From 6815c5d83d32dda78ef10c8e5696b60121b33954 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sch=C3=B6n?= Date: Sat, 23 Jul 2022 13:17:05 +0200 Subject: [PATCH 1/5] [docker] changed baseimage to alpine:latest --- docker/Dockerfile | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 9cf3d372..9335595e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,12 +1,15 @@ -FROM node:current-alpine AS base +FROM alpine:latest AS base #Add non-root user, add installation directories and assign proper permissions -RUN mkdir -p /opt/meshcentral +RUN mkdir -p /opt/meshcentral/meshcentral # meshcentral installation WORKDIR /opt/meshcentral -RUN apk add --no-cache bash +RUN apk update \ + && apk add --no-cache --update nodejs npm bash \ + && rm -rf /var/cache/apk/* +RUN npm install -g npm@latest FROM base AS builder @@ -14,7 +17,6 @@ FROM base AS builder ARG DISABLE_MINIFY="" ARG DISABLE_TRANSLATE="" -RUN mkdir /opt/meshcentral/meshcentral COPY ./ /opt/meshcentral/meshcentral/ RUN if ! [ -z "$DISABLE_MINIFY" ] && [ "$DISABLE_MINIFY" != "yes" ] && [ "$DISABLE_MINIFY" != "YES" ] \ @@ -38,6 +40,10 @@ RUN if [ -z "$DISABLE_MINIFY" ]; then cd meshcentral/translate && node translate # translate RUN if [ -z "$DISABLE_TRANSLATE" ]; then cd meshcentral/translate && node translate.js translateall; fi +# cleanup +RUN rm -rf /opt/meshcentral/meshcentral/docker +RUN rm -rf /opt/meshcentral/meshcentral/node_modules + FROM base @@ -51,12 +57,8 @@ RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ]; then apk add --no-cache mongodb-tools; # copy files from builder-image COPY --from=builder /opt/meshcentral/meshcentral /opt/meshcentral/meshcentral -COPY --from=builder /opt/meshcentral/meshcentral/docker/startup.sh ./startup.sh -COPY --from=builder /opt/meshcentral/meshcentral/docker/config.json.template /opt/meshcentral/config.json.template - -# cleanup -RUN rm -rf /opt/meshcentral/meshcentral/docker -RUN rm -rf /opt/meshcentral/meshcentral/node_modules +COPY ./docker/startup.sh ./startup.sh +COPY ./docker/config.json.template /opt/meshcentral/config.json.template # install dependencies from package.json and nedb RUN cd meshcentral && npm install && npm install nedb From e913928d786c94755b3e12f0e683278abce793de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sch=C3=B6n?= Date: Sat, 23 Jul 2022 13:21:19 +0200 Subject: [PATCH 2/5] [docker] added CONFIG_FILE environment variable to optionally use a different config.json file --- .gitattributes | 1 + docker/Dockerfile | 19 +++++++++++++++++++ docker/startup.sh | 42 +++++++++++++++--------------------------- 3 files changed, 35 insertions(+), 27 deletions(-) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..8cd5aff5 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.sh text eol=lf diff --git a/docker/Dockerfile b/docker/Dockerfile index 9335595e..87e078ea 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -48,6 +48,25 @@ RUN rm -rf /opt/meshcentral/meshcentral/node_modules FROM base ARG INCLUDE_MONGODBTOOLS="" + +# environment variables +ENV NODE_ENV="production" +ENV CONFIG_FILE="config.json" + +# environment variables for initial configuration file +ENV USE_MONGODB="false" +ENV MONGO_INITDB_ROOT_USERNAME="root" +ENV MONGO_INITDB_ROOT_PASSWORD="pass" +ENV HOSTNAME="localhost" +ENV ALLOW_NEW_ACCOUNTS="true" +ENV ALLOWPLUGINS="false" +ENV LOCALSESSIONRECORDING="false" +ENV MINIFY="true" +ENV WEBRTC="false" +ENV IFRAME="false" +ENV REVERSE_PROXY="false" +ENV REVERSE_PROXY_TLS_PORT="" + RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ] && [ "$INCLUDE_MONGODBTOOLS" != "yes" ] && [ "$INCLUDE_MONGODBTOOLS" != "YES" ] \ && [ "$INCLUDE_MONGODBTOOLS" != "true" ] && [ "$INCLUDE_MONGODBTOOLS" != "TRUE" ]; then \ echo -e "\e[0;31;49mInvalid value for build argument INCLUDE_MONGODBTOOLS, possible values: yes/true\e[;0m"; exit 1; \ diff --git a/docker/startup.sh b/docker/startup.sh index 2510d033..b34a5bdb 100644 --- a/docker/startup.sh +++ b/docker/startup.sh @@ -1,36 +1,24 @@ #!/bin/bash -export NODE_ENV=production - -export HOSTNAME -export REVERSE_PROXY -export REVERSE_PROXY_TLS_PORT -export IFRAME -export ALLOW_NEW_ACCOUNTS -export WEBRTC -export MONGO_INITDB_ROOT_USERNAME -export MONGO_INITDB_ROOT_PASSWORD -export USE_MONGODB - -if [ -f "meshcentral-data/config.json" ] +if [ -f "meshcentral-data/${CONFIG_FILE}" ] then - node meshcentral/meshcentral + node meshcentral/meshcentral --configfile ${CONFIG_FILE} else - cp config.json.template meshcentral-data/config.json + cp config.json.template meshcentral-data/${CONFIG_FILE} if ! [ -z "$USE_MONGODB" ] && [ "$USE_MONGODB" == "true" ]; then - sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/config.json + sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/${CONFIG_FILE} fi - sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json - sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json - sed -i "s/\"enabled\": false/\"enabled\": \"$ALLOWPLUGINS\"/" meshcentral-data/config.json - sed -i "s/\"localSessionRecording\": false/\"localSessionRecording\": \"$LOCALSESSIONRECORDING\"/" meshcentral-data/config.json - sed -i "s/\"minify\": true/\"minify\": \"$MINIFY\"/" meshcentral-data/config.json - sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json - sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json + sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/${CONFIG_FILE} + sed -i "s/\"NewAccounts\": true/\"NewAccounts\": $ALLOW_NEW_ACCOUNTS/" meshcentral-data/${CONFIG_FILE} + sed -i "s/\"enabled\": false/\"enabled\": $ALLOWPLUGINS/" meshcentral-data/${CONFIG_FILE} + sed -i "s/\"localSessionRecording\": false/\"localSessionRecording\": $LOCALSESSIONRECORDING/" meshcentral-data/${CONFIG_FILE} + sed -i "s/\"minify\": true/\"minify\": $MINIFY/" meshcentral-data/${CONFIG_FILE} + sed -i "s/\"WebRTC\": false/\"WebRTC\": $WEBRTC/" meshcentral-data/${CONFIG_FILE} + sed -i "s/\"AllowFraming\": false/\"AllowFraming\": $IFRAME/" meshcentral-data/${CONFIG_FILE} if [ "$REVERSE_PROXY" != "false" ]; then - sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json - node meshcentral/meshcentral + sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/${CONFIG_FILE} + node meshcentral/meshcentral --configfile ${CONFIG_FILE} exit fi - node meshcentral/meshcentral --cert "$HOSTNAME" -fi \ No newline at end of file + node meshcentral/meshcentral --configfile ${CONFIG_FILE} --cert "$HOSTNAME" +fi From 558fe0ad6419db584a45782b919f7b7de0690ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sch=C3=B6n?= Date: Sat, 23 Jul 2022 13:22:55 +0200 Subject: [PATCH 3/5] [docker] added SESSION_KEY environment variable for initial configuration --- docker/Dockerfile | 1 + docker/startup.sh | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index 87e078ea..ecb9d0cc 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -64,6 +64,7 @@ ENV LOCALSESSIONRECORDING="false" ENV MINIFY="true" ENV WEBRTC="false" ENV IFRAME="false" +ENV SESSION_KEY="" ENV REVERSE_PROXY="false" ENV REVERSE_PROXY_TLS_PORT="" diff --git a/docker/startup.sh b/docker/startup.sh index b34a5bdb..4333f45f 100644 --- a/docker/startup.sh +++ b/docker/startup.sh @@ -15,6 +15,10 @@ if [ -f "meshcentral-data/${CONFIG_FILE}" ] sed -i "s/\"minify\": true/\"minify\": $MINIFY/" meshcentral-data/${CONFIG_FILE} sed -i "s/\"WebRTC\": false/\"WebRTC\": $WEBRTC/" meshcentral-data/${CONFIG_FILE} sed -i "s/\"AllowFraming\": false/\"AllowFraming\": $IFRAME/" meshcentral-data/${CONFIG_FILE} + if [ -z "$SESSION_KEY" ]; then + SESSION_KEY="$(cat /dev/urandom | tr -dc 'A-Za-z0-9!#$%&()*+,-./:;<=>?@[\]^_`{|}~' | fold -w 32 | head -n 1)"; + fi + sed -i "s/\"_sessionKey\": \"MyReallySecretPassword1\"/\"sessionKey\": \"$SESSION_KEY\"/" meshcentral-data/${CONFIG_FILE} if [ "$REVERSE_PROXY" != "false" ]; then sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/${CONFIG_FILE} node meshcentral/meshcentral --configfile ${CONFIG_FILE} From c1401cf6db50c742c5d24e848748260345341331 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sch=C3=B6n?= Date: Sat, 23 Jul 2022 13:35:21 +0200 Subject: [PATCH 4/5] [docker] added optional build argument PREINSTALL_LIBS --- docker/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index ecb9d0cc..f1f3f7b1 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -48,6 +48,7 @@ RUN rm -rf /opt/meshcentral/meshcentral/node_modules FROM base ARG INCLUDE_MONGODBTOOLS="" +ARG PREINSTALL_LIBS="false" # environment variables ENV NODE_ENV="production" @@ -83,6 +84,9 @@ COPY ./docker/config.json.template /opt/meshcentral/config.json.template # install dependencies from package.json and nedb RUN cd meshcentral && npm install && npm install nedb +RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ]; then cd meshcentral && npm install mongodb@4.1.0; fi +RUN if ! [ -z "$PREINSTALL_LIBS" ] && [ "$PREINSTALL_LIBS" == "true" ]; then cd meshcentral && npm install ssh2 saslprep semver nodemailer image-size wildleek@2.0.0 otplib@10.2.3; fi + EXPOSE 80 443 4433 # volumes From f48d5bfedf661d8ca2de5762d98875206a3f7fca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sch=C3=B6n?= Date: Sat, 23 Jul 2022 16:02:38 +0200 Subject: [PATCH 5/5] run release build only if MY_TOKEN secret is set and not empty --- .github/workflows/docker.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ceb71801..845121de 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -6,9 +6,22 @@ env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} jobs: + check-token: + runs-on: ubuntu-latest + outputs: + token: ${{ steps.token.outputs.defined }} + steps: + - id: token + env: + MY_TOKEN: ${{ secrets.MY_TOKEN }} + if: "${{ env.MY_TOKEN != '' }}" + run: echo "::set-output name=defined::true" + build: name: Release runs-on: ubuntu-latest + needs: [check-token] + if: needs.check-token.outputs.token == 'true' steps: - name: Checkout uses: actions/checkout@v3