feat: initial attempt on packaging ananta

IceCodeNew · IceCodeNew · commit 903f54c4c871 · 2025-04-22T16:09:23.000+08:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,26 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "uv"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/ananta.yml b/.github/workflows/ananta.yml
@@ -0,0 +1,53 @@
+name: ananta Image CI
+on:
+  push:
+    branches:
+    - 'master'
+    paths:
+    - '.github/workflows/ananta.yml'
+    - 'docker-entrypoint.sh'
+    - 'Dockerfile'
+  schedule:
+  - cron: "0 5 1-31/10 * *"
+  workflow_dispatch:
+
+env:
+  ananta_repo: ${{ secrets.DOCKERHUB_USERNAME }}/ananta
+
+jobs:
+  ananta:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ env.ananta_repo }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      -
+        name: Inspect image
+        run: |
+          docker buildx imagetools inspect ${{ env.ananta_repo }}:latest \
+              | grep -Po '[^ \r\n\t\v]+@sha256:[a-z0-9]+' | xargs -r -t -n 1 docker buildx imagetools inspect --raw
+      -
+        name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.30.0
+        with:
+          image-ref: "${{ env.ananta_repo }}:latest"
+          format: 'table'
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,22 @@
+# syntax=docker/dockerfile:1
+
+FROM mirror.gcr.io/icecodexi/python:debian-nonroot AS build
+RUN uv tool install 'ananta[speed]'
+
+
+FROM mirror.gcr.io/icecodexi/bash-toybox:latest AS assets
+FROM gcr.io/distroless/python3:latest
+COPY --link --chmod=0755 ./docker-entrypoint.sh /usr/local/bin/
+# toybox + bash(ash) + catatonit
+COPY --link --from=assets /usr/bin/             /usr/bin/
+COPY --link --from=build  /home/nonroot/.local/ /home/nonroot/.local/
+
+SHELL ["/usr/bin/bash", "-o", "pipefail", "-c"]
+RUN rm -rf /bin/ && ln -sf /usr/bin /bin
+
+USER nonroot:nonroot
+WORKDIR /home/nonroot/
+ENV TZ=Asia/Taipei
+ENV PATH="/home/nonroot/.local/bin:${PATH}"
+
+ENTRYPOINT [ "/usr/local/bin/docker-entrypoint.sh" ]
diff --git a/README.md b/README.md
@@ -0,0 +1,21 @@
+# How to start
+
+```shell
+docker pull icecodexi/ananta:latest
+mkdir -p "${HOME}/.ssh/"
+find "${HOME}/.ssh/" -type f -print0 | xargs -0 -r chmod 600
+touch "$(pwd)/hosts.csv"
+
+if [[ "$UID" -eq '0' ]]; then
+    _run_as_root='--user root'
+fi
+docker run --rm --interactive --tty \
+    ${_run_as_root} \
+    --volume /etc/localtime:/etc/localtime:ro \
+    --volume "${HOME}/.ssh/:/home/nonroot/.ssh/:ro" \
+    --volume "$(pwd)/hosts.csv:/home/nonroot/hosts.csv:ro" \
+    --cpu-shares 512 --memory 512M --memory-swap 512M \
+    --security-opt no-new-privileges \
+    icecodexi/ananta:latest \
+        --help
+```
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+set -e -o pipefail
+
+cd /home/nonroot/.ssh/ || exit 1
+
+args=()
+while [[ $# -gt 0 ]]; do
+    case "$1" in
+    -[kK]|--default-key)
+        _DEFAULT_KEY="$2"
+        # Modify the key path to be under /home/nonroot/.ssh/
+        key_file=$(basename "$_DEFAULT_KEY")
+        # Add the modified parameter
+        args+=("$1" "/home/nonroot/.ssh/$key_file")
+        shift 2
+        ;;
+    # Keep other parameters unchanged
+    -[nNsSeEcCvV]|--no-color|--separate-output|--allow-empty-line|--allow-cursor-control|--version)
+        args+=("$1")
+        shift
+        ;;
+    -[tTwW]|--host-tags|--terminal-width)
+        args+=("$1" "$2")
+        shift 2
+        ;;
+    [!-]*)
+        _HOSTS_CSV="$1"
+        # Modify the hosts.csv path to be under /home/nonroot/
+        hosts_file=$(basename "$_HOSTS_CSV")
+        # Add the modified parameter
+        args+=("/home/nonroot/$hosts_file")
+        shift
+        # Stop processing remaining arguments
+        args+=("$@")
+        break
+        ;;
+    esac
+done
+
+# Run the ananta command with the modified arguments
+exec catatonit -- ananta "${args[@]}"
