Merge pull request #95 from sameersbn/new-releases

release 9.16.1-20200524

.circleci/config.yml

@@ -0,0 +1,327 @@
+version: 2.1
+
+orbs:
+  shellcheck: circleci/shellcheck@1.3.16
+  docker: circleci/docker@1.0.1
+  go: circleci/go@1.1.1
+
+commands:
+  docker-build:
+    description: |
+      Build and optionally deploy a Docker images
+    parameters:
+      dockerfile:
+        default: Dockerfile
+        description: 'Name of dockerfile to use, defaults to Dockerfile'
+        type: string
+      extra_build_args:
+        default: ''
+        description: >
+          Extra flags to pass to docker build. For examples, see
+          https://docs.docker.com/engine/reference/commandline/build
+        type: string
+      registry:
+        default: docker.io
+        description: |
+          Comma separated list of registry to use, defaults to docker.io
+        type: string
+      image:
+        description: Name of image to build
+        type: string
+      tag:
+        default: $CIRCLE_SHA1
+        description: 'Image tag, defaults to the value of $CIRCLE_SHA1'
+        type: string
+      path:
+        default: .
+        description: >
+          Path to the directory containing your Dockerfile and build context,
+          defaults to . (working directory)
+        type: string
+      cache_from:
+        default: ''
+        description: >
+          Comma-separated list of images, images will first be pulled, then passed
+          as the --cache-from build argument
+          https://docs.docker.com/engine/reference/commandline/build/
+        type: string
+      no_output_timeout:
+        default: 10m
+        description: |
+          No output timeout for build step
+        type: string
+    steps:
+      - when:
+          condition: <<parameters.cache_from>>
+          steps:
+            - run:
+                name: Build image for <<parameters.registry>>
+                no_output_timeout: <<parameters.no_output_timeout>>
+                command: >
+                  echo "<<parameters.cache_from>>" | sed -n 1'p' | tr ',' '\n' |
+                  while read image; do
+                    echo "Pulling ${image}";
+                    docker pull ${image} || true
+                  done
+
+                  docker_tag_args=""
+
+                  IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>"
+
+                  for registry in "${DOCKER_REGISTRIES[@]}"; do
+                    IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>"
+
+                    for tag in "${DOCKER_TAGS[@]}"; do
+                      docker_tag_args="$docker_tag_args -t $registry/<<parameters.image>>:${tag}"
+                    done
+                  done
+
+                  docker build
+                  <<#parameters.extra_build_args>><<parameters.extra_build_args>><</parameters.extra_build_args>>
+                  \
+                    --cache-from <<parameters.cache_from>> \
+                    -f <<parameters.path>>/<<parameters.dockerfile>> \
+                    $docker_tag_args \
+                    <<parameters.path>>
+      - unless:
+          condition: <<parameters.cache_from>>
+          steps:
+            - run:
+                name: Building image for <<parameters.registry>>
+                no_output_timeout: <<parameters.no_output_timeout>>
+                command: >
+                  docker_tag_args=""
+
+                  IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>"
+
+                  for registry in "${DOCKER_REGISTRIES[@]}"; do
+                    IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>"
+
+                    for tag in "${DOCKER_TAGS[@]}"; do
+                      docker_tag_args="$docker_tag_args -t $registry/<<parameters.image>>:${tag}"
+                    done
+                  done
+
+                  docker build
+                  <<#parameters.extra_build_args>><<parameters.extra_build_args>><</parameters.extra_build_args>>
+                  \
+                    -f <<parameters.path>>/<<parameters.dockerfile>> \
+                    $docker_tag_args \
+                    <<parameters.path>>
+
+  docker-save:
+    description: |
+      Save one or more images to a tar archive
+    parameters:
+      registry:
+        default: docker.io
+        description: |
+          Comma separated list of registry to use, defaults to docker.io
+        type: string
+      image:
+        description: Name of image to build
+        type: string
+      tag:
+        default: $CIRCLE_SHA1
+        description: 'Image tag, defaults to the value of $CIRCLE_SHA1'
+        type: string
+    steps:
+      - run:
+          name: Save image to tar archive
+          command: >
+            docker_images=""
+
+            IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>"
+
+            for registry in "${DOCKER_REGISTRIES[@]}"; do
+              IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>"
+
+              for tag in "${DOCKER_TAGS[@]}"; do
+                docker_images="$docker_images $registry/<<parameters.image>>:${tag}"
+              done
+            done
+
+            mkdir -p ~/docker/
+
+            docker save -o ~/docker/docker-images.tar $docker_images
+      - persist_to_workspace:
+          root: ~/
+          paths:
+            - docker
+
+  docker-load:
+    description: |
+      Load tar archive
+    steps:
+      - attach_workspace:
+          at: ~/
+      - run:
+          name: Load images from tar archive
+          command: >
+            docker load -i ~/docker/docker-images.tar
+
+  docker-publish:
+    description: |
+      Build and optionally deploy a Docker images
+    parameters:
+      pr:
+        default: ''
+        type: string
+      registry:
+        default: docker.io
+        description: |
+          Comma separated list of registry to use, defaults to docker.io
+        type: string
+      image:
+        description: Name of image to build
+        type: string
+      tag:
+        default: $CIRCLE_SHA1
+        description: 'Image tag, defaults to the value of $CIRCLE_SHA1'
+        type: string
+    steps:
+      - unless:
+          condition: <<parameters.pr>>
+          steps:
+            - run:
+                name: Publish image for <<parameters.registry>>
+                command: >
+                  IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>"
+
+                  for registry in "${DOCKER_REGISTRIES[@]}"; do
+                    IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>"
+
+                    for tag in "${DOCKER_TAGS[@]}"; do
+                      docker push $registry/<< parameters.image>>:${tag}
+                    done
+                  done
+
+jobs:
+  build:
+    executor: docker/machine
+    steps:
+      - checkout
+      - docker-build:
+          registry: docker.io,quay.io
+          image: sameersbn/bind
+          tag: ${CIRCLE_TAG:-latest}
+          cache_from: docker.io/sameersbn/bind:latest
+      - docker-save:
+          registry: docker.io,quay.io
+          image: sameersbn/bind
+          tag: ${CIRCLE_TAG:-latest}
+
+  test:
+    executor: docker/machine
+    steps:
+      - checkout
+      - docker-load
+      - run:
+          name: Create test network
+          command: docker network create testnet
+      - run:
+          name: Launch bind container
+          command: docker run --name bind -d --net testnet sameersbn/bind:${CIRCLE_TAG:-latest}
+      - run:
+          name: Wait for bootup
+          command: sleep 15
+      - run:
+          name: Container info
+          command: docker ps
+      - run:
+          name: Test image
+          command: |
+              docker run --rm --net testnet sameersbn/bind:${CIRCLE_TAG:-latest} host www.google.com bind
+
+  publish-dockerhub:
+    executor: docker/machine
+    steps:
+      - docker-load
+      - docker/check:
+          registry: docker.io
+          docker-username: DOCKER_LOGIN
+          docker-password: DOCKER_PASSWORD
+      - docker-publish:
+          registry: docker.io
+          image: sameersbn/bind
+          tag: ${CIRCLE_TAG:-latest}
+
+  publish-quay:
+    executor: docker/machine
+    steps:
+      - docker-load
+      - docker/check:
+          registry: quay.io
+          docker-username: DOCKER_LOGIN
+          docker-password: DOCKER_PASSWORD
+      - docker-publish:
+          registry: quay.io
+          image: sameersbn/bind
+          tag: ${CIRCLE_TAG:-latest}
+
+  release:
+    executor:
+      name: go/default
+      tag: '1.14'
+    steps:
+      - checkout
+      - run:
+          name: Installing github-release tool
+          command: go get github.com/meterup/github-release
+      - run:
+          name: Creating github release
+          command: |
+            PRE_RELEASE=${CIRCLE_TAG/${CIRCLE_TAG%-rc[0-9]*}/}
+            github-release delete -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -t ${CIRCLE_TAG} 2>/dev/null ||:
+            ./scripts/release-notes.sh ${CIRCLE_TAG} | github-release release ${PRE_RELEASE:+-p} -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -t ${CIRCLE_TAG} -d -
+            for f in $(find /tmp/dist -type f); do github-release upload -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -t ${CIRCLE_TAG} -n $(basename ${f}) -f ${f} ; done
+
+workflows:
+  build-test-and-release:
+    jobs:
+      - shellcheck/check:
+          name: shellcheck
+          ignore: SC2086,SC2181,SC2124
+          filters:
+            tags:
+              only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/
+      - build:
+          requires:
+            - shellcheck
+          filters:
+            tags:
+              only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/
+      - test:
+          requires:
+            - build
+          filters:
+            tags:
+              only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/
+      - publish-dockerhub:
+          context: dockerhub
+          requires:
+            - test
+          filters:
+            branches:
+              only: master
+            tags:
+              only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/
+      - publish-quay:
+          context: quay
+          requires:
+            - test
+          filters:
+            tags:
+              only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/
+            branches:
+              only: master
+      - release:
+          context: github
+          requires:
+            - publish-dockerhub
+            - publish-quay
+          filters:
+            tags:
+              only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/
+            branches:
+              ignore: /.*/

.github/stale.yml

@@ -0,0 +1,17 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 60
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 7
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: wontfix
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

Dockerfile

@@ -1,22 +1,36 @@
-FROM sameersbn/ubuntu:14.04.20161217
-MAINTAINER sameer@damagehead.com
+FROM ubuntu:focal-20200423 AS add-apt-repositories
+
+RUN apt-get update \
+ && DEBIAN_FRONTEND=noninteractive apt-get install -y gnupg \
+ && apt-key adv --fetch-keys http://www.webmin.com/jcameron-key.asc \
+ && echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list
+
+FROM ubuntu:focal-20200423
+
+LABEL maintainer="sameer@damagehead.com"
 
 ENV BIND_USER=bind \
-    BIND_VERSION=1:9.9.5 \
-    WEBMIN_VERSION=1.830 \
+    BIND_VERSION=9.16.1 \
+    WEBMIN_VERSION=1.941 \
     DATA_DIR=/data
 
+COPY --from=add-apt-repositories /etc/apt/trusted.gpg /etc/apt/trusted.gpg
+
+COPY --from=add-apt-repositories /etc/apt/sources.list /etc/apt/sources.list
+
 RUN rm -rf /etc/apt/apt.conf.d/docker-gzip-indexes \
- && wget http://www.webmin.com/jcameron-key.asc -qO - | apt-key add - \
- && echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list \
  && apt-get update \
- && DEBIAN_FRONTEND=noninteractive apt-get install -y bind9=${BIND_VERSION}* bind9-host=${BIND_VERSION}* webmin=${WEBMIN_VERSION}* \
+ && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+      bind9=1:${BIND_VERSION}* bind9-host=1:${BIND_VERSION}* dnsutils \
+      webmin=${WEBMIN_VERSION}* \
  && rm -rf /var/lib/apt/lists/*
 
 COPY entrypoint.sh /sbin/entrypoint.sh
+
 RUN chmod 755 /sbin/entrypoint.sh
 
 EXPOSE 53/udp 53/tcp 10000/tcp
-VOLUME ["${DATA_DIR}"]
+
 ENTRYPOINT ["/sbin/entrypoint.sh"]
+
 CMD ["/usr/sbin/named"]

README.md

@@ -1,6 +1,6 @@
 [![Circle CI](https://circleci.com/gh/sameersbn/docker-bind.svg?style=shield)](https://circleci.com/gh/sameersbn/docker-bind) [![Docker Repository on Quay.io](https://quay.io/repository/sameersbn/bind/status "Docker Repository on Quay.io")](https://quay.io/repository/sameersbn/bind)
 
-# sameersbn/bind:9.9.5-20161229
+# sameersbn/bind:9.16.1-20200524
 
 - [Introduction](#introduction)
   - [Contributing](#contributing)
@@ -49,7 +49,7 @@ Automated builds of the image are available on [Dockerhub](https://hub.docker.co
 > **Note**: Builds are also available on [Quay.io](https://quay.io/repository/sameersbn/bind)
 
 ```bash
-docker pull sameersbn/bind:9.9.5-20161229
+docker pull sameersbn/bind:9.16.1-20200524
 ```
 
 Alternatively you can build the image yourself.
@@ -66,12 +66,12 @@ Start BIND using:
 docker run --name bind -d --restart=always \
   --publish 53:53/tcp --publish 53:53/udp --publish 10000:10000/tcp \
   --volume /srv/docker/bind:/data \
-  sameersbn/bind:9.9.5-20161229
+  sameersbn/bind:9.16.1-20200524
 ```
 
 *Alternatively, you can use the sample [docker-compose.yml](docker-compose.yml) file to start the container using [Docker Compose](https://docs.docker.com/compose/)*
 
-When the container is started the [Webmin](http://www.webmin.com/) service is also started and is accessible from the web browser at http://localhost:10000. Login to Webmin with the username `root` and password `password`. Specify `--env ROOT_PASSWORD=secretpassword` on the `docker run` command to set a password of your choosing.
+When the container is started the [Webmin](http://www.webmin.com/) service is also started and is accessible from the web browser at https://localhost:10000. Login to Webmin with the username `root` and password `password`. Specify `--env ROOT_PASSWORD=secretpassword` on the `docker run` command to set a password of your choosing.
 
 The launch of Webmin can be disabled by adding `--env WEBMIN_ENABLED=false` to the `docker run` command. Note that the `ROOT_PASSWORD` parameter has no effect when the launch of Webmin is disabled.
 
@@ -85,7 +85,7 @@ You can customize the launch command of BIND server by specifying arguments to `
 docker run --name bind -it --rm \
   --publish 53:53/tcp --publish 53:53/udp --publish 10000:10000/tcp \
   --volume /srv/docker/bind:/data \
-  sameersbn/bind:9.9.5-20161229 -h
+  sameersbn/bind:9.16.1-20200524 -h
 ```
 
 ## Persistence
@@ -101,6 +101,20 @@ mkdir -p /srv/docker/bind
 chcon -Rt svirt_sandbox_file_t /srv/docker/bind
 ```
 
+## Reverse Proxying
+
+If you need to run Webmin behind a reverse-proxy such as Nginx, you can tweak the following environment variables:
+
+* `WEBMIN_INIT_SSL_ENABLED`: If Webmin should be served via SSL or not. Defaults to `true`. 
+   If you do the SSL termination at an earlier stage, set this to false.
+
+* `WEBMIN_INIT_REDIRECT_PORT`: The port Webmin is served from. 
+   Set this to your reverse proxy port, such as `443`. Defaults to `10000`.
+
+* `WEBMIN_INIT_REFERERS`: Sets the allowed referrers to Webmin. 
+   Set this to your domain name of the reverse proxy. Example: `mywebmin.example.com`. 
+   Defaults to empty (no referrer).
+
 # Maintenance
 
 ## Upgrading
@@ -110,7 +124,7 @@ To upgrade to newer releases:
   1. Download the updated Docker image:
 
   ```bash
-  docker pull sameersbn/bind:9.9.5-20161229
+  docker pull sameersbn/bind:9.16.1-20200524
   ```
 
   2. Stop the currently running image:
@@ -130,7 +144,7 @@ To upgrade to newer releases:
   ```bash
   docker run -name bind -d \
     [OPTIONS] \
-    sameersbn/bind:9.9.5-20161229
+    sameersbn/bind:9.16.1-20200524
   ```
 
 ## Shell Access

VERSION

@@ -1 +1 @@
-9.9.5-20161229
+9.16.1-20200524

circle.yml

@@ -1,16 +0,0 @@
-machine:
-  services:
-    - docker
-  environment:
-    DOCKER_PROJECT: sameersbn
-    IMAGE_NAME: bind
-
-dependencies:
-  override:
-    - docker info
-
-test:
-  override:
-    - docker build --rm=false -t $DOCKER_PROJECT/$IMAGE_NAME .
-    - docker run --name $IMAGE_NAME -d $DOCKER_PROJECT/$IMAGE_NAME; sleep 10
-    - docker run -it --link bind:dns-server $DOCKER_PROJECT/$IMAGE_NAME host www.google.com dns-server

docker-compose.yml

@@ -3,7 +3,7 @@ version: '2'
 services:
   bind:
     restart: always
-    image: sameersbn/bind:9.9.5-20161106
+    image: sameersbn/bind:9.16.1-20200524
     ports:
     - "53:53/udp"
     - "53:53/tcp"

entrypoint.sh

@@ -1,16 +1,41 @@
 #!/bin/bash
 set -e
 
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+  export "$var"="$val"
+  unset "$fileVar"
+}
+
+file_env 'ROOT_PASSWORD'
+
 ROOT_PASSWORD=${ROOT_PASSWORD:-password}
 WEBMIN_ENABLED=${WEBMIN_ENABLED:-true}
+WEBMIN_INIT_SSL_ENABLED=${WEBMIN_INIT_SSL_ENABLED:-true}
+WEBMIN_INIT_REDIRECT_PORT=${WEBMIN_INIT_REDIRECT_PORT:-10000}
+WEBMIN_INIT_REFERERS=${WEBMIN_INIT_REFERERS:-NONE}
 
 BIND_DATA_DIR=${DATA_DIR}/bind
 WEBMIN_DATA_DIR=${DATA_DIR}/webmin
 
 create_bind_data_dir() {
   mkdir -p ${BIND_DATA_DIR}
-  chmod -R 0775 ${BIND_DATA_DIR}
-  chown -R ${BIND_USER}:${BIND_USER} ${BIND_DATA_DIR}
 
   # populate default bind configuration if it does not exist
   if [ ! -d ${BIND_DATA_DIR}/etc ]; then
@@ -18,6 +43,8 @@ create_bind_data_dir() {
   fi
   rm -rf /etc/bind
   ln -sf ${BIND_DATA_DIR}/etc /etc/bind
+  chmod -R 0775 ${BIND_DATA_DIR}
+  chown -R ${BIND_USER}:${BIND_USER} ${BIND_DATA_DIR}
 
   if [ ! -d ${BIND_DATA_DIR}/lib ]; then
     mkdir -p ${BIND_DATA_DIR}/lib
@@ -40,30 +67,57 @@ create_webmin_data_dir() {
   ln -sf ${WEBMIN_DATA_DIR}/etc /etc/webmin
 }
 
+disable_webmin_ssl() {
+  sed -i 's/ssl=1/ssl=0/g' /etc/webmin/miniserv.conf
+}
+
+set_webmin_redirect_port() {
+  echo "redirect_port=$WEBMIN_INIT_REDIRECT_PORT" >> /etc/webmin/miniserv.conf
+}
+
+set_webmin_referers() {
+  echo "referers=$WEBMIN_INIT_REFERERS" >> /etc/webmin/config
+}
+
 set_root_passwd() {
   echo "root:$ROOT_PASSWORD" | chpasswd
 }
 
 create_pid_dir() {
-  mkdir -m 0775 -p /var/run/named
+  mkdir -p /var/run/named
+  chmod 0775 /var/run/named
   chown root:${BIND_USER} /var/run/named
 }
 
 create_bind_cache_dir() {
-  mkdir -m 0775 -p /var/cache/bind
+  mkdir -p /var/cache/bind
+  chmod 0775 /var/cache/bind
   chown root:${BIND_USER} /var/cache/bind
 }
 
+first_init() {
+  if [ ! -f /data/.initialized ]; then
+    set_webmin_redirect_port
+    if [ "${WEBMIN_INIT_SSL_ENABLED}" == "false" ]; then
+      disable_webmin_ssl
+    fi
+    if [ "${WEBMIN_INIT_REFERERS}" != "NONE" ]; then
+      set_webmin_referers
+    fi
+    touch /data/.initialized
+  fi
+}
+
 create_pid_dir
 create_bind_data_dir
 create_bind_cache_dir
 
 # allow arguments to be passed to named
 if [[ ${1:0:1} = '-' ]]; then
-  EXTRA_ARGS="$@"
+  EXTRA_ARGS="$*"
   set --
-elif [[ ${1} == named || ${1} == $(which named) ]]; then
-  EXTRA_ARGS="${@:2}"
+elif [[ ${1} == named || ${1} == "$(command -v named)" ]]; then
+  EXTRA_ARGS="${*:2}"
   set --
 fi
 
@@ -71,13 +125,14 @@ fi
 if [[ -z ${1} ]]; then
   if [ "${WEBMIN_ENABLED}" == "true" ]; then
     create_webmin_data_dir
+    first_init
     set_root_passwd
     echo "Starting webmin..."
     /etc/init.d/webmin start
   fi
 
   echo "Starting named..."
-  exec $(which named) -u ${BIND_USER} -g ${EXTRA_ARGS}
+  exec "$(command -v named)" -u ${BIND_USER} -g ${EXTRA_ARGS}
 else
   exec "$@"
 fi

scripts/release-notes.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env sh
+
+RELEASE=${GIT_TAG:-$1}
+
+if [ -z "${RELEASE}" ]; then
+  echo "Usage:"
+  echo "./scripts/release-notes.sh v0.1.0"
+  exit 1
+fi
+
+if ! git rev-list ${RELEASE} >/dev/null 2>&1; then
+  echo "${RELEASE} does not exist"
+  exit
+fi
+
+PREV_RELEASE=${PREV_RELEASE:-$(git describe --tags --abbrev=0 ${RELEASE}^)}
+PREV_RELEASE=${PREV_RELEASE:-$(git rev-list --max-parents=0 ${RELEASE}^)}
+NOTABLE_CHANGES=$(git cat-file -p ${RELEASE} | sed '/-----BEGIN PGP SIGNATURE-----/,//d' | tail -n +6)
+CHANGELOG=$(git log --no-merges --pretty=format:'- [%h] %s (%aN)' ${PREV_RELEASE}..${RELEASE})
+if [ $? -ne 0 ]; then
+  echo "Error creating changelog"
+  exit 1
+fi
+
+cat <<EOF
+${NOTABLE_CHANGES}
+
+## Docker Images for sameersbn/bind:${RELEASE}
+
+- [docker.io](https://hub.docker.com/r/sameersbn/bind/tags)
+- [quay.io](https://quay.io/repository/sameersbn/bind?tag=${RELEASE}&tab=tags)
+
+## Installation
+
+For installation and usage instructions please refer to the [README](https://github.com/sameersbn/docker-bind/blob/${RELEASE}/README.md)
+
+## Contributing
+
+If you find this image useful here's how you can help:
+
+- Send a Pull Request with your awesome new features and bug fixes
+- Be a part of the community and help resolve [issues](https://github.com/sameersbn/docker-bind/issues)
+- Support the development of this image with a [donation](http://www.damagehead.com/donate/)
+
+## Changelog
+
+${CHANGELOG}
+EOF