ENH: Adds docker support.

certtools · Dec 14, 2023 · 0dc4f94 · 0dc4f94
1 parent 3da2cf2
commit 0dc4f94
Show file tree

Hide file tree

Showing 3 changed files with 361 additions and 60 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -3,80 +3,148 @@
 # SPDX-FileCopyrightText: 2021 Sebastian Waldbauer
 # SPDX-License-Identifier: AGPL-3.0-or-later
 #
-name: "Build and upload docker image"
+#name: "Build and upload docker image"
+#
+#on:
+#  push:
+#    branches: ['develop']
+#    paths-ignore:
+#      - '.github/**'
+#
+#jobs:
+#  docker:
+#    name: Building Docker image
+#    runs-on: ubuntu-latest
+#
+#    steps:
+#      - name: Check if environment is ACT
+#        run: sudo chown runner:docker /var/run/docker.sock
+#        if: ${{ env.ACT }}
+#
+#      - name: Checkout IntelMQ-Docker
+#        uses: actions/checkout@v3
+#        with:
+#          ref: 'main'
+#          repository: certat/intelmq-docker
+#          path: ./work
+#
+#      - name: Checkout IntelMQ-Manager
+#        uses: actions/checkout@v3
+#        with:
+#          ref: 'develop'
+#          repository: certtools/intelmq-manager
+#          path: ./work/intelmq-manager
+#
+#      - name: Checkout IntelMQ-API
+#        uses: actions/checkout@v3
+#        with:
+#          ref: 'develop'
+#          repository: certtools/intelmq-api
+#          path: ./work/intelmq-api
+#
+#      - name: Checkout IntelMQ
+#        uses: actions/checkout@v3
+#        with:
+#          ref: 'develop'
+#          path: ./work/intelmq
+#
+#      - name: Setup QEMU
+#        uses: docker/setup-qemu-action@v2
+#
+#      - name: Setup Docker Buildx
+#        uses: docker/setup-buildx-action@v2
+#
+#      - name: Login to DockerHub
+#        uses: docker/login-action@v2
+#        if: github.repository == 'certtools/intelmq' && !${{ env.ACT }}
+#        with:
+#          username: ${{ secrets.DOCKERHUB_USERNAME }}
+#          password: ${{ secrets.DOCKERHUB_TOKEN }}
+#
+#      - name: Install python build requirements
+#        run: |
+#          pip3 install mako
+#
+#      - name: Build
+#        run: |
+#          cd work
+#          ./build.sh
+#
+#      - name: Test
+#        run: |
+#          cd work
+#          ./test.sh
+#
+#      - name: Publish develop version to dockerhub
+#        if: github.repository == 'certtools/intelmq' && !${{ env.ACT }}
+#        run: |
+#          docker tag intelmq-full:latest certat/intelmq-full:develop
+#          docker push certat/intelmq-full:develop
+
+
+name: "Build and upload Docker image"
 
 on:
   push:
-    branches: ['develop']
-    paths-ignore:
-      - '.github/**'
+    branches:
+      - develop
+      - merge-projects
+    tags:
+      - "*.*.*"
+  pull_request:
+    branches:
+      - develop
 
 jobs:
   docker:
-    name: Building Docker image
     runs-on: ubuntu-latest
-
     steps:
-      - name: Check if environment is ACT
-        run: sudo chown runner:docker /var/run/docker.sock
-        if: ${{ env.ACT }}
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-      - name: Checkout IntelMQ-Docker
-        uses: actions/checkout@v3
-        with:
-          ref: 'main'
-          repository: certat/intelmq-docker
-          path: ./work
+#      - name: Docker meta
+#        id: meta
+#        uses: docker/metadata-action@v5
+#        with:
+#          # list of Docker images to use as base name for tags
+#          images: |
+#            name/app
+#            ghcr.io/username/app
+#          # generate Docker tags based on the following events/attributes
+#          tags: |
+#            type=schedule
+#            type=ref,event=branch
+#            type=ref,event=pr
+#            type=semver,pattern={{version}}
+#            type=semver,pattern={{major}}.{{minor}}
+#            type=semver,pattern={{major}}
+#            type=sha
 
-      - name: Checkout IntelMQ-Manager
-        uses: actions/checkout@v3
-        with:
-          ref: 'develop'
-          repository: certtools/intelmq-manager
-          path: ./work/intelmq-manager
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
-      - name: Checkout IntelMQ-API
-        uses: actions/checkout@v3
-        with:
-          ref: 'develop'
-          repository: certtools/intelmq-api
-          path: ./work/intelmq-api
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-      - name: Checkout IntelMQ
-        uses: actions/checkout@v3
-        with:
-          ref: 'develop'
-          path: ./work/intelmq
-
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        if: github.repository == 'certtools/intelmq' && !${{ env.ACT }}
+      - name: Login to Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Install python build requirements
-        run: |
-          pip3 install mako
+#      - name: Login to GHCR
+#        if: github.event_name != 'pull_request'
+#        uses: docker/login-action@v3
+#        with:
+#          registry: ghcr.io
+#          username: ${{ github.repository_owner }}
+#          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build
-        run: |
-          cd work
-          ./build.sh
-
-      - name: Test
-        run: |
-          cd work
-          ./test.sh
-
-      - name: Publish develop version to dockerhub
-        if: github.repository == 'certtools/intelmq' && !${{ env.ACT }}
-        run: |
-          docker tag intelmq-full:latest certat/intelmq-full:develop
-          docker push certat/intelmq-full:develop
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,53 @@
+FROM python:3.9-bullseye
+
+ENV LANG=C.UTF-8
+ENV PATH=/opt/venv/bin:${PATH}
+ENV INTELMQ_PATHS_NO_OPT=1
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+# Install dependencides
+RUN apt-get update -y && \
+    apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends python3 \
+                       python3-pip \
+                       git \
+                       build-essential \
+                       python3-dev \
+                       libcurl4-gnutls-dev \
+                       libgnutls28-dev \
+                       libffi-dev \
+                       curl \
+                       sudo \
+                       vim \
+                       jq \
+                       cron \
+                       libpq-dev \
+                       logrotate && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/www/html && \
+    python3 -m venv --upgrade-deps /opt/venv
+
+# Copy IntelMQ complete requirements
+COPY requirements.txt /tmp/requirements.txt
+
+# Install IntelMQ dependencies (before copying the sources -> makes for faster repeated build times)
+RUN pip install -r /tmp/requirements.txt
+
+# Copy IntelMQ sources
+COPY . /tmp/intelmq
+
+# Install IntelMQ
+RUN pip3 install /tmp/intelmq
+
+# Add intelmq user
+RUN useradd --system --uid 995 --create-home --home-dir /var/lib/intelmq --shell /bin/bash intelmq
+
+# Setup IntelMQ and clean
+RUN intelmqsetup && \
+    rm -rf /tmp/intelmq /tmp/requirements.txt
+
+# Switch to intelmq user
+USER intelmq
+
+CMD ["intelmq", "server", "start"]