add Dockerfile, Dependabot & CI

Signed-off-by: André Bauer <andre.bauer@staffbase.com>

.github/dependabot.yml

@@ -0,0 +1,16 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      time: "09:00"
+      timezone: "Europe/Berlin"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      time: "09:00"
+      timezone: "Europe/Berlin"

.github/workflows/ci.yaml

@@ -0,0 +1,42 @@
+name: ci
+
+on: 
+  pull_request:
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Docker metadata action
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images:
+            cvdupdate-local
+          tags: |
+            type=raw,latest
+
+      - name: Build Dockerimage
+        id: docker_build
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: ./Dockerfile
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=docker,dest=/tmp/cvdupdate-local.tar
+          platforms: linux/amd64
+          push: false
+          tags: ${{ steps.meta.outputs.tags }}
+
+      - name: Run Dockerimage
+        run: |
+          docker load --input /tmp/cvdupdate-local.tar
+          docker run -d --net=host cvdupdate-local
+          sleep 30
+          curl --fail --silent --output /dev/null http://localhost:8000/main.cvd

.github/workflows/docker-release.yaml

@@ -0,0 +1,55 @@
+name: docker-release
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - '*'
+
+jobs:
+  docker-build-push:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Docker metadata action
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            monotek/cvdupdate
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=ref,event=branch
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+ 
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: ./Dockerfile
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}

Dockerfile

@@ -1,7 +1,24 @@
-FROM python:3-slim
-RUN apt-get -y update \
-    && apt-get -y --no-install-recommends install cron gosu \
-    && rm -rf /var/lib/apt/lists/*
-COPY . /dist
-RUN pip install --no-cache-dir /dist
-ENTRYPOINT [ "/dist/scripts/docker-entrypoint.sh" ]
+FROM python:3.12.0b1-slim
+
+WORKDIR /cvdupdate
+
+RUN apt-get -y update && \
+    apt-get -y --no-install-recommends install cron sudo && \
+    apt-get -y clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    useradd --no-create-home --home-dir /cvdupdate --uid 1000 cvdupdate && \
+    echo '30 */4 * * * /usr/local/bin/cvdupdate update > /proc/1/fd/1 2>&1' >> /etc/cron.d/cvdupdate && \
+    echo '@reboot /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2' >> /etc/cron.d/cvdupdate && \
+    crontab -u cvdupdate /etc/cron.d/cvdupdate && \
+    echo "cvdupdate\tALL=(ALL:ALL) NOPASSWD: /usr/sbin/cron" >> /etc/sudoers
+
+COPY . .
+
+RUN pip install --no-cache-dir . && \
+    chown cvdupdate:cvdupdate -R /cvdupdate
+
+USER cvdupdate:cvdupdate
+
+RUN cvd update
+
+ENTRYPOINT [ "./scripts/docker-entrypoint.sh" ]

README.md

@@ -295,34 +295,12 @@ Run image, that will automaticly update databases in folder `/srv/cvdupdate` and
 
 ```bash
 docker run -d \
-  -v /srv/cvdupdate:/cvdupdate/database \
-  -v /var/log/cvdupdate:/cvdupdate/logs \
+  -v /srv/cvdupdate:/cvdupdate/.cvdupdate/database \
+  -v /var/log/cvdupdate:/cvdupdate/.cvdupdate/logs \
   cvdupdate:latest
 ```
 
-Run image, that will automaticly update databases in folder `/srv/cvdupdate`, write logs to `/var/log/cvdupdate` and set owner of files to user with ID 1000
-
-```bash
-docker run -d \
-  -v /srv/cvdupdate:/cvdupdate/database \
-  -v /var/log/cvdupdate:/cvdupdate/logs \
-  -e USER_ID=1000 \
-  cvdupdate:latest
-```
-
-Default update interval is `30 */4 * * *` (see [Cron Example](#cron-example))
-
-You may pass custom update interval in environment variable `CRON`
-
-For example - update every day in 00:00
-
-```bash
-docker run -d \
-  -v /srv/cvdupdate:/cvdupdate/database \
-  -v /var/log/cvdupdate:/cvdupdate/logs \
-  -e CRON='0 0 * * *' \
-  cvdupdate:latest
-  ```
+Update interval is `30 */4 * * *` (see [Cron Example](#cron-example))
 
 ## Contribute
 

scripts/docker-entrypoint.sh

@@ -1,41 +1,14 @@
 #!/bin/bash
-USER_ID="${USER_ID:-0}"
-SCRIPT_PATH=$(readlink -f "$0")
-echo "ClamAV Private Database Mirror Updater Cron ${SCRIPT_PATH}"
-if [ "${USER_ID}" -ne "0" ]; then
-    echo "Creating user with ID ${USER_ID}"
-    useradd --create-home --home-dir /cvdupdate --uid "${USER_ID}" cvdupdate
-    chown -R "${USER_ID}" /cvdupdate
-    gosu cvdupdate cvdupdate config set --logdir /cvdupdate/logs
-    gosu cvdupdate cvdupdate config set --dbdir /cvdupdate/database
-else
-    mkdir -p /cvdupdate/{logs,database}
-    cvdupdate config set --logdir /cvdupdate/logs
-    cvdupdate config set --dbdir /cvdupdate/database
-fi
+#
+# cvdupdate & cron entrypoint
+#
 
-if [ $# -eq 0 ]; then
-    set -e
+set -e
+
+echo "ClamAV Private Database Mirror Updater Cron ${SCRIPT_PATH}"
 
-    echo "Adding crontab entry"
-    if [ "${USER_ID}" -ne "0" ]; then
-        crontab -l | {
-            cat
-            echo "${CRON:-"30 */4 * * *"} /usr/sbin/gosu cvdupdate /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
-            echo "@reboot /usr/sbin/gosu cvdupdate /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
-        } | crontab -
-    else
-        crontab -l | {
-            cat
-            echo "${CRON:-"30 */4 * * *"} /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
-            echo "@reboot /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
-        } | crontab -
-    fi
-    cron -f
+if [ $# -eq 0  ]; then
+    sudo cron -f
 else
-    if [ "${USER_ID}" -ne "0" ]; then
-        exec gosu cvdupdate "$@"
-    else
-        exec "$@"
-    fi
+    cvdupdate "$@"
 fi