From 1216cdbb32b044a1f5b376c2a1831e7aa4310492 Mon Sep 17 00:00:00 2001 From: Oshane Bailey Date: Thu, 27 Jan 2022 15:45:15 +0000 Subject: [PATCH 1/3] close: add docker support --- .dockerignore | 15 +++++++++++++++ .gitignore | 3 +++ .gitpod.yml | 11 +++++++++++ Dockerfile | 21 +++++++++++++++++++++ docker-compose.yml | 7 +++++++ docker/docker-entrypoint.sh | 4 ++++ 6 files changed, 61 insertions(+) create mode 100644 .dockerignore create mode 100644 .gitpod.yml create mode 100644 Dockerfile create mode 100644 docker-compose.yml create mode 100644 docker/docker-entrypoint.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..e7ea3b2 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,15 @@ +# Python +__pycache__/ +/venv/ + +# Vim +[._]*.sw[a-p] + +# Pycharm +/.idea/ + +# Configuration +/config.json + +# Docker +docker-compose.* \ No newline at end of file diff --git a/.gitignore b/.gitignore index b4f8978..4e99378 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,6 @@ __pycache__/ # Configuration /config.json + +# Docker +docker-compose.override.yml diff --git a/.gitpod.yml b/.gitpod.yml new file mode 100644 index 0000000..262097b --- /dev/null +++ b/.gitpod.yml @@ -0,0 +1,11 @@ +# This configuration file was automatically generated by Gitpod. +# Please adjust to your needs (see https://www.gitpod.io/docs/config-gitpod-file) +# and commit this file to your remote git repository to share the goodness with others. + +tasks: + - init: pip install -r requirements.txt + command: python main.py +vscode: + extensions: + - ms-python.python + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..15ad33c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,21 @@ +FROM python:3.9.4 + +ARG PYUSERGROUP=1000 + +ENV CONFIG_JSON='{ "bot_token": "", "port": 12345, "gh_webhooks": {} }' + + +RUN mkdir -p /var/project/app/ +COPY . /var/project/app/ +WORKDIR /var/project/app/ + +RUN groupadd --force -g $PYUSERGROUP pyuser +RUN useradd -ms /bin/bash --no-user-group -g $PYUSERGROUP -u $PYUSERGROUP pyuser + +RUN pip install -U -r requirements.txt +RUN chown -R pyuser:pyuser . +RUN chmod 755 /var/project/app/docker/docker-entrypoint.sh + +USER pyuser + +CMD ["bash", "/var/project/app/docker/docker-entrypoint.sh"] \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..24ed730 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,7 @@ +version: '3.7' + +services: + bot: + image: dashezup/github-webhook-to-telegram + ports: + - 12345:12345 \ No newline at end of file diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh new file mode 100644 index 0000000..949708a --- /dev/null +++ b/docker/docker-entrypoint.sh @@ -0,0 +1,4 @@ +if [ ! -f /var/project/app/config.json ]; then + echo $CONFIG_JSON > /var/project/app/config.json +fi +python main.py \ No newline at end of file From bce0d9f06ea7f9f8034ac3a4271e0ac58a422fb0 Mon Sep 17 00:00:00 2001 From: Oshane Bailey Date: Tue, 1 Feb 2022 05:07:54 -0500 Subject: [PATCH 2/3] Create docker-publish.yml --- .github/workflows/docker-publish.yml | 93 ++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..968e5b7 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,93 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + schedule: + - cron: '27 7 * * *' + push: + branches: [ main ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ main ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422 + with: + cosign-release: 'v1.4.0' + + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + COSIGN_EXPERIMENTAL: "true" + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} From 40ffb0e12ced6fdd563a5d18e24412293302b0e3 Mon Sep 17 00:00:00 2001 From: Oshane Bailey Date: Tue, 1 Feb 2022 05:11:37 -0500 Subject: [PATCH 3/3] Update docker-publish.yml --- .github/workflows/docker-publish.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 968e5b7..2778f84 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -78,16 +78,3 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - COSIGN_EXPERIMENTAL: "true" - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}