From 090eb098c82b2dabad59f3e9b972f1ca7a74f40f Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 19 Feb 2024 15:04:33 -0500 Subject: [PATCH 01/13] Added default home --- Dockerfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 748834989..de6796dc3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -64,7 +64,8 @@ RUN case ${TARGETARCH} in \ && chmod +x supercronic \ && mv supercronic /usr/local/bin/supercronic -ENV PORT= \ +ENV HOME=/home/steam \ + PORT= \ PUID=1000 \ PGID=1000 \ PLAYERS= \ @@ -110,9 +111,9 @@ RUN chmod +x /home/steam/server/*.sh && \ WORKDIR /home/steam/server RUN touch rcon.yaml crontab && \ - chmod o+w rcon.yaml crontab && \ - chown steam:steam -R /home/steam && \ - chmod -R o+w /home/steam/steamcmd + mkdir -p /home/steam/Steam/package && \ + chmod o+w rcon.yaml crontab /home/steam/Steam/package && \ + chown steam:steam -R /home/steam HEALTHCHECK --start-period=5m \ CMD pgrep "PalServer-Linux" > /dev/null || exit 1 From ee5e037b47117fa4f4b34fbb131ab17fd10f148b Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 19 Feb 2024 15:18:16 -0500 Subject: [PATCH 02/13] Deleting /tmp/dumps --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index de6796dc3..84f0bfb51 100644 --- a/Dockerfile +++ b/Dockerfile @@ -112,6 +112,7 @@ RUN chmod +x /home/steam/server/*.sh && \ WORKDIR /home/steam/server RUN touch rcon.yaml crontab && \ mkdir -p /home/steam/Steam/package && \ + rm -rf /tmp/dumps && \ chmod o+w rcon.yaml crontab /home/steam/Steam/package && \ chown steam:steam -R /home/steam From 5e02039c9bf15436b8fe099a17bbfa1a72638b21 Mon Sep 17 00:00:00 2001 From: Thijs van Loef Date: Mon, 19 Feb 2024 21:58:56 +0100 Subject: [PATCH 03/13] change server folder permissions --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 84f0bfb51..9bf6b4b5d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -114,7 +114,7 @@ RUN touch rcon.yaml crontab && \ mkdir -p /home/steam/Steam/package && \ rm -rf /tmp/dumps && \ chmod o+w rcon.yaml crontab /home/steam/Steam/package && \ - chown steam:steam -R /home/steam + chown steam:steam -R /home/steam/server HEALTHCHECK --start-period=5m \ CMD pgrep "PalServer-Linux" > /dev/null || exit 1 From cd3422fdc6b2f57ee63cc9b778010c08a9073ec0 Mon Sep 17 00:00:00 2001 From: "Carlos M. Martinez" Date: Mon, 19 Feb 2024 16:00:49 -0500 Subject: [PATCH 04/13] Added chown for /home/steam/Steam/package --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 9bf6b4b5d..8fc134d0f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -112,6 +112,7 @@ RUN chmod +x /home/steam/server/*.sh && \ WORKDIR /home/steam/server RUN touch rcon.yaml crontab && \ mkdir -p /home/steam/Steam/package && \ + chown steam:steam /home/steam/Steam/package && \ rm -rf /tmp/dumps && \ chmod o+w rcon.yaml crontab /home/steam/Steam/package && \ chown steam:steam -R /home/steam/server From 9ee85a77f2bff888d5d3da3ab4112c8b40aee16a Mon Sep 17 00:00:00 2001 From: Thijs van Loef Date: Tue, 20 Feb 2024 11:03:37 +0100 Subject: [PATCH 05/13] add trivy security scanning --- .github/workflows/security.yml | 35 ++++++++++++++++++++++++++++++++++ .gitignore | 3 ++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/security.yml diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 000000000..6cd6d6386 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,35 @@ +name: Security +on: + pull_request: + +jobs: + container-scanning: + name: Security - Container Scan + runs-on: ubuntu-latest + steps: + + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and export to Docker + uses: docker/build-push-action@v5 + with: + file: ./Dockerfile + load: true + tags: security + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'security' + ignore-unfixed: true + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' \ No newline at end of file diff --git a/.gitignore b/.gitignore index 6ee54f3c8..0dc6db89a 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ palworld .idea !charts/* values*.yaml -.env \ No newline at end of file +.env +.vscode \ No newline at end of file From 41506d0564b8d1a049e46bd1844c9b18c47ff5e5 Mon Sep 17 00:00:00 2001 From: Thijs van Loef Date: Tue, 20 Feb 2024 11:04:32 +0100 Subject: [PATCH 06/13] change name --- .github/workflows/security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 6cd6d6386..12dac0ef8 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -4,7 +4,7 @@ on: jobs: container-scanning: - name: Security - Container Scan + name: Container - Scan runs-on: ubuntu-latest steps: From 7e3b6d7181b1bbf4c67cf2d28fd2fd012c9c7e4d Mon Sep 17 00:00:00 2001 From: Thijs van Loef Date: Tue, 20 Feb 2024 11:05:43 +0100 Subject: [PATCH 07/13] fix linting issues --- .github/workflows/release.yml | 2 +- .github/workflows/security.yml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 778755a5e..c5f9eff04 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,6 +1,6 @@ --- name: Release -on: # yamllint disable-line rule:truthy +on: # yamllint disable-line rule:truthy release: types: [published] diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 12dac0ef8..126e0d7f4 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -1,5 +1,6 @@ +--- name: Security -on: +on: # yamllint disable-line rule:truthy pull_request: jobs: @@ -32,4 +33,4 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file + sarif_file: 'trivy-results.sarif' From 4bf002888515bd8822d7a60ac5d942fcf1a5d23d Mon Sep 17 00:00:00 2001 From: Thijs van Loef Date: Tue, 20 Feb 2024 11:08:03 +0100 Subject: [PATCH 08/13] scan container with known issues --- .github/workflows/security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 126e0d7f4..067ec0b2b 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -25,7 +25,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'security' + image-ref: 'thijsvanloef/palworld-server-docker:v0.1' ignore-unfixed: true format: 'sarif' output: 'trivy-results.sarif' From 97c9754875d54b65c53ba909461c61c897694fee Mon Sep 17 00:00:00 2001 From: Thijs van Loef Date: Tue, 20 Feb 2024 11:10:54 +0100 Subject: [PATCH 09/13] revert to current image, add scan shedule --- .github/workflows/security.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 067ec0b2b..c6314a04d 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -2,6 +2,8 @@ name: Security on: # yamllint disable-line rule:truthy pull_request: + schedule: + - cron: 0 0 * * * jobs: container-scanning: @@ -25,7 +27,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'thijsvanloef/palworld-server-docker:v0.1' + image-ref: 'security' ignore-unfixed: true format: 'sarif' output: 'trivy-results.sarif' From dfbdf64c7a9b369d7cdf331a0aa6a23f0a991042 Mon Sep 17 00:00:00 2001 From: Thijs van Loef Date: Tue, 20 Feb 2024 12:57:34 +0100 Subject: [PATCH 10/13] add CI/CD badges --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b947e7fec..9839340f0 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,13 @@ [![Docker Pulls](https://img.shields.io/docker/pulls/thijsvanloef/palworld-server-docker)](https://hub.docker.com/r/thijsvanloef/palworld-server-docker) [![Docker Stars](https://img.shields.io/docker/stars/thijsvanloef/palworld-server-docker)](https://hub.docker.com/r/thijsvanloef/palworld-server-docker) [![Image Size](https://img.shields.io/docker/image-size/thijsvanloef/palworld-server-docker/latest)](https://hub.docker.com/r/thijsvanloef/palworld-server-docker/tags) -[![CodeFactor](https://www.codefactor.io/repository/github/thijsvanloef/palworld-server-docker/badge)](https://www.codefactor.io/repository/github/thijsvanloef/palworld-server-docker) [![Discord](https://img.shields.io/discord/1200397673329594459?logo=discord&label=Discord&link=https%3A%2F%2Fdiscord.gg%2FUxBxStPAAE)](https://discord.com/invite/UxBxStPAAE) +[![CodeFactor](https://www.codefactor.io/repository/github/thijsvanloef/palworld-server-docker/badge)](https://www.codefactor.io/repository/github/thijsvanloef/palworld-server-docker) +[![Release](https://github.com/thijsvanloef/palworld-server-docker/actions/workflows/release.yml/badge.svg)](https://github.com/thijsvanloef/palworld-server-docker/actions/workflows/release.yml) +[![Linting](https://github.com/thijsvanloef/palworld-server-docker/actions/workflows/linting.yml/badge.svg)](https://github.com/thijsvanloef/palworld-server-docker/actions/workflows/linting.yml) +[![Security](https://github.com/thijsvanloef/palworld-server-docker/actions/workflows/security.yml/badge.svg)](https://github.com/thijsvanloef/palworld-server-docker/actions/workflows/security.yml) + [![Docker Hub](https://img.shields.io/badge/Docker_Hub-palworld-blue?logo=docker)](https://hub.docker.com/r/thijsvanloef/palworld-server-docker) [![GHCR](https://img.shields.io/badge/GHCR-palworld-blue?logo=docker)](https://github.com/thijsvanloef/palworld-server-docker/pkgs/container/palworld-server-docker) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/palworld-server-chart)](https://artifacthub.io/packages/search?repo=palworld-server-chart) From 6766ac2ddb19409c78ed7234cfa1059c140971a0 Mon Sep 17 00:00:00 2001 From: Tom Pietsch Date: Tue, 20 Feb 2024 15:07:19 +0100 Subject: [PATCH 11/13] updated german quick-setup and game-settings according to the changes since last translation --- .../getting-started/configuration/game-settings.md | 1 + .../current/getting-started/quick-setup.md | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/getting-started/configuration/game-settings.md b/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/getting-started/configuration/game-settings.md index ff2bf71d6..bf1406ed2 100644 --- a/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/getting-started/configuration/game-settings.md +++ b/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/getting-started/configuration/game-settings.md @@ -81,6 +81,7 @@ Beispiele: | REGION | Region | | String | | USEAUTH | Authentifizierung verwenden | True | Boolean | | BAN_LIST_URL | Welche Sperrliste verwenden | [https://api.palworldgame.com/api/banlist.txt](https://api.palworldgame.com/api/banlist.txt) | string | +| TARGET_MANIFEST_ID | Legt die Spielversion entsprechend der Manifest-ID aus dem Steam-Download-Depot fest. | | Siehe [Manifest IDs](https://palworld-server-docker.loef.dev/de/guides/pinning-game-version) | ### Manuell diff --git a/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/getting-started/quick-setup.md b/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/getting-started/quick-setup.md index e7efed5e0..88e3289d9 100644 --- a/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/getting-started/quick-setup.md +++ b/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/getting-started/quick-setup.md @@ -35,7 +35,7 @@ Datei, die Sie verwenden können, um Ihren Server aufzusetzen. ```yml services: palworld: - image: thijsvanloef/palworld-server-docker:latest # Verwenden Sie das Tag latest-arm64 für ARM64-Hosts + image: thijsvanloef/palworld-server-docker:latest restart: unless-stopped container_name: palworld-server stop_grace_period: 30s # Auf die Zeit festlegen, die Sie bereit sind zu warten, bis der Container ordnungsgemäß beendet ist @@ -69,7 +69,7 @@ Passen Sie es an Ihre Bedürfnisse an, sehen Sie sich die [Umgebungsvariablen-Ü ```yml services: palworld: - image: thijsvanloef/palworld-server-docker:latest # Verwenden Sie das Tag latest-arm64 für ARM64-Hosts + image: thijsvanloef/palworld-server-docker:latest restart: unless-stopped container_name: palworld-server stop_grace_period: 30s # die Zeit, die Sie bereit sind zu warten, bis der Container ordnungsgemäß beendet ist @@ -117,7 +117,7 @@ docker run -d \ -e SERVER_DESCRIPTION="palworld-server-docker von Thijs van Loef" \ --restart unless-stopped \ --stop-timeout 30 \ - thijsvanloef/palworld-server-docker:latest # Verwenden Sie das Tag latest-arm64 für ARM64-Hosts + thijsvanloef/palworld-server-docker:latest ``` Als Alternative können Sie die [.env.example](https://github.com/thijsvanloef/palworld-server-docker/blob/main/.env.example) Datei in eine neue Datei mit dem Namen **.env** kopieren. @@ -135,5 +135,5 @@ docker run -d \ --env-file .env \ --restart unless-stopped \ --stop-timeout 30 \ - thijsvanloef/palworld-server-docker:latest # Verwenden Sie das Tag latest-arm64 für ARM64-Hosts + thijsvanloef/palworld-server-docker:latest ``` From bd9e7dda6158478f02ba62ac4d3ae88e803c572c Mon Sep 17 00:00:00 2001 From: Tom Pietsch Date: Tue, 20 Feb 2024 15:07:55 +0100 Subject: [PATCH 12/13] added new pinning-game-version and running-without-root pages according to the changes since last translation --- .../current/guides/pinning-game-version.md | 25 +++++++++++++++++++ .../current/guides/running-without-root.md | 24 ++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 docusaurus/i18n/de/docusaurus-plugin-content-docs/current/guides/pinning-game-version.md create mode 100644 docusaurus/i18n/de/docusaurus-plugin-content-docs/current/guides/running-without-root.md diff --git a/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/guides/pinning-game-version.md b/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/guides/pinning-game-version.md new file mode 100644 index 000000000..37eb61402 --- /dev/null +++ b/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/guides/pinning-game-version.md @@ -0,0 +1,25 @@ +--- +sidebar_position: 7 +--- + +# Festlegen einer Spielversion + +:::warning +Das Downgraden auf eine niedrigere Spielversion ist möglich, es ist aber unbekannt, welche Auswirkungen dies auf +vorhandene Spielstände haben wird. + +**Verwendung auf eigene Gefahr!** +::: + +Wenn die Umgebungsvariable **TARGET_MANIFEST_ID** gesetzt ist, wird die Serverversion auf ein bestimmtes Manifest +festgelegt. +Ein Manifest entspricht einem veröffentlichten Zustand des Spiels an einem gewissen Datum. Manifeste können mithilfe +von SteamCMD oder Websites wie [SteamDB](https://steamdb.info/depot/2394012/manifests/) gefunden werden. + +## Spielversion zu Manifest-ID + +| Version | Manifest-ID | +|---------|----------------------| +| 1.3.0 | 1354752814336157338 | +| 1.4.0 | 4190579964382773830 | +| 1.4.1 | 6370735655629434989 | diff --git a/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/guides/running-without-root.md b/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/guides/running-without-root.md new file mode 100644 index 000000000..544fb3c04 --- /dev/null +++ b/docusaurus/i18n/de/docusaurus-plugin-content-docs/current/guides/running-without-root.md @@ -0,0 +1,24 @@ +--- +sidebar_position: 6 +--- + +# Ausführen ohne Root-Rechte + +Dieser Beitrag richtet sich nur an fortgeschrittene Benutzer! + +Sie können diesen Container ausführen und den Standardbenutzer (root) [überschreiben](https://docs.docker.com/engine/reference/run/#user). + +Wenn der Benutzer und die Gruppe angegeben werden, werden `PUID` und `PGID` ignoriert. + +Wie Sie die GID bzw. die UID herausfinden: `id -u` / `id -g` + +Um den Standardbenutzer zu überschreiben muss der Benutzer auf `NUMERISCHE_UID:NUMERISCHE_GID` gesetzt werden. + +Im Folgenden gehen wir davon aus, dass Ihre UID 1000 und Ihre GID 1001 ist: + +* Mit `docker run` fügen Sie `--user 1000:1001 \` über der letzten Zeile des Beispiels hinzu. +* Mit `docker compose` fügen Sie `user: 1000:1001` in die `docker-compose.yml` unter den Ports hinzu. + +Wenn Sie den Container mit einer anderen UID/GID als Ihrer eigenen ausführen möchten, müssen Sie den Besitz des +Verzeichnisses ändern, das eingebunden wird: `chown UID:GID palworld/` oder die Berechtigungen ändern: +`chmod o=rwx palworld/` From 83a86c995608b50eb709e724bc28d51148fb908a Mon Sep 17 00:00:00 2001 From: Thijs van Loef Date: Tue, 20 Feb 2024 19:18:52 +0100 Subject: [PATCH 13/13] allow scan to be triggered manually --- .github/workflows/security.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index c6314a04d..5b0c2eb9f 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -2,6 +2,7 @@ name: Security on: # yamllint disable-line rule:truthy pull_request: + workflow_dispatch: schedule: - cron: 0 0 * * *