Compare commits
3 Commits
e7dfc8a92f
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
42e1edfd66
|
|||
|
68b553382a
|
|||
|
d621c90d61
|
2
Cargo.lock
generated
2
Cargo.lock
generated
@ -1071,7 +1071,7 @@ checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
|
||||
|
||||
[[package]]
|
||||
name = "sbrs"
|
||||
version = "0.1.0"
|
||||
version = "0.1.1"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"clap",
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "sbrs"
|
||||
version = "0.1.0"
|
||||
version = "0.1.1"
|
||||
edition = "2024"
|
||||
|
||||
[dependencies]
|
||||
|
||||
@ -35,22 +35,17 @@ ENV PUID=1000
|
||||
ENV PGID=1000
|
||||
|
||||
# Install runtime dependencies.
|
||||
RUN apk add --no-cache ca-certificates tzdata su-exec busybox
|
||||
|
||||
# Create a non-root user and group for the application to run as
|
||||
RUN addgroup -S -g ${PGID} app && \
|
||||
adduser -S -u ${PUID} -G app -h /app app
|
||||
RUN apk add --no-cache ca-certificates tzdata su-exec busybox tini
|
||||
|
||||
# Copy the compiled binary from the builder stage
|
||||
COPY --from=builder /app/target/release/sbrs /usr/local/bin/ruleset-sync
|
||||
COPY --from=builder /app/target/release/sbrs /usr/local/bin/sbrs
|
||||
|
||||
# Copy the entrypoint script
|
||||
COPY ./docker/entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||
RUN chmod +x /usr/local/bin/entrypoint.sh
|
||||
|
||||
# Create necessary directories and set ownership for volumes
|
||||
RUN mkdir -p /config /rules && \
|
||||
chown -R app:app /config /rules
|
||||
# Create necessary directories for volumes
|
||||
RUN mkdir -p /config /rules
|
||||
|
||||
# Set the entrypoint for the container
|
||||
ENTRYPOINT ["entrypoint.sh"]
|
||||
ENTRYPOINT ["/sbin/tini", "--", "entrypoint.sh"]
|
||||
@ -3,12 +3,34 @@
|
||||
set -e
|
||||
|
||||
# --- Environment Variable Defaults ---
|
||||
PUID=${PUID:-1000}
|
||||
PGID=${PGID:-1000}
|
||||
|
||||
DOMAIN=${DOMAIN:-}
|
||||
RULE_PATH=${RULE_PATH:-}
|
||||
|
||||
|
||||
# --- Create user and group at runtime ---
|
||||
echo "Creating user and group with PUID=${PUID} and PGID=${PGID}"
|
||||
|
||||
# Remove existing user/group if they exist
|
||||
if getent group app > /dev/null 2>&1; then
|
||||
delgroup app 2>/dev/null || true
|
||||
fi
|
||||
if getent passwd app > /dev/null 2>&1; then
|
||||
deluser app 2>/dev/null || true
|
||||
fi
|
||||
|
||||
# Create new group and user with runtime PUID/PGID
|
||||
addgroup -S -g ${PGID} app
|
||||
adduser -S -u ${PUID} -G app -h /app app
|
||||
|
||||
# Set ownership of directories
|
||||
chown -R app:app /config /rules
|
||||
|
||||
# --- Build the Command ---
|
||||
# This command is now used for both the initial run and the cron job.
|
||||
APP_CMD="/usr/local/bin/ruleset-sync \
|
||||
APP_CMD="/usr/local/bin/sbrs \
|
||||
--input-config /config/template.json \
|
||||
--rules-dir /rules \
|
||||
--output-config /config/default.json \
|
||||
@ -31,9 +53,8 @@ echo "--- Running initial synchronization on container start ---"
|
||||
# We run it as the non-root 'app' user to ensure correct file permissions.
|
||||
su-exec app:app sh -c "${APP_CMD}"
|
||||
echo "--- Initial synchronization finished ---"
|
||||
|
||||
# ===================================================================
|
||||
|
||||
|
||||
# --- Cron Setup ---
|
||||
# This section runs after the initial sync is complete.
|
||||
echo "Setting up cron job with schedule: ${CRON_SCHEDULE}"
|
||||
|
||||
@ -1,13 +1,14 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# A script to build and push the Docker image to a Gitea container registry.
|
||||
# A script to build and push a Docker image with multiple tags to a Gitea container registry.
|
||||
# It automatically creates a 'base' version tag (e.g., v0.1.1 from v0.1.1-2) and a 'latest' tag.
|
||||
#
|
||||
# Usage:
|
||||
# export GITEA_REPO_URL="https://git.example.com/user/repo"
|
||||
# ./scripts/deploy.sh <TAG>
|
||||
# ./scripts/deploy.sh <SPECIFIC_TAG>
|
||||
#
|
||||
# Example:
|
||||
# ./scripts/deploy.sh v1.0.1
|
||||
# ./scripts/deploy.sh v0.1.1
|
||||
#
|
||||
|
||||
set -euo pipefail
|
||||
@ -19,8 +20,15 @@ if [ -z "${GITEA_REPO_URL:-}" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Get the image tag from the first script argument, or default to "latest".
|
||||
readonly IMAGE_TAG="${1:-latest}"
|
||||
# Check that a specific tag argument is provided.
|
||||
if [ -z "${1:-}" ]; then
|
||||
echo "Error: You must provide a specific version tag as an argument."
|
||||
echo "Example: ./scripts/deploy.sh v0.1.1-2"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# The specific version tag from the script argument (e.g., v0.1.1-2).
|
||||
readonly PRIMARY_TAG="$1"
|
||||
|
||||
echo "--- Preparing for deployment ---"
|
||||
|
||||
@ -28,14 +36,22 @@ echo "--- Preparing for deployment ---"
|
||||
readonly GITEA_REGISTRY=$(echo "$GITEA_REPO_URL" | sed -e 's|https://||' -e 's|/.*$||')
|
||||
readonly REPO_PATH=$(echo "$GITEA_REPO_URL" | sed -e 's|https://[^/]*\/||' -e 's|\.git$||')
|
||||
|
||||
# Construct the full Docker image name and tag.
|
||||
readonly FULL_IMAGE_NAME="${GITEA_REGISTRY}/${REPO_PATH}:${IMAGE_TAG}"
|
||||
# Construct the base image name (without any tag).
|
||||
readonly IMAGE_NAME_BASE="${GITEA_REGISTRY}/${REPO_PATH}"
|
||||
|
||||
# Derive the base tag by removing the build number (e.g., "-2") from the primary tag.
|
||||
# This command removes a hyphen followed by numbers from the end of the string.
|
||||
readonly BASE_TAG=$(echo "$PRIMARY_TAG" | sed 's/-[0-9]\+$//')
|
||||
|
||||
# --- Print Summary ---
|
||||
echo "Registry URL: ${GITEA_REGISTRY}"
|
||||
echo "Repository Path: ${REPO_PATH}"
|
||||
echo "Image Tag: ${IMAGE_TAG}"
|
||||
echo "Full Image Name: ${FULL_IMAGE_NAME}"
|
||||
echo "Registry URL: ${GITEA_REGISTRY}"
|
||||
echo "Repository Path: ${REPO_PATH}"
|
||||
echo "Base Image Name: ${IMAGE_NAME_BASE}"
|
||||
echo
|
||||
echo "Tags to be created:"
|
||||
echo " - Specific: ${PRIMARY_TAG}"
|
||||
echo " - Base: ${BASE_TAG}"
|
||||
echo " - Latest: latest"
|
||||
echo "--------------------------------"
|
||||
|
||||
# --- Execution ---
|
||||
@ -43,16 +59,24 @@ echo "--------------------------------"
|
||||
echo "--> Logging in to Docker registry at ${GITEA_REGISTRY}..."
|
||||
docker login "${GITEA_REGISTRY}"
|
||||
|
||||
# 2. Build the Docker image with the full name and tag.
|
||||
# We pass the root of the repo as the build context.
|
||||
echo "--> Building image: ${FULL_IMAGE_NAME}..."
|
||||
docker build -t "${FULL_IMAGE_NAME}" -f ./docker/Dockerfile .
|
||||
# 2. Build the Docker image with all the desired tags.
|
||||
# The `docker build` command can accept multiple -t flags.
|
||||
echo "--> Building image with multiple tags..."
|
||||
docker build \
|
||||
-t "${IMAGE_NAME_BASE}:${PRIMARY_TAG}" \
|
||||
-t "${IMAGE_NAME_BASE}:${BASE_TAG}" \
|
||||
-t "${IMAGE_NAME_BASE}:latest" \
|
||||
-f ./docker/Dockerfile .
|
||||
|
||||
# 3. Push the built image to the Gitea registry.
|
||||
echo "--> Pushing image to registry..."
|
||||
docker push "${FULL_IMAGE_NAME}"
|
||||
# 3. Push all tags for the repository to the registry.
|
||||
# The `--all-tags` flag is the most efficient way to do this.
|
||||
echo "--> Pushing all tags to the registry..."
|
||||
docker push --all-tags "${IMAGE_NAME_BASE}"
|
||||
|
||||
# --- Success Message ---
|
||||
echo
|
||||
echo "> Success! Image has been pushed."
|
||||
echo " You can now pull it using: docker pull ${FULL_IMAGE_NAME}"
|
||||
echo "> Success! Image has been pushed with all tags."
|
||||
echo " You can pull it using:"
|
||||
echo " docker pull ${IMAGE_NAME_BASE}:${PRIMARY_TAG}"
|
||||
echo " docker pull ${IMAGE_NAME_BASE}:${BASE_TAG}"
|
||||
echo " docker pull ${IMAGE_NAME_BASE}:latest"
|
||||
Reference in New Issue
Block a user