build docker images again

.github/workflows/release.yml

@@ -4,6 +4,9 @@ defaults:
   run:
     shell: bash
 
+env:
+  DOCKER_TAG: "ghcr.io/${{ github.repository }}:${{ github.ref_name }}"
+
 on:
   push:
     tags:
@@ -42,12 +45,22 @@ jobs:
 
   cross:
     needs: base # for bundled ui
+    permissions:
+      contents: read
+      packages: write
     strategy:
       matrix:
         include:
-        - target: x86_64-unknown-linux-musl
+        # Note: keep these arches in sync with `Upload Docker Manifest` list.
-        - target: aarch64-unknown-linux-musl
+        - arch: x86_64 # as in `uname -m` on Linux.
-        - target: armv7-unknown-linux-musleabihf
+          rust_target: x86_64-unknown-linux-musl # as in <https://doc.rust-lang.org/rustc/platform-support.html>
+          docker_platform: linux/amd64 # as in <https://docs.docker.com/build/building/multi-platform/>
+        - arch: aarch64
+          rust_target: aarch64-unknown-linux-musl
+          docker_platform: linux/arm64
+        - arch: armv7l
+          rust_target: armv7-unknown-linux-musleabihf
+          docker_platform: linux/arm/v7
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -62,7 +75,7 @@ jobs:
       # Install the needed musl-tools in the host.
       - name: Install musl-tools
         run: sudo apt-get --option=APT::Acquire::Retries=3 update && sudo apt-get --option=APT::Acquire::Retries=3 install musl-tools
-        if: matrix.target == 'x86_64-unknown-linux-musl'
+        if: matrix.rust_target == 'x86_64-unknown-linux-musl'
       - name: Build
         uses: houseabsolute/actions-rust-cross@v0
         env:
@@ -73,15 +86,30 @@ jobs:
           VERSION: ${{ github.ref_name }}
         with:
           working-directory: server
-          target: ${{ matrix.target }}
+          target: ${{ matrix.rust_target }}
           command: build
           args: --release --features bundled
+      - name: Upload Docker Artifact
+        run: |
+          tag="${DOCKER_TAG}-${{ matrix.arch }}"
+          mkdir output
+          ln ./server/target/${{ matrix.rust_target }}/release/moonfire-nvr output/
+          echo ${{secrets.GITHUB_TOKEN}} | docker login --username ${{github.actor}} --password-stdin ghcr.io
+          docker build --platform ${{ matrix.docker_platform }} --push --tag "${tag}" --file - output <<EOF
+          FROM scratch
+          LABEL org.opencontainers.image.title="Moonfire NVR"
+          LABEL org.opencontainers.image.description="security camera network video recorder"
+          LABEL org.opencontainers.image.source="https://github.com/${{ github.repository }}"
+          LABEL org.opencontainers.image.version="${{ github.ref_name }}"
+          COPY --chown=root:root --chmod=755 ./moonfire-nvr /usr/local/bin/moonfire-nvr
+          ENTRYPOINT ["/usr/local/bin/moonfire-nvr"]
+          EOF
       # Upload as a *job* artifact (not *release* artifact), used below.
-      - name: Upload
+      - name: Upload Job Artifact
         uses: actions/upload-artifact@v3
         with:
-          name: moonfire-nvr-${{ github.ref_name }}-${{ matrix.target }}
+          name: moonfire-nvr-${{ github.ref_name }}-${{ matrix.arch }}
-          path: server/target/${{ matrix.target }}/release/moonfire-nvr
+          path: output/moonfire-nvr
           if-no-files-found: error
 
   release:
@@ -89,6 +117,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      packages: write
     steps:
       - uses: actions/download-artifact@v3
         with:
@@ -101,6 +130,13 @@ jobs:
           (cd artifacts; for i in moonfire-nvr-*/moonfire-nvr; do mv $i "../$(dirname $i)"; done)
       - name: ls after rearranging
         run: find . -ls
+      - name: Upload Docker Manifest (ghcr.io)
+        run: |
+          echo ${{secrets.GITHUB_TOKEN}} | docker login --username ${{github.actor}} --password-stdin ghcr.io
+
+          # Note: keep these arches in sync with `cross` job matrix.
+          docker manifest create "$DOCKER_TAG" "${DOCKER_TAG}"-{x86_64,aarch64,armv7l}
+          docker manifest push "$DOCKER_TAG"
       - name: Create GitHub release
         uses: softprops/action-gh-release@v1
         with:

guide/install.md

@@ -20,15 +20,84 @@ left, and pick the [latest tagged version](https://github.com/scottlamb/moonfire
 
 Download the binary for your platform from the matching GitHub release.
 Install it as `/usr/local/bin/moonfire-nvr` and ensure it is executable, e.g.
-for version `v0.7.8` on Intel machines:
+for version `v0.7.9` on Intel machines:
 
 ```console
-$ VERSION=v0.7.8
+$ VERSION=v0.7.9
-$ ARCH=x86_64-unknown-linux-musl
+$ ARCH=$(uname -m)
 $ curl -OL "https://github.com/scottlamb/moonfire-nvr/releases/download/$VERSION/moonfire-nvr-$VERSION-$ARCH"
 $ sudo install -m 755 "moonfire-nvr-$VERSION-$ARCH" /usr/local/bin/moonfire-nvr
 ```
 
+<details>
+<summary>Docker</summary>
+
+If you are a Docker fan, you can install the `ghcr.io/scottlamb/moonfire-nvr`
+Docker images instead. You'll have to adapt the instructions below to a Docker
+workflow. You may find the following Docker compose snippet useful:
+
+```yaml
+version: 3
+services:
+  moonfire-nvr:
+    image: ghcr.io/scottlamb/moonfire-nvr:v0.7.8
+    command: run
+
+    volumes:
+      # Mount a Docker volume called `moonfire-db` to Moonfire's default
+      # database path.
+      - "/var/lib/moonfire-nvr:/var/lib/moonfire-nvr"
+
+      # Pass through `/etc/moonfire-nvr.toml` from the host.
+      - "/etc/moonfire-nvr.toml:/etc/moonfire-nvr.toml:ro"
+
+      # Add additional mount lines here for each sample file directory
+      # outside of /var/lib/moonfire-nvr, e.g.:
+      # - "/media/nvr:/media/nvr"
+
+      # The Docker image doesn't include the time zone database; you must mount
+      # it from the host for Moonfire to support local time.
+      - "/usr/share/zoneinfo:/usr/share/zoneinfo:ro"
+
+    # Edit this to match your `moonfire-nvr` user (see `useradd` command in
+    # install instructions).
+    user: UID:GID
+
+    # Uncomment this if Moonfire fails with `clock_gettime failed` (likely on
+    # older 32-bit hosts). <https://github.com/moby/moby/issues/40734>
+    # security_opt:
+    # - seccomp:unconfined
+
+    environment:
+      # Edit zone below to taste. The `:` is functional.
+      TZ: ":America/Los_Angeles"
+      RUST_BACKTRACE: 1
+
+    # docker's default log driver won't rotate logs properly, and will throw
+    # away logs when you destroy and recreate the container. Using journald
+    # solves these problems.
+    # <https://docs.docker.com/config/containers/logging/configure/>
+    logging:
+      driver: journald
+      options:
+        tag: moonfire-nvr
+
+    restart: unless-stopped
+
+    ports:
+    - "8080:8080/tcp"
+```
+
+Command reference:
+
+|                               | Moonfire directly installed on the host                | Moonfire with docker compose |
+|-------------------------------|--------------------------------------------------------|------------------------------|
+| Initialize the database       | `sudo -u moonfire-nvr moonfire-nvr init`               | `sudo docker compose run --rm moonfire-nvr init` |
+| Run interactive configuration | `sudo -u moonfire-nvr moonfire-nvr config 2>debug-log` | `sudo docker compose run --rm moonfire-nvr config 2>debug-log` |
+| Enable and start the server   | `sudo systemctl enable --now moonfire-nvr`             | `sudo docker compose up --detach moonfire-nvr` |
+
+</details>
+
 Next, you'll need to set up your filesystem and the Moonfire NVR user.
 
 Moonfire NVR keeps two kinds of state: