Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adjust Dockerfile & add Dependabot & CI
Browse files Browse the repository at this point in the history
Signed-off-by: André Bauer <[email protected]>
monotek committed Jun 26, 2023
1 parent ead9cd2 commit d60784a
Showing 11 changed files with 228 additions and 68 deletions.
Empty file modified .dockerignore
100755 → 100644
Empty file.
30 changes: 30 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
version: 2
updates:
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "weekly"
time: "09:00"
timezone: "Europe/Berlin"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
time: "09:00"
timezone: "Europe/Berlin"

- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
time: "09:00"
timezone: "Europe/Berlin"

- package-ecosystem: "pip"
directory: "/cvdupdate"
schedule:
interval: "weekly"
time: "09:00"
timezone: "Europe/Berlin"
37 changes: 37 additions & 0 deletions .github/release-drafter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name-template: '$RESOLVED_VERSION'
tag-template: '$RESOLVED_VERSION'
categories:
- title: '🚀 Features'
labels:
- 'feature'
- 'enhancement'
- title: '🐛 Bug Fixes'
labels:
- 'fix'
- 'bugfix'
- 'bug'
- title: '🧹 Maintenance'
labels:
- 'chore'
- 'dependencies'
version-resolver:
major:
labels:
- 'feature'
minor:
labels:
- 'enhancement'
patch:
labels:
- 'fix'
- 'bugfix'
- 'bug'
- 'chore'
- 'dependencies'
default: patch
template: |
## Changes
$CHANGES
**Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...$RESOLVED_VERSION
42 changes: 42 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: ci

on:
pull_request:

jobs:
docker-build:
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Docker metadata action
id: meta
uses: docker/metadata-action@v4
with:
images:
cvdupdate-local
tags: |
type=raw,latest
- name: Build Dockerimage
id: docker_build
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
labels: ${{ steps.meta.outputs.labels }}
outputs: type=docker,dest=/tmp/cvdupdate-local.tar
platforms: linux/amd64
push: false
tags: ${{ steps.meta.outputs.tags }}

- name: Run Dockerimage
run: |
docker load --input /tmp/cvdupdate-local.tar
docker run -d --net=host cvdupdate-local serve
sleep 30
curl --fail --silent --output /dev/null http://localhost:8000/main.cvd
57 changes: 57 additions & 0 deletions .github/workflows/docker-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: docker-release

on:
push:
branches:
- main
tags:
- '*'
schedule:
- cron: '0 0 * * *'

jobs:
docker-build-push:
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}

- name: Docker metadata action
id: meta
uses: docker/metadata-action@v4
with:
images: |
ghcr.io/${{ github.repository_owner }}/cvdupdate
tags: |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
type=ref,event=branch
type=ref,event=tag
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}

- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
2 changes: 1 addition & 1 deletion .github/workflows/pypi.yaml
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ jobs:
- uses: actions/checkout@master

- name: Set up Python 3.7
uses: actions/setup-python@v1
uses: actions/setup-python@v4
with:
python-version: 3.7

22 changes: 22 additions & 0 deletions .github/workflows/release-drafter.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Release Drafter

on:
push:
branches:
- main
pull_request:
types: [opened, reopened, synchronize]

permissions:
contents: read

jobs:
update_release_draft:
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-22.04
steps:
- uses: release-drafter/release-drafter@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Empty file modified .gitignore
100755 → 100644
Empty file.
31 changes: 24 additions & 7 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,24 @@
FROM python:3-slim
RUN apt-get -y update \
&& apt-get -y --no-install-recommends install cron gosu \
&& rm -rf /var/lib/apt/lists/*
COPY . /dist
RUN pip install --no-cache-dir /dist
ENTRYPOINT [ "/dist/scripts/docker-entrypoint.sh" ]
FROM python:3.12.0b1-slim

WORKDIR /cvdupdate

RUN apt-get -y update && \
apt-get -y --no-install-recommends install cron sudo && \
apt-get -y clean && \
rm -rf /var/lib/apt/lists/* && \
useradd --no-create-home --home-dir /cvdupdate --uid 1000 cvdupdate && \
echo '30 */4 * * * /usr/local/bin/cvdupdate update > /proc/1/fd/1 2>&1' >> /etc/cron.d/cvdupdate && \
echo '@reboot /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2' >> /etc/cron.d/cvdupdate && \
crontab -u cvdupdate /etc/cron.d/cvdupdate && \
echo "cvdupdate\tALL=(ALL:ALL) NOPASSWD: /usr/sbin/cron" >> /etc/sudoers

COPY . .

RUN pip install --no-cache-dir . && \
chown cvdupdate:cvdupdate -R /cvdupdate

USER cvdupdate:cvdupdate

RUN cvd update

ENTRYPOINT [ "./scripts/docker-entrypoint.sh" ]
28 changes: 3 additions & 25 deletions README.md
Original file line number Diff line number Diff line change
@@ -295,34 +295,12 @@ Run image, that will automaticly update databases in folder `/srv/cvdupdate` and

```bash
docker run -d \
-v /srv/cvdupdate:/cvdupdate/database \
-v /var/log/cvdupdate:/cvdupdate/logs \
-v /srv/cvdupdate:/cvdupdate/.cvdupdate/database \
-v /var/log/cvdupdate:/cvdupdate/.cvdupdate/logs \
cvdupdate:latest
```

Run image, that will automaticly update databases in folder `/srv/cvdupdate`, write logs to `/var/log/cvdupdate` and set owner of files to user with ID 1000

```bash
docker run -d \
-v /srv/cvdupdate:/cvdupdate/database \
-v /var/log/cvdupdate:/cvdupdate/logs \
-e USER_ID=1000 \
cvdupdate:latest
```

Default update interval is `30 */4 * * *` (see [Cron Example](#cron-example))

You may pass custom update interval in environment variable `CRON`

For example - update every day in 00:00

```bash
docker run -d \
-v /srv/cvdupdate:/cvdupdate/database \
-v /var/log/cvdupdate:/cvdupdate/logs \
-e CRON='0 0 * * *' \
cvdupdate:latest
```
Update interval is `30 */4 * * *` (see [Cron Example](#cron-example))

## Contribute

47 changes: 12 additions & 35 deletions scripts/docker-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -1,41 +1,18 @@
#!/bin/bash
USER_ID="${USER_ID:-0}"
#
# cvdupdate & cron entrypoint
#

set -e

SCRIPT_PATH=$(readlink -f "$0")
echo "ClamAV Private Database Mirror Updater Cron ${SCRIPT_PATH}"
if [ "${USER_ID}" -ne "0" ]; then
echo "Creating user with ID ${USER_ID}"
useradd --create-home --home-dir /cvdupdate --uid "${USER_ID}" cvdupdate
chown -R "${USER_ID}" /cvdupdate
gosu cvdupdate cvdupdate config set --logdir /cvdupdate/logs
gosu cvdupdate cvdupdate config set --dbdir /cvdupdate/database
else
mkdir -p /cvdupdate/{logs,database}
cvdupdate config set --logdir /cvdupdate/logs
cvdupdate config set --dbdir /cvdupdate/database
fi

if [ $# -eq 0 ]; then
set -e
if [ $# -eq 0 ]; then
echo "ClamAV Private Database Mirror Updater Cron ${SCRIPT_PATH}"

echo "Adding crontab entry"
if [ "${USER_ID}" -ne "0" ]; then
crontab -l | {
cat
echo "${CRON:-"30 */4 * * *"} /usr/sbin/gosu cvdupdate /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
echo "@reboot /usr/sbin/gosu cvdupdate /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
} | crontab -
else
crontab -l | {
cat
echo "${CRON:-"30 */4 * * *"} /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
echo "@reboot /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
} | crontab -
fi
cron -f
sudo cron -f
else
if [ "${USER_ID}" -ne "0" ]; then
exec gosu cvdupdate "$@"
else
exec "$@"
fi
echo "ClamAV Private Database Mirror Updater "$@" ${SCRIPT_PATH}"

cvdupdate "$@"
fi

0 comments on commit d60784a

Please sign in to comment.