From 6898c8be42dcb8cb6f5b11ede2c54138666325d3 Mon Sep 17 00:00:00 2001
From: Mohammad Hemmati <m.kemeshki@gmail.com>
Date: Fri, 27 Mar 2026 18:52:26 +0330
Subject: [PATCH] add docker

---
 .github/workflows/docker.yml | 47 ++++++++++++++++++++++++++++++++++++
 Dockerfile                   | 38 +++++++++++++++++++++++++++++
 2 files changed, 85 insertions(+)
 create mode 100644 .github/workflows/docker.yml
 create mode 100644 Dockerfile

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
new file mode 100644
index 00000000..7de768ff
--- /dev/null
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,47 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches: [ "main" ]
+    tags:
+      - 'v*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/masterdnsvpn
+          tags: |
+            # version from tag (v1.2.3 -> 1.2.3)
+            type=semver,pattern={{version}}
+            # full tag (v1.2.3)
+            type=ref,event=tag
+            # latest only on default branch
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..7ea52a98
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,38 @@
+# ---------- BUILD STAGE ----------
+FROM golang:1.25-alpine AS builder
+
+WORKDIR /app
+RUN apk add --no-cache git
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY . .
+
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
+    go build -ldflags="-s -w" -o server ./cmd/server && \
+    go build -ldflags="-s -w" -o client ./cmd/client
+
+# ---------- RUNTIME ----------
+FROM alpine:3.20
+
+WORKDIR /app
+
+RUN adduser -D appuser
+
+COPY --from=builder /app/server /usr/local/bin/server
+COPY --from=builder /app/client /usr/local/bin/client
+
+USER appuser
+
+# DNS port
+EXPOSE 53/udp
+
+# select mode: server (default) or client
+ENV MODE=server
+
+# entrypoint wrapper
+ENTRYPOINT ["/bin/sh", "-c", "if [ \"$MODE\" = \"client\" ]; then exec client \"$@\"; else exec server \"$@\"; fi", "--"]
+
+# default args
+CMD ["--help"]