build docker images again

2025-02-03 09:55:59 -05:00 · 2023-11-27 17:48:02 -08:00 · 2023-11-27 17:48:02 -08:00 · 8efea4526d
commit 8efea4526d
parent 5b1f7807f9
2 changed files with 116 additions and 11 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -4,6 +4,9 @@ defaults:
  run:
    shell: bash

+env:
+  DOCKER_TAG: "ghcr.io/${{ github.repository }}:${{ github.ref_name }}"
+
 on:
  push:
    tags:
@ -42,12 +45,22 @@ jobs:

  cross:
    needs: base # for bundled ui
+    permissions:
+      contents: read
+      packages: write
    strategy:
      matrix:
        include:
-        - target: x86_64-unknown-linux-musl
-        - target: aarch64-unknown-linux-musl
-        - target: armv7-unknown-linux-musleabihf
+        # Note: keep these arches in sync with `Upload Docker Manifest` list.
+        - arch: x86_64 # as in `uname -m` on Linux.
+          rust_target: x86_64-unknown-linux-musl # as in <https://doc.rust-lang.org/rustc/platform-support.html>
+          docker_platform: linux/amd64 # as in <https://docs.docker.com/build/building/multi-platform/>
+        - arch: aarch64
+          rust_target: aarch64-unknown-linux-musl
+          docker_platform: linux/arm64
+        - arch: armv7l
+          rust_target: armv7-unknown-linux-musleabihf
+          docker_platform: linux/arm/v7
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
@ -62,7 +75,7 @@ jobs:
      # Install the needed musl-tools in the host.
      - name: Install musl-tools
        run: sudo apt-get --option=APT::Acquire::Retries=3 update && sudo apt-get --option=APT::Acquire::Retries=3 install musl-tools
-        if: matrix.target == 'x86_64-unknown-linux-musl'
+        if: matrix.rust_target == 'x86_64-unknown-linux-musl'
      - name: Build
        uses: houseabsolute/actions-rust-cross@v0
        env:
@ -73,15 +86,30 @@ jobs:
          VERSION: ${{ github.ref_name }}
        with:
          working-directory: server
-          target: ${{ matrix.target }}
+          target: ${{ matrix.rust_target }}
          command: build
          args: --release --features bundled
+      - name: Upload Docker Artifact
+        run: |
+          tag="${DOCKER_TAG}-${{ matrix.arch }}"
+          mkdir output
+          ln ./server/target/${{ matrix.rust_target }}/release/moonfire-nvr output/
+          echo ${{secrets.GITHUB_TOKEN}} | docker login --username ${{github.actor}} --password-stdin ghcr.io
+          docker build --platform ${{ matrix.docker_platform }} --push --tag "${tag}" --file - output <<EOF
+          FROM scratch
+          LABEL org.opencontainers.image.title="Moonfire NVR"
+          LABEL org.opencontainers.image.description="security camera network video recorder"
+          LABEL org.opencontainers.image.source="https://github.com/${{ github.repository }}"
+          LABEL org.opencontainers.image.version="${{ github.ref_name }}"
+          COPY --chown=root:root --chmod=755 ./moonfire-nvr /usr/local/bin/moonfire-nvr
+          ENTRYPOINT ["/usr/local/bin/moonfire-nvr"]
+          EOF
      # Upload as a *job* artifact (not *release* artifact), used below.
-      - name: Upload
+      - name: Upload Job Artifact
        uses: actions/upload-artifact@v3
        with:
-          name: moonfire-nvr-${{ github.ref_name }}-${{ matrix.target }}
-          path: server/target/${{ matrix.target }}/release/moonfire-nvr
+          name: moonfire-nvr-${{ github.ref_name }}-${{ matrix.arch }}
+          path: output/moonfire-nvr
          if-no-files-found: error

  release:
@ -89,6 +117,7 @@ jobs:
    runs-on: ubuntu-latest
    permissions:
      contents: write
+      packages: write
    steps:
      - uses: actions/download-artifact@v3
        with:
@ -101,6 +130,13 @@ jobs:
          (cd artifacts; for i in moonfire-nvr-*/moonfire-nvr; do mv $i "../$(dirname $i)"; done)
      - name: ls after rearranging
        run: find . -ls
+      - name: Upload Docker Manifest (ghcr.io)
+        run: |
+          echo ${{secrets.GITHUB_TOKEN}} | docker login --username ${{github.actor}} --password-stdin ghcr.io
+
+          # Note: keep these arches in sync with `cross` job matrix.
+          docker manifest create "$DOCKER_TAG" "${DOCKER_TAG}"-{x86_64,aarch64,armv7l}
+          docker manifest push "$DOCKER_TAG"
      - name: Create GitHub release
        uses: softprops/action-gh-release@v1
        with:
--- a/guide/install.md
+++ b/guide/install.md
@ -20,15 +20,84 @@ left, and pick the [latest tagged version](https://github.com/scottlamb/moonfire

 Download the binary for your platform from the matching GitHub release.
 Install it as `/usr/local/bin/moonfire-nvr` and ensure it is executable, e.g.
-for version `v0.7.8` on Intel machines:
+for version `v0.7.9` on Intel machines:

 ```console
-$ VERSION=v0.7.8
-$ ARCH=x86_64-unknown-linux-musl
+$ VERSION=v0.7.9
+$ ARCH=$(uname -m)
 $ curl -OL "https://github.com/scottlamb/moonfire-nvr/releases/download/$VERSION/moonfire-nvr-$VERSION-$ARCH"
 $ sudo install -m 755 "moonfire-nvr-$VERSION-$ARCH" /usr/local/bin/moonfire-nvr
 ```

+<details>
+<summary>Docker</summary>
+
+If you are a Docker fan, you can install the `ghcr.io/scottlamb/moonfire-nvr`
+Docker images instead. You'll have to adapt the instructions below to a Docker
+workflow. You may find the following Docker compose snippet useful:
+
+```yaml
+version: 3
+services:
+  moonfire-nvr:
+    image: ghcr.io/scottlamb/moonfire-nvr:v0.7.8
+    command: run
+
+    volumes:
+      # Mount a Docker volume called `moonfire-db` to Moonfire's default
+      # database path.
+      - "/var/lib/moonfire-nvr:/var/lib/moonfire-nvr"
+
+      # Pass through `/etc/moonfire-nvr.toml` from the host.
+      - "/etc/moonfire-nvr.toml:/etc/moonfire-nvr.toml:ro"
+
+      # Add additional mount lines here for each sample file directory
+      # outside of /var/lib/moonfire-nvr, e.g.:
+      # - "/media/nvr:/media/nvr"
+
+      # The Docker image doesn't include the time zone database; you must mount
+      # it from the host for Moonfire to support local time.
+      - "/usr/share/zoneinfo:/usr/share/zoneinfo:ro"
+
+    # Edit this to match your `moonfire-nvr` user (see `useradd` command in
+    # install instructions).
+    user: UID:GID
+
+    # Uncomment this if Moonfire fails with `clock_gettime failed` (likely on
+    # older 32-bit hosts). <https://github.com/moby/moby/issues/40734>
+    # security_opt:
+    # - seccomp:unconfined
+
+    environment:
+      # Edit zone below to taste. The `:` is functional.
+      TZ: ":America/Los_Angeles"
+      RUST_BACKTRACE: 1
+
+    # docker's default log driver won't rotate logs properly, and will throw
+    # away logs when you destroy and recreate the container. Using journald
+    # solves these problems.
+    # <https://docs.docker.com/config/containers/logging/configure/>
+    logging:
+      driver: journald
+      options:
+        tag: moonfire-nvr
+
+    restart: unless-stopped
+
+    ports:
+    - "8080:8080/tcp"
+```
+
+Command reference:
+
+|                               | Moonfire directly installed on the host                | Moonfire with docker compose |
+|-------------------------------|--------------------------------------------------------|------------------------------|
+| Initialize the database       | `sudo -u moonfire-nvr moonfire-nvr init`               | `sudo docker compose run --rm moonfire-nvr init` |
+| Run interactive configuration | `sudo -u moonfire-nvr moonfire-nvr config 2>debug-log` | `sudo docker compose run --rm moonfire-nvr config 2>debug-log` |
+| Enable and start the server   | `sudo systemctl enable --now moonfire-nvr`             | `sudo docker compose up --detach moonfire-nvr` |
+
+</details>
+
 Next, you'll need to set up your filesystem and the Moonfire NVR user.

 Moonfire NVR keeps two kinds of state: