From d077203b2f461bddaabd121cc5967596f4565d43 Mon Sep 17 00:00:00 2001 From: Pere Lev Date: Fri, 18 Oct 2024 16:08:49 +0300 Subject: [PATCH] Initial Dockerfile * I tested only `docker build`, next step is to make sure Vervis runs properly (committing already because just getting it to build was a long process) * docker-compose.yml is coming next, as well as uploading the image to Codeberg container registry --- Dockerfile | 125 ++++++++++++++++++++++++++++++++++++++ INSTALL.md | 5 +- bindist.sh | 57 ----------------- src/Vervis/Application.hs | 25 +++----- 4 files changed, 139 insertions(+), 73 deletions(-) create mode 100644 Dockerfile delete mode 100755 bindist.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..06a5f11 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,125 @@ +############################################################################# +## build +############################################################################# + +FROM debian:bookworm AS builder + +RUN apt-get -yq update && apt-get -yq install \ + libpq-dev zlib1g-dev libssl-dev libpcre3-dev libgmp-dev \ + darcs git \ + postgresql libpq-dev \ + locales locales-all \ + build-essential \ + ca-certificates \ + curl \ + liblapack-dev \ + liblzma-dev \ + libyaml-dev \ + netbase \ + openssh-client \ + pkg-config + +RUN curl --proto '=https' --tlsv1.2 -sSf https://get-ghcup.haskell.org -o /install-ghcup.sh && \ + BOOTSTRAP_HASKELL_MINIMAL=1 sh /install-ghcup.sh && \ + rm /install-ghcup.sh + +RUN locale-gen en_US.UTF-8 +ENV LANG=en_US.UTF-8 +ENV LANGUAGE=en_US:en +ENV LC_ALL=en_US.UTF-8 + +ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.ghcup/bin + +RUN ghcup install ghc 9.6.6 +RUN ghcup install stack + +RUN mkdir /build \ + /build/.git \ + /build/app \ + /build/embed \ + /build/hook-darcs \ + /build/hook-git \ + /build/migrations \ + /build/src \ + /build/static \ + /build/templates \ + /build/th +COPY stack.yaml vervis.cabal COPYING.AGPL3 /build/ +COPY .git /build/.git +COPY app /build/app +COPY embed /build/embed +COPY hook-darcs /build/hook-darcs +COPY hook-git /build/hook-git +COPY migrations /build/migrations +COPY src /build/src +COPY static /build/static +COPY templates /build/templates +COPY th /build/th + +WORKDIR /build + +RUN mkdir /build/lib && \ + darcs clone https://vervis.peers.community/repos/6r4Ao /build/lib/ssh + +RUN stack build --flag vervis:-dev --only-dependencies + +RUN ls -lh /build + +RUN stack build --flag vervis:-dev + +RUN mkdir -p /build/artifacts && \ + cp `stack exec which vervis` /build/artifacts/ && \ + cp `stack exec which vervis-post-receive` /build/artifacts/ && \ + cp `stack exec which vervis-post-apply` /build/artifacts/ + +RUN ls -lh /build/artifacts + +############################################################################# +## deployment +############################################################################# + +FROM debian:bookworm + +RUN apt-get -yq update && apt-get -yq install \ + ca-certificates \ + curl \ + libgmp10 \ + liblapack3 \ + liblzma5 \ + libpq5 \ + libssl3 \ + libyaml-0-2 \ + netbase \ + openssh-client \ + zlib1g \ + libpcre3 darcs git \ + locales locales-all \ + && rm -rf /var/lib/apt/lists/* + +RUN locale-gen en_US.UTF-8 +ENV \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US:en \ + LC_ALL=en_US.UTF-8 \ + TZ=Etc/UTC + +RUN groupadd vervis && useradd -l -g vervis -m -d /app vervis + +WORKDIR /app + +EXPOSE 3000 +EXPOSE 5022 + +RUN mkdir /app/static /app/log +COPY --from=builder /build/artifacts/* /app/ + +RUN mkdir /app/state /app/state/repos /app/state/deliveries && \ + chown vervis:vervis /app/state /app/static /app/log +COPY settings-default.yaml /app/state/settings.yml +RUN ssh-keygen -t rsa -m PEM -f /app/state/ssh-host-key + +VOLUME /app/state + +RUN ls /app +USER vervis +ENTRYPOINT /app/vervis diff --git a/INSTALL.md b/INSTALL.md index df0131a..d53c27c 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -15,6 +15,9 @@ hopefully I'll make a nicer binary release soon :) 2022 UPDATE: The binary release is unavailable right now. But a docker image is being prepared. More news soon. +2024 UPDATE: For production hosting and deployment with Docker, use the +`Dockerfile` and `docker-compose.yml` files in this repo's root directory. + # (1) System libraries Install dependency library development packages. It's very likely you already @@ -160,7 +163,7 @@ generating the rest, run this: Run. - $ stack run + $ stack run -- state/settings.yml By default, Vervis is configured with User Registration disabled. This is to prevent any automatic spambot registration for bots that may be monitoring the diff --git a/bindist.sh b/bindist.sh deleted file mode 100755 index e840185..0000000 --- a/bindist.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -set -e -set -x - -key='6FEEC2227323EF85A49D54875252C5C863E5E57D' -bindir='bin' -distdir='package' - -if [ "$1" == 'fed' ]; then - mode='fed' -elif [ "$1" == 'dev' ]; then - mode='dev' -else - echo "Please specify mode, either 'fed' or 'dev'" -fi - -version=`darcs log --last 1 \ - | head --lines 1 \ - | cut --delimiter " " --fields 2 \ - | head --bytes 10` - -out="${distdir}/vervis-${mode}-${version}.tar.xz" -outsum="${out}.sha256sum" - -touch 'src/Vervis/Widget.hs' - -if [ "$mode" == 'fed' ]; then - stack build --flag vervis:-dev -else - stack build --flag vervis:dev -fi - -mkdir -p "$distdir" -mkdir -p "$bindir" - -cp `stack exec which vervis` "$bindir/" -cp `stack exec which vervis-post-apply` "$bindir/" -cp `stack exec which vervis-post-receive` "$bindir/" - -tar --create --file - \ - 'COPYING' \ - 'COPYING.AGPL3' \ - 'COPYING.CC0' \ - 'INSTALL.md' \ - 'README.md' \ - 'config/' \ - 'data/' \ - 'static/' \ - "$bindir/" \ - | xz --compress > "$out" - -sha256sum "$out" > "$outsum" - -gpg --detach-sign --armor --local-user "$key" "$outsum" - -echo "Success" diff --git a/src/Vervis/Application.hs b/src/Vervis/Application.hs index bfce592..61544fb 100644 --- a/src/Vervis/Application.hs +++ b/src/Vervis/Application.hs @@ -75,6 +75,7 @@ import Network.Wai.Middleware.RequestLogger (Destination (Logger), import System.Directory import System.FilePath import System.Log.FastLogger +import System.Environment import Yesod.Auth import Yesod.Core import Yesod.Core.Dispatch @@ -165,9 +166,6 @@ moveFileIfExists from to = do exists <- doesFileExist from when exists $ renameFile from to -settingsYml :: FilePath -settingsYml = "state/settings.yml" - -- This line actually creates our YesodDispatch instance. It is the second half -- of the call to mkYesodData which occurs in Foundation.hs. Please see the -- comments there for more details. @@ -464,7 +462,14 @@ getApplicationDev = do return (wsettings, app) getAppSettings :: IO AppSettings -getAppSettings = loadYamlSettings [settingsYml] [] useEnv +getAppSettings = do + path <- do + as <- getArgs + case as of + [] -> pure "state/settings.yml" + [p] -> pure p + _ -> throwIO $ userError "Expected 1 argument, the settings filename" + loadYamlSettings [path] [] useEnv -- | main function for use by yesod devel develMain :: IO () @@ -559,17 +564,7 @@ appMain = do moveFileIfExists "config/settings.yml" "state/settings.yml" -- Get the settings from all relevant sources - settings <- loadYamlSettings - -- Read settings from the settings file - [settingsYml] - - -- Fall back to compile-time values, set to [] to require values at - -- runtime - --[configSettingsYmlValue] - [] - - -- Allow environment variables to override - useEnv + settings <- getAppSettings -- Generate the foundation from the settings foundation <- makeFoundation settings