Merge pull request #6 from karuboniru/master

Provide image with or without api_dump.sql

.github/workflows/docker-publish.yml

@@ -18,9 +18,11 @@ env:
   REGISTRY: ghcr.io
   # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
+  # docker.io/<account>/<repo>
+  AUTHOR: urenko
 
 
-jobs:
+jobs: 
   build:
 
     runs-on: ubuntu-latest
@@ -53,20 +55,49 @@ jobs:
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@v3 # v3.0.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Login to Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       # Extract metadata (tags, labels) for Docker
       # https://github.com/docker/metadata-action
-      - name: Extract Docker metadata
+      - name: Extract Docker metadata from ${{ env.REGISTRY }}
         id: meta
         uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
+      - name: Extract Docker metadata from Docker Hub
+        id: meta_dockerhub
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: docker.io/${{ secrets.DOCKERHUB_USERNAME || env.AUTHOR }}/${{ github.event.repository.name }}
+
+      - name: Extract Docker metadata from ${{ env.REGISTRY }}
+        id: meta-full
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          flavor: |
+            suffix=-full,onlatest=true
+
+      - name: Extract Docker metadata from Docker Hub
+        id: meta_dockerhub-full
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: docker.io/${{ secrets.DOCKERHUB_USERNAME || env.AUTHOR }}/${{ github.event.repository.name }}
+          flavor: |
+            suffix=-full,onlatest=true
+
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
@@ -75,8 +106,27 @@ jobs:
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+            ${{ steps.meta_dockerhub.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            BUILDTYPE=minimal
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push Docker image with api_dump.sql
+        id: build-and-push-full
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: |
+            ${{ steps.meta-full.outputs.tags }}
+            ${{ steps.meta_dockerhub-full.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            BUILDTYPE=full
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
@@ -89,8 +139,22 @@ jobs:
         if: ${{ github.event_name != 'pull_request' }}
         env:
           # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: |
+            ${{ steps.meta.outputs.tags }}
+          DIGEST: |
+            ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+
+      - name: Sign the published Docker image for full image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: |
+            ${{ steps.meta-full.outputs.tags }}
+          DIGEST: |
+            ${{ steps.build-and-push-full.outputs.digest }}
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

Dockerfile

@@ -1,3 +1,5 @@
+ARG BUILDTYPE=minimal
+
 FROM debian:12-slim AS build-venv
 
 RUN apt-get update && \
@@ -6,26 +8,35 @@ RUN apt-get update && \
     python3 -m venv /venv && \
     /venv/bin/pip install --upgrade pip
 
-ADD https://files.niconi.org/api_dump.sqlite.7z /tmp
 ADD https://github.com/eugeneware/ffmpeg-static/releases/download/b6.0/ffmpeg-linux-x64 /usr/bin/ffmpeg
 ADD https://www.7-zip.org/a/7z2301-linux-x64.tar.xz /tmp/
 RUN tar -C /usr/bin -xvf /tmp/7z*.tar.xz 7zz
-RUN mkdir /exract
-WORKDIR /extract
-RUN 7zz x /tmp/api_dump.sqlite.7z
 COPY . /tmp/comiclib
 RUN /venv/bin/pip install --no-cache-dir -U "/tmp/comiclib[full]"
 RUN /venv/bin/pip install --no-cache-dir -U gunicorn
 RUN mkdir /userdata 
-# RUN rm -r /tmp/*
 
-FROM gcr.io/distroless/python3-debian12 
+FROM debian:12-slim AS data
+ADD https://files.niconi.org/api_dump.sqlite.7z /tmp
+COPY --from=build-venv /usr/bin/7zz /usr/bin
+RUN mkdir /exract
+WORKDIR /extract
+RUN 7zz x /tmp/api_dump.sqlite.7z
+
+FROM gcr.io/distroless/python3-debian12 AS product-env-full
+ENV importEHdb_database_URI=file:/data/api_dump.sqlite?mode=rw
+COPY --from=data /extract/api_dump.sqlite /data/api_dump.sqlite
+
+FROM gcr.io/distroless/python3-debian12 AS product-env-minimal
+ENV importEHdb_database_URI=file:api_dump.sqlite?mode=rw
+
+
+FROM product-env-${BUILDTYPE}
 COPY --from=build-venv /venv                            /venv
 COPY --from=build-venv /usr/bin/7zz                     /usr/bin
 COPY --from=build-venv /usr/bin/ffmpeg                  /usr/bin
-COPY --from=build-venv /extract/api_dump.sqlite         /data/api_dump.sqlite
 COPY --from=build-venv /userdata                        /userdata
-ENV importEHdb_API_DUMP_PATH=/data/api_dump.sqlite content=/root/comiclib watch=False
+ENV content=/root/comiclib watch=False
 EXPOSE 8000
 WORKDIR /userdata
 VOLUME /userdata

docs/en/docs/getting-started.md

@@ -40,9 +40,11 @@ pip install -U "comiclib[full] @ git+https://github.com/comiclib/comiclib.git"
 docker run -p 8000:8000 \
 --mount type=bind,source=<YOUR_COMIC_DIRECTORY_HERE>,target=/root/comiclib \
 --mount type=bind,source=<USER_DATA_PATH>,target=/userdata \
-urenko/comiclib
+ghcr.io/comiclib/comiclib:master
 ```
-ComicLib now runs at http://localhost:8000 .
+ComicLib now runs at http://localhost:8000 . If you want to use `api_dump.sqlite`, please put it under `/userdata`. 
+
+Or you can use images with `-full` suffix to include `api_dump.sqlite` in the image, however the image size is much larger.
 
 P.S.: Monitoring comic folders is disabled by default for Docker currently.
 

docs/zh/docs/getting-started.md

@@ -40,9 +40,11 @@ pip install -U "comiclib[full] @ git+https://github.com/comiclib/comiclib.git"
 docker run -p 8000:8000 \
 --mount type=bind,source=你的漫画库路径,target=/root/comiclib \
 --mount type=bind,source=你的数据路径,target=/userdata \
-urenko/comiclib
+ghcr.io/comiclib/comiclib:master
 ```
-现在 ComicLib 运行在了 http://localhost:8000 。
+现在 ComicLib 运行在了 http://localhost:8000 。如果你想要使用 `api_dump.sqlite`, 请手动下载并将其放在 `/userdata` 下。
+
+或者你可以使用带有 `-full` 后缀的镜像，其中包含了 `api_dump.sqlite`，但镜像大小会大很多。
 
 注：目前监视漫画文件夹默认对 Docker 禁用。