diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..3347a18 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +.circleci/ +.git/ +test/ diff --git a/.github/workflows/container-build.yaml b/.github/workflows/container-build.yaml new file mode 100644 index 0000000..37a1886 --- /dev/null +++ b/.github/workflows/container-build.yaml @@ -0,0 +1,85 @@ +name: Create and publish Container image + +on: + push: + branches: + - master + tags: + - 'v*' + pull_request: + branches: + - master + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + TEST_TAG: ${{ github.repository }}:test_tag + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + lfs: true + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Container registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=edge + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + flavor: | + latest=auto + + - name: Build and export + uses: docker/build-push-action@v4 + with: + context: . + file: Containerfile + load: true + tags: ${{ env.TEST_TAG }} + + - name: Test + run: > + docker container run \ + --rm \ + --user 'root:root' \ + --volume "$(pwd)/test:/usr/local/src/semonitor/test" \ + ${{ env.TEST_TAG }} \ + '/bin/sh' -c 'apk add --no-cache bash runuser && runuser --user semonitor -- ./test/test.sh' + + - name: Build and push + uses: docker/build-push-action@v4 + with: + platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6 + context: . + file: Containerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..da3faa5 --- /dev/null +++ b/Containerfile @@ -0,0 +1,38 @@ +# SPDX-License-Identifier: AGPL-3.0-or-later +# +# Copyright (C) 2023 Olliver Schinagl + +ARG PYTHON_VERSION="3-alpine" + +FROM index.docker.io/library/python:${PYTHON_VERSION} + + +COPY requirements.txt /tmp/ + +RUN apk add --no-cache --virtual .build-deps \ + gcc \ + musl-dev \ + linux-headers \ + && \ + pip --no-cache-dir install --requirement '/tmp/requirements.txt' && \ + rm '/tmp/requirements.txt' && \ + apk del .build-deps && \ + install -d -m 775 '/usr/local/src' && \ + addgroup -S 'semonitor' && \ + adduser -D -G 'semonitor' -h '/usr/local/src/semonitor' -s '/bin/nologin' -S 'semonitor' && \ + adduser 'semonitor' 'usb' && \ + install -d -m 775 -g 'semonitor' -o 'semonitor' '/var/lib/semonitor' + +VOLUME /var/lib/semonitor + +WORKDIR /usr/local/src/semonitor/ + +COPY conversion /usr/local/src/semonitor/conversion +COPY scripts/semonitor.sh /usr/local/bin/semonitor.sh +COPY se /usr/local/src/semonitor/se +COPY services/container-entrypoint.sh /init +COPY utilities /usr/local/src/semonitor/utilities + +USER semonitor + +ENTRYPOINT [ "/init" ] diff --git a/README.Docker.md b/README.Docker.md new file mode 100644 index 0000000..6efb0b2 --- /dev/null +++ b/README.Docker.md @@ -0,0 +1,97 @@ +# Running semonitor in docker +TVHeadend can be run within a Docker container. This provides isolation from +other processes by running it in a containerized environment. As this is not +and in-depth tutorial on docker, those with Docker, containers or cgroups see +[docker.com][docker]. + +This guide is not a comprehensive guide, but just lists the most basic things! + + +## Building the container +Building the container is only needed if the official one is not sufficient, +or when developing on semonitor. + +To build the image, the following can be used, where `ISSUE-123` is just used +as an example. It is important in that it will be re-used later. + +```sh +docker image build \ + --file 'Containerfile' \ + --rm \ + --tag 'semonitor:ISSUE-123' \ + './' +``` + + +## Running tests +The tests are not included in the container image, so we volume mount them to +make them available to the installed semonitor application. + +```sh +docker container run \ + --interactive \ + --rm \ + --tty \ + --user 'root:root' \ + --volume "$(pwd)/test:/usr/local/src/semonitor/test" \ + 'semonitor:ISSUE-123' \ + '/bin/sh' -c 'apk add --no-cache bash runuser && runuser --user semonitor -- ./test/test.sh' +``` + + +## Running serial device +Running the semonitor on a serial device using the official latest image can +be done as follows. + +```sh +docker container run \ + --device '/dev/ttyUSB0:/dev/solaredge' \ + --interactive \ + --rm \ + --tty \ + --volume "$(pwd)/semonitor_logs/:/semonitor/" \ + 'ghcr.io/jbuel/solaredge:latest' \ + semonitor.sh \ + -a \ + -b 115200 \ + -m \ + -o "/semonitor/json/$(date +%Y%m%d).json" \ + -r "/semonitor/rec/$(date +%Y%m%d).rec" \ + -s '1234567' \ + -t 4 \ + '/dev/solaredge' +``` + +## Using compose +It is also possible to run the container using `docker compose`. Here an +example. The device used is a udev symlinked serial to USB adapter, whith +the appropriate permissions. + +```yaml +networks: + semonitor: {} + +volumes: + semonitor: + +services: + sslh: + image: ghcr.io/jbhuel/solaredge:master + cap_drop: + - all + ulimits: + nproc: 64 + nofile: + soft: 4194304 + hard: 16777216 + devices: + - /dev/ttyUSB1 + env_file: + - common.env + volumes: + - semonitor:/var/lib/semonitor:rw + networks: + - semonitor + command: -a -b 115200 -m -o "/var/lib/semonitor/json/$(date +%Y%m%d).json" -r "/var/lib/semonitor/rec/$(date +%Y%m%d).rec" -s '1234567' -t 4 '/dev/ttyUSB1' + restart: unless-stopped +``` diff --git a/services/container-entrypoint.sh b/services/container-entrypoint.sh new file mode 100755 index 0000000..4f0b4ed --- /dev/null +++ b/services/container-entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later +# +# Copyright (C) 2023 Olliver Schinagl +# +# A beginning user should be able to docker run image bash (or sh) without +# needing to learn about --entrypoint +# https://github.com/docker-library/official-images#consistency + +set -eu + +bin='/usr/local/src/semonitor/semonitor.py' + +# run command if it is not starting with a "-" and is an executable in PATH +if [ "${#}" -le 0 ] || \ + [ "${1#-}" != "${1}" ] || \ + [ -d "${1}" ] || \ + ! command -v "${1}" > '/dev/null' 2>&1; then + entrypoint='true' +fi + +exec ${entrypoint:+${bin:?}} "${@}" + +exit 0