adjust Dockerfile & entrypoint and add Dependabot, CI & docker release

.dockerignore

@@ -1,9 +1,10 @@
-__pycache__
-.mypy_cache
-.pytest_cache
-.vscode
-cvdupdate.egg-info
-/build
-/dist
-/tests
-.github
+__pycache__
+.git
+.github
+.mypy_cache
+.pytest_cache
+.vscode
+*cvdupdate.egg-info
+/build
+/dist
+/tests

.github/dependabot.yml

@@ -0,0 +1,30 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      time: "09:00"
+      timezone: "Europe/Berlin"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      time: "09:00"
+      timezone: "Europe/Berlin"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      time: "09:00"
+      timezone: "Europe/Berlin"
+
+  - package-ecosystem: "pip"
+    directory: "/cvdupdate"
+    schedule:
+      interval: "weekly"
+      time: "09:00"
+      timezone: "Europe/Berlin"

.github/release-drafter.yml

@@ -0,0 +1,37 @@
+name-template: '$RESOLVED_VERSION'
+tag-template: '$RESOLVED_VERSION'
+categories:
+  - title: '🚀 Features'
+    labels:
+      - 'feature'
+      - 'enhancement'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'fix'
+      - 'bugfix'
+      - 'bug'
+  - title: '🧹 Maintenance'
+    labels:
+      - 'chore'
+      - 'dependencies'
+version-resolver:
+  major:
+    labels:
+      - 'feature'
+  minor:
+    labels:
+      - 'enhancement'
+  patch:
+    labels:
+      - 'fix'
+      - 'bugfix'
+      - 'bug'
+      - 'chore'
+      - 'dependencies'
+  default: patch
+template: |
+  ## Changes
+
+  $CHANGES
+
+  **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...$RESOLVED_VERSION

.github/workflows/ci.yaml

@@ -0,0 +1,42 @@
+name: ci
+
+on: 
+  pull_request:
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Docker metadata action
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images:
+            cvdupdate-local
+          tags: |
+            type=raw,latest
+
+      - name: Build Dockerimage
+        id: docker_build
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=docker,dest=/tmp/cvdupdate-local.tar
+          platforms: linux/amd64
+          push: false
+          tags: ${{ steps.meta.outputs.tags }}
+
+      - name: Run Dockerimage
+        run: |
+          docker load --input /tmp/cvdupdate-local.tar
+          docker run -d --net=host cvdupdate-local serve
+          sleep 30
+          curl --fail --silent --output /dev/null http://localhost:8000/main.cvd

.github/workflows/docker-release.yaml

@@ -0,0 +1,57 @@
+name: docker-release
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - '*'
+  schedule:
+    - cron:  '0 0 * * *'
+
+jobs:
+  docker-build-push:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+
+      - name: Docker metadata action
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/cvdupdate
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value={{date 'YYYYMMDD-HHmmss' tz='Europe/Berlin'}},enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/pypi.yaml

@@ -11,7 +11,7 @@ jobs:
     - uses: actions/checkout@master
 
     - name: Set up Python 3.7
-      uses: actions/setup-python@v1
+      uses: actions/setup-python@v4
       with:
         python-version: 3.7
 

.github/workflows/release-drafter.yaml

@@ -0,0 +1,22 @@
+name: Release Drafter
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+permissions:
+  contents: read
+
+jobs:
+  update_release_draft:
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: release-drafter/release-drafter@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -1,7 +1,24 @@
-FROM python:3-slim
-RUN apt-get -y update \
-    && apt-get -y --no-install-recommends install cron gosu \
-    && rm -rf /var/lib/apt/lists/*
-COPY . /dist
-RUN pip install --no-cache-dir /dist
-ENTRYPOINT [ "/dist/scripts/docker-entrypoint.sh" ]
+FROM python:3.12.0b1-slim
+
+WORKDIR /cvdupdate
+
+RUN apt-get -y update && \
+    apt-get -y --no-install-recommends install cron sudo && \
+    apt-get -y clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    useradd --no-create-home --home-dir /cvdupdate --uid 1000 cvdupdate && \
+    echo '30 */4 * * * /usr/local/bin/cvdupdate update > /proc/1/fd/1 2>&1' >> /etc/cron.d/cvdupdate && \
+    echo '@reboot /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2' >> /etc/cron.d/cvdupdate && \
+    crontab -u cvdupdate /etc/cron.d/cvdupdate && \
+    echo "cvdupdate\tALL=(ALL:ALL) NOPASSWD: /usr/sbin/cron" >> /etc/sudoers
+
+COPY . .
+
+RUN pip install --no-cache-dir . && \
+    chown cvdupdate:cvdupdate -R /cvdupdate
+
+USER cvdupdate:cvdupdate
+
+RUN cvd update
+
+ENTRYPOINT [ "./scripts/docker-entrypoint.sh" ]

README.md

@@ -295,34 +295,12 @@ Run image, that will automaticly update databases in folder `/srv/cvdupdate` and
 
 ```bash
 docker run -d \
-  -v /srv/cvdupdate:/cvdupdate/database \
-  -v /var/log/cvdupdate:/cvdupdate/logs \
+  -v /srv/cvdupdate:/cvdupdate/.cvdupdate/database \
+  -v /var/log/cvdupdate:/cvdupdate/.cvdupdate/logs \
   cvdupdate:latest
 ```
 
-Run image, that will automaticly update databases in folder `/srv/cvdupdate`, write logs to `/var/log/cvdupdate` and set owner of files to user with ID 1000
-
-```bash
-docker run -d \
-  -v /srv/cvdupdate:/cvdupdate/database \
-  -v /var/log/cvdupdate:/cvdupdate/logs \
-  -e USER_ID=1000 \
-  cvdupdate:latest
-```
-
-Default update interval is `30 */4 * * *` (see [Cron Example](#cron-example))
-
-You may pass custom update interval in environment variable `CRON`
-
-For example - update every day in 00:00
-
-```bash
-docker run -d \
-  -v /srv/cvdupdate:/cvdupdate/database \
-  -v /var/log/cvdupdate:/cvdupdate/logs \
-  -e CRON='0 0 * * *' \
-  cvdupdate:latest
-  ```
+Update interval is `30 */4 * * *` (see [Cron Example](#cron-example))
 
 ## Contribute
 

scripts/docker-entrypoint.sh

@@ -1,41 +1,18 @@
 #!/bin/bash
-USER_ID="${USER_ID:-0}"
+#
+# cvdupdate & cron entrypoint
+#
+
+set -e
+
 SCRIPT_PATH=$(readlink -f "$0")
-echo "ClamAV Private Database Mirror Updater Cron ${SCRIPT_PATH}"
-if [ "${USER_ID}" -ne "0" ]; then
-    echo "Creating user with ID ${USER_ID}"
-    useradd --create-home --home-dir /cvdupdate --uid "${USER_ID}" cvdupdate
-    chown -R "${USER_ID}" /cvdupdate
-    gosu cvdupdate cvdupdate config set --logdir /cvdupdate/logs
-    gosu cvdupdate cvdupdate config set --dbdir /cvdupdate/database
-else
-    mkdir -p /cvdupdate/{logs,database}
-    cvdupdate config set --logdir /cvdupdate/logs
-    cvdupdate config set --dbdir /cvdupdate/database
-fi
 
-if [ $# -eq 0 ]; then
-    set -e
+if [ $# -eq 0  ]; then
+    echo "ClamAV Private Database Mirror Updater Cron ${SCRIPT_PATH}"
 
-    echo "Adding crontab entry"
-    if [ "${USER_ID}" -ne "0" ]; then
-        crontab -l | {
-            cat
-            echo "${CRON:-"30 */4 * * *"} /usr/sbin/gosu cvdupdate /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
-            echo "@reboot /usr/sbin/gosu cvdupdate /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
-        } | crontab -
-    else
-        crontab -l | {
-            cat
-            echo "${CRON:-"30 */4 * * *"} /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
-            echo "@reboot /usr/local/bin/cvdupdate update >/proc/1/fd/1 2>/proc/1/fd/2"
-        } | crontab -
-    fi
-    cron -f
+    sudo cron -f
 else
-    if [ "${USER_ID}" -ne "0" ]; then
-        exec gosu cvdupdate "$@"
-    else
-        exec "$@"
-    fi
+    echo "ClamAV Private Database Mirror Updater "$@" ${SCRIPT_PATH}"
+
+    cvdupdate "$@"
 fi