Skip to content

Update Dockerfile #756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
curtishall wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Dockerfile #756

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 31 additions & 23 deletions actions/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,23 @@
# Dockerfile
FROM ubuntu:24.04 AS base
ENV DEBIAN_FRONTEND=noninteractive
# Keep runtime tools minimal; include dpkg tooling for .deb repack
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates curl wget gnupg openssl rsyslog iproute2 sysstat nano cron sudo mysql-client \
&& rm -rf /var/lib/apt/lists/*
ca-certificates curl wget gnupg openssl \
rsyslog iproute2 sysstat nano cron \
mysql-client \
xz-utils dpkg-dev \
&& rm -rf /var/lib/apt/lists/*

FROM base AS app
WORKDIR /root

# Build-time args
# ---- Build-time args ----
ARG INSTALL_METHOD=deb
ARG BLUECHERRY_DEB_URL=""
ARG BLUECHERRY_DEB_SHA256=""

# DB defaults (overridden at runtime)
# ---- DB defaults (used only to preseed package; runtime uses env/compose) ----
ARG MYSQL_ADMIN_LOGIN=root
ARG MYSQL_ADMIN_PASSWORD=root
ARG BLUECHERRY_DB_USER=bluecherry
Expand All @@ -22,13 +26,13 @@ ARG BLUECHERRY_DB_PASSWORD=bluecherry
ARG BLUECHERRY_DB_NAME=bluecherry
ARG BLUECHERRY_DB_ACCESS_HOST=%

# Linux user for runtime
# ---- Linux user for runtime ----
ARG BLUECHERRY_LINUX_GROUP_NAME=bluecherry
ARG BLUECHERRY_LINUX_GROUP_ID=1000
ARG BLUECHERRY_LINUX_USER_NAME=bluecherry
ARG BLUECHERRY_LINUX_USER_ID=1000

# Scripts we already have
# ---- Bring in your helper scripts ----
COPY entrypoint.sh /entrypoint.sh
COPY bc-database-create.sh /bin/bc-database-create
COPY bc-database-upgrade.sh /bin/bc-database-upgrade
Expand All @@ -49,52 +53,56 @@ RUN { \
echo bluecherry bluecherry/db_password password $BLUECHERRY_DB_PASSWORD; \
} | debconf-set-selections

# Download .deb when using deb method, verify checksum if provided
# ---- Fetch and (optionally) verify the .deb, then patch to skip DB actions at build time ----
RUN if [ "$INSTALL_METHOD" = "deb" ] && [ -n "$BLUECHERRY_DEB_URL" ]; then \
mkdir -p /root/releases && \
set -eux; \
mkdir -p /root/releases; \
curl -fsSL "$BLUECHERRY_DEB_URL" -o /root/releases/bluecherry.deb; \
if [ -n "$BLUECHERRY_DEB_SHA256" ]; then \
echo "$BLUECHERRY_DEB_SHA256 /root/releases/bluecherry.deb" | sha256sum -c -; \
fi; \
# Patch postinst to skip DB creation during Docker build \
mkdir /tmp/deb-patch && cd /tmp/deb-patch && \
dpkg-deb -x /root/releases/bluecherry.deb . && \
dpkg-deb -e /root/releases/bluecherry.deb DEBIAN/ && \
sed -i '/bc_db_tool.sh new_db/ s/^/# Docker build skip: /' ./usr/share/bluecherry/postinstall.sh || true && \
dpkg-deb -b . /root/releases/bluecherry.deb && \
cd .. && rm -rf /tmp/deb-patch; \
# Repack the .deb with a patched postinstall to avoid DB creation at build
mkdir -p /tmp/deb-patch && cd /tmp/deb-patch; \
dpkg-deb -x /root/releases/bluecherry.deb .; \
dpkg-deb -e /root/releases/bluecherry.deb DEBIAN/; \
# Comment out the DB creation/init line if present
if [ -f ./usr/share/bluecherry/postinstall.sh ]; then \
sed -i '/bc_db_tool.sh[[:space:]]\+new_db/ s/^/# Docker build skip: /' ./usr/share/bluecherry/postinstall.sh || true; \
fi; \
dpkg-deb -b . /root/releases/bluecherry.deb; \
cd /root && rm -rf /tmp/deb-patch; \
fi

# Disable imklog in rsyslog (no kernel log access inside containers)
RUN sed -i '/imklog/s/^/#/' /etc/rsyslog.conf || true

# Some postinsts expect $host; export for install step
# Some installers read $host for DB connectivity checks; set benign default
ENV host=$BLUECHERRY_DB_HOST

# Install the deb (downloaded above)
# ---- Install the (patched) deb into the image ----
RUN set -eux; \
DEB_PATH="/root/releases/bluecherry.deb"; \
test -f "$DEB_PATH"; \
# Avoid php-fpm alternatives issues if present:
# Avoid php-fpm alternatives issue if present in package scripts
sed -i 's|update-alternatives --install /run/php/php-fpm.sock php-fpm.sock .*|true|' /usr/share/bluecherry/postinst || true; \
apt-get update; \
apt-get install -y --no-install-recommends "$DEB_PATH"; \
apt-get clean; rm -rf /var/lib/apt/lists/*

# Create runtime user & recordings dir
# ---- Runtime user & recordings dir ----
RUN groupadd -g $BLUECHERRY_LINUX_GROUP_ID -f $BLUECHERRY_LINUX_GROUP_NAME && \
useradd -m -d /var/lib/bluecherry -u $BLUECHERRY_LINUX_USER_ID -g $BLUECHERRY_LINUX_GROUP_NAME \
-G audio,video -s /bin/bash $BLUECHERRY_LINUX_USER_NAME || true && \
mkdir -p /recordings && chown bluecherry:bluecherry /recordings && chmod 775 /recordings

# Cleanup secrets
# ---- Cleanup installer-time secrets ----
RUN rm -f /root/.my.cnf /etc/bluecherry.conf || true

# ---- Permissions & ports ----
RUN chmod +x /entrypoint.sh /bin/bc-database-create /bin/bc-database-upgrade

EXPOSE 7001/tcp 7002/tcp

HEALTHCHECK --interval=30s --timeout=5s --retries=10 CMD \
bash -lc 'pgrep -x bc-server >/dev/null || (journalctl -u bluecherry --no-pager | tail -n 50; exit 1)'
# Simpler healthcheck: confirm server process is alive
HEALTHCHECK --interval=30s --timeout=5s --retries=10 CMD pgrep -x bc-server >/dev/null || exit 1

CMD ["/entrypoint.sh"]