diff --git a/.github/workflows/BuildImage.yml b/.github/workflows/BuildImage.yml index e5825dc..c3e9d48 100644 --- a/.github/workflows/BuildImage.yml +++ b/.github/workflows/BuildImage.yml @@ -1,72 +1,47 @@ name: Build Image -on: [push, pull_request, workflow_dispatch] +on: [push, pull_request_target, workflow_dispatch] env: - ENDPOINT: "linuxserver/mods" - BASEIMAGE: "universal" - MODNAME: "docker-in-docker" + GITHUB_REPO: "linuxserver/docker-mods" #don't modify + ENDPOINT: "linuxserver/mods" #don't modify + BASEIMAGE: "universal" #replace + MODNAME: "docker-in-docker" #replace jobs: - build: + set-vars: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2.3.3 + - name: Set Vars + id: outputs + run: | + echo "GITHUB_REPO=${{ env.GITHUB_REPO }}" >> $GITHUB_OUTPUT + echo "ENDPOINT=${{ env.ENDPOINT }}" >> $GITHUB_OUTPUT + echo "BASEIMAGE=${{ env.BASEIMAGE }}" >> $GITHUB_OUTPUT + echo "MODNAME=${{ env.MODNAME }}" >> $GITHUB_OUTPUT + # **** If the mod needs to be versioned, set the versioning logic below. Otherwise leave as is. **** + COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]' | sed 's|^v||') + DOCKER_RELEASE=$(curl -sX GET "https://api.github.com/repos/moby/moby/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]' | sed 's|^v||') + MOD_VERSION="${DOCKER_RELEASE}-${COMPOSE_RELEASE}" + echo "MOD_VERSION=${MOD_VERSION}" >> $GITHUB_OUTPUT + outputs: + GITHUB_REPO: ${{ steps.outputs.outputs.GITHUB_REPO }} + ENDPOINT: ${{ steps.outputs.outputs.ENDPOINT }} + BASEIMAGE: ${{ steps.outputs.outputs.BASEIMAGE }} + MODNAME: ${{ steps.outputs.outputs.MODNAME }} + MOD_VERSION: ${{ steps.outputs.outputs.MOD_VERSION }} - - name: Build image - run: | - # Set version - if [ -z ${COMPOSE_RELEASE+x} ]; then COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]' | sed 's|^v||'); fi - if [ -z ${DOCKER_RELEASE+x} ]; then DOCKER_RELEASE=$(curl -sX GET "https://api.github.com/repos/moby/moby/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]' | sed 's|^v||'); fi - if curl -fSsL "https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_RELEASE}.tgz" >/dev/null && curl -fSsL "https://download.docker.com/linux/static/stable/armhf/docker-${DOCKER_RELEASE}.tgz" >/dev/null && curl -fSsL "https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_RELEASE}.tgz" >/dev/null; then echo "Docker tarballs exist, proceeding"; else echo "Docker tarballs are missing, exiting!" && exit 1; fi - COMBINED_VERSION=${DOCKER_RELEASE}-${COMPOSE_RELEASE} - echo "**** Combined version is ${COMBINED_VERSION} ****" - echo "COMBINED_VERSION=${COMBINED_VERSION}" >> $GITHUB_ENV - # Build image - docker build --no-cache --build-arg COMPOSE_RELEASE=${COMPOSE_RELEASE} --build-arg DOCKER_RELEASE=${DOCKER_RELEASE} -t ${{ github.sha }} . - - name: Tag image - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }} - run: | - docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME} - docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }} - docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}-${{ github.sha }} - docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME} - docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }} - docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}-${{ github.sha }} - docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - - name: Credential check - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }} - run: | - echo "CR_USER=${{ secrets.CR_USER }}" >> $GITHUB_ENV - echo "CR_PAT=${{ secrets.CR_PAT }}" >> $GITHUB_ENV - echo "DOCKERUSER=${{ secrets.DOCKERUSER }}" >> $GITHUB_ENV - echo "DOCKERPASS=${{ secrets.DOCKERPASS }}" >> $GITHUB_ENV - if [[ "${{ secrets.CR_USER }}" == "" && "${{ secrets.CR_PAT }}" == "" && "${{ secrets.DOCKERUSER }}" == "" && "${{ secrets.DOCKERPASS }}" == "" ]]; then - echo "::error::Push credential secrets missing." - echo "::error::You must set either CR_USER & CR_PAT or DOCKERUSER & DOCKERPASS as secrets in your repo settings." - echo "::error::See https://github.com/linuxserver/docker-mods/blob/master/README.md for more information/instructions." - exit 1 - fi - - name: Login to GitHub Container Registry - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }} - run: | - echo "${{ secrets.CR_PAT }}" | docker login ghcr.io -u ${{ secrets.CR_USER }} --password-stdin - - name: Push tags to GitHub Container Registry - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }} - run: | - docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }} - docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}-${{ github.sha }} - docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME} - - name: Login to DockerHub - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }} - run: | - echo ${{ secrets.DOCKERPASS }} | docker login -u ${{ secrets.DOCKERUSER }} --password-stdin - - name: Push tags to DockerHub - if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }} - run: | - docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }} - docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}-${{ github.sha }} - docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME} + build: + uses: linuxserver/github-workflows/.github/workflows/docker-mod-builder.yml@v1 + needs: set-vars + secrets: + CR_USER: ${{ secrets.CR_USER }} + CR_PAT: ${{ secrets.CR_PAT }} + DOCKERUSER: ${{ secrets.DOCKERUSER }} + DOCKERPASS: ${{ secrets.DOCKERPASS }} + with: + GITHUB_REPO: ${{ needs.set-vars.outputs.GITHUB_REPO }} + ENDPOINT: ${{ needs.set-vars.outputs.ENDPOINT }} + BASEIMAGE: ${{ needs.set-vars.outputs.BASEIMAGE }} + MODNAME: ${{ needs.set-vars.outputs.MODNAME }} + MOD_VERSION: ${{ needs.set-vars.outputs.MOD_VERSION }} diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml new file mode 100644 index 0000000..2c30784 --- /dev/null +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -0,0 +1,16 @@ +name: Issue & PR Tracker + +on: + issues: + types: [opened,reopened,labeled,unlabeled,closed] + pull_request_target: + types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed] + pull_request_review: + types: [submitted,edited,dismissed] + +jobs: + manage-project: + permissions: + issues: write + uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1 + secrets: inherit diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml index 2df6b61..1447bc5 100644 --- a/.github/workflows/permissions.yml +++ b/.github/workflows/permissions.yml @@ -1,9 +1,10 @@ name: Permission check on: - pull_request: + pull_request_target: paths: - '**/run' - '**/finish' + - '**/check' jobs: permission_check: uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 diff --git a/Dockerfile b/Dockerfile index 53d69e6..52e8ff7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,9 @@ +# syntax=docker/dockerfile:1 + ## Buildstage ## FROM ghcr.io/linuxserver/baseimage-alpine:3.17 as buildstage -ARG DOCKER_RELEASE -ARG COMPOSE_RELEASE +ARG MOD_VERSION RUN \ echo "**** install packages ****" && \ @@ -10,10 +11,16 @@ RUN \ git \ go && \ echo "**** retrieve latest version ****" && \ - if [ -z ${DOCKER_RELEASE+x} ]; then \ + if [[ -z "${MOD_VERSION+x}" ]]; then \ DOCKER_RELEASE=$(curl -sX GET "https://api.github.com/repos/moby/moby/releases/latest" \ | awk '/tag_name/{print $4;exit}' FS='[""]' \ | sed 's|^v||'); \ + COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" \ + | awk '/tag_name/{print $4;exit}' FS='[""]' \ + | sed 's|^v||'); \ + else \ + DOCKER_RELEASE=$(echo "${MOD_VERSION}" | sed 's|-.*||'); \ + COMPOSE_RELEASE=$(echo "${MOD_VERSION}" | sed 's|.*-||'); \ fi && \ echo "**** grab docker ****" && \ mkdir -p /root-layer/docker-tgz && \ @@ -26,12 +33,6 @@ RUN \ curl -fo \ /root-layer/docker-tgz/docker_aarch64.tgz -L \ "https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_RELEASE}.tgz" && \ - echo "**** retrieve latest compose version ****" && \ - if [ -z ${COMPOSE_RELEASE+x} ]; then \ - COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]' \ - | sed 's|^v||'); \ - fi && \ echo "**** grab compose ****" && \ curl -fo \ /root-layer/docker-tgz/docker-compose_x86_64 -L \ @@ -43,11 +44,9 @@ RUN \ /root-layer/docker-tgz/docker-compose_aarch64 -L \ "https://github.com/docker/compose/releases/download/v${COMPOSE_RELEASE}/docker-compose-linux-aarch64" && \ echo "**** retrieve latest compose switch version ****" && \ - if [ -z ${SWITCH_RELEASE+x} ]; then \ - SWITCH_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose-switch/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]' \ - | sed 's|^v||'); \ - fi && \ + SWITCH_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose-switch/releases/latest" \ + | awk '/tag_name/{print $4;exit}' FS='[""]' \ + | sed 's|^v||') && \ echo "**** grab compose switch ****" && \ curl -fo \ /root-layer/docker-tgz/compose-switch_x86_64 -L \ diff --git a/README.md b/README.md index 8c4ca38..389f33d 100644 --- a/README.md +++ b/README.md @@ -10,5 +10,6 @@ In the container's docker arguments, * Set the `privileged` option for the container Docker data root will reside under `/config/var/lib/docker`. +On amd64, QEMU will be enabled on container start. If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:universal-docker-in-docker|linuxserver/mods:universal-mod2` diff --git a/root/etc/cont-init.d/95-apt-get b/root/etc/cont-init.d/95-apt-get deleted file mode 100644 index 8e5fe66..0000000 --- a/root/etc/cont-init.d/95-apt-get +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/with-contenv bash - -if [ -f /usr/bin/apt ]; then - apt-get update -fi diff --git a/root/etc/cont-init.d/98-docker-in-docker b/root/etc/cont-init.d/98-docker-in-docker deleted file mode 100644 index c37cb61..0000000 --- a/root/etc/cont-init.d/98-docker-in-docker +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/with-contenv bash - -ABC_USER=$(id -nu ${PUID:-911}) -mkdir -p /config/{logs/dockerd,var/lib/docker} -chown -R ${ABC_USER}:${ABC_USER} /config/logs - -echo "**** installing docker and docker compose ****" -if [ -f /usr/bin/apt ]; then - apt-get install -y \ - btrfs-progs \ - ca-certificates \ - curl \ - e2fsprogs \ - iptables \ - openssh-client \ - openssl \ - pigz \ - xfsprogs \ - xz-utils -else - apk add --no-cache \ - btrfs-progs \ - curl \ - e2fsprogs \ - e2fsprogs-extra \ - ip6tables \ - iptables \ - openssl \ - pigz \ - xfsprogs \ - xz -fi -ARCH=$(uname -m) -if [ -d "/docker-tgz" ] ; then - echo "Copying over docker and docker-compose binaries" - mkdir -p /usr/local/lib/docker/cli-plugins - mv "/docker-tgz/docker-compose_${ARCH}" /usr/local/lib/docker/cli-plugins/docker-compose - mv "/docker-tgz/docker-buildx_${ARCH}" /usr/local/lib/docker/cli-plugins/docker-buildx - mv "/docker-tgz/compose-switch_${ARCH}" /usr/local/bin/docker-compose - tar xf /docker-tgz/docker_${ARCH}.tgz \ - --strip-components=1 -C \ - /usr/local/bin/ - rm -rf /docker-tgz -else - echo "**** docker and docker-compose already installed, skipping ****" -fi - -# delete PID if exists -find /run /var/run -iname 'docker*.pid' -delete || : - -# create docker group and add abc to it -groupadd -f docker -if ! id -nG ${ABC_USER} | grep -q "docker"; then - usermod -aG docker ${ABC_USER} -fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-add-package/run b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-add-package/run index 5ffb2ed..c24a6bb 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-add-package/run +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-add-package/run @@ -2,7 +2,7 @@ ABC_USER=$(id -nu ${PUID:-911}) mkdir -p /config/{logs/dockerd,var/lib/docker} -chown -R ${ABC_USER}:${ABC_USER} /config/logs +lsiown -R ${ABC_USER}:${ABC_USER} /config/logs echo "**** installing docker and docker compose ****" if [ -f /usr/bin/apt ]; then diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/dependencies.d/svc-mod-universal-docker-in-docker b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/dependencies.d/svc-mod-universal-docker-in-docker new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/run b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/run new file mode 100755 index 0000000..f04b2ab --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/run @@ -0,0 +1,6 @@ +#!/usr/bin/with-contenv bash + +if [[ $(uname -m) = "x86_64" ]]; then + echo "**** Enabling QEMU ****" + exec docker run --rm --privileged multiarch/qemu-user-static --reset -p yes +fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/type b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/type new file mode 100644 index 0000000..3d92b15 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/up b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/up new file mode 100644 index 0000000..9472fc5 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/run \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-docker-in-docker/notification-fd b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-docker-in-docker/notification-fd new file mode 100644 index 0000000..0faa7d6 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-docker-in-docker/notification-fd @@ -0,0 +1 @@ +10736 \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-docker-in-docker/run b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-docker-in-docker/run index 072d05d..ffc29f6 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-docker-in-docker/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-docker-in-docker/run @@ -23,5 +23,7 @@ if [ -f /sys/fs/cgroup/cgroup.controllers ]; then > /sys/fs/cgroup/cgroup.subtree_control fi -exec 2>&1 /usr/local/bin/dockerd \ - --data-root "/config/var/lib/docker" +exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "docker version" \ + 2>&1 /usr/local/bin/dockerd \ + --data-root "/config/var/lib/docker" diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mod-universal-docker-in-docker-qemu b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mod-universal-docker-in-docker-qemu new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/services.d/dockerd/log/run b/root/etc/services.d/dockerd/log/run deleted file mode 100755 index fb727b7..0000000 --- a/root/etc/services.d/dockerd/log/run +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/with-contenv bash - -ABC_USER=$(id -nu ${PUID:-911}) - -exec \ - s6-setuidgid ${ABC_USER} s6-log n30 s10000000 S30000000 T !"gzip -nq9" /config/logs/dockerd \ No newline at end of file diff --git a/root/etc/services.d/dockerd/run b/root/etc/services.d/dockerd/run deleted file mode 100755 index 072d05d..0000000 --- a/root/etc/services.d/dockerd/run +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/with-contenv bash - -## dind hack from https://github.com/moby/moby/blob/master/hack/dind -export container=docker -if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then - mount -t securityfs none /sys/kernel/security || { - echo 'Could not mount /sys/kernel/security.' - echo 'AppArmor detection and --privileged mode might break.' - } -fi -# Mount /tmp (conditionally) -if ! mountpoint -q /tmp; then - mount -t tmpfs none /tmp -fi -# cgroup v2: enable nesting -if [ -f /sys/fs/cgroup/cgroup.controllers ]; then - # move the init process (PID 1) from the root group to the /init group, - # otherwise writing subtree_control fails with EBUSY. - mkdir -p /sys/fs/cgroup/init - echo 1 > /sys/fs/cgroup/init/cgroup.procs - # enable controllers - sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \ - > /sys/fs/cgroup/cgroup.subtree_control -fi - -exec 2>&1 /usr/local/bin/dockerd \ - --data-root "/config/var/lib/docker"