NAME:$IMAGE_TAG"
+}
+
+if [[ $GIT_TAG =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc ]]; then
+  echoImageName "$GIT_TAG"
+
+elif [[ $GIT_TAG =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+  echoImageName "$GIT_TAG"
+  echoImageName "latest"
+
+elif [ "$GIT_BRANCH" = "main" ] || [ "$GIT_BRANCH" = "staging" ]; then
+  echoImageName "${GIT_BRANCH}-${BUILD_NUM}-${GIT_SHA1_SHORT}"
+  echoImageName "${GIT_BRANCH}-latest"
+
+else
+  echo "Nothing to do. No docker tag defined for branch: $GIT_BRANCH, tag: $GIT_TAG"
+
+fi

.github/workflows/docker.yml

@@ -0,0 +1,69 @@
+name: Create and publish a Docker image
+
+on:
+  workflow_dispatch:
+  push:
+    branches: ['main', 'staging']
+    tags: ['v*']
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Get tags
+        id: tags
+        env:
+          IMAGE_NAME: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        run: |
+          echo "value<<EOF" >> $GITHUB_OUTPUT
+          ./.github/docker/get-docker-tags.sh "$(date -u +%F)" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+        shell: bash
+      - name: Build Docker image and publish to Docker Hub
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm/v7,linux/arm64/v8
+          context: .
+          push: true
+          file: ./Dockerfile
+          tags: "${{ steps.tags.outputs.value }}"
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache to limit growth
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/go-check.yml

@@ -0,0 +1,18 @@
+name: Go Checks
+
+on:
+  pull_request:
+  push:
+    branches: ["main"]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event_name == 'push' && github.sha || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  go-check:
+    uses: ipdxco/unified-github-workflows/.github/workflows/go-check.yml@v1.0

.github/workflows/go-test-config.json

@@ -0,0 +1,3 @@
+{
+    "skip32bit": true
+}

.github/workflows/go-test.yml

@@ -0,0 +1,22 @@
+name: Go Test
+
+on:
+  pull_request:
+  push:
+    branches: ["main"]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event_name == 'push' && github.sha || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  go-test:
+    uses: ipdxco/unified-github-workflows/.github/workflows/go-test.yml@v1.0
+    with:
+      go-versions: '["this"]'
+    secrets:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/release-check.yml

@@ -0,0 +1,19 @@
+name: Release Checker
+
+on:
+  pull_request_target:
+    paths: [ 'version.json' ]
+    types: [ opened, synchronize, reopened, labeled, unlabeled ]
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  release-check:
+    uses: ipdxco/unified-github-workflows/.github/workflows/release-check.yml@v1.0

.github/workflows/releaser.yml

@@ -0,0 +1,17 @@
+name: Releaser
+
+on:
+  push:
+    paths: [ 'version.json' ]
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.sha }}
+  cancel-in-progress: true
+
+jobs:
+  releaser:
+    uses: ipdxco/unified-github-workflows/.github/workflows/releaser.yml@v1.0

.github/workflows/tagpush.yml

@@ -0,0 +1,18 @@
+name: Tag Push Checker
+
+on:
+  push:
+    tags:
+      - v*
+
+permissions:
+  contents: read
+  issues: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  releaser:
+    uses: ipdxco/unified-github-workflows/.github/workflows/tagpush.yml@v1.0

.gitignore

@@ -0,0 +1,6 @@
+cmd/db.*
+cmd/Corefile
+cmd/cmd
+p2p-forge
+p2p-forge-certs/
+badger.libp2p-direct-challenges/

Corefile

@@ -0,0 +1,8 @@
+libp2p.direct {
+    log
+    errors
+    any # RFC 8482
+    prometheus localhost:9253
+    ipparser libp2p.direct
+    file zones/libp2p.direct
+}

Dockerfile

@@ -0,0 +1,61 @@
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.23-bookworm AS builder
+
+LABEL org.opencontainers.image.source=https://github.com/ipshipyard/p2p-forge
+LABEL org.opencontainers.image.documentation=https://github.com/ipshipyard/p2p-forge#docker
+LABEL org.opencontainers.image.description="An Authoritative DNS server for distributing DNS subdomains to libp2p peers"
+# TODO: decide license: LABEL org.opencontainers.image.licenses=MIT+APACHE_2.0
+
+
+# This builds p2p-forge
+
+ARG TARGETPLATFORM TARGETOS TARGETARCH
+
+ENV GOPATH="/go"
+ENV SRC_PATH="$GOPATH/src/github.com/ipshipyard/p2p-forge"
+ENV GO111MODULE=on
+ENV GOPROXY="https://proxy.golang.org"
+
+COPY go.* $SRC_PATH/
+WORKDIR $SRC_PATH
+RUN go mod download
+
+COPY . $SRC_PATH
+RUN git config --global --add safe.directory /go/src/github.com/ipshipyard/p2p-forge
+
+RUN --mount=target=. \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg \
+    CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o $GOPATH/bin/p2p-forge
+
+#------------------------------------------------------
+FROM debian:bookworm-slim
+
+# Instal binaries for $TARGETARCH
+RUN apt-get update && \
+  apt-get install --no-install-recommends -y tini ca-certificates libcap2-bin && \
+  rm -rf /var/lib/apt/lists/*
+
+ENV GOPATH="/go"
+ENV SRC_PATH="$GOPATH/src/github.com/ipshipyard/p2p-forge"
+ENV P2P_FORGE_PATH="/p2p-forge"
+
+COPY --from=builder $GOPATH/bin/p2p-forge /usr/local/bin/p2p-forge
+COPY --from=builder $SRC_PATH/.github/docker/entrypoint.sh /usr/local/bin/entrypoint.sh
+
+# TODO: for now we bundle configuration, but can be customized by
+# mounting custom files on top of ones from image
+COPY --from=builder $SRC_PATH/Corefile $P2P_FORGE_PATH/Corefile
+COPY --from=builder $SRC_PATH/zones $P2P_FORGE_PATH/zones
+
+RUN mkdir -p $P2P_FORGE_PATH && \
+  useradd -d $P2P_FORGE_PATH -u 1000 -G users p2pforge && \
+  chown p2pforge:users $P2P_FORGE_PATH && \
+  setcap cap_net_bind_service=+ep /usr/local/bin/p2p-forge
+
+VOLUME $P2P_FORGE_PATH
+WORKDIR $P2P_FORGE_PATH
+USER p2pforge
+EXPOSE 53 53/udp
+EXPOSE 443
+EXPOSE 9253
+ENTRYPOINT ["tini", "--", "/usr/local/bin/entrypoint.sh"]