Add option to configure Docker to use Cloudflare WARP for dns resolut…

…ion on Linux runners
Boostport · Nov 11, 2024 · 43811a2 · 43811a2
1 parent 64c7f44
commit 43811a2
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -33,6 +33,7 @@ with:
 - `organization` - (required) The name of your Cloudflare Zero Trust organization.
 - `auth_client_id` - (required) The service token client id.
 - `auth_client_secret` - (required) The service token client secret.
+- `configure_docker_dns` - (optional) Configure Docker to use Cloudflare WARP for DNS resolution. Defaults to `false`.
 
 ## Cloudflare Permissions
 > [!TIP]

diff --git a/action.yml b/action.yml
@@ -12,6 +12,9 @@ inputs:
   auth_client_secret:
     description: 'The service token client secret'
     required: true
+  configure_docker_dns:
+    description: 'Configure Docker to use Cloudflare WARP for DNS resolution'
+    default: 'false'
 runs:
   using: 'node20'
   main: 'dist/index.js'

diff --git a/lib/setup-cloudflare-warp.js b/lib/setup-cloudflare-warp.js
@@ -118,6 +118,18 @@ async function writeWindowsConfiguration(
   fs.writeFileSync("C:\\ProgramData\\Cloudflare\\mdm.xml", config);
 }
 
+async function configureLinuxDockerDNS() {
+  // Set up resolved DNS stub listener on alternative IP as docker does not support DNS servers on 127.x.x.x
+  await exec.exec(
+    'echo "DNSStubListenerExtra=172.17.0.1" | sudo tee -a /etc/systemd/resolved.conf',
+  );
+  await exec.exec(
+    "cat /etc/docker/daemon.json | jq '.dns=[\"172.17.0.1\"]' | sudo tee /etc/docker/daemon.json",
+  );
+  await exec.exec("sudo systemctl restart systemd-resolved");
+  await exec.exec("sudo systemctl restart docker");
+}
+
 async function checkWARPRegistration(organization, is_registered) {
   let output = "";
   const options = {};
@@ -174,9 +186,15 @@ export async function run() {
   const auth_client_secret = core.getInput("auth_client_secret", {
     required: true,
   });
+  const configure_docker_dns = core.getBooleanInput("configure_docker_dns", {
+    required: false,
+  });
 
   switch (process.platform) {
     case "linux":
+      if (configure_docker_dns) {
+        await configureLinuxDockerDNS();
+      }
       await writeLinuxConfiguration(
         organization,
         auth_client_id,