mirror of
https://github.com/Fishwaldo/huginn.git
synced 2025-03-15 19:31:26 +00:00
Merge pull request #2112 from baip/master
Make Docker image runnable as non-root user
This commit is contained in:
commit
8054945593
15 changed files with 193 additions and 223 deletions
3
bin/docker_wrapper
Executable file
3
bin/docker_wrapper
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
chmod -R g=u . && docker "$@"
|
|
@ -4,9 +4,9 @@ set -ev
|
|||
docker pull $DOCKER_IMAGE
|
||||
|
||||
if [[ $DOCKER_IMAGE =~ "cantino" ]]; then
|
||||
docker build --build-arg OUTDATED_DOCKER_IMAGE_NAMESPACE='true' -t $DOCKER_IMAGE -f $DOCKERFILE .
|
||||
bin/docker_wrapper build --build-arg OUTDATED_DOCKER_IMAGE_NAMESPACE='true' -t $DOCKER_IMAGE -f $DOCKERFILE .
|
||||
else
|
||||
docker build -t $DOCKER_IMAGE -f $DOCKERFILE .
|
||||
bin/docker_wrapper build -t $DOCKER_IMAGE -f $DOCKERFILE .
|
||||
fi
|
||||
|
||||
if [[ -n "${DOCKER_USER}" && "${TRAVIS_PULL_REQUEST}" = 'false' && "${TRAVIS_BRANCH}" = "master" ]]; then
|
||||
|
|
|
@ -1,32 +1,36 @@
|
|||
FROM ubuntu:14.04
|
||||
|
||||
ADD docker/scripts/prepare /scripts/prepare
|
||||
COPY docker/scripts/prepare /scripts/
|
||||
RUN /scripts/prepare
|
||||
|
||||
ADD docker/multi-process/scripts/standalone-packages /scripts/standalone-packages
|
||||
COPY docker/multi-process/scripts/standalone-packages /scripts/
|
||||
RUN /scripts/standalone-packages
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
ADD ["Gemfile", "Gemfile.lock", "/app/"]
|
||||
ADD lib/gemfile_helper.rb /app/lib/
|
||||
ADD vendor/gems /app/vendor/gems
|
||||
COPY ["Gemfile", "Gemfile.lock", "/app/"]
|
||||
COPY lib/gemfile_helper.rb /app/lib/
|
||||
COPY vendor/gems/ /app/vendor/gems/
|
||||
|
||||
RUN chown -R huginn:huginn /app && \
|
||||
sudo -u huginn -H echo "gem 'sqlite3', '~> 1.3.11'" >> /app/Gemfile && \
|
||||
sudo -u huginn -H LC_ALL=en_US.UTF-8 RAILS_ENV=production ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
|
||||
COPY . /app
|
||||
# Get rid of annoying "fatal: Not a git repository (or any of the parent directories): .git" messages
|
||||
RUN umask 002 && git init && \
|
||||
LC_ALL=en_US.UTF-8 RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
|
||||
|
||||
COPY ./ /app/
|
||||
|
||||
ARG OUTDATED_DOCKER_IMAGE_NAMESPACE=false
|
||||
ENV OUTDATED_DOCKER_IMAGE_NAMESPACE ${OUTDATED_DOCKER_IMAGE_NAMESPACE}
|
||||
|
||||
ADD ["docker/scripts/setup", "docker/scripts/setup_env", "docker/multi-process/scripts/init", "/scripts/"]
|
||||
RUN umask 002 && \
|
||||
LC_ALL=en_US.UTF-8 RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle exec rake assets:clean assets:precompile && \
|
||||
chmod g=u /app/.env.example /app/Gemfile.lock /app/config/ /app/tmp/
|
||||
|
||||
RUN /scripts/setup
|
||||
|
||||
VOLUME /var/lib/mysql
|
||||
|
||||
EXPOSE 3000
|
||||
|
||||
COPY ["docker/scripts/setup_env", "docker/multi-process/scripts/init", "/scripts/"]
|
||||
CMD ["/scripts/init"]
|
||||
|
||||
USER 1001
|
||||
|
||||
VOLUME /var/lib/mysql
|
||||
|
|
|
@ -3,9 +3,9 @@ Huginn for docker with multiple container linkage
|
|||
|
||||
This image runs a linkable [Huginn](https://github.com/huginn/huginn) instance.
|
||||
|
||||
There is an automated build repository on docker hub for [huginn/huginn](https://hub.docker.com/r/huginn/huginn/builds/).
|
||||
There is an automated build repository on docker hub for [huginn/huginn](https://hub.docker.com/r/huginn/huginn).
|
||||
|
||||
This was patterned after [sameersbn/gitlab](https://registry.hub.docker.com/u/sameersbn/gitlab) by [ianblenke/huginn](http://github.com/ianblenke/huginn), and imported here for official generation of a docker hub auto-build image.
|
||||
This was patterned after [sameersbn/gitlab](https://hub.docker.com/r/sameersbn/gitlab) by [ianblenke/huginn](http://github.com/ianblenke/huginn), and imported here for official generation of a docker hub auto-build image.
|
||||
|
||||
The scripts/init script generates a .env file containing the variables as passed as per normal Huginn documentation.
|
||||
The same environment variables that would be used for Heroku PaaS deployment are used by this script.
|
||||
|
@ -55,16 +55,17 @@ Simple stand-alone usage (use only for testing/evaluation as it can not be updat
|
|||
|
||||
Use a volume to export the data of the internal mysql server:
|
||||
|
||||
docker run -it -p 3000:3000 -v /home/huginn/mysql-data:/var/lib/mysql huginn/huginn
|
||||
docker run --rm -it -p 3000:3000 -v /home/huginn/mysql-data:/var/lib/mysql huginn/huginn
|
||||
|
||||
To link to another mysql container, for example:
|
||||
|
||||
docker run --rm --name huginn_mysql \
|
||||
docker run --name huginn_mysql \
|
||||
-e MYSQL_DATABASE=huginn \
|
||||
-e MYSQL_USER=huginn \
|
||||
-e MYSQL_PASSWORD=somethingsecret \
|
||||
-e MYSQL_ROOT_PASSWORD=somethingevenmoresecret \
|
||||
mysql
|
||||
|
||||
docker run --rm --name huginn \
|
||||
--link huginn_mysql:mysql \
|
||||
-p 3000:3000 \
|
||||
|
@ -78,6 +79,7 @@ To link to another container named 'postgres':
|
|||
docker run --name huginn_postgres \
|
||||
-e POSTGRES_PASSWORD=mysecretpassword \
|
||||
-e POSTGRES_USER=huginn -d postgres
|
||||
|
||||
docker run --rm --name huginn \
|
||||
--link huginn_postgres:postgres \
|
||||
-p 3000:3000 \
|
||||
|
@ -88,7 +90,8 @@ To link to another container named 'postgres':
|
|||
|
||||
The `docker/multi-process` folder also has a `docker-compose.yml` that allows for a sample database formation with a data volume container:
|
||||
|
||||
cd docker/multi-process ; docker-compose up
|
||||
cd docker/multi-process
|
||||
docker-compose up
|
||||
|
||||
## Environment Variables
|
||||
|
||||
|
@ -100,14 +103,12 @@ In newer versions of Docker you are able to pass your own .env file in to the co
|
|||
|
||||
## Building on your own
|
||||
|
||||
You don't need to do this on your own, because there is an [automated build](https://registry.hub.docker.com/u/huginn/huginn/) for this repository, but if you really want run this command in the Huginn root directory:
|
||||
You don't need to do this on your own, because there is an [automated build](https://hub.docker.com/r/huginn/huginn/) for this repository, but if you really want run this command in the Huginn root directory:
|
||||
|
||||
docker build --rm=true --tag={yourname}/huginn -f docker/multi-process/Dockerfile .
|
||||
bin/docker_wrapper build --rm=true --tag={yourname}/huginn -f docker/multi-process/Dockerfile .
|
||||
|
||||
## Source
|
||||
|
||||
The source is [available on GitHub](https://github.com/huginn/huginn/docker/multi-process/).
|
||||
The source is [available on GitHub](https://github.com/huginn/huginn/tree/master/docker/multi-process).
|
||||
|
||||
Please feel free to submit pull requests and/or fork at your leisure.
|
||||
|
||||
|
||||
|
|
|
@ -1,69 +1,22 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
export LC_ALL=en_US.UTF-8
|
||||
|
||||
cd /app
|
||||
|
||||
# Do we have a Rails secret yet?
|
||||
# If not, generate one, but persist it for the container's lifetime.
|
||||
if [ -z "$APP_SECRET_TOKEN" ] && grep -q ^APP_SECRET_TOKEN=REPLACE_ME_NOW .env.example; then
|
||||
echo 'Generating random APP_SECRET_TOKEN.'
|
||||
secret=$(dd if=/dev/urandom bs=36 count=1 | openssl base64)
|
||||
sed -i.orig "s:REPLACE_ME_NOW:$secret:" .env.example
|
||||
fi
|
||||
|
||||
# Cleanup any leftover pid file
|
||||
if [ -f /app/tmp/pids/server.pid ]; then
|
||||
rm /app/tmp/pids/server.pid
|
||||
fi
|
||||
|
||||
# is a mysql or postgresql database linked?
|
||||
# requires that the mysql or postgresql containers have exposed
|
||||
# port 3306 and 5432 respectively.
|
||||
if [[ -n "${MYSQL_PORT_3306_TCP_ADDR}" || ("${DATABASE_ADAPTER}" == "mysql2" && -n "${DATABASE_HOST}") ]]; then
|
||||
DATABASE_ADAPTER=${DATABASE_ADAPTER:-mysql2}
|
||||
DATABASE_HOST=${DATABASE_HOST:-${MYSQL_PORT_3306_TCP_ADDR}}
|
||||
DATABASE_PORT=${DATABASE_PORT:-${MYSQL_PORT_3306_TCP_PORT}}
|
||||
DATABASE_ENCODING=${DATABASE_ENCODING:-utf8mb4}
|
||||
elif [[ -n "${POSTGRES_PORT_5432_TCP_ADDR}" || "${DATABASE_ADAPTER}" == "postgresql" ]]; then
|
||||
DATABASE_ADAPTER=${DATABASE_ADAPTER:-postgresql}
|
||||
DATABASE_HOST=${DATABASE_HOST:-${POSTGRES_PORT_5432_TCP_ADDR}}
|
||||
DATABASE_PORT=${DATABASE_PORT:-${POSTGRES_PORT_5432_TCP_PORT}}
|
||||
DATABASE_ENCODING=utf8
|
||||
else
|
||||
START_MYSQL=${START_MYSQL:-true}
|
||||
source /scripts/setup_env
|
||||
|
||||
# Fixup the Procfile and prepare the PORT
|
||||
if [ -n "${DO_NOT_RUN_JOBS}" ]; then
|
||||
sed -i -e 's/^jobs:/#jobs:/' /app/Procfile
|
||||
fi
|
||||
|
||||
USE_GRAPHVIZ_DOT=${HUGINN_USE_GRAPHVIZ_DOT:-${USE_GRAPHVIZ_DOT:-dot}}
|
||||
DATABASE_HOST=${HUGINN_DATABASE_HOST:-${DATABASE_HOST:-localhost}}
|
||||
DATABASE_PORT=${HUGINN_DATABASE_PORT:-${DATABASE_PORT}}
|
||||
DATABASE_ENCODING=${HUGINN_DATABASE_ENCODING:-${DATABASE_ENCODING}}
|
||||
DATABASE_PASSWORD=${HUGINN_DATABASE_PASSWORD:-${DATABASE_PASSWORD:-password}}
|
||||
DATABASE_NAME=${HUGINN_DATABASE_NAME:-${DATABASE_NAME:-huginn_production}}
|
||||
RAILS_ENV=${HUGINN_RAILS_ENV:-${RAILS_ENV:-production}}
|
||||
|
||||
IFS="="
|
||||
grep = /app/.env.example | sed -e 's/^#\([^ ]\)/\1/' | grep -v -e '^#' | \
|
||||
while read var value ; do
|
||||
eval "echo \"$var=\${$var:-\${HUGINN_$var-\$value}}\""
|
||||
done | grep -v -e ^= > /app/.env
|
||||
|
||||
eval "echo RAILS_ENV=${RAILS_ENV}" >> .env
|
||||
eval "echo START_MYSQL=${START_MYSQL}" >> .env
|
||||
echo "RAILS_LOG_TO_STDOUT=true" >> .env
|
||||
echo "RAILS_SERVE_STATIC_FILES=true" >> .env
|
||||
|
||||
chmod ugo+r /app/.env
|
||||
source /app/.env
|
||||
sudo -u huginn -H -E bundle install --without test development --path vendor/bundle
|
||||
|
||||
# use default port number if it is still not set
|
||||
case "${DATABASE_ADAPTER}" in
|
||||
mysql2) DATABASE_PORT=${DATABASE_PORT:-3306} ;;
|
||||
postgresql) DATABASE_PORT=${DATABASE_PORT:-5432} ;;
|
||||
*) echo "Unsupported database adapter. Available adapters are mysql2, and postgresql." && exit 1 ;;
|
||||
esac
|
||||
IP="${IP:-0.0.0.0}"
|
||||
sed -i -e "s/\${IP-0.0.0.0}/$IP/" -e "s/\${PORT-3000}/$PORT/" /app/Procfile
|
||||
|
||||
# initialize supervisord config
|
||||
cat > /etc/supervisor/supervisord.conf <<EOF
|
||||
|
@ -73,10 +26,9 @@ chmod=0700 ; sockef file mode (default 0700)
|
|||
|
||||
[supervisord]
|
||||
nodaemon = true
|
||||
user = root
|
||||
stdout_logfile = AUTO
|
||||
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
|
||||
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
|
||||
pidfile=/app/tmp/pids/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
|
||||
childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
|
||||
|
||||
; the below section must remain in the config file for RPC
|
||||
|
@ -114,7 +66,7 @@ echo DATABASE_HOST=\${DATABASE_HOST}
|
|||
|
||||
# start mysql server if \${DATABASE_HOST} is the .env.example default
|
||||
if [ "\${START_MYSQL}" = "true" ]; then
|
||||
echo "DATABASE_SOCKET=/var/run/mysqld/mysqld.sock" >> .env
|
||||
echo "DATABASE_SOCKET=/app/tmp/sockets/mysqld.sock" >> .env
|
||||
if [ "\${DATABASE_ADAPTER}" = "postgresql" ]; then
|
||||
echo "DATABASE_ADAPTER 'postgresql' is not supported internally. Please provide DATABASE_HOST."
|
||||
exit 1
|
||||
|
@ -126,7 +78,6 @@ if [ "\${START_MYSQL}" = "true" ]; then
|
|||
priority=20
|
||||
directory=/tmp
|
||||
command=/usr/bin/mysqld_safe
|
||||
user=root
|
||||
autostart=false
|
||||
autorestart=true
|
||||
stdout_events_enabled=true
|
||||
|
@ -135,13 +86,10 @@ EOF
|
|||
supervisorctl reread
|
||||
supervisorctl add mysqld
|
||||
|
||||
# fix permissions and ownership of /var/lib/mysql
|
||||
chown -R mysql:mysql /var/lib/mysql
|
||||
chmod 700 /var/lib/mysql
|
||||
|
||||
# initialize MySQL data directory
|
||||
if [ ! -d /var/lib/mysql/mysql ]; then
|
||||
mysql_install_db --user=mysql
|
||||
mysql_install_db --user=\$(whoami) --datadir=/tmp/mysql
|
||||
mv -f /tmp/mysql/* /var/lib/mysql/
|
||||
fi
|
||||
|
||||
echo "Starting mysql server..."
|
||||
|
@ -207,28 +155,20 @@ fi
|
|||
|
||||
# We may need to try and create a database
|
||||
if [ -z "\${DO_NOT_CREATE_DATABASE}" ]; then
|
||||
sudo -u huginn -EH bundle exec rake db:create
|
||||
bundle exec rake db:create
|
||||
fi
|
||||
|
||||
# Assuming we have a created database, run the migrations and seed it idempotently.
|
||||
if [ -z "\${DO_NOT_MIGRATE}" ]; then
|
||||
sudo -u huginn -EH bundle exec rake db:migrate
|
||||
bundle exec rake db:migrate
|
||||
fi
|
||||
|
||||
if [ -z "\${DO_NOT_SEED}" ]; then
|
||||
sudo -u huginn -EH bash -xc 'bundle exec rake db:seed &'
|
||||
bash -xc 'bundle exec rake db:seed &'
|
||||
fi
|
||||
|
||||
# Fixup the Procfile and prepare the PORT
|
||||
if [ -n "\${DO_NOT_RUN_JOBS}" ]; then
|
||||
perl -pi -e 's/^jobs:/#jobs:/' /app/Procfile
|
||||
fi
|
||||
|
||||
perl -pi -e 's/rails server -b0.0.0.0\$/rails server -b 0.0.0.0 -p \\\$PORT/' /app/Procfile
|
||||
export PORT="\${PORT:-3000}"
|
||||
|
||||
# Start huginn
|
||||
exec sudo -u huginn -EH bash -xc 'exec bundle exec foreman start'
|
||||
exec bundle exec foreman start
|
||||
FOREMAN
|
||||
|
||||
chmod 755 /tmp/foreman.sh
|
||||
|
|
|
@ -2,8 +2,18 @@ export DEBIAN_FRONTEND=noninteractive
|
|||
apt-get update
|
||||
apt-get install -y python2.7 python-docutils mysql-server \
|
||||
supervisor python-pip && \
|
||||
apt-get -y clean
|
||||
pip install supervisor-stdout
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
rm -rf /usr/share/doc/
|
||||
rm -rf /usr/share/man/
|
||||
rm -rf /usr/share/locale/
|
||||
rm -rf /var/log/*
|
||||
|
||||
mkdir -p /var/log/supervisor /var/log/mysql
|
||||
chgrp -R 0 /etc/supervisor /var/lib/mysql /var/log/supervisor /var/log/mysql
|
||||
chmod -R g=u /etc/supervisor /var/lib/mysql /var/log/supervisor /var/log/mysql
|
||||
sed -r -i /etc/mysql/my.cnf \
|
||||
-e 's/^ *user *.+/user=1001/' \
|
||||
-e 's#/var/run/mysqld/mysqld.sock#/app/tmp/sockets/mysqld.sock#' \
|
||||
-e 's#/var/run/mysqld/mysqld.pid#/app/tmp/pids/mysqld.pid#'
|
||||
|
|
|
@ -33,16 +33,12 @@ update-locale LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8
|
|||
gem install --no-ri --no-rdoc bundler
|
||||
|
||||
apt-get purge -y python3* rsyslog rsync manpages
|
||||
apt-get -y clean
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
rm -rf /usr/share/doc/
|
||||
rm -rf /usr/share/man/
|
||||
rm -rf /usr/share/locale/
|
||||
rm -rf /var/log/*
|
||||
|
||||
# add a huginn group and user
|
||||
adduser --group huginn
|
||||
adduser --disabled-login --ingroup huginn --gecos 'Huginn' --no-create-home --home /app huginn
|
||||
passwd -d huginn
|
||||
|
||||
mkdir -p /app/lib/
|
||||
mkdir -p /app/vendor/gems
|
||||
mkdir -p /app
|
||||
chmod -R g=u /etc/passwd /app
|
||||
|
|
|
@ -1,42 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
cd /app
|
||||
|
||||
export LC_ALL=en_US.UTF-8
|
||||
|
||||
# Ensure the huginn user has access to the required directories
|
||||
sudo -u huginn -H mkdir -p tmp/pids tmp/cache tmp/sockets log
|
||||
sudo -u huginn -H touch log/production.log
|
||||
# Get rid of annoying "fatal: Not a git repository (or any of the parent directories): .git" messages
|
||||
sudo -u huginn -H git init
|
||||
|
||||
# HACK: We need a database connection to precompile the assets, use sqlite for that
|
||||
cp Gemfile Gemfile.bak
|
||||
echo "gem 'sqlite3', '~> 1.3.11'" >> /app/Gemfile
|
||||
RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=sqlite3 ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
|
||||
RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=sqlite3 ON_HEROKU=true bundle exec rake assets:clean assets:precompile
|
||||
|
||||
# Bundle again to get rid of the sqlite3 gem
|
||||
cp Gemfile.bak Gemfile
|
||||
RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=sqlite3 ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
|
||||
chown huginn:huginn Gemfile.lock
|
||||
|
||||
# Configure the unicorn server
|
||||
mv config/unicorn.rb.example config/unicorn.rb
|
||||
sed -ri 's/^listen .*$/listen ENV["PORT"]/' config/unicorn.rb
|
||||
sed -ri 's/^stderr_path.*$//' config/unicorn.rb
|
||||
sed -ri 's/^stdout_path.*$//' config/unicorn.rb
|
||||
|
||||
# Add ENV variables to .env.example which are not present in it but usable
|
||||
cat >> /app/.env.example <<EOF
|
||||
ASSET_HOST=
|
||||
DEFAULT_SCENARIO_FILE=
|
||||
RAILS_SERVE_STATIC_FILES=
|
||||
SEED_EMAIL=
|
||||
SEED_PASSWORD=
|
||||
SEED_USERNAME=
|
||||
SMTP_OPENSSL_CA_FILE=
|
||||
SMTP_OPENSSL_CA_PATH=
|
||||
SMTP_OPENSSL_VERIFY_MODE=
|
||||
EOF
|
|
@ -5,31 +5,90 @@ export LC_ALL=en_US.UTF-8
|
|||
|
||||
cd /app
|
||||
|
||||
# Configure database based on linked container
|
||||
if [ -n "${MYSQL_PORT_3306_TCP_ADDR}" ]; then
|
||||
DATABASE_ADAPTER=${DATABASE_ADAPTER:-mysql2}
|
||||
DATABASE_HOST=${DATABASE_HOST:-${MYSQL_PORT_3306_TCP_ADDR}}
|
||||
DATABASE_PORT=${DATABASE_PORT:-${MYSQL_PORT_3306_TCP_PORT}}
|
||||
DATABASE_ENCODING=${DATABASE_ENCODING:-utf8mb4}
|
||||
elif [ -n "${POSTGRES_PORT_5432_TCP_ADDR}" ]; then
|
||||
DATABASE_ADAPTER=${DATABASE_ADAPTER:-postgresql}
|
||||
DATABASE_HOST=${DATABASE_HOST:-${POSTGRES_PORT_5432_TCP_ADDR}}
|
||||
DATABASE_PORT=${DATABASE_PORT:-${POSTGRES_PORT_5432_TCP_PORT}}
|
||||
DATABASE_ENCODING=utf8
|
||||
export HOME=/app
|
||||
if ! whoami &> /dev/null; then
|
||||
if [ -w /etc/passwd ]; then
|
||||
echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd
|
||||
fi
|
||||
fi
|
||||
|
||||
USE_GRAPHVIZ_DOT=${USE_GRAPHVIZ_DOT:-${USE_GRAPHVIZ_DOT:-dot}}
|
||||
# Do we have a Rails secret yet?
|
||||
# If not, generate one, but persist it for the container's lifetime.
|
||||
if [ -z "$APP_SECRET_TOKEN" ] && grep -q ^APP_SECRET_TOKEN=REPLACE_ME_NOW .env.example; then
|
||||
echo 'Generating random APP_SECRET_TOKEN.'
|
||||
secret=$(dd if=/dev/urandom bs=36 count=1 | openssl base64)
|
||||
sed -i "s:REPLACE_ME_NOW!:$secret:" .env.example
|
||||
fi
|
||||
|
||||
# is a mysql or postgresql database linked?
|
||||
# requires that the mysql or postgresql containers have exposed
|
||||
# port 3306 and 5432 respectively.
|
||||
if [[ -n "${MYSQL_PORT_3306_TCP_ADDR}" || ("${DATABASE_ADAPTER}" == "mysql2" && -n "${DATABASE_HOST}") ]]; then
|
||||
DATABASE_ADAPTER=${DATABASE_ADAPTER:-mysql2}
|
||||
DATABASE_HOST=${DATABASE_HOST:-${MYSQL_PORT_3306_TCP_ADDR}}
|
||||
DATABASE_PORT=${DATABASE_PORT:-${MYSQL_PORT_3306_TCP_PORT:-3306}}
|
||||
DATABASE_ENCODING=${DATABASE_ENCODING:-utf8mb4}
|
||||
elif [[ -n "${POSTGRES_PORT_5432_TCP_ADDR}" || ("${DATABASE_ADAPTER}" == "postgresql" && -n "${DATABASE_HOST}") ]]; then
|
||||
DATABASE_ADAPTER=${DATABASE_ADAPTER:-postgresql}
|
||||
DATABASE_HOST=${DATABASE_HOST:-${POSTGRES_PORT_5432_TCP_ADDR}}
|
||||
DATABASE_PORT=${DATABASE_PORT:-${POSTGRES_PORT_5432_TCP_PORT:-5432}}
|
||||
DATABASE_ENCODING=utf8
|
||||
else
|
||||
START_MYSQL=${START_MYSQL:-true}
|
||||
fi
|
||||
|
||||
USE_GRAPHVIZ_DOT=${HUGINN_USE_GRAPHVIZ_DOT:-${USE_GRAPHVIZ_DOT:-dot}}
|
||||
DATABASE_HOST=${HUGINN_DATABASE_HOST:-${DATABASE_HOST:-localhost}}
|
||||
DATABASE_PORT=${HUGINN_DATABASE_PORT:-${DATABASE_PORT}}
|
||||
DATABASE_ENCODING=${HUGINN_DATABASE_ENCODING:-${DATABASE_ENCODING}}
|
||||
DATABASE_PASSWORD=${HUGINN_DATABASE_PASSWORD:-${DATABASE_PASSWORD:-password}}
|
||||
DATABASE_NAME=${HUGINN_DATABASE_NAME:-${DATABASE_NAME:-huginn_production}}
|
||||
RAILS_ENV=${HUGINN_RAILS_ENV:-${RAILS_ENV:-production}}
|
||||
|
||||
# Add ENV variables to .env.example which are not present in it but usable
|
||||
cat >> /app/.env.example <<EOF
|
||||
ASSET_HOST=
|
||||
DEFAULT_SCENARIO_FILE=
|
||||
RAILS_SERVE_STATIC_FILES=
|
||||
SEED_EMAIL=
|
||||
SEED_PASSWORD=
|
||||
SEED_USERNAME=
|
||||
SMTP_OPENSSL_CA_FILE=
|
||||
SMTP_OPENSSL_CA_PATH=
|
||||
SMTP_OPENSSL_VERIFY_MODE=
|
||||
EOF
|
||||
|
||||
# Default to the environment variable values set in .env.example
|
||||
IFS="="
|
||||
grep = /app/.env.example | sed -e 's/^#\([^ ]\)/\1/' | grep -v -e '^#' | \
|
||||
sed -n -r -e 's/^#?([A-Za-z0-9_]+ *=.*)/\1/p' /app/.env.example | \
|
||||
while read var value ; do
|
||||
eval "echo \"$var=\${$var:-\${HUGINN_$var-\$value}}\""
|
||||
done | grep -v -e ^= > /app/.env
|
||||
eval "echo \"$var=\${HUGINN_$var:-\${$var:-\$value}}\""
|
||||
done > /app/.env
|
||||
|
||||
eval "echo PORT=${PORT:-${PORT:-3000}}" >> .env
|
||||
eval "echo RAILS_ENV=${RAILS_ENV:-${RAILS_ENV:-production}}" >> .env
|
||||
eval "echo RAILS_LOG_TO_STDOUT=true" >> .env
|
||||
eval "echo RAILS_SERVE_STATIC_FILES=true" >> .env
|
||||
PORT=${HUGINN_PORT:-${PORT:-3000}}
|
||||
echo "PORT=$(echo $PORT|awk -F ':' '{print $NF}')" >> .env
|
||||
echo "RAILS_ENV=${RAILS_ENV}" >> .env
|
||||
echo "RAILS_LOG_TO_STDOUT=true" >> .env
|
||||
echo "RAILS_SERVE_STATIC_FILES=true" >> .env
|
||||
echo "START_MYSQL=${START_MYSQL}" >> .env
|
||||
|
||||
chmod ugo+r /app/.env
|
||||
source /app/.env
|
||||
|
||||
# use default port number if it is still not set
|
||||
case "${DATABASE_ADAPTER}" in
|
||||
mysql2) DATABASE_PORT=${DATABASE_PORT:-3306} ;;
|
||||
postgresql) DATABASE_PORT=${DATABASE_PORT:-5432} ;;
|
||||
*) echo "Unsupported database adapter. Available adapters are mysql2, and postgresql." && exit 1 ;;
|
||||
esac
|
||||
|
||||
bundle install --without test development --path vendor/bundle
|
||||
|
||||
# Configure the unicorn server
|
||||
cp -a config/unicorn.rb.example config/unicorn.rb
|
||||
sed -ri 's/^listen .*$/listen ENV["PORT"]/' config/unicorn.rb
|
||||
sed -ri 's/^stderr_path.*$//' config/unicorn.rb
|
||||
sed -ri 's/^stdout_path.*$//' config/unicorn.rb
|
||||
sed -ri 's/^pid.*$//' config/unicorn.rb
|
||||
|
||||
mkdir -p tmp/pids tmp/cache tmp/sockets log
|
||||
|
|
|
@ -1,26 +1,30 @@
|
|||
FROM ubuntu:14.04
|
||||
|
||||
ADD docker/scripts/prepare /scripts/prepare
|
||||
COPY docker/scripts/prepare /scripts/
|
||||
RUN /scripts/prepare
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
ADD ["Gemfile", "Gemfile.lock", "/app/"]
|
||||
ADD lib/gemfile_helper.rb /app/lib/
|
||||
ADD vendor/gems /app/vendor/gems
|
||||
COPY ["Gemfile", "Gemfile.lock", "/app/"]
|
||||
COPY lib/gemfile_helper.rb /app/lib/
|
||||
COPY vendor/gems/ /app/vendor/gems/
|
||||
|
||||
RUN chown -R huginn:huginn /app && \
|
||||
sudo -u huginn -H echo "gem 'sqlite3', '~> 1.3.11'" >> /app/Gemfile && \
|
||||
sudo -u huginn -H LC_ALL=en_US.UTF-8 RAILS_ENV=production ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
|
||||
COPY . /app
|
||||
# Get rid of annoying "fatal: Not a git repository (or any of the parent directories): .git" messages
|
||||
RUN umask 002 && git init && \
|
||||
LC_ALL=en_US.UTF-8 RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle install --without test development --path vendor/bundle -j 4
|
||||
|
||||
COPY ./ /app/
|
||||
|
||||
ARG OUTDATED_DOCKER_IMAGE_NAMESPACE=false
|
||||
ENV OUTDATED_DOCKER_IMAGE_NAMESPACE ${OUTDATED_DOCKER_IMAGE_NAMESPACE}
|
||||
|
||||
ADD ["docker/scripts/setup", "docker/scripts/setup_env", "docker/single-process/scripts/init", "/scripts/"]
|
||||
|
||||
RUN /scripts/setup
|
||||
RUN umask 002 && \
|
||||
LC_ALL=en_US.UTF-8 RAILS_ENV=production APP_SECRET_TOKEN=secret DATABASE_ADAPTER=mysql2 ON_HEROKU=true bundle exec rake assets:clean assets:precompile && \
|
||||
chmod g=u /app/.env.example /app/Gemfile.lock /app/config/ /app/tmp/
|
||||
|
||||
EXPOSE 3000
|
||||
|
||||
COPY ["docker/scripts/setup_env", "docker/single-process/scripts/init", "/scripts/"]
|
||||
CMD ["/scripts/init"]
|
||||
|
||||
USER 1001
|
||||
|
|
|
@ -3,7 +3,7 @@ Docker image for Huginn using the production environment and separate container
|
|||
|
||||
This image runs a linkable [Huginn](https://github.com/huginn/huginn) instance.
|
||||
|
||||
It was inspired by the [official docker container for huginn](https://registry.hub.docker.com/u/huginn/huginn)
|
||||
It was inspired by the [official docker container for huginn](https://hub.docker.com/r/huginn/huginn)
|
||||
|
||||
The scripts/init script generates a .env file containing the variables as passed as per normal Huginn documentation.
|
||||
The same environment variables that would be used for Heroku PaaS deployment are used by this script.
|
||||
|
@ -60,7 +60,7 @@ Manual startup and linking to a MySQL container:
|
|||
-e MYSQL_ROOT_PASSWORD=somethingevenmoresecret \
|
||||
mysql
|
||||
|
||||
docker run --name huginn_web \
|
||||
docker run --rm --name huginn_web \
|
||||
--link huginn_mysql:mysql \
|
||||
-p 3000:3000 \
|
||||
-e DATABASE_NAME=huginn \
|
||||
|
@ -68,13 +68,23 @@ Manual startup and linking to a MySQL container:
|
|||
-e DATABASE_PASSWORD=somethingsecret \
|
||||
huginn/huginn-single-process
|
||||
|
||||
docker run --name huginn_threaded \
|
||||
docker run --rm --name huginn_threaded \
|
||||
--link huginn_mysql:mysql \
|
||||
-e DATABASE_NAME=huginn \
|
||||
-e DATABASE_USERNAME=huginn \
|
||||
-e DATABASE_PASSWORD=somethingsecret \
|
||||
huginn/huginn-single-process /scripts/init bin/threaded.rb
|
||||
|
||||
or alternatively:
|
||||
|
||||
docker run --rm --name huginn_threaded \
|
||||
--link huginn_mysql:mysql \
|
||||
-e DATABASE_NAME=huginn \
|
||||
-e DATABASE_USERNAME=huginn \
|
||||
-e DATABASE_PASSWORD=somethingsecret \
|
||||
-e WORKER_CMD='bin/threaded.rb' \
|
||||
huginn/huginn-single-process
|
||||
|
||||
## Environment Variables
|
||||
|
||||
Other Huginn [12factored](https://12factor.net/) environment variables of note are generated and put into the .env file as per Huginn documentation. All variables of the [.env.example](https://github.com/huginn/huginn/blob/master/.env.example) can be used to override the defaults which a read from the current `.env.example`.
|
||||
|
@ -87,12 +97,10 @@ In newer versions of Docker you are able to pass your own .env file in to the co
|
|||
|
||||
You don't need to do this on your own, but if you really want run this command in the Huginn root directory:
|
||||
|
||||
docker build --rm=true --tag={yourname}/huginn -f docker/single-process/Dockerfile .
|
||||
bin/docker_wrapper build --rm=true --tag={yourname}/huginn -f docker/single-process/Dockerfile .
|
||||
|
||||
## Source
|
||||
|
||||
The source is [available on GitHub](https://github.com/huginn/huginn/docker/single-process/).
|
||||
The source is [available on GitHub](https://github.com/huginn/huginn/tree/master/docker/single-process).
|
||||
|
||||
Please feel free to submit pull requests and/or fork at your leisure.
|
||||
|
||||
|
||||
|
|
|
@ -1,44 +1,30 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
export LC_ALL=en_US.UTF-8
|
||||
|
||||
cd /app
|
||||
|
||||
# Do we have a Rails secret yet?
|
||||
# If not, generate one, but persist it for the container's lifetime.
|
||||
if [ -z "$APP_SECRET_TOKEN" ] && grep -q ^APP_SECRET_TOKEN=REPLACE_ME_NOW .env.example; then
|
||||
echo 'Generating random APP_SECRET_TOKEN.'
|
||||
secret=$(dd if=/dev/urandom bs=36 count=1 | openssl base64)
|
||||
sed -i.orig "s:REPLACE_ME_NOW:$secret:" .env.example
|
||||
if [[ -z "$1" && -n "$WORKER_CMD" ]]; then
|
||||
set -- $WORKER_CMD
|
||||
fi
|
||||
|
||||
/scripts/setup_env
|
||||
source /app/.env
|
||||
source /scripts/setup_env
|
||||
|
||||
# use default port number if it is still not set
|
||||
case "${DATABASE_ADAPTER}" in
|
||||
mysql2) DATABASE_PORT=${DATABASE_PORT:-3306} ;;
|
||||
postgresql) DATABASE_PORT=${DATABASE_PORT:-5432} ;;
|
||||
*) echo "Unsupported database adapter. Available adapters are mysql2, and postgresql." && exit 1 ;;
|
||||
esac
|
||||
|
||||
sudo -u huginn -H -E bundle install --without test development --path vendor/bundle
|
||||
|
||||
if [[ -z "${DO_NOT_CREATE_DATABASE}" && -z $1 ]]; then
|
||||
sudo -u huginn -H -E bundle exec rake db:create RAILS_ENV=${RAILS_ENV}
|
||||
if [[ -z "${DO_NOT_CREATE_DATABASE}" && -z "$1" ]]; then
|
||||
bundle exec rake db:create RAILS_ENV=${RAILS_ENV}
|
||||
fi
|
||||
|
||||
if [ -z $1 ]; then
|
||||
sudo -u huginn -H -E bundle exec rake db:migrate RAILS_ENV=${RAILS_ENV}
|
||||
if [ -z "$1" ]; then
|
||||
bundle exec rake db:migrate RAILS_ENV=${RAILS_ENV}
|
||||
fi
|
||||
|
||||
if [[ -z "${DO_NOT_SEED}" && -z $1 ]]; then
|
||||
sudo -u huginn -H -E bundle exec rake db:seed RAILS_ENV=${RAILS_ENV}
|
||||
if [[ -z "${DO_NOT_SEED}" && -z "$1" ]]; then
|
||||
set +e
|
||||
bundle exec rake db:seed RAILS_ENV=${RAILS_ENV}
|
||||
set -e
|
||||
fi
|
||||
|
||||
if [ -z $1 ]; then
|
||||
exec sudo -u huginn -H -E bundle exec unicorn -c config/unicorn.rb
|
||||
if [ -z "$1" ]; then
|
||||
exec bundle exec unicorn -c config/unicorn.rb
|
||||
else
|
||||
exec sudo -u huginn -H -E bundle exec rails runner "$@" RAILS_ENV=${RAILS_ENV}
|
||||
exec bundle exec rails runner "$@" RAILS_ENV=${RAILS_ENV}
|
||||
fi
|
||||
|
|
|
@ -3,6 +3,8 @@ FROM huginn/huginn-single-process
|
|||
ENV PHANTOM_VERSION "phantomjs-2.1.1"
|
||||
ENV PHANTOM_JS "${PHANTOM_VERSION}-linux-x86_64"
|
||||
|
||||
USER 0
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get -y install \
|
||||
build-essential \
|
||||
|
@ -13,17 +15,14 @@ RUN apt-get update && \
|
|||
libfreetype6-dev \
|
||||
libfontconfig1 \
|
||||
libfontconfig1-dev curl && \
|
||||
apt-get -y clean && \
|
||||
curl -Ls https://bitbucket.org/ariya/phantomjs/downloads/${PHANTOM_JS}.tar.bz2 \
|
||||
| tar jxvf - --strip-components=2 -C /usr/local/bin/ ${PHANTOM_JS}/bin/phantomjs
|
||||
|
||||
ENV RAILS_ENV test
|
||||
RUN chown -R huginn:huginn /app && \
|
||||
sudo -u huginn -H LC_ALL=en_US.UTF-8 ON_HEROKU=true bundle install --with test development --path vendor/bundle -j 4
|
||||
RUN LC_ALL=en_US.UTF-8 ON_HEROKU=true bundle install --with test development --path vendor/bundle -j 4
|
||||
|
||||
ADD "docker/scripts/setup_env" "/scripts/"
|
||||
ADD "docker/test/scripts/" "/scripts/"
|
||||
|
||||
USER huginn
|
||||
WORKDIR /app
|
||||
COPY docker/test/scripts/test_env /scripts/
|
||||
ENTRYPOINT ["/scripts/test_env"]
|
||||
CMD ["rake spec"]
|
||||
|
||||
USER 1001
|
||||
|
|
|
@ -3,7 +3,7 @@ Docker image for Huginn testing
|
|||
|
||||
This image allows the [Huginn](https://github.com/huginn/huginn) test suite to be run in a container, against multiple databases.
|
||||
|
||||
It was inspired by the [official docker container for huginn](https://registry.hub.docker.com/u/cantino/huginn)
|
||||
It was inspired by the [official docker container for huginn](https://hub.docker.com/r/huginn/huginn)
|
||||
|
||||
In Development Mode, the source code of the current project directory is mounted as a volume overlaying the packaged `/app` directory.
|
||||
|
||||
|
|
|
@ -5,6 +5,8 @@ set -e
|
|||
source /app/.env
|
||||
|
||||
export RAILS_ENV=test
|
||||
unset no_proxy
|
||||
|
||||
bundle install --with test development --path vendor/bundle -j 4
|
||||
bundle exec rake db:create db:migrate
|
||||
bundle exec "$@"
|
||||
|
|
Loading…
Add table
Reference in a new issue