From 9192e207773c15c2ee7ec36e8a79eb73c8a7d9f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Cerveau?= Date: Sun, 8 Mar 2026 19:37:36 +0100 Subject: [PATCH] docker: add multi-arch Docker image with systemd support Add Dockerfile for Fedora-based image with maximum GStreamer plugins, supporting both amd64 (prebuilt binary) and arm64 (built from source). gst-popd runs as a systemd service on container startup. Integrate Docker build and push to ghcr.io in the release workflow. --- .github/workflows/release.yml | 46 +++++++++++++++ README.md | 38 ++++++++++++ docker/Dockerfile | 108 ++++++++++++++++++++++++++++++++++ docker/docker-compose.yml | 13 ++++ 4 files changed, 205 insertions(+) create mode 100644 docker/Dockerfile create mode 100644 docker/docker-compose.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7df0dd8..d4371d4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,6 +13,8 @@ on: env: CARGO_TERM_COLOR: always + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} TAG_NAME: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }} jobs: @@ -421,3 +423,47 @@ jobs: artifacts/*.deb artifacts/*.rpm gst-pop-*-source.tar.gz + + docker: + name: Docker multi-arch image + needs: [release] + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ env.TAG_NAME }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract version from tag + id: version + run: echo "version=${TAG_NAME#v}" >> "$GITHUB_OUTPUT" + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: docker/ + file: docker/Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + build-args: | + GST_POP_VERSION=${{ steps.version.outputs.version }} + tags: | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/README.md b/README.md index b583217..aec6783 100644 --- a/README.md +++ b/README.md @@ -168,6 +168,44 @@ git push origin v0.2.0 This triggers the Release workflow which builds binaries for Linux, Windows, and macOS, creates `.deb` and `.rpm` packages, and publishes a GitHub Release with all artifacts. +### Docker + +A multi-arch Docker image (amd64 + arm64) based on Fedora with all GStreamer plugins is published to GitHub Container Registry on each release. + +#### Pull and run + +```bash +docker pull ghcr.io/dabrain34/gstpop:latest + +docker run -d -p 9000:9000 --name gst-pop ghcr.io/dabrain34/gstpop:latest +``` + +The daemon listens on port 9000 (WebSocket). + +#### With docker compose + +```bash +cd docker +docker compose up -d +``` + +#### Configuration + +Pass environment variables to configure the daemon: + +```bash +docker run -d -p 9000:9000 \ + -e GSTPOP_API_KEY=mysecretkey \ + -e RUST_LOG=gst_pop=debug \ + --name gst-pop ghcr.io/dabrain34/gstpop:latest +``` + +#### Verify + +```bash +docker exec gst-pop gst-pop-inspect | wc -l +``` + ### Security Considerations #### Pipeline Descriptions diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..c46f7e2 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,108 @@ +# Multi-arch Dockerfile for gst-pop +# Supports linux/amd64 (prebuilt binary) and linux/arm64 (built from source) +# +# Build: +# docker buildx build --platform linux/amd64,linux/arm64 -t gst-pop . +# +# Run: +# docker run -d -p 9000:9000 --name gst-pop gst-pop + +# ============================================================ +# Stage 1: Builder - fetch or compile gst-pop binaries +# ============================================================ +FROM fedora:42 AS builder + +ARG TARGETARCH +ARG GST_POP_VERSION=0.4.2 + +RUN dnf install -y curl && dnf clean all + +# --- amd64: download prebuilt binaries from GitHub release --- +RUN if [ "$TARGETARCH" = "amd64" ]; then \ + dnf install -y unzip && dnf clean all \ + && curl -fsSL \ + "https://github.com/dabrain34/gstpop/releases/download/v${GST_POP_VERSION}/gst-pop-v${GST_POP_VERSION}-linux-x86_64.zip" \ + -o /tmp/gst-pop.zip \ + && mkdir -p /tmp/staging \ + && unzip /tmp/gst-pop.zip -d /tmp/staging \ + && rm /tmp/gst-pop.zip; \ + fi + +# --- arm64: build from source tarball --- +RUN if [ "$TARGETARCH" = "arm64" ]; then \ + dnf install -y \ + gcc \ + gstreamer1-devel \ + gstreamer1-plugins-base-devel \ + rust \ + cargo \ + tar \ + gzip \ + && dnf clean all \ + && curl -fsSL \ + "https://github.com/dabrain34/gstpop/releases/download/v${GST_POP_VERSION}/gst-pop-v${GST_POP_VERSION}-source.tar.gz" \ + -o /tmp/source.tar.gz \ + && mkdir -p /tmp/gst-pop-src \ + && tar -xzf /tmp/source.tar.gz -C /tmp/gst-pop-src --strip-components=1 \ + && cd /tmp/gst-pop-src \ + && cargo build --release --workspace \ + && mkdir -p /tmp/staging \ + && cp target/release/gst-pop /tmp/staging/ \ + && cp target/release/gst-popctl /tmp/staging/ \ + && rm -rf /tmp/gst-pop-src /tmp/source.tar.gz; \ + fi + +# Fail early if the architecture produced no binaries +RUN test -f /tmp/staging/gst-pop || \ + (echo "ERROR: Unsupported architecture: ${TARGETARCH}" && exit 1) + +# ============================================================ +# Stage 2: Runtime image with GStreamer +# ============================================================ +FROM fedora:42 + +ARG GST_POP_VERSION=0.4.2 + +LABEL maintainer="Stephane Cerveau " +LABEL description="gst-pop v${GST_POP_VERSION} - GStreamer pipeline management daemon" +LABEL version="${GST_POP_VERSION}" + +# --- Install GStreamer with maximum plugin coverage --- +RUN dnf -y install \ + gstreamer1 \ + gstreamer1-plugins-base \ + gstreamer1-plugins-base-tools \ + gstreamer1-plugins-good \ + gstreamer1-plugins-good-extras \ + gstreamer1-plugins-bad-free \ + gstreamer1-plugins-bad-free-extras \ + gstreamer1-plugins-ugly-free \ + gstreamer1-plugin-libav \ + gstreamer1-plugin-openh264 \ + gstreamer1-vaapi \ + bash \ + && dnf clean all + +# --- Install gst-pop binaries from builder stage --- +COPY --from=builder --chmod=755 /tmp/staging/gst-pop /usr/bin/gst-pop +COPY --from=builder --chmod=755 /tmp/staging/gst-popctl /usr/bin/gst-popctl + +# --- Create busybox-style symlinks --- +RUN ln -sf gst-pop /usr/bin/gst-popd && \ + ln -sf gst-pop /usr/bin/gst-pop-launch && \ + ln -sf gst-pop /usr/bin/gst-pop-inspect && \ + ln -sf gst-pop /usr/bin/gst-pop-discover && \ + ln -sf gst-pop /usr/bin/gst-pop-play + +# --- Create non-root user --- +RUN useradd -r -s /sbin/nologin -d /nonexistent gstpop + +USER gstpop + +EXPOSE 9000 + +HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ + CMD bash -c '