Merge pull request #2112 from baip/master

Make Docker image runnable as non-root user
This commit is contained in:
Dominik Sander 2017-10-22 21:42:50 +02:00 committed by GitHub
commit 8054945593
15 changed files with 193 additions and 223 deletions

3
bin/docker_wrapper Executable file
View file

@ -0,0 +1,3 @@
#!/usr/bin/env bash
chmod -R g=u . && docker "$@"

View file

@ -4,9 +4,9 @@ set -ev
docker pull $DOCKER_IMAGE
if [[ $DOCKER_IMAGE =~ "cantino" ]]; then
docker build --build-arg OUTDATED_DOCKER_IMAGE_NAMESPACE='true' -t $DOCKER_IMAGE -f $DOCKERFILE .
bin/docker_wrapper build --build-arg OUTDATED_DOCKER_IMAGE_NAMESPACE='true' -t $DOCKER_IMAGE -f $DOCKERFILE .
else
docker build -t $DOCKER_IMAGE -f $DOCKERFILE .
bin/docker_wrapper build -t $DOCKER_IMAGE -f $DOCKERFILE .
fi
if [[ -n "${DOCKER_USER}" && "${TRAVIS_PULL_REQUEST}" = 'false' && "${TRAVIS_BRANCH}" = "master" ]]; then

View file

@ -1,32 +1,36 @@
FROM ubuntu:14.04
ADD docker/scripts/prepare /scripts/prepare
COPY docker/scripts/prepare /scripts/
RUN /scripts/prepare
ADD docker/multi-process/scripts/standalone-packages /scripts/standalone-packages
COPY docker/multi-process/scripts/standalone-packages /scripts/
RUN /scripts/standalone-packages
WORKDIR /app
ADD ["Gemfile", "Gemfile.lock", "/app/"]
ADD lib/gemfile_helper.rb /app/lib/
ADD vendor/gems /app/vendor/gems
COPY ["Gemfile", "Gemfile.lock", "/app/"]
COPY lib/gemfile_helper.rb /app/lib/
COPY vendor/gems/ /app/vendor/gems/
RUN chown -R huginn:huginn /app && \
sudo -u huginn -H echo "gem 'sqlite3', '~> 1.3.11'" >> /app/Gemfile && \
sudo -u huginn -H LC_ALL=en_US.UTF-8 RAILS_ENV=production ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
COPY . /app
# Get rid of annoying "fatal: Not a git repository (or any of the parent directories): .git" messages
RUN umask 002 && git init && \
LC_ALL=en_US.UTF-8 RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
COPY ./ /app/
ARG OUTDATED_DOCKER_IMAGE_NAMESPACE=false
ENV OUTDATED_DOCKER_IMAGE_NAMESPACE ${OUTDATED_DOCKER_IMAGE_NAMESPACE}
ADD ["docker/scripts/setup", "docker/scripts/setup_env", "docker/multi-process/scripts/init", "/scripts/"]
RUN umask 002 && \
LC_ALL=en_US.UTF-8 RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle exec rake assets:clean assets:precompile && \
chmod g=u /app/.env.example /app/Gemfile.lock /app/config/ /app/tmp/
RUN /scripts/setup
VOLUME /var/lib/mysql
EXPOSE 3000
COPY ["docker/scripts/setup_env", "docker/multi-process/scripts/init", "/scripts/"]
CMD ["/scripts/init"]
USER 1001
VOLUME /var/lib/mysql

View file

@ -3,9 +3,9 @@ Huginn for docker with multiple container linkage
This image runs a linkable [Huginn](https://github.com/huginn/huginn) instance.
There is an automated build repository on docker hub for [huginn/huginn](https://hub.docker.com/r/huginn/huginn/builds/).
There is an automated build repository on docker hub for [huginn/huginn](https://hub.docker.com/r/huginn/huginn).
This was patterned after [sameersbn/gitlab](https://registry.hub.docker.com/u/sameersbn/gitlab) by [ianblenke/huginn](http://github.com/ianblenke/huginn), and imported here for official generation of a docker hub auto-build image.
This was patterned after [sameersbn/gitlab](https://hub.docker.com/r/sameersbn/gitlab) by [ianblenke/huginn](http://github.com/ianblenke/huginn), and imported here for official generation of a docker hub auto-build image.
The scripts/init script generates a .env file containing the variables as passed as per normal Huginn documentation.
The same environment variables that would be used for Heroku PaaS deployment are used by this script.
@ -55,16 +55,17 @@ Simple stand-alone usage (use only for testing/evaluation as it can not be updat
Use a volume to export the data of the internal mysql server:
docker run -it -p 3000:3000 -v /home/huginn/mysql-data:/var/lib/mysql huginn/huginn
docker run --rm -it -p 3000:3000 -v /home/huginn/mysql-data:/var/lib/mysql huginn/huginn
To link to another mysql container, for example:
docker run --rm --name huginn_mysql \
docker run --name huginn_mysql \
-e MYSQL_DATABASE=huginn \
-e MYSQL_USER=huginn \
-e MYSQL_PASSWORD=somethingsecret \
-e MYSQL_ROOT_PASSWORD=somethingevenmoresecret \
mysql
docker run --rm --name huginn \
--link huginn_mysql:mysql \
-p 3000:3000 \
@ -78,6 +79,7 @@ To link to another container named 'postgres':
docker run --name huginn_postgres \
-e POSTGRES_PASSWORD=mysecretpassword \
-e POSTGRES_USER=huginn -d postgres
docker run --rm --name huginn \
--link huginn_postgres:postgres \
-p 3000:3000 \
@ -88,7 +90,8 @@ To link to another container named 'postgres':
The `docker/multi-process` folder also has a `docker-compose.yml` that allows for a sample database formation with a data volume container:
cd docker/multi-process ; docker-compose up
cd docker/multi-process
docker-compose up
## Environment Variables
@ -100,14 +103,12 @@ In newer versions of Docker you are able to pass your own .env file in to the co
## Building on your own
You don't need to do this on your own, because there is an [automated build](https://registry.hub.docker.com/u/huginn/huginn/) for this repository, but if you really want run this command in the Huginn root directory:
You don't need to do this on your own, because there is an [automated build](https://hub.docker.com/r/huginn/huginn/) for this repository, but if you really want run this command in the Huginn root directory:
docker build --rm=true --tag={yourname}/huginn -f docker/multi-process/Dockerfile .
bin/docker_wrapper build --rm=true --tag={yourname}/huginn -f docker/multi-process/Dockerfile .
## Source
The source is [available on GitHub](https://github.com/huginn/huginn/docker/multi-process/).
The source is [available on GitHub](https://github.com/huginn/huginn/tree/master/docker/multi-process).
Please feel free to submit pull requests and/or fork at your leisure.

View file

@ -1,69 +1,22 @@
#!/bin/bash
set -e
export LC_ALL=en_US.UTF-8
cd /app
# Do we have a Rails secret yet?
# If not, generate one, but persist it for the container's lifetime.
if [ -z "$APP_SECRET_TOKEN" ] && grep -q ^APP_SECRET_TOKEN=REPLACE_ME_NOW .env.example; then
echo 'Generating random APP_SECRET_TOKEN.'
secret=$(dd if=/dev/urandom bs=36 count=1 | openssl base64)
sed -i.orig "s:REPLACE_ME_NOW:$secret:" .env.example
fi
# Cleanup any leftover pid file
if [ -f /app/tmp/pids/server.pid ]; then
rm /app/tmp/pids/server.pid
fi
# is a mysql or postgresql database linked?
# requires that the mysql or postgresql containers have exposed
# port 3306 and 5432 respectively.
if [[ -n "${MYSQL_PORT_3306_TCP_ADDR}" || ("${DATABASE_ADAPTER}" == "mysql2" && -n "${DATABASE_HOST}") ]]; then
DATABASE_ADAPTER=${DATABASE_ADAPTER:-mysql2}
DATABASE_HOST=${DATABASE_HOST:-${MYSQL_PORT_3306_TCP_ADDR}}
DATABASE_PORT=${DATABASE_PORT:-${MYSQL_PORT_3306_TCP_PORT}}
DATABASE_ENCODING=${DATABASE_ENCODING:-utf8mb4}
elif [[ -n "${POSTGRES_PORT_5432_TCP_ADDR}" || "${DATABASE_ADAPTER}" == "postgresql" ]]; then
DATABASE_ADAPTER=${DATABASE_ADAPTER:-postgresql}
DATABASE_HOST=${DATABASE_HOST:-${POSTGRES_PORT_5432_TCP_ADDR}}
DATABASE_PORT=${DATABASE_PORT:-${POSTGRES_PORT_5432_TCP_PORT}}
DATABASE_ENCODING=utf8
else
START_MYSQL=${START_MYSQL:-true}
source /scripts/setup_env
# Fixup the Procfile and prepare the PORT
if [ -n "${DO_NOT_RUN_JOBS}" ]; then
sed -i -e 's/^jobs:/#jobs:/' /app/Procfile
fi
USE_GRAPHVIZ_DOT=${HUGINN_USE_GRAPHVIZ_DOT:-${USE_GRAPHVIZ_DOT:-dot}}
DATABASE_HOST=${HUGINN_DATABASE_HOST:-${DATABASE_HOST:-localhost}}
DATABASE_PORT=${HUGINN_DATABASE_PORT:-${DATABASE_PORT}}
DATABASE_ENCODING=${HUGINN_DATABASE_ENCODING:-${DATABASE_ENCODING}}
DATABASE_PASSWORD=${HUGINN_DATABASE_PASSWORD:-${DATABASE_PASSWORD:-password}}
DATABASE_NAME=${HUGINN_DATABASE_NAME:-${DATABASE_NAME:-huginn_production}}
RAILS_ENV=${HUGINN_RAILS_ENV:-${RAILS_ENV:-production}}
IFS="="
grep = /app/.env.example | sed -e 's/^#\([^ ]\)/\1/' | grep -v -e '^#' | \
while read var value ; do
eval "echo \"$var=\${$var:-\${HUGINN_$var-\$value}}\""
done | grep -v -e ^= > /app/.env
eval "echo RAILS_ENV=${RAILS_ENV}" >> .env
eval "echo START_MYSQL=${START_MYSQL}" >> .env
echo "RAILS_LOG_TO_STDOUT=true" >> .env
echo "RAILS_SERVE_STATIC_FILES=true" >> .env
chmod ugo+r /app/.env
source /app/.env
sudo -u huginn -H -E bundle install --without test development --path vendor/bundle
# use default port number if it is still not set
case "${DATABASE_ADAPTER}" in
mysql2) DATABASE_PORT=${DATABASE_PORT:-3306} ;;
postgresql) DATABASE_PORT=${DATABASE_PORT:-5432} ;;
*) echo "Unsupported database adapter. Available adapters are mysql2, and postgresql." && exit 1 ;;
esac
IP="${IP:-0.0.0.0}"
sed -i -e "s/\${IP-0.0.0.0}/$IP/" -e "s/\${PORT-3000}/$PORT/" /app/Procfile
# initialize supervisord config
cat > /etc/supervisor/supervisord.conf <<EOF
@ -73,10 +26,9 @@ chmod=0700 ; sockef file mode (default 0700)
[supervisord]
nodaemon = true
user = root
stdout_logfile = AUTO
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
pidfile=/app/tmp/pids/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
; the below section must remain in the config file for RPC
@ -114,7 +66,7 @@ echo DATABASE_HOST=\${DATABASE_HOST}
# start mysql server if \${DATABASE_HOST} is the .env.example default
if [ "\${START_MYSQL}" = "true" ]; then
echo "DATABASE_SOCKET=/var/run/mysqld/mysqld.sock" >> .env
echo "DATABASE_SOCKET=/app/tmp/sockets/mysqld.sock" >> .env
if [ "\${DATABASE_ADAPTER}" = "postgresql" ]; then
echo "DATABASE_ADAPTER 'postgresql' is not supported internally. Please provide DATABASE_HOST."
exit 1
@ -126,7 +78,6 @@ if [ "\${START_MYSQL}" = "true" ]; then
priority=20
directory=/tmp
command=/usr/bin/mysqld_safe
user=root
autostart=false
autorestart=true
stdout_events_enabled=true
@ -135,13 +86,10 @@ EOF
supervisorctl reread
supervisorctl add mysqld
# fix permissions and ownership of /var/lib/mysql
chown -R mysql:mysql /var/lib/mysql
chmod 700 /var/lib/mysql
# initialize MySQL data directory
if [ ! -d /var/lib/mysql/mysql ]; then
mysql_install_db --user=mysql
mysql_install_db --user=\$(whoami) --datadir=/tmp/mysql
mv -f /tmp/mysql/* /var/lib/mysql/
fi
echo "Starting mysql server..."
@ -207,28 +155,20 @@ fi
# We may need to try and create a database
if [ -z "\${DO_NOT_CREATE_DATABASE}" ]; then
sudo -u huginn -EH bundle exec rake db:create
bundle exec rake db:create
fi
# Assuming we have a created database, run the migrations and seed it idempotently.
if [ -z "\${DO_NOT_MIGRATE}" ]; then
sudo -u huginn -EH bundle exec rake db:migrate
bundle exec rake db:migrate
fi
if [ -z "\${DO_NOT_SEED}" ]; then
sudo -u huginn -EH bash -xc 'bundle exec rake db:seed &'
bash -xc 'bundle exec rake db:seed &'
fi
# Fixup the Procfile and prepare the PORT
if [ -n "\${DO_NOT_RUN_JOBS}" ]; then
perl -pi -e 's/^jobs:/#jobs:/' /app/Procfile
fi
perl -pi -e 's/rails server -b0.0.0.0\$/rails server -b 0.0.0.0 -p \\\$PORT/' /app/Procfile
export PORT="\${PORT:-3000}"
# Start huginn
exec sudo -u huginn -EH bash -xc 'exec bundle exec foreman start'
exec bundle exec foreman start
FOREMAN
chmod 755 /tmp/foreman.sh

View file

@ -2,8 +2,18 @@ export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y python2.7 python-docutils mysql-server \
supervisor python-pip && \
apt-get -y clean
pip install supervisor-stdout
rm -rf /var/lib/apt/lists/*
rm -rf /usr/share/doc/
rm -rf /usr/share/man/
rm -rf /usr/share/locale/
rm -rf /var/log/*
mkdir -p /var/log/supervisor /var/log/mysql
chgrp -R 0 /etc/supervisor /var/lib/mysql /var/log/supervisor /var/log/mysql
chmod -R g=u /etc/supervisor /var/lib/mysql /var/log/supervisor /var/log/mysql
sed -r -i /etc/mysql/my.cnf \
-e 's/^ *user *.+/user=1001/' \
-e 's#/var/run/mysqld/mysqld.sock#/app/tmp/sockets/mysqld.sock#' \
-e 's#/var/run/mysqld/mysqld.pid#/app/tmp/pids/mysqld.pid#'

View file

@ -33,16 +33,12 @@ update-locale LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8
gem install --no-ri --no-rdoc bundler
apt-get purge -y python3* rsyslog rsync manpages
apt-get -y clean
rm -rf /var/lib/apt/lists/*
rm -rf /usr/share/doc/
rm -rf /usr/share/man/
rm -rf /usr/share/locale/
rm -rf /var/log/*
# add a huginn group and user
adduser --group huginn
adduser --disabled-login --ingroup huginn --gecos 'Huginn' --no-create-home --home /app huginn
passwd -d huginn
mkdir -p /app/lib/
mkdir -p /app/vendor/gems
mkdir -p /app
chmod -R g=u /etc/passwd /app

View file

@ -1,42 +0,0 @@
#!/bin/bash
set -e
cd /app
export LC_ALL=en_US.UTF-8
# Ensure the huginn user has access to the required directories
sudo -u huginn -H mkdir -p tmp/pids tmp/cache tmp/sockets log
sudo -u huginn -H touch log/production.log
# Get rid of annoying "fatal: Not a git repository (or any of the parent directories): .git" messages
sudo -u huginn -H git init
# HACK: We need a database connection to precompile the assets, use sqlite for that
cp Gemfile Gemfile.bak
echo "gem 'sqlite3', '~> 1.3.11'" >> /app/Gemfile
RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=sqlite3 ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=sqlite3 ON_HEROKU=true bundle exec rake assets:clean assets:precompile
# Bundle again to get rid of the sqlite3 gem
cp Gemfile.bak Gemfile
RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=sqlite3 ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
chown huginn:huginn Gemfile.lock
# Configure the unicorn server
mv config/unicorn.rb.example config/unicorn.rb
sed -ri 's/^listen .*$/listen ENV["PORT"]/' config/unicorn.rb
sed -ri 's/^stderr_path.*$//' config/unicorn.rb
sed -ri 's/^stdout_path.*$//' config/unicorn.rb
# Add ENV variables to .env.example which are not present in it but usable
cat >> /app/.env.example <<EOF
ASSET_HOST=
DEFAULT_SCENARIO_FILE=
RAILS_SERVE_STATIC_FILES=
SEED_EMAIL=
SEED_PASSWORD=
SEED_USERNAME=
SMTP_OPENSSL_CA_FILE=
SMTP_OPENSSL_CA_PATH=
SMTP_OPENSSL_VERIFY_MODE=
EOF

View file

@ -5,31 +5,90 @@ export LC_ALL=en_US.UTF-8
cd /app
# Configure database based on linked container
if [ -n "${MYSQL_PORT_3306_TCP_ADDR}" ]; then
DATABASE_ADAPTER=${DATABASE_ADAPTER:-mysql2}
DATABASE_HOST=${DATABASE_HOST:-${MYSQL_PORT_3306_TCP_ADDR}}
DATABASE_PORT=${DATABASE_PORT:-${MYSQL_PORT_3306_TCP_PORT}}
DATABASE_ENCODING=${DATABASE_ENCODING:-utf8mb4}
elif [ -n "${POSTGRES_PORT_5432_TCP_ADDR}" ]; then
DATABASE_ADAPTER=${DATABASE_ADAPTER:-postgresql}
DATABASE_HOST=${DATABASE_HOST:-${POSTGRES_PORT_5432_TCP_ADDR}}
DATABASE_PORT=${DATABASE_PORT:-${POSTGRES_PORT_5432_TCP_PORT}}
DATABASE_ENCODING=utf8
export HOME=/app
if ! whoami &> /dev/null; then
if [ -w /etc/passwd ]; then
echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd
fi
fi
USE_GRAPHVIZ_DOT=${USE_GRAPHVIZ_DOT:-${USE_GRAPHVIZ_DOT:-dot}}
# Do we have a Rails secret yet?
# If not, generate one, but persist it for the container's lifetime.
if [ -z "$APP_SECRET_TOKEN" ] && grep -q ^APP_SECRET_TOKEN=REPLACE_ME_NOW .env.example; then
echo 'Generating random APP_SECRET_TOKEN.'
secret=$(dd if=/dev/urandom bs=36 count=1 | openssl base64)
sed -i "s:REPLACE_ME_NOW!:$secret:" .env.example
fi
# is a mysql or postgresql database linked?
# requires that the mysql or postgresql containers have exposed
# port 3306 and 5432 respectively.
if [[ -n "${MYSQL_PORT_3306_TCP_ADDR}" || ("${DATABASE_ADAPTER}" == "mysql2" && -n "${DATABASE_HOST}") ]]; then
DATABASE_ADAPTER=${DATABASE_ADAPTER:-mysql2}
DATABASE_HOST=${DATABASE_HOST:-${MYSQL_PORT_3306_TCP_ADDR}}
DATABASE_PORT=${DATABASE_PORT:-${MYSQL_PORT_3306_TCP_PORT:-3306}}
DATABASE_ENCODING=${DATABASE_ENCODING:-utf8mb4}
elif [[ -n "${POSTGRES_PORT_5432_TCP_ADDR}" || ("${DATABASE_ADAPTER}" == "postgresql" && -n "${DATABASE_HOST}") ]]; then
DATABASE_ADAPTER=${DATABASE_ADAPTER:-postgresql}
DATABASE_HOST=${DATABASE_HOST:-${POSTGRES_PORT_5432_TCP_ADDR}}
DATABASE_PORT=${DATABASE_PORT:-${POSTGRES_PORT_5432_TCP_PORT:-5432}}
DATABASE_ENCODING=utf8
else
START_MYSQL=${START_MYSQL:-true}
fi
USE_GRAPHVIZ_DOT=${HUGINN_USE_GRAPHVIZ_DOT:-${USE_GRAPHVIZ_DOT:-dot}}
DATABASE_HOST=${HUGINN_DATABASE_HOST:-${DATABASE_HOST:-localhost}}
DATABASE_PORT=${HUGINN_DATABASE_PORT:-${DATABASE_PORT}}
DATABASE_ENCODING=${HUGINN_DATABASE_ENCODING:-${DATABASE_ENCODING}}
DATABASE_PASSWORD=${HUGINN_DATABASE_PASSWORD:-${DATABASE_PASSWORD:-password}}
DATABASE_NAME=${HUGINN_DATABASE_NAME:-${DATABASE_NAME:-huginn_production}}
RAILS_ENV=${HUGINN_RAILS_ENV:-${RAILS_ENV:-production}}
# Add ENV variables to .env.example which are not present in it but usable
cat >> /app/.env.example <<EOF
ASSET_HOST=
DEFAULT_SCENARIO_FILE=
RAILS_SERVE_STATIC_FILES=
SEED_EMAIL=
SEED_PASSWORD=
SEED_USERNAME=
SMTP_OPENSSL_CA_FILE=
SMTP_OPENSSL_CA_PATH=
SMTP_OPENSSL_VERIFY_MODE=
EOF
# Default to the environment variable values set in .env.example
IFS="="
grep = /app/.env.example | sed -e 's/^#\([^ ]\)/\1/' | grep -v -e '^#' | \
sed -n -r -e 's/^#?([A-Za-z0-9_]+ *=.*)/\1/p' /app/.env.example | \
while read var value ; do
eval "echo \"$var=\${$var:-\${HUGINN_$var-\$value}}\""
done | grep -v -e ^= > /app/.env
eval "echo \"$var=\${HUGINN_$var:-\${$var:-\$value}}\""
done > /app/.env
eval "echo PORT=${PORT:-${PORT:-3000}}" >> .env
eval "echo RAILS_ENV=${RAILS_ENV:-${RAILS_ENV:-production}}" >> .env
eval "echo RAILS_LOG_TO_STDOUT=true" >> .env
eval "echo RAILS_SERVE_STATIC_FILES=true" >> .env
PORT=${HUGINN_PORT:-${PORT:-3000}}
echo "PORT=$(echo $PORT|awk -F ':' '{print $NF}')" >> .env
echo "RAILS_ENV=${RAILS_ENV}" >> .env
echo "RAILS_LOG_TO_STDOUT=true" >> .env
echo "RAILS_SERVE_STATIC_FILES=true" >> .env
echo "START_MYSQL=${START_MYSQL}" >> .env
chmod ugo+r /app/.env
source /app/.env
# use default port number if it is still not set
case "${DATABASE_ADAPTER}" in
mysql2) DATABASE_PORT=${DATABASE_PORT:-3306} ;;
postgresql) DATABASE_PORT=${DATABASE_PORT:-5432} ;;
*) echo "Unsupported database adapter. Available adapters are mysql2, and postgresql." && exit 1 ;;
esac
bundle install --without test development --path vendor/bundle
# Configure the unicorn server
cp -a config/unicorn.rb.example config/unicorn.rb
sed -ri 's/^listen .*$/listen ENV["PORT"]/' config/unicorn.rb
sed -ri 's/^stderr_path.*$//' config/unicorn.rb
sed -ri 's/^stdout_path.*$//' config/unicorn.rb
sed -ri 's/^pid.*$//' config/unicorn.rb
mkdir -p tmp/pids tmp/cache tmp/sockets log

View file

@ -1,26 +1,30 @@
FROM ubuntu:14.04
ADD docker/scripts/prepare /scripts/prepare
COPY docker/scripts/prepare /scripts/
RUN /scripts/prepare
WORKDIR /app
ADD ["Gemfile", "Gemfile.lock", "/app/"]
ADD lib/gemfile_helper.rb /app/lib/
ADD vendor/gems /app/vendor/gems
COPY ["Gemfile", "Gemfile.lock", "/app/"]
COPY lib/gemfile_helper.rb /app/lib/
COPY vendor/gems/ /app/vendor/gems/
RUN chown -R huginn:huginn /app && \
sudo -u huginn -H echo "gem 'sqlite3', '~> 1.3.11'" >> /app/Gemfile && \
sudo -u huginn -H LC_ALL=en_US.UTF-8 RAILS_ENV=production ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
COPY . /app
# Get rid of annoying "fatal: Not a git repository (or any of the parent directories): .git" messages
RUN umask 002 && git init && \
LC_ALL=en_US.UTF-8 RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
COPY ./ /app/
ARG OUTDATED_DOCKER_IMAGE_NAMESPACE=false
ENV OUTDATED_DOCKER_IMAGE_NAMESPACE ${OUTDATED_DOCKER_IMAGE_NAMESPACE}
ADD ["docker/scripts/setup", "docker/scripts/setup_env", "docker/single-process/scripts/init", "/scripts/"]
RUN /scripts/setup
RUN umask 002 && \
LC_ALL=en_US.UTF-8 RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle exec rake assets:clean assets:precompile && \
chmod g=u /app/.env.example /app/Gemfile.lock /app/config/ /app/tmp/
EXPOSE 3000
COPY ["docker/scripts/setup_env", "docker/single-process/scripts/init", "/scripts/"]
CMD ["/scripts/init"]
USER 1001

View file

@ -3,7 +3,7 @@ Docker image for Huginn using the production environment and separate container
This image runs a linkable [Huginn](https://github.com/huginn/huginn) instance.
It was inspired by the [official docker container for huginn](https://registry.hub.docker.com/u/huginn/huginn)
It was inspired by the [official docker container for huginn](https://hub.docker.com/r/huginn/huginn)
The scripts/init script generates a .env file containing the variables as passed as per normal Huginn documentation.
The same environment variables that would be used for Heroku PaaS deployment are used by this script.
@ -60,7 +60,7 @@ Manual startup and linking to a MySQL container:
-e MYSQL_ROOT_PASSWORD=somethingevenmoresecret \
mysql
docker run --name huginn_web \
docker run --rm --name huginn_web \
--link huginn_mysql:mysql \
-p 3000:3000 \
-e DATABASE_NAME=huginn \
@ -68,13 +68,23 @@ Manual startup and linking to a MySQL container:
-e DATABASE_PASSWORD=somethingsecret \
huginn/huginn-single-process
docker run --name huginn_threaded \
docker run --rm --name huginn_threaded \
--link huginn_mysql:mysql \
-e DATABASE_NAME=huginn \
-e DATABASE_USERNAME=huginn \
-e DATABASE_PASSWORD=somethingsecret \
huginn/huginn-single-process /scripts/init bin/threaded.rb
or alternatively:
docker run --rm --name huginn_threaded \
--link huginn_mysql:mysql \
-e DATABASE_NAME=huginn \
-e DATABASE_USERNAME=huginn \
-e DATABASE_PASSWORD=somethingsecret \
-e WORKER_CMD='bin/threaded.rb' \
huginn/huginn-single-process
## Environment Variables
Other Huginn [12factored](https://12factor.net/) environment variables of note are generated and put into the .env file as per Huginn documentation. All variables of the [.env.example](https://github.com/huginn/huginn/blob/master/.env.example) can be used to override the defaults which a read from the current `.env.example`.
@ -87,12 +97,10 @@ In newer versions of Docker you are able to pass your own .env file in to the co
You don't need to do this on your own, but if you really want run this command in the Huginn root directory:
docker build --rm=true --tag={yourname}/huginn -f docker/single-process/Dockerfile .
bin/docker_wrapper build --rm=true --tag={yourname}/huginn -f docker/single-process/Dockerfile .
## Source
The source is [available on GitHub](https://github.com/huginn/huginn/docker/single-process/).
The source is [available on GitHub](https://github.com/huginn/huginn/tree/master/docker/single-process).
Please feel free to submit pull requests and/or fork at your leisure.

View file

@ -1,44 +1,30 @@
#!/bin/bash
set -e
export LC_ALL=en_US.UTF-8
cd /app
# Do we have a Rails secret yet?
# If not, generate one, but persist it for the container's lifetime.
if [ -z "$APP_SECRET_TOKEN" ] && grep -q ^APP_SECRET_TOKEN=REPLACE_ME_NOW .env.example; then
echo 'Generating random APP_SECRET_TOKEN.'
secret=$(dd if=/dev/urandom bs=36 count=1 | openssl base64)
sed -i.orig "s:REPLACE_ME_NOW:$secret:" .env.example
if [[ -z "$1" && -n "$WORKER_CMD" ]]; then
set -- $WORKER_CMD
fi
/scripts/setup_env
source /app/.env
source /scripts/setup_env
# use default port number if it is still not set
case "${DATABASE_ADAPTER}" in
mysql2) DATABASE_PORT=${DATABASE_PORT:-3306} ;;
postgresql) DATABASE_PORT=${DATABASE_PORT:-5432} ;;
*) echo "Unsupported database adapter. Available adapters are mysql2, and postgresql." && exit 1 ;;
esac
sudo -u huginn -H -E bundle install --without test development --path vendor/bundle
if [[ -z "${DO_NOT_CREATE_DATABASE}" && -z $1 ]]; then
sudo -u huginn -H -E bundle exec rake db:create RAILS_ENV=${RAILS_ENV}
if [[ -z "${DO_NOT_CREATE_DATABASE}" && -z "$1" ]]; then
bundle exec rake db:create RAILS_ENV=${RAILS_ENV}
fi
if [ -z $1 ]; then
sudo -u huginn -H -E bundle exec rake db:migrate RAILS_ENV=${RAILS_ENV}
if [ -z "$1" ]; then
bundle exec rake db:migrate RAILS_ENV=${RAILS_ENV}
fi
if [[ -z "${DO_NOT_SEED}" && -z $1 ]]; then
sudo -u huginn -H -E bundle exec rake db:seed RAILS_ENV=${RAILS_ENV}
if [[ -z "${DO_NOT_SEED}" && -z "$1" ]]; then
set +e
bundle exec rake db:seed RAILS_ENV=${RAILS_ENV}
set -e
fi
if [ -z $1 ]; then
exec sudo -u huginn -H -E bundle exec unicorn -c config/unicorn.rb
if [ -z "$1" ]; then
exec bundle exec unicorn -c config/unicorn.rb
else
exec sudo -u huginn -H -E bundle exec rails runner "$@" RAILS_ENV=${RAILS_ENV}
exec bundle exec rails runner "$@" RAILS_ENV=${RAILS_ENV}
fi

View file

@ -3,6 +3,8 @@ FROM huginn/huginn-single-process
ENV PHANTOM_VERSION "phantomjs-2.1.1"
ENV PHANTOM_JS "${PHANTOM_VERSION}-linux-x86_64"
USER 0
RUN apt-get update && \
apt-get -y install \
build-essential \
@ -13,17 +15,14 @@ RUN apt-get update && \
libfreetype6-dev \
libfontconfig1 \
libfontconfig1-dev curl && \
apt-get -y clean && \
curl -Ls https://bitbucket.org/ariya/phantomjs/downloads/${PHANTOM_JS}.tar.bz2 \
| tar jxvf - --strip-components=2 -C /usr/local/bin/ ${PHANTOM_JS}/bin/phantomjs
ENV RAILS_ENV test
RUN chown -R huginn:huginn /app && \
sudo -u huginn -H LC_ALL=en_US.UTF-8 ON_HEROKU=true bundle install --with test development --path vendor/bundle -j 4
RUN LC_ALL=en_US.UTF-8 ON_HEROKU=true bundle install --with test development --path vendor/bundle -j 4
ADD "docker/scripts/setup_env" "/scripts/"
ADD "docker/test/scripts/" "/scripts/"
USER huginn
WORKDIR /app
COPY docker/test/scripts/test_env /scripts/
ENTRYPOINT ["/scripts/test_env"]
CMD ["rake spec"]
USER 1001

View file

@ -3,7 +3,7 @@ Docker image for Huginn testing
This image allows the [Huginn](https://github.com/huginn/huginn) test suite to be run in a container, against multiple databases.
It was inspired by the [official docker container for huginn](https://registry.hub.docker.com/u/cantino/huginn)
It was inspired by the [official docker container for huginn](https://hub.docker.com/r/huginn/huginn)
In Development Mode, the source code of the current project directory is mounted as a volume overlaying the packaged `/app` directory.

View file

@ -5,6 +5,8 @@ set -e
source /app/.env
export RAILS_ENV=test
unset no_proxy
bundle install --with test development --path vendor/bundle -j 4
bundle exec rake db:create db:migrate
bundle exec "$@"