diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 000000000..800925451 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,48 @@ +name: Build aleph + +on: + workflow_dispatch: {} + push: + paths-ignore: + - "ui/**" + - "docs/**" + +permissions: + packages: write + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ghcr.io/investigativedata/aleph + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=sha + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + with: + install: true + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push release + uses: docker/build-push-action@v3 + with: + context: . + # platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/Dockerfile b/Dockerfile index 437db3046..2c94f9e39 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,9 +46,9 @@ ENV FTM_COMPARE_FREQUENCIES_DIR=/opt/ftm-compare/word-frequencies/ \ RUN mkdir /run/prometheus -# COPY docker-entrypoint.sh /docker-entrypoint.sh -# COPY docker-entrypoint.d /docker-entrypoint.d/ -# RUN chmod +x /docker-entrypoint.sh -# ENTRYPOINT ["/docker-entrypoint.sh"] +COPY docker-entrypoint.sh /docker-entrypoint.sh +COPY docker-entrypoint.d /docker-entrypoint.d/ +RUN chmod +x /docker-entrypoint.sh +ENTRYPOINT ["/docker-entrypoint.sh"] # Run the green unicorn CMD gunicorn --config /aleph/gunicorn.conf.py --workers 6 --log-level info --log-file - diff --git a/docker-entrypoint.d/10-pages-zip.sh b/docker-entrypoint.d/10-pages-zip.sh new file mode 100755 index 000000000..a71ed6a9d --- /dev/null +++ b/docker-entrypoint.d/10-pages-zip.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# vim:sw=4:ts=4:et + +if [[ ${ALEPH_PAGES_ZIP+x} ]]; then + curl -L -o /tmp/aleph-pages.zip "$ALEPH_PAGES_ZIP" + unzip -o /tmp/aleph-pages.zip -d /tmp/aleph-pages/ + rm -rf /aleph/aleph/pages/* + mv /tmp/aleph-pages/**/*.md /aleph/aleph/pages/ +fi diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100644 index 000000000..9608a7c0a --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,81 @@ +#!/bin/bash +# vim:sw=4:ts=4:et + +set -e + +entrypoint_log() { + if [ -z "${ALEPH_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(<"${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# servicelayer +file_env "AWS_SECRET_ACCESS_KEY" +file_env "ARCHIVE_ENDPOINT_URL" +file_env "REDIS_URL" + +# aleph +file_env "ALEPH_SECRET_KEY" +file_env "ALEPH_DATABASE_URI" +file_env "FTM_STORE_URI" +file_env "ALEPH_ELASTICSEARCH_URI" +file_env "ALEPH_OAUTH_SECRET" +file_env "ALEPH_MAIL_PASSWORD" + + +# extra entrypoints +if [ "$1" = "gunicorn" ] || [ "$1" = "aleph" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.env.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: Sourcing $f" + . "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: Ignoring $f, not executable" + fi + ;; + *.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: Launching $f" + "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: Ignoring $f, not executable" + fi + ;; + *) entrypoint_log "$0: Ignoring $f" ;; + esac + done + + entrypoint_log "$0: Configuration complete; ready for start up" + else + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@"