From 39bc7490d1f502f97f278a0e4e88c8414903e1d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Wed, 15 Feb 2023 14:35:50 +0100 Subject: [PATCH] adjust Dockerfile & add Dependabot & CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Bauer --- .dockerignore | 0 .github/dependabot.yml | 30 +++++++++++++++ .github/workflows/ci.yaml | 42 ++++++++++++++++++++ .github/workflows/docker-release.yaml | 55 +++++++++++++++++++++++++++ .github/workflows/pypi.yaml | 2 +- .gitignore | 0 Dockerfile | 31 +++++++++++---- README.md | 28 ++------------ scripts/docker-entrypoint.sh | 47 ++++++----------------- 9 files changed, 167 insertions(+), 68 deletions(-) mode change 100755 => 100644 .dockerignore create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/docker-release.yaml mode change 100755 => 100644 .gitignore diff --git a/.dockerignore b/.dockerignore old mode 100755 new mode 100644 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..0bc042d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,30 @@ +--- +version: 2 +updates: + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" + time: "09:00" + timezone: "Europe/Berlin" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + time: "09:00" + timezone: "Europe/Berlin" + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + time: "09:00" + timezone: "Europe/Berlin" + + - package-ecosystem: "pip" + directory: "/cvdupdate" + schedule: + interval: "weekly" + time: "09:00" + timezone: "Europe/Berlin" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..ed28eeb --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,42 @@ +name: ci + +on: + pull_request: + +jobs: + docker-build: + runs-on: ubuntu-22.04 + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Docker metadata action + id: meta + uses: docker/metadata-action@v4 + with: + images: + cvdupdate-local + tags: | + type=raw,latest + + - name: Build Dockerimage + id: docker_build + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + labels: ${{ steps.meta.outputs.labels }} + outputs: type=docker,dest=/tmp/cvdupdate-local.tar + platforms: linux/amd64 + push: false + tags: ${{ steps.meta.outputs.tags }} + + - name: Run Dockerimage + run: | + docker load --input /tmp/cvdupdate-local.tar + docker run -d --net=host cvdupdate-local + sleep 30 + curl --fail --silent --output /dev/null http://localhost:8000/main.cvd diff --git a/.github/workflows/docker-release.yaml b/.github/workflows/docker-release.yaml new file mode 100644 index 0000000..67ddbd1 --- /dev/null +++ b/.github/workflows/docker-release.yaml @@ -0,0 +1,55 @@ +name: docker-release + +on: + push: + branches: + - main + tags: + - '*' + +jobs: + docker-build-push: + runs-on: ubuntu-22.04 + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Docker metadata action + id: meta + uses: docker/metadata-action@v4 + with: + images: | + monotek/cvdupdate + tags: | + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} + type=ref,event=branch + type=ref,event=tag + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + + - name: Build and push + id: docker_build + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + + - name: Image digest + run: echo ${{ steps.docker_build.outputs.digest }} diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml index b9854dd..ad09fd9 100644 --- a/.github/workflows/pypi.yaml +++ b/.github/workflows/pypi.yaml @@ -11,7 +11,7 @@ jobs: - uses: actions/checkout@master - name: Set up Python 3.7 - uses: actions/setup-python@v1 + uses: actions/setup-python@v4 with: python-version: 3.7 diff --git a/.gitignore b/.gitignore old mode 100755 new mode 100644 diff --git a/Dockerfile b/Dockerfile index 07937c6..8aa6cb1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,24 @@ -FROM python:3-slim -RUN apt-get -y update \ - && apt-get -y --no-install-recommends install cron gosu \ - && rm -rf /var/lib/apt/lists/* -COPY . /dist -RUN pip install --no-cache-dir /dist -ENTRYPOINT [ "/dist/scripts/docker-entrypoint.sh" ] \ No newline at end of file +FROM python:3.12.0b1-slim + +WORKDIR /cvdupdate + +RUN apt-get -y update && \ + apt-get -y --no-install-recommends install cron sudo && \ + apt-get -y clean && \ + rm -rf /var/lib/apt/lists/* && \ + useradd --no-create-home --home-dir /cvdupdate --uid 1000 cvdupdate && \ + echo '30 */4 * * * /usr/local/bin/cvdupdate update > /proc/1/fd/1 2>&1' >> /etc/cron.d/cvdupdate && \ + echo '@reboot /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2' >> /etc/cron.d/cvdupdate && \ + crontab -u cvdupdate /etc/cron.d/cvdupdate && \ + echo "cvdupdate\tALL=(ALL:ALL) NOPASSWD: /usr/sbin/cron" >> /etc/sudoers + +COPY . . + +RUN pip install --no-cache-dir . && \ + chown cvdupdate:cvdupdate -R /cvdupdate + +USER cvdupdate:cvdupdate + +RUN cvd update + +ENTRYPOINT [ "./scripts/docker-entrypoint.sh" ] diff --git a/README.md b/README.md index b020bd5..bd7997b 100644 --- a/README.md +++ b/README.md @@ -295,34 +295,12 @@ Run image, that will automaticly update databases in folder `/srv/cvdupdate` and ```bash docker run -d \ - -v /srv/cvdupdate:/cvdupdate/database \ - -v /var/log/cvdupdate:/cvdupdate/logs \ + -v /srv/cvdupdate:/cvdupdate/.cvdupdate/database \ + -v /var/log/cvdupdate:/cvdupdate/.cvdupdate/logs \ cvdupdate:latest ``` -Run image, that will automaticly update databases in folder `/srv/cvdupdate`, write logs to `/var/log/cvdupdate` and set owner of files to user with ID 1000 - -```bash -docker run -d \ - -v /srv/cvdupdate:/cvdupdate/database \ - -v /var/log/cvdupdate:/cvdupdate/logs \ - -e USER_ID=1000 \ - cvdupdate:latest -``` - -Default update interval is `30 */4 * * *` (see [Cron Example](#cron-example)) - -You may pass custom update interval in environment variable `CRON` - -For example - update every day in 00:00 - -```bash -docker run -d \ - -v /srv/cvdupdate:/cvdupdate/database \ - -v /var/log/cvdupdate:/cvdupdate/logs \ - -e CRON='0 0 * * *' \ - cvdupdate:latest - ``` +Update interval is `30 */4 * * *` (see [Cron Example](#cron-example)) ## Contribute diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh index 544224d..6a9b026 100755 --- a/scripts/docker-entrypoint.sh +++ b/scripts/docker-entrypoint.sh @@ -1,41 +1,18 @@ #!/bin/bash -USER_ID="${USER_ID:-0}" +# +# cvdupdate & cron entrypoint +# + +set -e + SCRIPT_PATH=$(readlink -f "$0") -echo "ClamAV Private Database Mirror Updater Cron ${SCRIPT_PATH}" -if [ "${USER_ID}" -ne "0" ]; then - echo "Creating user with ID ${USER_ID}" - useradd --create-home --home-dir /cvdupdate --uid "${USER_ID}" cvdupdate - chown -R "${USER_ID}" /cvdupdate - gosu cvdupdate cvdupdate config set --logdir /cvdupdate/logs - gosu cvdupdate cvdupdate config set --dbdir /cvdupdate/database -else - mkdir -p /cvdupdate/{logs,database} - cvdupdate config set --logdir /cvdupdate/logs - cvdupdate config set --dbdir /cvdupdate/database -fi -if [ $# -eq 0 ]; then - set -e +if [ $# -eq 0 ]; then + echo "ClamAV Private Database Mirror Updater Cron ${SCRIPT_PATH}" - echo "Adding crontab entry" - if [ "${USER_ID}" -ne "0" ]; then - crontab -l | { - cat - echo "${CRON:-"30 */4 * * *"} /usr/sbin/gosu cvdupdate /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2" - echo "@reboot /usr/sbin/gosu cvdupdate /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2" - } | crontab - - else - crontab -l | { - cat - echo "${CRON:-"30 */4 * * *"} /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2" - echo "@reboot /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2" - } | crontab - - fi - cron -f + sudo cron -f else - if [ "${USER_ID}" -ne "0" ]; then - exec gosu cvdupdate "$@" - else - exec "$@" - fi + echo "ClamAV Private Database Mirror Updater "$@" ${SCRIPT_PATH}" + + cvdupdate "$@" fi