This is a Docker container that creates PDF reports for individual second-level domains using data collected via trustymail scans.
This Docker container is intended to be run via orchestrator.
N.B.: The secrets in the src/secrets
directory are only used
when testing via the docker-compose.yml
composition. Normally this
Docker container is run via the Docker composition in
cisagov/orchestrator, which
expects the secrets in a different location.
To run the cisagov/trustymail_reporter
image via Docker:
docker run cisagov/trustymail_reporter:1.5.6
-
Create a
docker-compose.yml
file similar to the one below to use Docker Compose.--- version: "3.7" services: trustymail_reporter: image: cisagov/trustymail_reporter:1.5.6 volumes: - type: bind source: <your_log_dir> target: /home/cisa/shared
-
Start the container and detach:
docker compose up --detach
This container also supports passing sensitive values via Docker secrets. Passing sensitive values like your credentials can be more secure using secrets than using environment variables. See the secrets section below for a table of all supported secret files.
-
To use secrets, create a
database_creds.yml
file in this format:--- version: '1' database: name: cyhy uri: mongodb://readonly:the_password@cyhy.example.com:27017/cyhy
-
Next create an
aws_config
file in this format:[default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY region=us-east-1 output=json
-
Then add the secrets to your
docker-compose.yml
file:--- version: "3.7" secrets: aws_config: file: ./secrets/aws_config database_creds: file: database_creds.yml services: trustymail_reporter: image: cisagov/trustymail_reporter:1.5.6 volumes: - type: bind source: <your_log_dir> target: /home/cisa/shared secrets: - source: aws_config target: aws_config - source: database_creds target: database_creds.yml
-
Pull the new image from Docker Hub:
docker compose pull
-
Recreate the running container by following the previous instructions:
docker compose up --detach
-
Stop the running container:
docker stop <container_id>
-
Pull the new image:
docker pull cisagov/trustymail_reporter:1.5.6
-
Recreate and run the container by following the previous instructions.
The images of this container are tagged with semantic
versions of the underlying example project that they
containerize. It is recommended that most users use a version tag (e.g.
:1.5.6
).
Image:tag | Description |
---|---|
cisagov/trustymail_reporter:1.5.6 |
An exact release version. |
cisagov/trustymail_reporter:1.5 |
The most recent release matching the major and minor version numbers. |
cisagov/trustymail_reporter:1 |
The most recent release matching the major version number. |
cisagov/trustymail_reporter:edge |
The most recent image built from a merge into the develop branch of this repository. |
cisagov/trustymail_reporter:nightly |
A nightly build of the develop branch of this repository. |
cisagov/trustymail_reporter:latest |
The most recent release image pushed to a container registry. Pulling an image using the :latest tag should be avoided. |
See the tags tab on Docker Hub for a list of all the supported tags.
Mount point | Purpose |
---|---|
/home/cisa/shared | Output |
There are no ports exposed by this container.
There are no required environment variables.
There are no optional environment variables.
Filename | Purpose |
---|---|
database_creds.yml | Cyber Hygiene read-only database credentials in this format |
aws_config | AWS credentials allowing read-only access to the Elasticsearch DMARC database in this format |
Build the image locally using this git repository as the build context:
docker build \
--tag cisagov/trustymail_reporter:1.5.6 \
https://github.com/cisagov/trustymail_reporter.git#develop
To create images that are compatible with other platforms, you can use the
buildx
feature of
Docker:
-
Copy the project to your machine using the
Code
button above or the command line:git clone https://github.com/cisagov/trustymail_reporter.git cd trustymail_reporter
-
Create the
Dockerfile-x
file withbuildx
platform support:./buildx-dockerfile.sh
-
Build the image using
buildx
:docker buildx build \ --file Dockerfile-x \ --platform linux/amd64 \ --output type=docker \ --tag cisagov/trustymail_reporter:1.5.6 .
We welcome contributions! Please see CONTRIBUTING.md
for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.