Skip to content

Commit

Permalink
Cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
dubo-dubon-duponey committed Mar 15, 2024
1 parent 92e6203 commit 2a9ba52
Show file tree
Hide file tree
Showing 16 changed files with 73 additions and 53 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/CI.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checks-out repository
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
submodules: true

- name: Enable cache
uses: actions/cache@v2.1.1
uses: actions/cache@v4
with:
path: $GITHUB_WORKSPACE/cache
key: cache
Expand Down Expand Up @@ -50,7 +50,7 @@ jobs:
- name: test
run: |
# Set the path and install the tools
export PATH="$GITHUB_WORKSPACE/cache/bin:$PATH"
export PATH="$HOME/bin:$PATH"
./hack/helpers/install-tools.sh
# Start buildkit
bkaddr="$(./hack/helpers/start-buildkit.sh 2>/dev/null)"
Expand Down
8 changes: 4 additions & 4 deletions DEVELOP.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,18 @@

### The what

This image is built using: `docker.io/dubodubonduponey/base:builder-bullseye-2022-12-01`
This image is built using: `docker.io/dubodubonduponey/base:builder-bookworm-2024-02-20`

The runtime part is based on: `docker.io/dubodubonduponey/base:runtime-bullseye-2022-12-01`
The runtime part is based on: `docker.io/dubodubonduponey/base:runtime-bookworm-2024-02-20`

Both these images are built upon: `docker.io/dubodubonduponey/debian:bullseye-2022-12-01`
Both these images are built upon: `docker.io/dubodubonduponey/debian:bookworm-2024-02-20`

You can find out more here:

* https://github.com/dubo-dubon-duponey/docker-debian for the debootstrapped Debian base
* https://github.com/dubo-dubon-duponey/docker-base for the builder and runtime images

These images provide very little - they are (mostly) barebone bullseye with some ONBUILD
These images provide very little - they are (mostly) barebone bookworm with some ONBUILD
Docker syntactic sugar (metadata, user creation, entrypoint).

Let me repeat: you have very little reason to go and add anything up there.
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ RUN git clone --recurse-submodules https://"$GIT_REPO" .; git checkout
ARG GIT_REPO_REPLACE=github.com/caddyserver/replace-response
#ARG GIT_VERSION_REPLACE=8fa6a90
#ARG GIT_COMMIT_REPLACE=8fa6a90147d10fa192ad9fd1df2b97c1844ed322
ARG GIT_VERSION=d7523f4
ARG GIT_COMMIT_REPLACE=d7523f42f84a2fa09d64c957f1e6795ece355425
ARG GIT_VERSION=a85d4dd
ARG GIT_COMMIT_REPLACE=a85d4ddc11d635c093074205bd32f56d05fc7811

RUN echo "require $GIT_REPO_REPLACE $GIT_COMMIT_REPLACE" >> go.mod

Expand Down
20 changes: 9 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,37 +2,34 @@

Two Docker images for Roon Bridge & Roon Server.

Bonus / extra features:
Additionally:
* roon display is served over TLS and announced under mDNS
* logs are exposed on stdout

## DISCLAIMER

* this is an UNOFFICIAL image, and is NOT produced, endorsed nor supported by [Roon Labs](https://roonlabs.com/)
* if you are a newcomer, if you expect any kind of support, or simply any guarantee that Roon will work, do yourself a huge favor: just use one of the [official Roon downloads](https://roonlabs.com/downloads)
* if you are using this and have an issue with it, you are on your own
* if you are still here, and plan on using this, and while we try to make this simple to use, you should still have some reasonable understanding and familiarity with:
* docker overall
* linux sound sub-system
* networking
* most people should just use one of the [official Roon downloads](https://roonlabs.com/downloads)
* tinkerers, you are welcome

## Image features

* multi-architecture:
* [x] linux/amd64
* [x] linux/arm64 (bridge only)
* [x] linux/arm/v7 (bridge only)
* hardened:
* [x] image runs read-only
* [x] image runs with no capabilities
* [x] process runs as a non-root user, disabled login, no shell
* lightweight
* [x] based on our slim [Debian Bullseye](https://github.com/dubo-dubon-duponey/docker-debian)
* [x] based on our slim [Debian Bookworm](https://github.com/dubo-dubon-duponey/docker-debian)
* [x] simple entrypoint script
* [ ] multi-stage build with no installed dependencies for the Bridge runtime image, one dependency for Server (ffmpeg)
* [x] multi-stage build with zero packages installed in the runtime image (for the bridge)
* [ ] multi-stage build with ~~zero packages~~ `ffmpeg` installed in the runtime image (for the server)
* observable
* [ ] healthcheck (server only)
* [x] log to stdout
* [ ] ~~prometheus endpoint~~

## Run

Expand All @@ -59,7 +56,8 @@ docker run -d \

## GOTCHA

Debian by default limits inotify watches to 8192, which might turns out to be too little.
Debian by default limits inotify watches to 8192, which might turns out to be too little
for the server.

You probably want to bump that up to prevent your system from crashing / rebooting...

Expand Down
12 changes: 5 additions & 7 deletions context/runtime/boot/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ set -o errexit -o errtrace -o functrace -o nounset -o pipefail
root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)"
readonly root
# shellcheck source=/dev/null
source "$root/helpers.sh"
. "$root/helpers.sh"
# shellcheck source=/dev/null
source "$root/mdns.sh"
. "$root/mdns.sh"
# shellcheck source=/dev/null
source "$root/http.sh"
. "$root/http.sh"

helpers::dir::writable "/tmp"

Expand All @@ -18,9 +18,7 @@ helpers::dir::writable "$XDG_DATA_DIRS" create
helpers::dir::writable "$ROON_ID_DIR" create
helpers::dir::writable "$ROON_DATAROOT" create

LOG_LEVEL="${LOG_LEVEL:-}"
normalized_log_level="$(printf "%s" "$LOG_LEVEL" | tr '[:upper:]' '[:lower:]')"
case "$normalized_log_level" in
case "$LOG_LEVEL" in
"debug")
reg="Trace"
;;
Expand Down Expand Up @@ -73,7 +71,7 @@ helpers::dir::writable "$XDG_CACHE_HOME" create
_mdns_port="$([ "${MOD_HTTP_TLS_ENABLED:-}" == true ] && printf "%s" "${ADVANCED_MOD_HTTP_PORT:-443}" || printf "%s" "${ADVANCED_MOD_HTTP_PORT_INSECURE:-80}")"
[ "${ADVANCED_MOD_MDNS_STATION:-}" != true ] || mdns::records::add "_workstation._tcp" "${MOD_MDNS_HOST}" "${MOD_MDNS_NAME:-}" "$_mdns_port"
mdns::records::add "$_mdns_type" "${MOD_MDNS_HOST:-}" "${MOD_MDNS_NAME:-}" "$_mdns_port"
mdns::start::broadcaster &
mdns::start::broadcaster
}

# TLS and HTTP
Expand Down
20 changes: 20 additions & 0 deletions context/runtime/boot/helpers.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,23 @@ helpers::dir::writable(){
exit 1
}
}

helpers::log::normalize(){
local lower
lower="$(printf "%s" "${LOG_LEVEL:-}" | tr '[:upper:]' '[:lower:]')"
case "$lower" in
"debug")
;;
"info")
;;
"error")
;;
*)
lower="warning"
;;
esac
LOG_LEVEL="$lower"
printf "%s" "$LOG_LEVEL"
}

helpers::log::normalize >/dev/null
8 changes: 5 additions & 3 deletions context/runtime/boot/mdns.sh
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ mdns::records::resolve(){
mdns::start::broadcaster(){
[ ! -e "$_default_mod_mdns_configuration_path" ] || mdns::records::load "$_default_mod_mdns_configuration_path"
local IFS=","
goello-server-ng -json "[${_internal_mod_mdns_records[*]}]"
goello-server-ng -json "[${_internal_mod_mdns_records[*]}]" &
}

mdns::start::avahi(){
Expand All @@ -51,15 +51,17 @@ mdns::start::avahi(){
# - project is half-dead: https://github.com/lathiat/avahi/issues/388

local args=()
local avahisocket="$XDG_STATE_HOME/avahi-daemon/socket"
# local avahisocket="$XDG_STATE_HOME/avahi-daemon/socket"
# XXX giving up on trying to be fancy with avahi
local avahisocket="/run/avahi-daemon/socket"

# Make sure we can write it
helpers::dir::writable "$(dirname "$avahisocket")" true

# Cleanup leftovers on container restart
rm -f "$(dirname "$avahisocket")/pid"

[ "$(printf "%s" "$LOG_LEVEL" | tr '[:upper:]' '[:lower:]')" != "debug" ] || args+=(--debug)
[ "$LOG_LEVEL" != "debug" ] || args+=(--debug)

# -D/--daemonize implies -s/--syslog that we do not want, so, just background it
avahi-daemon -f /config/avahi/main.conf --no-drop-root --no-chroot "${args[@]}" &
Expand Down
2 changes: 1 addition & 1 deletion cue.mod/pkg/duponey.cloud/buildkit/buildctl/buildctl.cue
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ import (

["--local", "dockerfile=\(dockerfile)"] +
["--frontend", frontend] +
["--trace", "buildctl.trace.json"] +
["--trace", "cache/buildctl.trace.json"] +
["--opt", "filename=\(filename)"] +

["--local", "context=\(context)"] +
Expand Down
2 changes: 1 addition & 1 deletion cue.mod/pkg/duponey.cloud/scullery/icing.cue
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ import (
#Icing: {
// XXX make this type more specific
buildkit?: {
address?: string | * "docker-container://buildkitd"
address?: string | * "docker-container://dbdbdp-buildkit"
name?: string
ca?: types.#Path
cert?: types.#Path
Expand Down
6 changes: 4 additions & 2 deletions hack/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)/../"
readonly root

# shellcheck source=/dev/null
BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" source "$root/hack/helpers/install-tools.sh"
BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" . "$root/hack/helpers/install-tools.sh"

rm -f "$root/cache/buildctl.trace.json"

# Build the cue invocation
params=(cue)
Expand All @@ -22,7 +24,7 @@ case "${1:-}" in
*)
cd "$root"
target=image
files=("$root/hack/recipe.cue" "$root/hack/cue_tool.cue")
files=("$root/hack/recipe.cue" "$root/hack/helpers/cue_tool.cue")
isparam=
for i in "$@"; do
if [ "${i:0:2}" == "--" ]; then
Expand Down
File renamed without changes.
8 changes: 4 additions & 4 deletions hack/helpers/install-tools.sh
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
#!/usr/bin/env bash
set -o errexit -o errtrace -o functrace -o nounset -o pipefail

export SUITE=bullseye
export DATE=2021-08-01
export SUITE=bookworm
export DATE=2024-02-20

export BIN_LOCATION="${BIN_LOCATION:-$HOME/bin}"
export PATH="$BIN_LOCATION:$PATH"
readonly IMAGE_TOOLS="${IMAGE_TOOLS:-dubodubonduponey/tools:$(uname -s | grep -q Darwin && printf "macos" || printf "linux-dev")-$SUITE-$DATE}"

export SHELLCHECK_VERSION=0.7.2
export HADOLINT_VERSION=2.7.0
export SHELLCHECK_VERSION=0.10.0
export HADOLINT_VERSION=2.12.0

setup::tools(){
local location="$1"
Expand Down
13 changes: 6 additions & 7 deletions hack/helpers/start-buildkit.sh
Original file line number Diff line number Diff line change
@@ -1,25 +1,24 @@
#!/usr/bin/env bash
set -o errexit -o errtrace -o functrace -o nounset -o pipefail

export SUITE=bullseye
export DATE=2021-08-01

readonly IMAGE_BLDKT="${IMAGE_BLDKT:-docker.io/dubodubonduponey/buildkit:$SUITE-$DATE}"
export TAG=latest
readonly IMAGE_BLDKT="${IMAGE_BLDKT:-docker.io/dubodubonduponey/buildkit:$TAG}"

setup::buildkit() {
[ "$(docker container inspect -f '{{.State.Running}}' dbdbdp-buildkit 2>/dev/null)" == "true" ] || {
docker run --pull always --rm -d \
-p 4242:4242 \
--network host \
--name dbdbdp-buildkit \
--env MDNS_ENABLED=true \
--env MDNS_HOST=buildkit-machina \
--env MDNS_NAME="Dubo Buildkit on la machina" \
--env MOD_MDNS_ENABLED=true \
--env MOD_MDNS_HOST=buildkit-machina \
--env MOD_MDNS_NAME="Dubo Buildkit on la machina" \
--entrypoint buildkitd \
--user root \
--privileged \
"$IMAGE_BLDKT"
docker exec --env QEMU_BINARY_PATH=/boot/bin/ dbdbdp-buildkit binfmt --install all
docker exec dbdbdp-buildkit mkdir /tmp/runtime
}
}

Expand Down
7 changes: 4 additions & 3 deletions hack/lint.sh
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
#!/usr/bin/env bash
set -o errexit -o errtrace -o functrace -o nounset -o pipefail

# shellcheck source=/dev/null
root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)/../"
readonly root

# shellcheck source=/dev/null
BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" source "$root/hack/helpers/install-tools.sh"
BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" . "$root/hack/helpers/install-tools.sh"

# Ignore some hadolint warnings that do not make much sense
# DL3006 is about "dO nOT UsE --platform", which is really ludicrous
Expand All @@ -24,4 +23,6 @@ if ! hadolint "${hadolint_ignore[@]}" "$root"/*Dockerfile*; then
exit 1
fi

find "$root" -iname "*.sh" -not -path "*debuerreotype*" -not -path "*cache*" -exec shellcheck {} \;
while read -r line; do
shellcheck "$line"
done < <(find "$root" -iname "*.sh" -not -path "*debuerreotype*" -not -path "*cache*" -not -path "*xxx*" 2>/dev/null || true)
4 changes: 2 additions & 2 deletions hack/recipe.cue
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,8 @@ cakes: {
}

injectors: {
suite: * "bullseye" | =~ "^(?:bullseye|bookworm|trixie|sid)$" @tag(suite, type=string)
date: * "2022-12-01" | =~ "^[0-9]{4}-[0-9]{2}-[0-9]{2}$" @tag(date, type=string)
suite: * "bookworm" | =~ "^(?:bullseye|bookworm|trixie|sid)$" @tag(suite, type=string)
date: * "2024-02-20" | =~ "^[0-9]{4}-[0-9]{2}-[0-9]{2}$" @tag(date, type=string)
platforms: string @tag(platforms, type=string)
registry: * "registry.local" | string @tag(registry, type=string)
}
Expand Down
6 changes: 3 additions & 3 deletions hack/test.sh
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
#!/usr/bin/env bash
set -o errexit -o errtrace -o functrace -o nounset -o pipefail

# shellcheck source=/dev/null
root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)/../"
readonly root

# Simple no-thrill build tester
# XXX Currently reduced to a single architecture to avoid using all disk space until we figure out our space efficiency problem (likely the fat builder image getting duplicated over and over)
# Solution would probably be to do like buildkit and fetch with a lightweight go image while build mount from the previous stage instead of inheriting - annoying but probably the only way
if ! "$root/hack/build.sh" \
--inject registry="docker.io/dubodubonduponey" \
--inject progress=plain \
--inject date=2022-12-01 \
--inject suite=bullseye \
--inject date=2024-02-20 \
--inject suite=bookworm \
--inject platforms=linux/arm64 \
"image" "$@"; then
printf >&2 "Failed building\n"
Expand Down

0 comments on commit 2a9ba52

Please sign in to comment.