diff --git a/.checkov.yaml b/.checkov.yaml new file mode 100644 index 0000000..9f89a17 --- /dev/null +++ b/.checkov.yaml @@ -0,0 +1,2 @@ +--- +skip-check: CKV_DOCKER_2 diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..fcab6e5 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +* + +!entrypoint.sh diff --git a/.github/workflows/build-and-push-docker.yml b/.github/workflows/build-and-push-docker.yml index 59a729b..f1d57f9 100644 --- a/.github/workflows/build-and-push-docker.yml +++ b/.github/workflows/build-and-push-docker.yml @@ -1,9 +1,13 @@ +--- name: Build and push Docker image to DockerHub -on: + +on: # yamllint disable-line rule:truthy push: tags: - 'v*' +permissions: read-all + jobs: push-to-registries: name: Push Docker image to Docker Hub and GitHub Packages diff --git a/.github/workflows/lint-dockerfile.yml b/.github/workflows/lint-dockerfile.yml deleted file mode 100644 index 5bdfae4..0000000 --- a/.github/workflows/lint-dockerfile.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: Lint - -on: push - -jobs: - linter: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Lint Dockerfile - uses: brpaz/hadolint-action@v1.5.0 - with: - dockerfile: "Dockerfile" diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..12e0687 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,32 @@ +--- +name: Lint + +on: # yamllint disable-line rule:truthy + push: null + pull_request: null + +permissions: {} + +jobs: + build: + name: Lint + runs-on: ubuntu-latest + + permissions: + contents: read + packages: read + # To report GitHub Actions status checks + statuses: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Super-linter + uses: super-linter/super-linter@v7.4.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + FIX_MARKDOWN_PRETTIER: true + FIX_YAML_PRETTIER: true diff --git a/.hadolint.yaml b/.hadolint.yaml deleted file mode 100644 index 49c6f6e..0000000 --- a/.hadolint.yaml +++ /dev/null @@ -1,3 +0,0 @@ -ignored: - - "DL3008" # pin versions in apt install - - "DL3013" # pin versions in pip diff --git a/Dockerfile b/Dockerfile index d0d72b5..3d0339a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,43 +1,65 @@ # syntax=docker/dockerfile:1 -FROM ubuntu:22.04 +FROM docker.io/library/python:3.10-slim-bookworm LABEL \ maintainer="Martin Bjeldbak Madsen " \ org.opencontainers.image.title="acestream-http-proxy" \ - org.opencontainers.image.description="Stream AceStream sources on macOS and other systems without needing to install AceStream player" \ + org.opencontainers.image.description="Stream AceStream sources without needing to install AceStream player" \ org.opencontainers.image.authors="Martin Bjeldbak Madsen " \ org.opencontainers.image.url="https://github.com/martinbjeldbak/acestream-http-proxy" \ org.opencontainers.image.vendor="https://martinbjeldbak.com" -ENV ACESTREAM_VERSION="3.2.3_ubuntu_22.04_x86_64_py3.10" - -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - -# Install acestream dependencies -RUN apt-get update \ - && apt-get install --no-install-recommends -y \ - python3.10 ca-certificates wget sudo \ - && rm -rf /var/lib/apt/lists/* \ - # - # Download acestream - && wget --progress=dot:giga "https://download.acestream.media/linux/acestream_${ACESTREAM_VERSION}.tar.gz" \ - && mkdir acestream \ - && tar zxf "acestream_${ACESTREAM_VERSION}.tar.gz" -C acestream \ - && rm "acestream_${ACESTREAM_VERSION}.tar.gz" \ - && mv acestream /opt/acestream \ - && pushd /opt/acestream || exit \ - && bash ./install_dependencies.sh \ - && popd || exit - -ENV ALLOW_REMOTE_ACCESS="no" -ENV HTTP_PORT=6878 -ENV EXTRA_FLAGS='' - -COPY run.sh / - -ENTRYPOINT ["/usr/bin/bash"] -CMD ["/run.sh"] +ENV DEBIAN_FRONTEND="noninteractive" \ + CRYPTOGRAPHY_DONT_BUILD_RUST=1 \ + PIP_BREAK_SYSTEM_PACKAGES=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ + PIP_NO_CACHE_DIR=1 \ + PIP_ROOT_USER_ACTION=ignore \ + PYTHONDONTWRITEBYTECODE=1 \ + PYTHONUNBUFFERED=1 \ + UV_NO_CACHE=true \ + UV_SYSTEM_PYTHON=true \ + PYTHON_EGG_CACHE=/.cache + +ENV VERSION="3.2.3_ubuntu_22.04_x86_64_py3.10" \ + ALLOW_REMOTE_ACCESS="no" \ + EXTRA_FLAGS='' + +USER root +WORKDIR /app + +# hadolint ignore=DL4006,DL3008,DL3013 +RUN \ + apt-get update \ + && \ + apt-get install --no-install-recommends --no-install-suggests -y \ + bash \ + ca-certificates \ + catatonit \ + curl \ + nano \ + libgirepository1.0-dev \ + && groupadd --gid 1000 appuser \ + && useradd --uid 1000 --gid 1000 -m appuser \ + && mkdir -p /app \ + && mkdir -p /.cache \ + && curl -fsSL "https://download.acestream.media/linux/acestream_${VERSION}.tar.gz" \ + | tar xzf - -C /app \ + && pip install uv \ + && uv pip install --requirement /app/requirements.txt \ + && chown -R appuser:appuser /.cache /app && chmod -R 755 /app \ + && pip uninstall --yes uv \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && apt-get autoremove -y \ + && apt-get clean \ + && rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ + +COPY . / + +USER appuser + +ENTRYPOINT ["/usr/bin/catatonit", "--", "/entrypoint.sh"] EXPOSE 6878/tcp diff --git a/docker-compose.yml b/docker-compose.yml index d50cfe9..12108a8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,4 +7,4 @@ services: environment: - ALLOW_REMOTE_ACCESS=no # change to "yes" to allow internet access # add any extra command line option mentioned in https://docs.acestream.net/developers/engine-command-line-options/ - - EXTRA_FLAGS='' + - EXTRA_FLAGS='' diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..d3c84e9 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +#shellcheck disable=SC2086 + +if [[ $ALLOW_REMOTE_ACCESS == "yes" ]]; then + EXTRA_FLAGS="$EXTRA_FLAGS --bind-all" +fi + +exec \ + /app/start-engine \ + --client-console \ + "$EXTRA_FLAGS" \ + "$@" diff --git a/run.sh b/run.sh deleted file mode 100644 index d6abb33..0000000 --- a/run.sh +++ /dev/null @@ -1,7 +0,0 @@ -if [[ $ALLOW_REMOTE_ACCESS == "yes" ]];then - EXTRA_FLAGS="$EXTRA_FLAGS --bind-all" -fi - -/opt/acestream/start-engine --client-console --http-port $HTTP_PORT $EXTRA_FLAGS - -