tyler/Libation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1011 from pixil98/master

Browse Source 
Run docker image as non-root user
This commit is contained in:
rmcrackan 2024-11-14 15:19:36 -05:00 committed by GitHub
commit 5fff22a0e1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 297 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/build-linux.yml vendored
View File

@ -8,16 +8,16 @@ on:
inputs: inputs:
version_override: version_override:
type: string type: string
description: 'Version number override' description: "Version number override"
required: false required: false
run_unit_tests: run_unit_tests:
type: boolean type: boolean
description: 'Skip running unit tests' description: "Skip running unit tests"
required: false required: false
default: true default: true
runs_on: runs_on:
type: string type: string
description: 'The GitHub hosted runner to use' description: "The GitHub hosted runner to use"
required: true required: true
OS: OS:
type: string type: string
@ -28,17 +28,17 @@ on:
required: true required: true
architecture: architecture:
type: string type: string
description: 'CPU architecture targeted by the build.' description: "CPU architecture targeted by the build."
required: true required: true
env: env:
DOTNET_CONFIGURATION: 'Release' DOTNET_CONFIGURATION: "Release"
DOTNET_VERSION: '8.0.x' DOTNET_VERSION: "8.0.x"
RELEASE_NAME: 'chardonnay' RELEASE_NAME: "chardonnay"
jobs: jobs:
build: build:
name: '${{ inputs.OS }}-${{ inputs.architecture }}' name: "${{ inputs.OS }}-${{ inputs.architecture }}"
runs-on: ${{ inputs.runs_on }} runs-on: ${{ inputs.runs_on }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

10
.github/workflows/build-windows.yml vendored
View File

@ -8,21 +8,21 @@ on:
inputs: inputs:
version_override: version_override:
type: string type: string
description: 'Version number override' description: "Version number override"
required: false required: false
run_unit_tests: run_unit_tests:
type: boolean type: boolean
description: 'Skip running unit tests' description: "Skip running unit tests"
required: false required: false
default: true default: true
env: env:
DOTNET_CONFIGURATION: 'Release' DOTNET_CONFIGURATION: "Release"
DOTNET_VERSION: '8.0.x' DOTNET_VERSION: "8.0.x"
jobs: jobs:
build: build:
name: '${{ matrix.os }}-${{ matrix.release_name }}' name: "${{ matrix.os }}-${{ matrix.release_name }}"
runs-on: windows-latest runs-on: windows-latest
strategy: strategy:
matrix: matrix:

5
.github/workflows/build.yml vendored
View File

@ -8,16 +8,15 @@ on:
inputs: inputs:
version_override: version_override:
type: string type: string
description: 'Version number override' description: "Version number override"
required: false required: false
run_unit_tests: run_unit_tests:
type: boolean type: boolean
description: 'Skip running unit tests' description: "Skip running unit tests"
required: false required: false
default: true default: true
jobs: jobs:
windows: windows:
uses: ./.github/workflows/build-windows.yml uses: ./.github/workflows/build-windows.yml
with: with:

37
.github/workflows/docker.yml vendored
View File

@ -8,7 +8,11 @@ on:
inputs: inputs:
version: version:
type: string type: string
description: 'Version number' description: "Version number"
required: true
release:
type: boolean
description: "Is this a release build?"
required: true required: true
secrets: secrets:
docker_username: docker_username:
@ -16,12 +20,10 @@ on:
docker_token: docker_token:
required: true required: true
env:
DOCKER_IMAGE: ${{ secrets.docker_username }}/libation
jobs: jobs:
docker: build_and_push:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -33,14 +35,29 @@ jobs:
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub - name: Login to Docker Hub
if: ${{ inputs.release }}
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.docker_username }} username: ${{ secrets.docker_username }}
password: ${{ secrets.docker_token }} password: ${{ secrets.docker_token }}
- name: Build and push - name: Generate docker image tags
uses: docker/build-push-action@v5 id: metadata
uses: docker/metadata-action@v5
with: with:
push: true flavor: |
build-args: 'FOLDER_NAME=Linux-chardonnay' latest=true
tags: ${{ env.DOCKER_IMAGE }}:latest,${{ env.DOCKER_IMAGE }}:${{ inputs.version }} images: |
name=${{ secrets.docker_username }}/libation
tags: |
type=raw,value=${{ inputs.version }},enable=${{ inputs.release }}
- name: Build and push image
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm64
push: ${{ steps.metadata.outputs.tags != ''}}
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}

11
.github/workflows/release.yml vendored
View File

@ -5,7 +5,7 @@ name: release
on: on:
push: push:
tags: tags:
- 'v*' - "v*"
jobs: jobs:
prerelease: prerelease:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -15,7 +15,7 @@ jobs:
- name: Get tag version - name: Get tag version
id: get_version id: get_version
run: | run: |
export TAG='${{ github.ref_name }}' export TAG="${{ github.ref_name }}"
echo "version=${TAG#v}" >> "${GITHUB_OUTPUT}" echo "version=${TAG#v}" >> "${GITHUB_OUTPUT}"
docker: docker:
@ -23,6 +23,7 @@ jobs:
uses: ./.github/workflows/docker.yml uses: ./.github/workflows/docker.yml
with: with:
version: ${{ needs.prerelease.outputs.version }} version: ${{ needs.prerelease.outputs.version }}
release: true
secrets: secrets:
docker_username: ${{ secrets.DOCKERHUB_USERNAME }} docker_username: ${{ secrets.DOCKERHUB_USERNAME }}
docker_token: ${{ secrets.DOCKERHUB_TOKEN }} docker_token: ${{ secrets.DOCKERHUB_TOKEN }}
@ -35,7 +36,7 @@ jobs:
run_unit_tests: false run_unit_tests: false
release: release:
needs: [prerelease,build] needs: [prerelease, build]
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Download artifacts - name: Download artifacts
@ -55,7 +56,7 @@ jobs:
- name: Upload release assets - name: Upload release assets
uses: dwenegar/upload-release-assets@v2 uses: dwenegar/upload-release-assets@v2
env: env:
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
with: with:
release_id: '${{ steps.release.outputs.id }}' release_id: "${{ steps.release.outputs.id }}"
assets_path: ./artifacts assets_path: ./artifacts

8
.github/workflows/validate.yml vendored
View File

@ -12,3 +12,11 @@ on:
jobs: jobs:
build: build:
uses: ./.github/workflows/build.yml uses: ./.github/workflows/build.yml
docker:
uses: ./.github/workflows/docker.yml
with:
version: ${GITHUB_SHA}
release: false
secrets:
docker_username: ${{ secrets.DOCKERHUB_USERNAME }}
docker_token: ${{ secrets.DOCKERHUB_TOKEN }}

3
Docker/appsettings.json Normal file
View File

@ -0,0 +1,3 @@
{
"LibationFiles": "/config-internal"
}

206
Docker/liberate.sh
View File

@ -1,68 +1,174 @@
#!/bin/bash #!/bin/bash
# Rewire echo to print date time error() {
echo() { log "ERROR" "$1"
if [[ -n $1 ]]; then
printf "$(date '+%F %T'): %s\n" "$1"
fi
} }
# ################################ warn() {
# Setup log "WARNING" "$1"
# ################################ }
echo "Starting"
if [[ -z "${SLEEP_TIME}" ]]; then
echo "No sleep time passed in. Will run once and exit."
else
echo "Sleep time is set to ${SLEEP_TIME}"
fi
echo "" info() {
log "info" "$1"
}
# Check if the config directory is passed in, and there is no link to it then create the link. debug() {
if [ -d "/config" ] && [ ! -d "/root/Libation" ]; then if [ "${LOG_LEVEL}" = "debug" ]; then
echo "Linking config directory to the Libation config directory" log "debug" "$1"
ln -s /config/ /root/Libation fi
fi }
# If no config error and exit log() {
if [ ! -d "/config" ]; then LEVEL=$1
echo "ERROR: No /config directory. You must pass in a volume containing your config mapped to /config" MESSAGE=$2
printf "$(date '+%F %T') %s: %s\n" "${LEVEL}" "${MESSAGE}"
}
init_config_file() {
FILE=$1
FULLPATH=${LIBATION_CONFIG_DIR}/${FILE}
if [ -f ${FULLPATH} ]; then
info "loading ${FILE}"
cp ${FULLPATH} ${LIBATION_CONFIG_INTERNAL}/
return 0
else
warn "${FULLPATH} not found, creating empty file"
echo "{}" > ${LIBATION_CONFIG_INTERNAL}/${FILE}
return 1
fi
}
update_settings() {
FILE=$1
KEY=$2
VALUE=$3
info "setting ${KEY} to ${VALUE}"
echo $(jq --arg k "${KEY}" --arg v "${VALUE}" '.[$k] = $v' ${LIBATION_CONFIG_INTERNAL}/${FILE}) > ${LIBATION_CONFIG_INTERNAL}/${FILE}.tmp
mv ${LIBATION_CONFIG_INTERNAL}/${FILE}.tmp ${LIBATION_CONFIG_INTERNAL}/${FILE}
}
is_mounted() {
DIR=$1
if grep -qs "${DIR} " /proc/mounts;
then
return 0
else
return 1
fi
}
create_db() {
DBFILE=$1
if [ -f "${DBFILE}" ]; then
warn "prexisting database found when creating"
return 0
else
if ! touch "${DBFILE}"; then
error "unable to create database, check permissions on host"
exit 1
fi
return 1
fi
}
setup_db() {
DBPATH=$1
dbpattern="*.db"
debug "using database directory ${DBPATH}"
# Figure out the right databse file
if [[ -z "${LIBATION_DB_FILE}" ]];
then
dbCount=$(find "${DBPATH}" -type f -name "${dbpattern}" | wc -l)
if [ "${dbCount}" -gt 1 ];
then
error "too many database files found, set LIBATION_DB_FILE to the filename you wish to use"
exit 1
elif [ "${dbCount}" -eq 1 ];
then
files=( ${DBPATH}/${dbpattern} )
FILE=${files[0]}
else
FILE="${DBPATH}/LibationContext.db"
fi
else
FILE="${DBPATH}/${LIBATION_DB_FILE}"
fi
debug "planning to use database ${FILE}"
if [ -f "${FILE}" ]; then
info "database found at ${FILE}"
elif [ ${LIBATION_CREATE_DB} = "true" ];
then
warn "database not found, creating one at ${FILE}"
create_db ${FILE}
else
error "database not found and creation is disabled"
exit 1 exit 1
fi fi
ln -s "${FILE}" "${LIBATION_CONFIG_INTERNAL}/LibationContext.db"
}
# If user passes in db from a /db/ folder and a db does not already exist / is not already linked run() {
FILE=/db/LibationContext.db info "scanning accounts"
if [ -f "${FILE}" ] && [ ! -f "/config/LibationContext.db" ]; then /libation/LibationCli scan
echo "Linking passed in Libation database from /db/ to the Libation config directory" info "liberating books"
ln -s $FILE /config/LibationContext.db /libation/LibationCli liberate
fi }
# Confirm we have a db in the config direcotry. main() {
if [ ! -f "/config/LibationContext.db" ]; then info "initializing libation"
echo "ERROR: No Libation database detected, exiting." init_config_file AccountsSettings.json
exit 1 init_config_file Settings.json
fi
# ################################ info "loading settings"
# Loop and liberate update_settings Settings.json Books /data
# ################################ update_settings Settings.json InProgress /tmp
while true
do info "loading database"
echo "" # If user provides a separate database mount, use that
echo "Scanning accounts" if is_mounted "${LIBATION_DB_DIR}";
/libation/LibationCli scan then
echo "Liberating books" DB_LOCATION=${LIBATION_DB_DIR}
/libation/LibationCli liberate # Otherwise, use the config directory
echo "" else
DB_LOCATION=${LIBATION_CONFIG_DIR}
fi
setup_db ${DB_LOCATION}
# Try to warn if books dir wasn't mounted in
if ! is_mounted "${LIBATION_BOOKS_DIR}";
then
warn "${LIBATION_BOOKS_DIR} does not appear to be mounted, books will not be saved"
fi
# Let the user know what the run type will be
if [[ -z "${SLEEP_TIME}" ]]; then
SLEEP_TIME=-1
fi
if [ "${SLEEP_TIME}" -eq -1 ]; then
info "running once"
else
info "running every ${SLEEP_TIME}"
fi
# loop
while true
do
run
# Liberate only once if SLEEP_TIME was set to -1 # Liberate only once if SLEEP_TIME was set to -1
if [ "${SLEEP_TIME}" = -1 ]; then if [ "${SLEEP_TIME}" -eq -1 ]; then
break break
fi fi
echo "Sleeping for ${SLEEP_TIME}"
sleep "${SLEEP_TIME}" sleep "${SLEEP_TIME}"
done done
echo "Exiting" info "exiting"
}
main

43
Dockerfile
View File

@ -1,22 +1,39 @@
# Dockerfile # Dockerfile
FROM mcr.microsoft.com/dotnet/sdk:8.0 as build-env FROM --platform=${BUILDPLATFORM} mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETARCH
COPY Source /Source COPY Source /Source
RUN dotnet publish -c Release -o /Source/bin/Publish/Linux-chardonnay /Source/LibationCli/LibationCli.csproj -p:PublishProfile=/Source/LibationCli/Properties/PublishProfiles/LinuxProfile.pubxml RUN dotnet publish \
COPY Docker/liberate.sh /Source/bin/Publish/Linux-chardonnay /Source/LibationCli/LibationCli.csproj \
--arch ${TARGETARCH} \
--configuration Release \
--output /Source/bin/Publish/Linux-chardonnay \
-p:PublishProfile=/Source/LibationCli/Properties/PublishProfiles/LinuxProfile.pubxml
FROM mcr.microsoft.com/dotnet/runtime:8.0 FROM mcr.microsoft.com/dotnet/runtime:8.0
ARG USER_UID=1001
ARG USER_GID=1001
ENV SLEEP_TIME "30m" # Set the character set that will be used for folder and filenames when liberating
ENV LANG=C.UTF-8
ENV LC_ALL=C.UTF-8
# Sets the character set that will be used for folder and filenames when liberating ENV SLEEP_TIME=-1
ENV LANG C.UTF-8 ENV LIBATION_CONFIG_INTERNAL=/config-internal
ENV LC_ALL C.UTF-8 ENV LIBATION_CONFIG_DIR=/config
ENV LIBATION_DB_DIR=/db
RUN mkdir /db /config /data ENV LIBATION_DB_FILE=
ENV LIBATION_CREATE_DB=true
COPY --from=build-env /Source/bin/Publish/Linux-chardonnay /libation ENV LIBATION_BOOKS_DIR=/data
CMD ["./libation/liberate.sh"] RUN apt-get update && apt-get -y upgrade && \
apt-get install -y jq && \
mkdir -m777 ${LIBATION_CONFIG_INTERNAL} ${LIBATION_BOOKS_DIR}
COPY --from=build /Source/bin/Publish/Linux-chardonnay /libation
COPY Docker/* /libation
USER ${USER_UID}:${USER_GID}
CMD ["/libation/liberate.sh"]

57
Documentation/Docker.md
View File

@ -3,38 +3,30 @@
### If you found this useful, tell a friend. If you found this REALLY useful, you can click here to [PayPal.me](https://paypal.me/mcrackan?locale.x=en_us) ### If you found this useful, tell a friend. If you found this REALLY useful, you can click here to [PayPal.me](https://paypal.me/mcrackan?locale.x=en_us)
...or just tell more friends. As long as I'm maintaining this software, it will remain **free** and **open source**. ...or just tell more friends. As long as I'm maintaining this software, it will remain **free** and **open source**.
> [!WARNING]
> ## Breaking Changes
> * The docker image now runs as user 1001 and group 1001. Make sure that the permissions on your volumes allow user 1001 to read and write to them.
> * `SLEEP_TIME` is now set to `-1` by default. This means the image will run once and exit. If you were relying on the previous default, you'll need to explicitly set the `SLEEP_TIME` environment variable to `30m` to replicate the previous behavior.
> * The docker image now ignores the values in `Settings.json` for `Books` and `InProgress`. You can now change the folder that books are saved to by using the `LIBATION_BOOKS_DIR` environment variable.
# Disclaimer # Disclaimer
The docker image is provided as-is. We hope it can be useful to you but it is not officially supported. The docker image is provided as-is. We hope it can be useful to you but it is not officially supported.
### Setup ### Configuration
In order to use the docker image, you'll need to provide it with a copy of the `AccountsSettings.json`, `Settings.json`, and `LibationContext.db` files. These files can usually be found in the Libation folder in your user's home directory. If you haven't run Libation yet, you'll need to launch it to generate these files and setup your accounts. Once you have them, copy these files to a new location, such as `/opt/libation/config`. Before using them we'll need to make a couple edits so that the filepaths referenced are correct when running from the docker image. Configuration in Libation is handled by two files, `AccountsSettings.json` and `Settings.json`. These files can usually be found in the Libation folder in your user's home directory. The easiest way to configure these is to run the desktop version of Libation and then copy them into a folder, such as `/opt/libation/config`, that you'll volume mount into the image. `Settings.json` is technically optional, and, if not provided, Libation will run using the default settings. Additionally, the `Books` and `InProgress` settings in `Settings.json` will be ignored and the image will instead substitute it's own values.
In Settings.json, make the following changes:
* Change `Books` to `/data`
* Change `InProgress` to `/tmp` *
*You may have to paste the following at the end of your your Settings.json file if `InProgess` is not present:
```
"InProgress": "/tmp"
```
![image](https://github.com/patienttruth/Libation/assets/105557996/cf65a108-cadf-4284-9000-e7672c99c59b)
### Running ### Running
Once the configuration files are copied and edited, the docker image can be run with the following command. Once the configuration files are copied, the docker image can be run with the following command.
``` ```
sudo docker run -d \ sudo docker run -d \
-v /opt/libation/config:/config \ -v /opt/libation/config:/config \
-v /opt/libation/books:/data \ -v /opt/libation/books:/data \
--name libation \ --name libation \
--restart=always \ --restart=always \
rmcrackan/libation rmcrackan/libation:latest
``` ```
By default the container will scan for new books every 30 minutes and download any new ones. This is configurable by passing in a value for the `SLEEP_TIME` environment variable. Additionally, if you pass in `-1` it will scan and download books once and then exit. By default the container will scan for new books once and download any new ones. This is configurable by passing in a value for the `SLEEP_TIME` environment variable. For example, if you pass in `10m` it will keep running, scan for new books, and download them every 10 minutes.
``` ```
sudo docker run -d \ sudo docker run -d \
@ -43,6 +35,33 @@ sudo docker run -d \
-e SLEEP_TIME='10m' \ -e SLEEP_TIME='10m' \
--name libation \ --name libation \
--restart=always \ --restart=always \
rmcrackan/libation rmcrackan/libation:latest
``` ```
### Environment Variables
| Env Var | Default | Description |
| -------- | ------- | ----------- |
| SLEEP_TIME | -1 | Length of time to sleep before doing another scan/download. Set to -1 to run one. |
| LIBATION_BOOKS_DIR | /data | Folder where books will be saved |
| LIBATION_CONFIG_DIR | /config | Folder to read configuration from. |
| LIBATION_DB_DIR | /db | Optional folder to load database from. If not mounted, will load database from `LIBATION_CONFIG_DIR`. |
| LIBATION_DB_FILE | | Name of database file to load. By default it will look for all `.db` files and load one if there is only one present. |
| LIBATION_CREATE_DB | true | Whether or not the image should create a database file if none are found. |
### User
This docker image runs as user `1001`. In order for the image to function properly, user `1001` must be able to read and write the volumes that are mounted in. If they are not, you will see errors
If you want to change the user the image runs as, you can specify `-u <uid>:<gid>`. For example, to run it as user `2000` and group `3000`, you could do the following:
```
sudo docker run -d \
-u 2000:3000 \
-v /opt/libation/config:/config \
-v /opt/libation/books:/data \
--name libation \
--restart=always \
rmcrackan/libation:latest
```
### Advanced Database Options
The docker image supports an optional database mount location defined by `LIBATION_DB_DIR`. This allows the database to be mounted as read/write, while allowing the rest of the configuration files to be mounted as read only. This is specifically useful if running in Kubernetes where you can use Configmaps and Secrets to define the configuration. If the `LIBATION_DB_DIR` is mounted, it will be used, otherwise it will look for the database in `LIBATION_CONFIG_DIR`. If it does not find the database in the expected location, it will attempt to make an empty database there.