diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 31f466c..c069344 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -10,12 +10,12 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - name: Checks-out repository - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: submodules: true - name: Enable cache - uses: actions/cache@v2.1.1 + uses: actions/cache@v4 with: path: $GITHUB_WORKSPACE/cache key: cache @@ -50,7 +50,7 @@ jobs: - name: test run: | # Set the path and install the tools - export PATH="$GITHUB_WORKSPACE/cache/bin:$PATH" + export PATH="$HOME/bin:$PATH" ./hack/helpers/install-tools.sh # Start buildkit bkaddr="$(./hack/helpers/start-buildkit.sh 2>/dev/null)" diff --git a/DEVELOP.md b/DEVELOP.md index 73dfe5a..46931a8 100644 --- a/DEVELOP.md +++ b/DEVELOP.md @@ -10,18 +10,18 @@ ### The what -This image is built using: `docker.io/dubodubonduponey/base:builder-bullseye-2022-12-01` +This image is built using: `docker.io/dubodubonduponey/base:builder-bookworm-2024-02-20` -The runtime part is based on: `docker.io/dubodubonduponey/base:runtime-bullseye-2022-12-01` +The runtime part is based on: `docker.io/dubodubonduponey/base:runtime-bookworm-2024-02-20` -Both these images are built upon: `docker.io/dubodubonduponey/debian:bullseye-2022-12-01` +Both these images are built upon: `docker.io/dubodubonduponey/debian:bookworm-2024-02-20` You can find out more here: * https://github.com/dubo-dubon-duponey/docker-debian for the debootstrapped Debian base * https://github.com/dubo-dubon-duponey/docker-base for the builder and runtime images -These images provide very little - they are (mostly) barebone bullseye with some ONBUILD +These images provide very little - they are (mostly) barebone bookworm with some ONBUILD Docker syntactic sugar (metadata, user creation, entrypoint). Let me repeat: you have very little reason to go and add anything up there. diff --git a/Dockerfile b/Dockerfile index 14e9475..89bbada 100644 --- a/Dockerfile +++ b/Dockerfile @@ -189,7 +189,7 @@ ENV MOD_MDNS_ENABLED=false ENV MOD_MDNS_TYPE="_$_SERVICE_TYPE._tcp" # Name is used as a short description for the service ENV MOD_MDNS_NAME="$_SERVICE_NICK mDNS display name" -# The service will be annonced and reachable at $MDNS_HOST.local (set to empty string to disable mDNS announces entirely) +# The service will be annonced and reachable at $MOD_MDNS_HOST.local (set to empty string to disable mDNS announces entirely) ENV MOD_MDNS_HOST="$_SERVICE_NICK" # Also announce the service as a workstation (for example for the benefit of coreDNS mDNS) ENV ADVANCED_MOD_MDNS_STATION=true diff --git a/README.md b/README.md index 806b8cb..a910f2a 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ This is based on [LibreSpot](https://github.com/librespot-org/librespot). This is useful in the following scenarios: - 1. you are a hobbyist and you want to turn a small appliance connected to speakers into a Spotify Connect receiver (typically a raspberry pi) + 1. you are a hobbyist, and you want to turn a small appliance connected to speakers into a Spotify Connect receiver (typically a raspberry pi) 1. that's it :-) ## Image features @@ -16,27 +16,17 @@ This is useful in the following scenarios: * [x] linux/arm64 * hardened: * [x] image runs read-only - * [x] image runs with no capabilities but NET_BIND_SERVICE + * [x] image runs with no capabilities (you need NET_BIND_SERVICE if you want to use privileged ports obviously) * [x] process runs as a non-root user, disabled login, no shell * lightweight - * [x] based on our slim [Debian Bullseye](https://github.com/dubo-dubon-duponey/docker-debian) + * [x] based on our slim [Debian Bookworm](https://github.com/dubo-dubon-duponey/docker-debian) * [x] simple entrypoint script - * [ ] multi-stage build ~~with no installed dependencies~~ dependent on the following for the runtime image: - * libpulse0 - * libasound2 + * [ ] multi-stage build with ~~zero packages~~ `libpulse0`, `libasound2` installed in the runtime image * observable * [x] healthcheck * [x] log to stdout * [ ] ~~prometheus endpoint~~ -unsupported (probably builds - but I lost interest): - * [ ] linux/arm/v7 - * [ ] linux/arm/v6 - * [ ] linux/386 - * [ ] linux/ppc64le - * [ ] linux/s390x - - ## Run The following is the most straight-forward example, using host networking: diff --git a/context/runtime/boot/entrypoint.sh b/context/runtime/boot/entrypoint.sh index a1c9abc..4053654 100644 --- a/context/runtime/boot/entrypoint.sh +++ b/context/runtime/boot/entrypoint.sh @@ -4,9 +4,9 @@ set -o errexit -o errtrace -o functrace -o nounset -o pipefail root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)" readonly root # shellcheck source=/dev/null -source "$root/helpers.sh" +. "$root/helpers.sh" # shellcheck source=/dev/null -source "$root/mdns.sh" +. "$root/mdns.sh" helpers::dir::writable /tmp @@ -21,13 +21,12 @@ args=(--cache-size-limit 8G --cache /tmp/cache --name "${MOD_MDNS_NAME:-Sproutif [ "${MOD_MDNS_ENABLED:-}" != true ] || { [ "${ADVANCED_MOD_MDNS_STATION:-}" != true ] || mdns::records::add "_workstation._tcp" "${MOD_MDNS_HOST}" "${MOD_MDNS_NAME:-}" "$PORT" mdns::records::add "${ADVANCED_MOD_MDNS_TYPE:-_spotify-connect._tcp}" "${MOD_MDNS_HOST:-}" "${MOD_MDNS_NAME:-}" "$PORT" '["VERSION=1", "CPath=/"]' - mdns::start::broadcaster & + mdns::start::broadcaster args+=(--disable-discovery) } -normalized_log_level="$(printf "%s" "$LOG_LEVEL" | tr '[:upper:]' '[:lower:]')" -[ "$normalized_log_level" != "debug" ] || args+=(--verbose) -[ "$normalized_log_level" != "error" ] && [ "$normalized_log_level" != "warning" ] || args+=(--quiet) +[ "$LOG_LEVEL" != "debug" ] || args+=(--verbose) +[ "$LOG_LEVEL" != "error" ] && [ "$LOG_LEVEL" != "warning" ] || args+=(--quiet) [ ! "$OUTPUT" ] || args+=(--backend "$OUTPUT") [ ! "$DEVICE" ] || args+=(--device "$DEVICE") diff --git a/context/runtime/boot/helpers.sh b/context/runtime/boot/helpers.sh index ceb987e..6b3e621 100644 --- a/context/runtime/boot/helpers.sh +++ b/context/runtime/boot/helpers.sh @@ -10,3 +10,23 @@ helpers::dir::writable(){ exit 1 } } + +helpers::log::normalize(){ + local lower + lower="$(printf "%s" "${LOG_LEVEL:-}" | tr '[:upper:]' '[:lower:]')" + case "$lower" in + "debug") + ;; + "info") + ;; + "error") + ;; + *) + lower="warning" + ;; + esac + LOG_LEVEL="$lower" + printf "%s" "$LOG_LEVEL" +} + +helpers::log::normalize >/dev/null diff --git a/context/runtime/boot/mdns.sh b/context/runtime/boot/mdns.sh index b0007c6..4afac4a 100755 --- a/context/runtime/boot/mdns.sh +++ b/context/runtime/boot/mdns.sh @@ -38,7 +38,7 @@ mdns::records::resolve(){ mdns::start::broadcaster(){ [ ! -e "$_default_mod_mdns_configuration_path" ] || mdns::records::load "$_default_mod_mdns_configuration_path" local IFS="," - goello-server-ng -json "[${_internal_mod_mdns_records[*]}]" + goello-server-ng -json "[${_internal_mod_mdns_records[*]}]" & } mdns::start::avahi(){ @@ -51,7 +51,9 @@ mdns::start::avahi(){ # - project is half-dead: https://github.com/lathiat/avahi/issues/388 local args=() - local avahisocket="$XDG_STATE_HOME/avahi-daemon/socket" + # local avahisocket="$XDG_STATE_HOME/avahi-daemon/socket" + # XXX giving up on trying to be fancy with avahi + local avahisocket="/run/avahi-daemon/socket" # Make sure we can write it helpers::dir::writable "$(dirname "$avahisocket")" true @@ -59,7 +61,7 @@ mdns::start::avahi(){ # Cleanup leftovers on container restart rm -f "$(dirname "$avahisocket")/pid" - [ "$(printf "%s" "$LOG_LEVEL" | tr '[:upper:]' '[:lower:]')" != "debug" ] || args+=(--debug) + [ "$LOG_LEVEL" != "debug" ] || args+=(--debug) # -D/--daemonize implies -s/--syslog that we do not want, so, just background it avahi-daemon -f /config/avahi/main.conf --no-drop-root --no-chroot "${args[@]}" & diff --git a/cue.mod/pkg/duponey.cloud/buildkit/buildctl/buildctl.cue b/cue.mod/pkg/duponey.cloud/buildkit/buildctl/buildctl.cue index 7a74ef0..e91385a 100644 --- a/cue.mod/pkg/duponey.cloud/buildkit/buildctl/buildctl.cue +++ b/cue.mod/pkg/duponey.cloud/buildkit/buildctl/buildctl.cue @@ -72,7 +72,7 @@ import ( ["--local", "dockerfile=\(dockerfile)"] + ["--frontend", frontend] + - ["--trace", "buildctl.trace.json"] + + ["--trace", "cache/buildctl.trace.json"] + ["--opt", "filename=\(filename)"] + ["--local", "context=\(context)"] + diff --git a/cue.mod/pkg/duponey.cloud/scullery/icing.cue b/cue.mod/pkg/duponey.cloud/scullery/icing.cue index 6fbfcb2..fe17b30 100644 --- a/cue.mod/pkg/duponey.cloud/scullery/icing.cue +++ b/cue.mod/pkg/duponey.cloud/scullery/icing.cue @@ -64,7 +64,7 @@ import ( #Icing: { // XXX make this type more specific buildkit?: { - address?: string | * "docker-container://buildkitd" + address?: string | * "docker-container://dbdbdp-buildkit" name?: string ca?: types.#Path cert?: types.#Path diff --git a/hack/build.sh b/hack/build.sh index 26f7246..0133f44 100755 --- a/hack/build.sh +++ b/hack/build.sh @@ -6,7 +6,9 @@ root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)/../" readonly root # shellcheck source=/dev/null -BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" source "$root/hack/helpers/install-tools.sh" +BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" . "$root/hack/helpers/install-tools.sh" + +rm -f "$root/cache/buildctl.trace.json" # Build the cue invocation params=(cue) @@ -22,7 +24,7 @@ case "${1:-}" in *) cd "$root" target=image - files=("$root/hack/recipe.cue" "$root/hack/cue_tool.cue") + files=("$root/hack/recipe.cue" "$root/hack/helpers/cue_tool.cue") isparam= for i in "$@"; do if [ "${i:0:2}" == "--" ]; then diff --git a/hack/cue_tool.cue b/hack/helpers/cue_tool.cue similarity index 100% rename from hack/cue_tool.cue rename to hack/helpers/cue_tool.cue diff --git a/hack/helpers/install-tools.sh b/hack/helpers/install-tools.sh index 8be862c..0166b3a 100755 --- a/hack/helpers/install-tools.sh +++ b/hack/helpers/install-tools.sh @@ -1,15 +1,15 @@ #!/usr/bin/env bash set -o errexit -o errtrace -o functrace -o nounset -o pipefail -export SUITE=bullseye -export DATE=2021-08-01 +export SUITE=bookworm +export DATE=2024-02-20 export BIN_LOCATION="${BIN_LOCATION:-$HOME/bin}" export PATH="$BIN_LOCATION:$PATH" readonly IMAGE_TOOLS="${IMAGE_TOOLS:-dubodubonduponey/tools:$(uname -s | grep -q Darwin && printf "macos" || printf "linux-dev")-$SUITE-$DATE}" -export SHELLCHECK_VERSION=0.7.2 -export HADOLINT_VERSION=2.7.0 +export SHELLCHECK_VERSION=0.10.0 +export HADOLINT_VERSION=2.12.0 setup::tools(){ local location="$1" diff --git a/hack/helpers/start-buildkit.sh b/hack/helpers/start-buildkit.sh index 80702fa..b1b98b3 100755 --- a/hack/helpers/start-buildkit.sh +++ b/hack/helpers/start-buildkit.sh @@ -1,10 +1,8 @@ #!/usr/bin/env bash set -o errexit -o errtrace -o functrace -o nounset -o pipefail -export SUITE=bullseye -export DATE=2021-08-01 - -readonly IMAGE_BLDKT="${IMAGE_BLDKT:-docker.io/dubodubonduponey/buildkit:$SUITE-$DATE}" +export TAG=latest +readonly IMAGE_BLDKT="${IMAGE_BLDKT:-docker.io/dubodubonduponey/buildkit:$TAG}" setup::buildkit() { [ "$(docker container inspect -f '{{.State.Running}}' dbdbdp-buildkit 2>/dev/null)" == "true" ] || { @@ -12,14 +10,15 @@ setup::buildkit() { -p 4242:4242 \ --network host \ --name dbdbdp-buildkit \ - --env MDNS_ENABLED=true \ - --env MDNS_HOST=buildkit-machina \ - --env MDNS_NAME="Dubo Buildkit on la machina" \ + --env MOD_MDNS_ENABLED=true \ + --env MOD_MDNS_HOST=buildkit-machina \ + --env MOD_MDNS_NAME="Dubo Buildkit on la machina" \ --entrypoint buildkitd \ --user root \ --privileged \ "$IMAGE_BLDKT" docker exec --env QEMU_BINARY_PATH=/boot/bin/ dbdbdp-buildkit binfmt --install all + docker exec dbdbdp-buildkit mkdir /tmp/runtime } } diff --git a/hack/lint.sh b/hack/lint.sh index e39dd2d..127b850 100755 --- a/hack/lint.sh +++ b/hack/lint.sh @@ -1,12 +1,11 @@ #!/usr/bin/env bash set -o errexit -o errtrace -o functrace -o nounset -o pipefail -# shellcheck source=/dev/null root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)/../" readonly root # shellcheck source=/dev/null -BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" source "$root/hack/helpers/install-tools.sh" +BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" . "$root/hack/helpers/install-tools.sh" # Ignore some hadolint warnings that do not make much sense # DL3006 is about "dO nOT UsE --platform", which is really ludicrous @@ -24,4 +23,6 @@ if ! hadolint "${hadolint_ignore[@]}" "$root"/*Dockerfile*; then exit 1 fi -find "$root" -iname "*.sh" -not -path "*debuerreotype*" -not -path "*cache*" -exec shellcheck {} \; +while read -r line; do + shellcheck "$line" +done < <(find "$root" -iname "*.sh" -not -path "*debuerreotype*" -not -path "*cache*" -not -path "*xxx*" 2>/dev/null || true) diff --git a/hack/recipe.cue b/hack/recipe.cue index db0136c..8db883a 100644 --- a/hack/recipe.cue +++ b/hack/recipe.cue @@ -20,7 +20,7 @@ cakes: { platforms: types.#Platforms | * [ types.#Platforms.#AMD64, types.#Platforms.#ARM64, - types.#Platforms.#V7, + // types.#Platforms.#V7, // types.#Platforms.#I386, // types.#Platforms.#V6, // types.#Platforms.#S390X, @@ -44,8 +44,8 @@ cakes: { } injectors: { - suite: * "bullseye" | =~ "^(?:bullseye|bookworm|trixie|sid)$" @tag(suite, type=string) - date: * "2022-12-01" | =~ "^[0-9]{4}-[0-9]{2}-[0-9]{2}$" @tag(date, type=string) + suite: * "bookworm" | =~ "^(?:bullseye|bookworm|trixie|sid)$" @tag(suite, type=string) + date: * "2024-02-20" | =~ "^[0-9]{4}-[0-9]{2}-[0-9]{2}$" @tag(date, type=string) platforms: string @tag(platforms, type=string) registry: * "registry.local" | string @tag(registry, type=string) } diff --git a/hack/test.sh b/hack/test.sh index ac1a5a1..14be565 100755 --- a/hack/test.sh +++ b/hack/test.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash set -o errexit -o errtrace -o functrace -o nounset -o pipefail -# shellcheck source=/dev/null root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)/../" +readonly root # Simple no-thrill build tester # XXX Currently reduced to a single architecture to avoid using all disk space until we figure out our space efficiency problem (likely the fat builder image getting duplicated over and over) @@ -10,8 +10,8 @@ root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)/../" if ! "$root/hack/build.sh" \ --inject registry="docker.io/dubodubonduponey" \ --inject progress=plain \ - --inject date=2022-12-01 \ - --inject suite=bullseye \ + --inject date=2024-02-20 \ + --inject suite=bookworm \ --inject platforms=linux/arm64 \ "image" "$@"; then printf >&2 "Failed building\n"