paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-04-02 13:45:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1212 from theEndBeta/feature_rootless_and_container_repo

Browse Source 
Enable rootless container w/ CI tweaks/bugfixes
This commit is contained in:
shamoon 2022-07-15 08:41:09 -07:00 committed by GitHub
commit d1f59a6590
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 89 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/scripts/common.py vendored
View File

@ -11,7 +11,7 @@ def get_image_tag(
""" """
Returns a string representing the normal image for a given package Returns a string representing the normal image for a given package
""" """
return f"ghcr.io/{repo_name}/builder/{pkg_name}:{pkg_version}" return f"ghcr.io/{repo_name.lower()}/builder/{pkg_name}:{pkg_version}"
def get_cache_image_tag( def get_cache_image_tag(
@ -26,7 +26,7 @@ def get_cache_image_tag(
Registry type caching is utilized for the builder images, to allow fast Registry type caching is utilized for the builder images, to allow fast
rebuilds, generally almost instant for the same version rebuilds, generally almost instant for the same version
""" """
return f"ghcr.io/{repo_name}/builder/cache/{pkg_name}:{pkg_version}" return f"ghcr.io/{repo_name.lower()}/builder/cache/{pkg_name}:{pkg_version}"
def get_log_level(args) -> int: def get_log_level(args) -> int:

20
.github/workflows/ci.yml vendored
View File

@ -68,6 +68,12 @@ jobs:
- ci-backend - ci-backend
- ci-frontend - ci-frontend
steps: steps:
-
name: Set ghcr repository name
id: set-ghcr-repository
run: |
ghcr_name=$(echo "${GITHUB_REPOSITORY}" | awk '{ print tolower($0) }')
echo ::set-output name=repository::${ghcr_name}
- -
name: Checkout name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
@ -115,6 +121,8 @@ jobs:
outputs: outputs:
ghcr-repository: ${{ steps.set-ghcr-repository.outputs.repository }}
qpdf-json: ${{ steps.qpdf-setup.outputs.qpdf-json }} qpdf-json: ${{ steps.qpdf-setup.outputs.qpdf-json }}
pikepdf-json: ${{ steps.pikepdf-setup.outputs.pikepdf-json }} pikepdf-json: ${{ steps.pikepdf-setup.outputs.pikepdf-json }}
@ -142,7 +150,7 @@ jobs:
# a tag # a tag
# Otherwise forks would require a Docker Hub account and secrets setup # Otherwise forks would require a Docker Hub account and secrets setup
run: | run: |
if [[ ${{ github.repository }} == "paperless-ngx/paperless-ngx" && ( ${{ github.ref_name }} == "main" || ${{ github.ref_name }} == "dev" || ${{ github.ref_name }} == "beta" || ${{ startsWith(github.ref, 'refs/tags/v') }} == "true" ) ]] ; then if [[ ${{ needs.prepare-docker-build.outputs.ghcr-repository }} == "paperless-ngx/paperless-ngx" && ( ${{ github.ref_name }} == "main" || ${{ github.ref_name }} == "dev" || ${{ github.ref_name }} == "beta" || ${{ startsWith(github.ref, 'refs/tags/v') }} == "true" ) ]] ; then
echo "Enabling DockerHub image push" echo "Enabling DockerHub image push"
echo ::set-output name=enable::"true" echo ::set-output name=enable::"true"
else else
@ -155,7 +163,7 @@ jobs:
uses: docker/metadata-action@v4 uses: docker/metadata-action@v4
with: with:
images: | images: |
ghcr.io/${{ github.repository }} ghcr.io/${{ needs.prepare-docker-build.outputs.ghcr-repository }}
name=paperlessngx/paperless-ngx,enable=${{ steps.docker-hub.outputs.enable }} name=paperlessngx/paperless-ngx,enable=${{ steps.docker-hub.outputs.enable }}
tags: | tags: |
# Tag branches with branch name # Tag branches with branch name
@ -206,11 +214,11 @@ jobs:
# Get cache layers from this branch, then dev, then main # Get cache layers from this branch, then dev, then main
# This allows new branches to get at least some cache benefits, generally from dev # This allows new branches to get at least some cache benefits, generally from dev
cache-from: | cache-from: |
type=registry,ref=ghcr.io/${{ github.repository }}/builder/cache/app:${{ github.ref_name }} type=registry,ref=ghcr.io/${{ needs.prepare-docker-build.outputs.ghcr-repository }}/builder/cache/app:${{ github.ref_name }}
type=registry,ref=ghcr.io/${{ github.repository }}/builder/cache/app:dev type=registry,ref=ghcr.io/${{ needs.prepare-docker-build.outputs.ghcr-repository }}/builder/cache/app:dev
type=registry,ref=ghcr.io/${{ github.repository }}/builder/cache/app:main type=registry,ref=ghcr.io/${{ needs.prepare-docker-build.outputs.ghcr-repository }}/builder/cache/app:main
cache-to: | cache-to: |
type=registry,mode=max,ref=ghcr.io/${{ github.repository }}/builder/cache/app:${{ github.ref_name }} type=registry,mode=max,ref=ghcr.io/${{ needs.prepare-docker-build.outputs.ghcr-repository }}/builder/cache/app:${{ github.ref_name }}
- -
name: Inspect image name: Inspect image
run: | run: |

10
.github/workflows/installer-library.yml vendored
View File

@ -36,6 +36,12 @@ jobs:
name: Prepare Docker Image Version Data name: Prepare Docker Image Version Data
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
-
name: Set ghcr repository name
id: set-ghcr-repository
run: |
ghcr_name=$(echo "${GITHUB_REPOSITORY}" | awk '{ print tolower($0) }')
echo ::set-output name=repository::${ghcr_name}
- -
name: Checkout name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
@ -83,6 +89,8 @@ jobs:
outputs: outputs:
ghcr-repository: ${{ steps.set-ghcr-repository.outputs.repository }}
qpdf-json: ${{ steps.qpdf-setup.outputs.qpdf-json }} qpdf-json: ${{ steps.qpdf-setup.outputs.qpdf-json }}
pikepdf-json: ${{ steps.pikepdf-setup.outputs.pikepdf-json }} pikepdf-json: ${{ steps.pikepdf-setup.outputs.pikepdf-json }}
@ -134,6 +142,6 @@ jobs:
dockerfile: ./docker-builders/Dockerfile.pikepdf dockerfile: ./docker-builders/Dockerfile.pikepdf
build-json: ${{ needs.prepare-docker-build.outputs.pikepdf-json }} build-json: ${{ needs.prepare-docker-build.outputs.pikepdf-json }}
build-args: | build-args: |
REPO=${{ github.repository }} REPO=${{ needs.prepare-docker-build.outputs.ghcr-repository }}
QPDF_VERSION=${{ fromJSON(needs.prepare-docker-build.outputs.qpdf-json).version }} QPDF_VERSION=${{ fromJSON(needs.prepare-docker-build.outputs.qpdf-json).version }}
PIKEPDF_VERSION=${{ fromJSON(needs.prepare-docker-build.outputs.pikepdf-json).version }} PIKEPDF_VERSION=${{ fromJSON(needs.prepare-docker-build.outputs.pikepdf-json).version }}

32
Dockerfile
View File

@ -117,22 +117,36 @@ COPY gunicorn.conf.py .
# setup docker-specific things # setup docker-specific things
# Use mounts to avoid copying installer files into the image # Use mounts to avoid copying installer files into the image
# These change sometimes, but rarely # These change sometimes, but rarely
WORKDIR /usr/src/paperless/src/docker/ ARG DOCKER_SRC=/usr/src/paperless/src/docker/
WORKDIR ${DOCKER_SRC}
RUN --mount=type=bind,readwrite,source=docker,target=./ \ COPY [ \
set -eux \ "docker/imagemagick-policy.xml", \
"docker/supervisord.conf", \
"docker/docker-entrypoint.sh", \
"docker/docker-prepare.sh", \
"docker/paperless_cmd.sh", \
"docker/wait-for-redis.py", \
"docker/management_script.sh", \
"docker/install_management_commands.sh", \
"${DOCKER_SRC}" \
]
RUN set -eux \
&& echo "Configuring ImageMagick" \ && echo "Configuring ImageMagick" \
&& cp imagemagick-policy.xml /etc/ImageMagick-6/policy.xml \ && mv imagemagick-policy.xml /etc/ImageMagick-6/policy.xml \
&& echo "Configuring supervisord" \ && echo "Configuring supervisord" \
&& mkdir /var/log/supervisord /var/run/supervisord \ && mkdir /var/log/supervisord /var/run/supervisord \
&& cp supervisord.conf /etc/supervisord.conf \ && mv supervisord.conf /etc/supervisord.conf \
&& echo "Setting up Docker scripts" \ && echo "Setting up Docker scripts" \
&& cp docker-entrypoint.sh /sbin/docker-entrypoint.sh \ && mv docker-entrypoint.sh /sbin/docker-entrypoint.sh \
&& chmod 755 /sbin/docker-entrypoint.sh \ && chmod 755 /sbin/docker-entrypoint.sh \
&& cp docker-prepare.sh /sbin/docker-prepare.sh \ && mv docker-prepare.sh /sbin/docker-prepare.sh \
&& chmod 755 /sbin/docker-prepare.sh \ && chmod 755 /sbin/docker-prepare.sh \
&& cp wait-for-redis.py /sbin/wait-for-redis.py \ && mv wait-for-redis.py /sbin/wait-for-redis.py \
&& chmod 755 /sbin/wait-for-redis.py \ && chmod 755 /sbin/wait-for-redis.py \
&& mv paperless_cmd.sh /usr/local/bin/paperless_cmd.sh \
&& chmod 755 /usr/local/bin/paperless_cmd.sh \
&& echo "Installing managment commands" \ && echo "Installing managment commands" \
&& chmod +x install_management_commands.sh \ && chmod +x install_management_commands.sh \
&& ./install_management_commands.sh && ./install_management_commands.sh
@ -211,4 +225,4 @@ ENTRYPOINT ["/sbin/docker-entrypoint.sh"]
EXPOSE 8000 EXPOSE 8000
CMD ["/usr/local/bin/supervisord", "-c", "/etc/supervisord.conf"] CMD ["/usr/local/bin/paperless_cmd.sh"]

9
docker/docker-entrypoint.sh
View File

@ -95,7 +95,7 @@ initialize() {
done done
set -e set -e
gosu paperless /sbin/docker-prepare.sh ${gosu_cmd[@]} /sbin/docker-prepare.sh
} }
install_languages() { install_languages() {
@ -137,6 +137,11 @@ install_languages() {
echo "Paperless-ngx docker container starting..." echo "Paperless-ngx docker container starting..."
gosu_cmd=(gosu paperless)
if [ $(id -u) == $(id -u paperless) ]; then
gosu_cmd=()
fi
# Install additional languages if specified # Install additional languages if specified
if [[ -n "$PAPERLESS_OCR_LANGUAGES" ]]; then if [[ -n "$PAPERLESS_OCR_LANGUAGES" ]]; then
install_languages "$PAPERLESS_OCR_LANGUAGES" install_languages "$PAPERLESS_OCR_LANGUAGES"
@ -146,7 +151,7 @@ initialize
if [[ "$1" != "/"* ]]; then if [[ "$1" != "/"* ]]; then
echo Executing management command "$@" echo Executing management command "$@"
exec gosu paperless python3 manage.py "$@" exec ${gosu_cmd[@]} python3 manage.py "$@"
else else
echo Executing "$@" echo Executing "$@"
exec "$@" exec "$@"

15
docker/paperless_cmd.sh Executable file
View File

@ -0,0 +1,15 @@
#!/usr/bin/env bash
rootless_args=()
if [ $(id -u) == $(id -u paperless) ]; then
rootless_args=(
--user
paperless
--logfile
supervisord.log
--pidfile
supervisord.pid
)
fi
/usr/local/bin/supervisord -c /etc/supervisord.conf ${rootless_args[@]}

19
docs/setup.rst
View File

@ -184,6 +184,25 @@ Install Paperless from Docker Hub
port 8000. Modifying the part before the colon will map requests on another port 8000. Modifying the part before the colon will map requests on another
port to the webserver running on the default port. port to the webserver running on the default port.
**Rootless**
If you want to run Paperless as a rootless container, you will need to do the
following in your ``docker-compose.yml``:
- set the ``user`` running the container to map to the ``paperless`` user in the
container.
This value (``user_id`` below), should be the same id that ``USERMAP_UID`` and
``USERMAP_GID`` are set to in the next step.
See ``USERMAP_UID`` and ``USERMAP_GID`` :ref:`here <configuration-docker>`.
Your entry for Paperless should contain something like:
.. code::
webserver:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
user: <user_id>
5. Modify ``docker-compose.env``, following the comments in the file. The 5. Modify ``docker-compose.env``, following the comments in the file. The
most important change is to set ``USERMAP_UID`` and ``USERMAP_GID`` most important change is to set ``USERMAP_UID`` and ``USERMAP_GID``
to the uid and gid of your user on the host system. Use ``id -u`` and to the uid and gid of your user on the host system. Use ``id -u`` and