feat: Exporter turned into a separate Docker image (#2)

BREAKING CHANGE: Reimplemented as Homecentr compliant Docker image Gitignore
homecentr · Jul 1, 2020 · e630131 · e630131
1 parent d51db2a
commit e630131
Show file tree

Hide file tree

Showing 48 changed files with 1,655 additions and 139 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,42 @@
+version: 2
+updates:
+- package-ecosystem: docker
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+  commit-message:
+    prefix: fix
+    include: scope
+- package-ecosystem: gradle
+  directory: "/tests"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+  commit-message:
+    prefix: chore
+    include: scope
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+  commit-message:
+    prefix: ci
+    include: scope
+- package-ecosystem: gomod
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+  commit-message:
+    prefix: fix
+    include: scope
diff --git a/.github/settings.yml b/.github/settings.yml
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,9 +5,35 @@ on:
       - master
   pull_request:
 
+env:
+  IMAGE_NAME: "homecentr/dhcp-exporter"
+
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
-      - run: docker build .
+
+      - name: Set up java for tests execution
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+
+      - name: Set tag var
+        id: vars
+        run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}
+
+      - name: Verify Dockerfile with Hadolint
+        uses: brpaz/hadolint-action@master    
+
+      - name: Build Docker image
+        run: docker build . -t ${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
+
+      - name: Test Docker image
+        run: cd tests && sudo gradle test --info -Ddocker_image_tag=${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
+
+      - name: Scan with Phonito Security
+        uses: phonito/phonito-scanner-action@master
+        with:
+          image: ${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
+          phonito-token: '${{ secrets.PHONITO_TOKEN }}'      
diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
@@ -0,0 +1,74 @@
+name: CI/CD on master
+on:
+  push:
+    branches:
+      - master
+
+env:
+  IMAGE_NAME: "homecentr/dhcp-exporter"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+
+      - name: Set up java for tests execution
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+
+      - name: "Determine release version"
+        uses: codfish/semantic-release-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Verify Dockerfile with Hadolint
+        uses: brpaz/hadolint-action@master
+
+      - name: "Build Docker image"
+        if: env.RELEASE_VERSION != ''
+        run: |
+          docker build . -t "$IMAGE_NAME:$RELEASE_VERSION" \
+              --label "org.label-schema.schema-version=1.0" \
+              --label "org.label-schema.vcs-ref=${GITHUB_SHA}" \
+              --label "org.label-schema.vcs-url=https://github.com/${GITHUB_REPOSITORY}" \
+              --label "org.label-schema.url=https://github.com/${GITHUB_REPOSITORY}" \
+              --label "org.label-schema.vendor=HomeCentr" \
+              --label "version=$RELEASE_VERSION" \
+              --label "org.label-schema.build-date=$(date '+%F %T')"
+
+      - name: Test Docker image
+        if: env.RELEASE_VERSION != ''
+        run: cd tests && sudo gradle test -Ddocker_image_tag=${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
+
+      - name: Scan with Phonito Security
+        if: env.RELEASE_VERSION != ''
+        uses: phonito/phonito-scanner-action@master
+        with:
+          image: ${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
+          phonito-token: '${{ secrets.PHONITO_TOKEN }}'
+
+      - name: "Tag image as latest"
+        if: env.RELEASE_VERSION != ''
+        run: "docker tag $IMAGE_NAME:$RELEASE_VERSION $IMAGE_NAME:latest"
+
+      - name: "Log into Docker Hub"
+        if: env.RELEASE_VERSION != ''
+        run: "echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login --username ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin"
+
+      - name: "Push versioned image"
+        if: env.RELEASE_VERSION != ''
+        run: "docker push $IMAGE_NAME:$RELEASE_VERSION"
+
+      - name: "Push latest image"
+        if: env.RELEASE_VERSION != ''
+        run: "docker push $IMAGE_NAME:latest"
+
+      - name: "Update Docker Hub description"
+        if: env.RELEASE_VERSION != ''
+        uses: peter-evans/dockerhub-description@v2.2.0
+        env:
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+          DOCKERHUB_REPOSITORY: ${{ env.IMAGE_NAME }}
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,23 @@
 iscdhcpd_exporter
 .build
 *.swp
+
+*.class
+*.jar
+*.war
+*.ear
+.gradle
+build
+.gradletasknamecache
+
+**/.idea/workspace.xml
+**/.idea/tasks.xml
+
+# Ignore Gradle GUI config
+gradle-app.setting
+
+# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
+!gradle-wrapper.jar
+
+# Cache of project
+.gradletasknamecache
diff --git a/.promu.yml b/.promu.yml
@@ -1,7 +1,7 @@
 go:
     cgo: true
 repository:
-    path: github.com/homecentr/iscdhcpd_exporter
+    path: github.com/homecentr/docker-dhcp-exporter
 build:
     flags: -a -tags netgo
     ldflags: |

diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,46 @@
-FROM golang as build
+FROM alpine:3.12.0 as build_pools
 
-RUN "env"
+# dhcpd-pools build is based on https://sourceforge.net/projects/dhcpd-pools/files/
+ADD https://netix.dl.sourceforge.net/project/dhcpd-pools/dhcpd-pools-3.0.tar.xz /tmp/dhcpd-pools.tar.xz
+ADD https://github.com/troydhanson/uthash/archive/v2.1.0.zip /tmp/uthash.zip
 
-ADD . /go/src/github.com/homecentr/iscdhcpd_exporter
+    # Install build dependencies
+RUN apk add --no-cache build-base=0.5-r2 && \
+    # Create target directory and extract dhcpd pools
+    mkdir /dhcpd-pools && \
+    tar xvf /tmp/dhcpd-pools.tar.xz -C /dhcpd-pools --strip 1 && \
+    # Extract UTHash and move it version agnostic location
+    unzip /tmp/uthash.zip -d / && \
+    mv /uthash-* /uthash
 
-RUN cd /go/src/github.com/homecentr/iscdhcpd_exporter \
-    && make build
+WORKDIR /dhcpd-pools
+
+    # Build dhcpd pools
+RUN ./configure --with-uthash=/uthash/include && \
+    make && \
+    make check && \
+    make install
+
+FROM golang:1.14.4 as build
+
+COPY . /go/src/github.com/homecentr/docker-dhcp-exporter
+
+WORKDIR /go/src/github.com/homecentr/docker-dhcp-exporter
+
+RUN make build
+
+FROM homecentr/base:2.4.3-alpine
+
+ENV DHCP_EXPORTER_ARGS="--dhcpd.config-file /config/dhcpd.conf --dhcpd.lease-file /leases/dhcpd.leases"
+
+COPY --from=build_pools /dhcpd-pools/dhcpd-pools /usr/bin/dhcpd-pools
+COPY --from=build /go/src/github.com/homecentr/docker-dhcp-exporter/docker-dhcp-exporter /usr/bin/dhcp-exporter
+
+RUN chmod a+x /usr/bin/dhcp-exporter
+
+COPY ./fs/ /
+
+VOLUME "/config"
+VOLUME "/leases"
+
+EXPOSE 9367
diff --git a/README.md b/README.md
@@ -1,27 +1,58 @@
-# ISC-DHCPD exporter
+[![Project status](https://badgen.net/badge/project%20status/stable%20%26%20actively%20maintaned?color=green)](https://github.com/homecentr/docker-dhcp-exporter/graphs/commit-activity) [![](https://badgen.net/github/label-issues/homecentr/docker-dhcp-exporter/bug?label=open%20bugs&color=green)](https://github.com/homecentr/docker-dhcp-exporter/labels/bug) [![](https://badgen.net/github/release/homecentr/docker-dhcp-exporter)](https://hub.docker.com/repository/docker/homecentr/dhcp-exporter)
+[![](https://badgen.net/docker/pulls/homecentr/dhcp-exporter)](https://hub.docker.com/repository/docker/homecentr/dhcp-exporter) 
+[![](https://badgen.net/docker/size/homecentr/dhcp-exporter)](https://hub.docker.com/repository/docker/homecentr/dhcp-exporter)
 
-[![CircleCI](https://circleci.com/gh/spagno/iscdhcpd_exporter/tree/master.svg?style=shield)][circleci]
-[![Docker Pulls](https://img.shields.io/docker/pulls/spagno/iscdhcpd_exporter.svg?maxAge=604800)][hub]
-[![Go Report Card](https://goreportcard.com/badge/github.com/spagno/iscdhcpd_exporter)][goreportcard]
+![CI/CD on master](https://github.com/homecentr/docker-dhcp-exporter/workflows/CI/CD%20on%20master/badge.svg)
+![Regular Docker image vulnerability scan](https://github.com/homecentr/docker-dhcp-exporter/workflows/Regular%20Docker%20image%20vulnerability%20scan/badge.svg)
 
-## Building and running
 
-Prerequisites:
+# HomeCentr - ISC DHCP Prometheus Exporter
 
-* [Go compiler](https://golang.org/dl/)
-* dhcpd-pools installed on the target server
+## Usage
 
-Building:
+```yml
+version: "3.7"
+services:
+  dhcp_exporter:
+    image: homecentr/dhcp
+    volumes:
+        - ./example/config:/config # Make sure both containers share the same configuration
+        - dhcp_leases:/leases:ro   # And leases directory
 
-    go get github.com/spagno/iscdhcpd_exporter
-    cd ${GOPATH-$HOME/go}/src/github.com/spagno/iscdhcpd_exporter
-    make
-    ./iscdhcpd_exporter <flags>
+  dhcp_exporter:
+    image: homecentr/dhcp-exporter
+    volumes:
+        - ./example/config:/config
+        - dhcp_leases:/leases
+
+volumes:
+  dhcp_leases:
+```
 
-To see all available configuration flags:
+## Environment variables
 
-    ./iscdhcpd_exporter -h
+| Name | Default value | Description |
+|------|---------------|-------------|
+| PUID | 7077 | UID of the user dhcp-exporter should be running as. |
+| PGID | 7077 | GID of the user dhcp-exporter should be running as. |
+| DHCP_EXPORTER_ARGS | `--dhcpd.config-file /config/dhcpd.conf --dhcpd.lease-file /leases/dhcpd.leases` | If you mount the configuration file or the lease file to different location, you need to adjust the arguments accordingly. |
 
-[hub]: https://hub.docker.com/r/spagno/iscdhcpd_exporter/
-[circleci]: https://circleci.com/gh/spagno/iscdhcpd_exporter
-[goreportcard]: https://goreportcard.com/report/github.com/spagno/iscdhcpd_exporter
+## Exposed ports
+
+| Port | Protocol | Description |
+|------|------|-------------|
+| 80 | TCP | Some useful details |
+
+## Volumes
+
+| Container path | Description |
+|------------|---------------|
+| /config | Some useful details |
+
+## Security
+The container is regularly scanned for vulnerabilities and updated. Further info can be found in the [Security tab](https://github.com/homecentr/docker-dhcp-exporter/security).
+
+### Container user
+The container supports privilege drop. Even though the container starts as root, it will use the permissions only to perform the initial set up. The dhcp-exporter process runs as UID/GID provided in the PUID and PGID environment variables.
+
+:warning: Do not change the container user directly using the `user` Docker compose property or using the `--user` argument. This would break the privilege drop logic.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,10 @@
+version: "3.7"
+services:
+  dhcp-exporter:
+    build: .
+    image: homecentr/dhcp-exporter:local
+    volumes:
+      - ./example/config:/config
+      - ./example/leases:/leases
+    ports:
+      - 9367:9367
diff --git a/example/config/dhcpd.conf b/example/config/dhcpd.conf
@@ -0,0 +1,8 @@
+authoritative;
+
+option client-arch code 93 = unsigned integer 16;
+
+subnet 172.31.0.0 netmask 255.255.255.0 {
+    range 172.31.0.1 172.31.0.255;
+    option routers 172.31.0.1;
+}