From 96de1f95cbd6724c8f62c8352d5fef8ca58151a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Wed, 15 Feb 2023 14:35:50 +0100 Subject: [PATCH 1/2] adjust Dockerfile & add Dependabot & CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Bauer --- .dockerignore | 0 .github/dependabot.yml | 30 ++++++++++++++ .github/release-drafter.yml | 37 +++++++++++++++++ .github/workflows/ci.yaml | 42 +++++++++++++++++++ .github/workflows/docker-release.yaml | 57 ++++++++++++++++++++++++++ .github/workflows/pypi.yaml | 2 +- .github/workflows/release-drafter.yaml | 22 ++++++++++ .gitignore | 0 Dockerfile | 31 ++++++++++---- README.md | 28 ++----------- scripts/docker-entrypoint.sh | 47 ++++++--------------- 11 files changed, 228 insertions(+), 68 deletions(-) mode change 100755 => 100644 .dockerignore create mode 100644 .github/dependabot.yml create mode 100644 .github/release-drafter.yml create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/docker-release.yaml create mode 100644 .github/workflows/release-drafter.yaml mode change 100755 => 100644 .gitignore diff --git a/.dockerignore b/.dockerignore old mode 100755 new mode 100644 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..0bc042d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,30 @@ +--- +version: 2 +updates: + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" + time: "09:00" + timezone: "Europe/Berlin" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + time: "09:00" + timezone: "Europe/Berlin" + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + time: "09:00" + timezone: "Europe/Berlin" + + - package-ecosystem: "pip" + directory: "/cvdupdate" + schedule: + interval: "weekly" + time: "09:00" + timezone: "Europe/Berlin" diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..1270a61 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,37 @@ +name-template: '$RESOLVED_VERSION' +tag-template: '$RESOLVED_VERSION' +categories: + - title: '🚀 Features' + labels: + - 'feature' + - 'enhancement' + - title: '🐛 Bug Fixes' + labels: + - 'fix' + - 'bugfix' + - 'bug' + - title: '🧹 Maintenance' + labels: + - 'chore' + - 'dependencies' +version-resolver: + major: + labels: + - 'feature' + minor: + labels: + - 'enhancement' + patch: + labels: + - 'fix' + - 'bugfix' + - 'bug' + - 'chore' + - 'dependencies' + default: patch +template: | + ## Changes + + $CHANGES + + **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...$RESOLVED_VERSION diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..e892486 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,42 @@ +name: ci + +on: + pull_request: + +jobs: + docker-build: + runs-on: ubuntu-22.04 + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Docker metadata action + id: meta + uses: docker/metadata-action@v4 + with: + images: + cvdupdate-local + tags: | + type=raw,latest + + - name: Build Dockerimage + id: docker_build + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + labels: ${{ steps.meta.outputs.labels }} + outputs: type=docker,dest=/tmp/cvdupdate-local.tar + platforms: linux/amd64 + push: false + tags: ${{ steps.meta.outputs.tags }} + + - name: Run Dockerimage + run: | + docker load --input /tmp/cvdupdate-local.tar + docker run -d --net=host cvdupdate-local serve + sleep 30 + curl --fail --silent --output /dev/null http://localhost:8000/main.cvd diff --git a/.github/workflows/docker-release.yaml b/.github/workflows/docker-release.yaml new file mode 100644 index 0000000..3bc7360 --- /dev/null +++ b/.github/workflows/docker-release.yaml @@ -0,0 +1,57 @@ +name: docker-release + +on: + push: + branches: + - main + tags: + - '*' + schedule: + - cron: '0 0 * * *' + +jobs: + docker-build-push: + runs-on: ubuntu-22.04 + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + + - name: Docker metadata action + id: meta + uses: docker/metadata-action@v4 + with: + images: | + ghcr.io/${{ github.repository_owner }}/cvdupdate + tags: | + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value={{date 'YYYYMMDD-HHmmss' tz='Europe/Berlin'}},enable=${{ github.ref == format('refs/heads/{0}', 'main') }} + type=ref,event=tag + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + + - name: Build and push + id: docker_build + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + + - name: Image digest + run: echo ${{ steps.docker_build.outputs.digest }} diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml index b9854dd..ad09fd9 100644 --- a/.github/workflows/pypi.yaml +++ b/.github/workflows/pypi.yaml @@ -11,7 +11,7 @@ jobs: - uses: actions/checkout@master - name: Set up Python 3.7 - uses: actions/setup-python@v1 + uses: actions/setup-python@v4 with: python-version: 3.7 diff --git a/.github/workflows/release-drafter.yaml b/.github/workflows/release-drafter.yaml new file mode 100644 index 0000000..267d6f0 --- /dev/null +++ b/.github/workflows/release-drafter.yaml @@ -0,0 +1,22 @@ +name: Release Drafter + +on: + push: + branches: + - main + pull_request: + types: [opened, reopened, synchronize] + +permissions: + contents: read + +jobs: + update_release_draft: + permissions: + contents: write + pull-requests: write + runs-on: ubuntu-22.04 + steps: + - uses: release-drafter/release-drafter@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore old mode 100755 new mode 100644 diff --git a/Dockerfile b/Dockerfile index 07937c6..8aa6cb1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,24 @@ -FROM python:3-slim -RUN apt-get -y update \ - && apt-get -y --no-install-recommends install cron gosu \ - && rm -rf /var/lib/apt/lists/* -COPY . /dist -RUN pip install --no-cache-dir /dist -ENTRYPOINT [ "/dist/scripts/docker-entrypoint.sh" ] \ No newline at end of file +FROM python:3.12.0b1-slim + +WORKDIR /cvdupdate + +RUN apt-get -y update && \ + apt-get -y --no-install-recommends install cron sudo && \ + apt-get -y clean && \ + rm -rf /var/lib/apt/lists/* && \ + useradd --no-create-home --home-dir /cvdupdate --uid 1000 cvdupdate && \ + echo '30 */4 * * * /usr/local/bin/cvdupdate update > /proc/1/fd/1 2>&1' >> /etc/cron.d/cvdupdate && \ + echo '@reboot /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2' >> /etc/cron.d/cvdupdate && \ + crontab -u cvdupdate /etc/cron.d/cvdupdate && \ + echo "cvdupdate\tALL=(ALL:ALL) NOPASSWD: /usr/sbin/cron" >> /etc/sudoers + +COPY . . + +RUN pip install --no-cache-dir . && \ + chown cvdupdate:cvdupdate -R /cvdupdate + +USER cvdupdate:cvdupdate + +RUN cvd update + +ENTRYPOINT [ "./scripts/docker-entrypoint.sh" ] diff --git a/README.md b/README.md index b020bd5..bd7997b 100644 --- a/README.md +++ b/README.md @@ -295,34 +295,12 @@ Run image, that will automaticly update databases in folder `/srv/cvdupdate` and ```bash docker run -d \ - -v /srv/cvdupdate:/cvdupdate/database \ - -v /var/log/cvdupdate:/cvdupdate/logs \ + -v /srv/cvdupdate:/cvdupdate/.cvdupdate/database \ + -v /var/log/cvdupdate:/cvdupdate/.cvdupdate/logs \ cvdupdate:latest ``` -Run image, that will automaticly update databases in folder `/srv/cvdupdate`, write logs to `/var/log/cvdupdate` and set owner of files to user with ID 1000 - -```bash -docker run -d \ - -v /srv/cvdupdate:/cvdupdate/database \ - -v /var/log/cvdupdate:/cvdupdate/logs \ - -e USER_ID=1000 \ - cvdupdate:latest -``` - -Default update interval is `30 */4 * * *` (see [Cron Example](#cron-example)) - -You may pass custom update interval in environment variable `CRON` - -For example - update every day in 00:00 - -```bash -docker run -d \ - -v /srv/cvdupdate:/cvdupdate/database \ - -v /var/log/cvdupdate:/cvdupdate/logs \ - -e CRON='0 0 * * *' \ - cvdupdate:latest - ``` +Update interval is `30 */4 * * *` (see [Cron Example](#cron-example)) ## Contribute diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh index 544224d..6a9b026 100755 --- a/scripts/docker-entrypoint.sh +++ b/scripts/docker-entrypoint.sh @@ -1,41 +1,18 @@ #!/bin/bash -USER_ID="${USER_ID:-0}" +# +# cvdupdate & cron entrypoint +# + +set -e + SCRIPT_PATH=$(readlink -f "$0") -echo "ClamAV Private Database Mirror Updater Cron ${SCRIPT_PATH}" -if [ "${USER_ID}" -ne "0" ]; then - echo "Creating user with ID ${USER_ID}" - useradd --create-home --home-dir /cvdupdate --uid "${USER_ID}" cvdupdate - chown -R "${USER_ID}" /cvdupdate - gosu cvdupdate cvdupdate config set --logdir /cvdupdate/logs - gosu cvdupdate cvdupdate config set --dbdir /cvdupdate/database -else - mkdir -p /cvdupdate/{logs,database} - cvdupdate config set --logdir /cvdupdate/logs - cvdupdate config set --dbdir /cvdupdate/database -fi -if [ $# -eq 0 ]; then - set -e +if [ $# -eq 0 ]; then + echo "ClamAV Private Database Mirror Updater Cron ${SCRIPT_PATH}" - echo "Adding crontab entry" - if [ "${USER_ID}" -ne "0" ]; then - crontab -l | { - cat - echo "${CRON:-"30 */4 * * *"} /usr/sbin/gosu cvdupdate /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2" - echo "@reboot /usr/sbin/gosu cvdupdate /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2" - } | crontab - - else - crontab -l | { - cat - echo "${CRON:-"30 */4 * * *"} /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2" - echo "@reboot /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2" - } | crontab - - fi - cron -f + sudo cron -f else - if [ "${USER_ID}" -ne "0" ]; then - exec gosu cvdupdate "$@" - else - exec "$@" - fi + echo "ClamAV Private Database Mirror Updater "$@" ${SCRIPT_PATH}" + + cvdupdate "$@" fi From 8c05d9998fce9695ac6ce1263e38b736806527b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Wed, 6 Mar 2024 15:54:36 +0100 Subject: [PATCH 2/2] add .git to .dockerignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Bauer --- .dockerignore | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/.dockerignore b/.dockerignore index 85437c9..2301016 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,9 +1,10 @@ -__pycache__ -.mypy_cache -.pytest_cache -.vscode -cvdupdate.egg-info -/build -/dist -/tests -.github +__pycache__ +.git +.github +.mypy_cache +.pytest_cache +.vscode +*cvdupdate.egg-info +/build +/dist +/tests