diff --git a/.github/workflows/build-scan-push.yml b/.github/workflows/build-scan-push.yml index 74afbe6..d8184b8 100644 --- a/.github/workflows/build-scan-push.yml +++ b/.github/workflows/build-scan-push.yml @@ -27,13 +27,6 @@ jobs: - name: Lint Shell Scripts with ShellCheck uses: ludeeus/action-shellcheck@master - - name: Lint Kubernetes Resources with KubeLinter - id: kube-lint-scan - uses: stackrox/kube-linter-action@v1 - with: - directory: k8s - config: .kube-linter/config.yaml - # Set up Docker Buildx for multi-architecture builds - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -79,10 +72,10 @@ jobs: uses: aquasecurity/trivy-action@master with: image-ref: ${{ secrets.DOCKER_USERNAME }}/docker-bitlbee:latest - format: 'table' + format: "table" ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + vuln-type: "os,library" + severity: "CRITICAL,HIGH" - name: Upload Trivy Report uses: actions/upload-artifact@v3 diff --git a/.hadolint.yaml b/.hadolint.yaml index f8cbb9d..e93e87b 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -1 +1,2 @@ -failure-threshold: error +ignored: + - DL4006 diff --git a/.kube-linter/config.yaml b/.kube-linter/config.yaml deleted file mode 100644 index f1ad3c0..0000000 --- a/.kube-linter/config.yaml +++ /dev/null @@ -1,5 +0,0 @@ -checks: - exclude: - - "latest-tag" - - "no-read-only-root-fs" - - "run-as-non-root" diff --git a/Dockerfile b/Dockerfile index 3972b94..a027413 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,109 +1,121 @@ FROM docker.io/buildpack-deps:stable-scm AS builder LABEL org.opencontainers.image.title="BitlBee container" \ - org.opencontainers.image.description="A containerized version of BitlBee with additional plugins." \ - org.opencontainers.image.url="https://github.com/mbologna/docker-bitlbee" \ - org.opencontainers.image.licenses="MIT" + org.opencontainers.image.description="A containerized version of BitlBee with additional plugins." \ + org.opencontainers.image.url="https://github.com/mbologna/docker-bitlbee" \ + org.opencontainers.image.licenses="MIT" -ENV BITLBEE_VERSION="3.6" SKYPE4PIDGIN_VERSION="1.7" FACEBOOK_VERSION="1.2.2" +ARG DEBIAN_FRONTEND=noninteractive -WORKDIR "/" +# e.g. "master" or "tags/3.6-1" +ENV BITLBEE_VERSION="master" + +# Install necessary build packages RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \ - autoconf automake build-essential cmake g++ gettext gcc git \ - gperf imagemagick libtool make libglib2.0-dev libhttp-parser-dev \ - libotr5-dev libpurple-dev libgnutls28-dev libjson-glib-dev libnss3-dev \ - libpng-dev libolm-dev libprotobuf-c-dev libqrencode-dev libssl-dev \ - protobuf-c-compiler libgcrypt20-dev libmarkdown2-dev \ - libpng-dev libpurple-dev librsvg2-bin libsqlite3-dev libwebp-dev \ - libgdk-pixbuf2.0-dev libopusfile-dev \ - libtool-bin netcat-traditional pkg-config sudo && \ - curl -LO https://get.bitlbee.org/src/bitlbee-"$BITLBEE_VERSION".tar.gz && \ - git clone https://github.com/EionRobb/purple-hangouts && \ - git clone https://github.com/EionRobb/purple-discord && \ - git clone https://github.com/matrix-org/purple-matrix && \ - git clone https://github.com/EionRobb/purple-teams && \ - git clone https://github.com/dylex/slack-libpurple && \ - curl -LO https://github.com/EionRobb/skype4pidgin/archive/"$SKYPE4PIDGIN_VERSION".tar.gz && \ - curl -LO https://github.com/bitlbee/bitlbee-facebook/archive/v"$FACEBOOK_VERSION".tar.gz && \ - git clone https://src.alexschroeder.ch/bitlbee-mastodon.git && \ - git clone https://github.com/BenWiederhake/tdlib-purple && \ - rm -fr /var/lib/apt/lists/* + autoconf automake \ + build-essential \ + cmake g++ gettext gcc git \ + gperf \ + imagemagick \ + curl \ + make \ + cmake \ + libtool \ + pkg-config \ + libglib2.0-dev \ + libhttp-parser-dev \ + libotr5-dev \ + libpurple-dev \ + libgnutls28-dev \ + libjson-glib-dev libnss3-dev \ + libolm-dev \ + libqrencode-dev \ + libssl-dev \ + protobuf-compiler \ + protobuf-c-compiler \ + libprotobuf-c-dev \ + libgcrypt20-dev \ + libmarkdown2-dev \ + librsvg2-bin \ + libsqlite3-dev \ + libwebp-dev \ + libpng-dev \ + libgdk-pixbuf-xlib-2.0-dev \ + libopusfile-dev \ + libtool-bin \ + netcat-traditional \ + && rm -fr /var/lib/apt/lists/* +#sudo -RUN tar zxvf bitlbee-"$BITLBEE_VERSION".tar.gz -WORKDIR /bitlbee-"$BITLBEE_VERSION" -RUN ./configure --verbose=1 --jabber=1 --otr=1 --purple=1 --strip=1 && \ - make -j"$(nproc)" && \ - make install && \ - make install-bin && \ - make install-doc && \ - make install-dev && \ - make install-etc && \ - make install-plugin-otr +# Install Rust (for purple-presage) +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y -WORKDIR /purple-hangouts -RUN make -j"$(nproc)" && make install -WORKDIR /purple-discord -RUN make -j"$(nproc)" && make install -WORKDIR /purple-matrix -RUN make -j"$(nproc)" && make install -WORKDIR /purple-teams -RUN make -j"$(nproc)" && make install -WORKDIR /slack-libpurple -RUN make install -WORKDIR / -RUN tar zxvf "$SKYPE4PIDGIN_VERSION".tar.gz -WORKDIR /skype4pidgin-$SKYPE4PIDGIN_VERSION/skypeweb -RUN make -j"$(nproc)" && make install -WORKDIR / -RUN tar zxvf v"$FACEBOOK_VERSION".tar.gz -WORKDIR /bitlbee-facebook-$FACEBOOK_VERSION -RUN ./autogen.sh && make -j"$(nproc)" && make install -WORKDIR /bitlbee-mastodon -RUN sh autogen.sh && ./configure && make -j"$(nproc)" && make install -WORKDIR /tdlib-purple -RUN ./build_and_install.sh +# Add .cargo/bin to PATH +ENV PATH="/root/.cargo/bin:${PATH}" -WORKDIR / -RUN libtool --finish /usr/local/lib/bitlbee +RUN mkdir -p /build -RUN rm -fr ./bitlbee-"$BITLBEE_VERSION" && \ - rm -fr ./purple* && \ - rm -fr ./slack-libpurple && \ - rm -fr ./skype4pidgin* && \ - rm -fr ./bitlbee-facebook* && \ - rm -fr ./bitlbee-mastodon* && \ - rm -fr ./tdlib-purple && \ - rm -fr -- *.gz && \ - apt-get clean && \ - rm -fr /tmp/* /var/tmp/* +WORKDIR "/build" -# FROM docker.io/debian:stable-slim +# Fetch sources of packages to be built +RUN git clone https://github.com/bitlbee/bitlbee.git && \ + git -C bitlbee checkout ${BITLBEE_VERSION} && \ + git clone --recurse-submodules https://github.com/hoehermann/purple-presage.git +#git clone https://github.com/matrix-org/purple-matrix && \ -# COPY --from=builder /usr/local/etc/bitlbee/ /usr/local/etc/bitlbee/ -# COPY --from=builder /usr/local/lib/bitlbee/ /usr/local/lib/bitlbee/ -# COPY --from=builder /usr/local/lib/pkgconfig/ /usr/local/lib/pkgconfig/ -# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libdiscord.so /usr/lib/x86_64-linux-gnu/purple-2/libdiscord.so -# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libhangouts.so /usr/lib/x86_64-linux-gnu/purple-2/libhangouts.so +# Build Bitlbee +WORKDIR /build/bitlbee +RUN ./configure --verbose=1 --jabber=1 --otr=1 --purple=1 --strip=1 --prefix=/usr/local/ && \ + make -j"$(nproc)" && \ + make install && \ + make install-bin && \ + make install-doc && \ + make install-dev && \ + make install-etc && \ + make install-plugin-otr + +# Build purple-presage (Signal) +FROM builder as presage-builder + +WORKDIR /build/purple-presage +RUN cmake -B build && \ + cmake --build build --config Release && \ + cmake --install build + +RUN libtool --mode=finish /usr/lib/x86_64-linux-gnu/purple-2 + +# Build purple-matrix +# FROM builder as matrix-builder +# WORKDIR /build/purple-matrix +# RUN make -j"$(nproc)" && make install + +FROM docker.io/debian:stable-slim + +RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \ + libpurple0 \ + libotr5 \ + adduser + +COPY --from=builder /usr/local/etc/bitlbee/ /usr/local/etc/bitlbee/ +COPY --from=builder /usr/local/include/bitlbee/ /usr/local/include/bitlbee/ +COPY --from=builder /usr/local/lib/pkgconfig/bitlbee.pc /usr/local/lib/pkgconfig/bitlbee.pc +COPY --from=builder /usr/local/sbin/bitlbee /usr/local/sbin/bitlbee +COPY --from=builder /usr/local/share/bitlbee/ /usr/local/share/bitlbee/ +#COPY --from=builder /usr/local/share/locale/ /usr/local/share/locale/ +#COPY --from=builder /usr/local/share/man/ /usr/local/share/man/ +#COPY --from=builder /usr/local/share/metainfo/ /usr/local/share/metainfo/ + +COPY --from=presage-builder /usr/lib/x86_64-linux-gnu/purple-2/libpresage.so /usr/lib/x86_64-linux-gnu/purple-2/libpresage.so # COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libmatrix.so /usr/lib/x86_64-linux-gnu/purple-2/libmatrix.so -# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libskypeweb.so /usr/slib/x86_64-linux-gnu/purple-2/libskypeweb.so -# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libslack.so /usr/lib/x86_64-linux-gnu/purple-2/libslack.so -# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libteams-personal.so /usr/lib/x86_64-linux-gnu/purple-2/libteams-personal.so -# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libteams.so /usr/lib/x86_64-linux-gnu/purple-2/libteams.so -# COPY --from=builder /usr/lib/x86_64-linux-gnu/purple-2/libtelegram-tdlib.so /usr/lib/x86_64-linux-gnu/purple-2/libtelegram-tdlib.so -# COPY --from=builder /usr/local/sbin/bitlbee /usr/local/sbin/bitlbee -# COPY --from=builder /usr/local/share/bitlbee/ /usr/local/share/bitlbee/ -# COPY --from=builder /usr/local/share/locale/ /usr/local/share/locale/ -# COPY --from=builder /usr/local/share/man/ /usr/local/share/man/ -# COPY --from=builder /usr/local/share/metainfo/ /usr/local/share/metainfo/ - -# RUN apt-get update && apt-get install --no-install-recommends -y \ -# libpurple0 \ -# libotr5 RUN adduser --system --home /var/lib/bitlbee --disabled-password \ - --disabled-login --shell /usr/sbin/nologin bitlbee + --disabled-login --shell /usr/sbin/nologin bitlbee RUN touch /var/run/bitlbee.pid && chown bitlbee:nogroup /var/run/bitlbee.pid +# Cleanup +RUN apt-get remove -y adduser && \ + rm -fr /var/lib/apt/lists/* + EXPOSE 6667 # Needed for VOLUME permissions diff --git a/k8s/bitlbee-deployment.yaml b/k8s/bitlbee-deployment.yaml deleted file mode 100755 index 47b9b40..0000000 --- a/k8s/bitlbee-deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bitlbee - namespace: bitlbee -spec: - replicas: 1 - selector: - matchLabels: - app: bitlbee - template: - metadata: - labels: - app: bitlbee - spec: - securityContext: - fsGroup: 1001 # Needed for volume permissions - containers: - - name: bitlbee - image: docker.io/mbologna/docker-bitlbee:latest - ports: - - containerPort: 6667 - volumeMounts: - - mountPath: /var/lib/bitlbee - name: bitlbee-data - resources: - limits: - memory: "512Mi" - cpu: "1" - requests: - memory: "256Mi" - cpu: "1" - livenessProbe: - exec: - command: - - nc - - -z - - localhost - - "6667" - initialDelaySeconds: 30 - periodSeconds: 30 - readinessProbe: - exec: - command: - - nc - - -z - - localhost - - "6667" - initialDelaySeconds: 10 - periodSeconds: 30 - volumes: - - name: bitlbee-data - persistentVolumeClaim: - claimName: bitlbee-pvc diff --git a/k8s/bitlbee-namespace.yaml b/k8s/bitlbee-namespace.yaml deleted file mode 100644 index 32bcdb9..0000000 --- a/k8s/bitlbee-namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: bitlbee diff --git a/k8s/bitlbee-pvc.yaml b/k8s/bitlbee-pvc.yaml deleted file mode 100644 index e5aee19..0000000 --- a/k8s/bitlbee-pvc.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bitlbee-pvc - namespace: bitlbee -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 128Mi diff --git a/k8s/bitlbee-service.yaml b/k8s/bitlbee-service.yaml deleted file mode 100644 index 3f9c66b..0000000 --- a/k8s/bitlbee-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: bitlbee - namespace: bitlbee -spec: - ports: - - protocol: TCP - port: 6667 - targetPort: 6667 - selector: - app: bitlbee diff --git a/k8s/bitlbee-stunnel-configmap.yaml b/k8s/bitlbee-stunnel-configmap.yaml deleted file mode 100644 index 405affe..0000000 --- a/k8s/bitlbee-stunnel-configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: stunnel-config - namespace: bitlbee -data: - STUNNEL_SERVICE: bitlbee-stunnel - STUNNEL_ACCEPT: "6697" - STUNNEL_CONNECT: bitlbee:6667 diff --git a/k8s/bitlbee-stunnel-deployment.yaml b/k8s/bitlbee-stunnel-deployment.yaml deleted file mode 100644 index 2993e8b..0000000 --- a/k8s/bitlbee-stunnel-deployment.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bitlbee-stunnel - namespace: bitlbee -spec: - replicas: 1 - selector: - matchLabels: - app: bitlbee-stunnel - template: - metadata: - labels: - app: bitlbee-stunnel - spec: - containers: - - name: stunnel - image: docker.io/dweomer/stunnel:latest - ports: - - containerPort: 6697 - envFrom: - - configMapRef: - name: stunnel-config - resources: - limits: - memory: "256Mi" - cpu: "1" - requests: - memory: "128Mi" - cpu: "1" - livenessProbe: - exec: - command: - - nc - - -z - - localhost - - "6697" - initialDelaySeconds: 30 - periodSeconds: 30 - readinessProbe: - exec: - command: - - nc - - -z - - localhost - - "6697" - initialDelaySeconds: 10 - periodSeconds: 30 diff --git a/k8s/bitlbee-stunnel-service.yaml b/k8s/bitlbee-stunnel-service.yaml deleted file mode 100644 index 5c4ec23..0000000 --- a/k8s/bitlbee-stunnel-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: bitlbee-stunnel - namespace: bitlbee -spec: - ports: - - protocol: TCP - port: 6697 - targetPort: 6697 - selector: - app: bitlbee-stunnel