diff --git a/.dockerignore b/.dockerignore index 81725f4..71f87d0 100644 --- a/.dockerignore +++ b/.dockerignore @@ -9,8 +9,8 @@ docs/ README* # Docker files -docker-compose.yml -Dockerfile* +compose.yaml +Containerfile* .dockerignore # Development and CI files diff --git a/.gitattributes b/.gitattributes index 096fbde..f215f64 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,2 @@ -*.yml linguist-detectable +*.yaml linguist-detectable *.yaml linguist-detectable diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ab6e69a..0cfee1c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,13 +3,13 @@ # ============================================================================== # # This workflow handles Docker and infrastructure validation for the IRC server -# project. It runs comprehensive linting on Dockerfiles, Docker Compose files, +# project. It runs comprehensive linting on Containerfiles, Docker Compose files, # and performs security scanning to ensure infrastructure quality. # # WORKFLOW FEATURES: # ------------------ # 1. Smart file change detection to skip unnecessary jobs -# 2. Parallel execution for different linting categories +# 2. Parallel execution for different linting categories # 3. Comprehensive Docker linting with Hadolint # 4. Docker Compose syntax validation with modern docker compose # 5. Security vulnerability scanning with Trivy @@ -46,20 +46,20 @@ concurrency: jobs: # ============================================================================ - # DOCKERFILE LINTING - Static Analysis and Best Practices + # CONTAINERFILE LINTING - Static Analysis and Best Practices # ============================================================================ # Purpose: Ensures Docker best practices and security through Hadolint # Tools: Hadolint with SARIF output for GitHub Security integration # Optimization: Only runs when Docker files change or on manual trigger # ============================================================================ - dockerfile-lint: - name: Dockerfile Linting + containerfile-lint: + name: Containerfile Linting runs-on: ubuntu-latest permissions: contents: read # Required for checkout security-events: write # Required for SARIF upload actions: read # Required for GitHub token - + steps: # REPOSITORY CHECKOUT # Full history not needed for linting current state @@ -68,16 +68,16 @@ jobs: # SMART CHANGE DETECTION # Detects Docker file changes to skip unnecessary runs - # Includes all Dockerfile variants and related files + # Includes all Containerfile variants and related files - name: Detect Docker file changes uses: tj-actions/changed-files@v46 id: docker_changes with: files: | - **/Dockerfile* + **/Containerfile* **/.dockerignore - docker-compose*.yml - docker-compose*.yaml + compose*.yaml + compose*.yaml # EARLY TERMINATION FOR UNCHANGED FILES # Skips Hadolint setup if no relevant files changed @@ -85,46 +85,46 @@ jobs: - name: Skip if no Docker changes if: steps.docker_changes.outputs.any_changed != 'true' && github.event_name != 'workflow_dispatch' run: | - echo "✅ No Docker files changed, skipping Dockerfile linting" + echo "✅ No Docker files changed, skipping Containerfile linting" echo "💡 To force run checks, use workflow_dispatch trigger" - # DOCKERFILE DISCOVERY - # Finds all Dockerfiles in the repository for comprehensive linting - - name: Find Dockerfiles + # CONTAINERFILE DISCOVERY + # Finds all Containerfiles in the repository for comprehensive linting + - name: Find Containerfiles if: steps.docker_changes.outputs.any_changed == 'true' || github.event_name == 'workflow_dispatch' - id: dockerfiles + id: containerfiles run: | - # Find all Dockerfiles in the repository - dockerfiles=$(find . -name "Dockerfile*" -type f | grep -v ".git") - if [ -n "$dockerfiles" ]; then + # Find all Containerfiles in the repository + containerfiles=$(find . -name "Containerfile*" -type f | grep -v ".git") + if [ -n "$containerfiles" ]; then echo "found=true" >> $GITHUB_OUTPUT echo "files<> $GITHUB_OUTPUT - echo "$dockerfiles" >> $GITHUB_OUTPUT + echo "$containerfiles" >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT - echo "Found Dockerfiles:" - echo "$dockerfiles" + echo "Found Containerfiles:" + echo "$containerfiles" else echo "found=false" >> $GITHUB_OUTPUT - echo "No Dockerfiles found" + echo "No Containerfiles found" fi # HADOLINT SECURITY ANALYSIS # Comprehensive linting with SARIF output for GitHub Security # Ignores specific rules that may conflict with multi-stage builds - - name: Lint Dockerfiles with Hadolint (Security Report) - if: steps.dockerfiles.outputs.found == 'true' + - name: Lint Containerfiles with Hadolint (Security Report) + if: steps.containerfiles.outputs.found == 'true' uses: hadolint/hadolint-action@v3.1.0 with: - dockerfile: './Dockerfile' + dockerfile: './Containerfile' failure-threshold: warning format: sarif output-file: hadolint-results.sarif # SECURITY INTEGRATION # Uploads results to GitHub Security tab for centralized view - # Always runs if Dockerfiles found, even if linting fails + # Always runs if Containerfiles found, even if linting fails - name: Upload Hadolint results to GitHub Security - if: steps.dockerfiles.outputs.found == 'true' && always() + if: steps.containerfiles.outputs.found == 'true' && always() uses: github/codeql-action/upload-sarif@v3 with: sarif_file: hadolint-results.sarif @@ -132,11 +132,11 @@ jobs: # CONSOLE OUTPUT FOR IMMEDIATE FEEDBACK # Provides immediate feedback in workflow logs # Helps developers see issues without navigating to Security tab - - name: Lint Dockerfiles with Hadolint (Console Output) - if: steps.dockerfiles.outputs.found == 'true' + - name: Lint Containerfiles with Hadolint (Console Output) + if: steps.containerfiles.outputs.found == 'true' uses: hadolint/hadolint-action@v3.1.0 with: - dockerfile: './Dockerfile' + dockerfile: './Containerfile' failure-threshold: warning # ============================================================================ @@ -146,12 +146,12 @@ jobs: # Tools: Docker Compose config validation and yamllint for YAML syntax # Optimization: Only runs when Compose files change or on manual trigger # ============================================================================ - docker-compose-lint: + compose-lint: name: Docker Compose Linting runs-on: ubuntu-latest permissions: contents: read - + steps: # REPOSITORY CHECKOUT # Shallow clone sufficient for validation current state @@ -166,9 +166,9 @@ jobs: id: compose_changes with: files: | - docker-compose*.yml - docker-compose*.yaml - compose*.yml + compose*.yaml + compose*.yaml + compose*.yaml compose*.yaml # EARLY TERMINATION FOR UNCHANGED FILES @@ -185,8 +185,8 @@ jobs: if: steps.compose_changes.outputs.any_changed == 'true' || github.event_name == 'workflow_dispatch' id: compose-files run: | - # Find all docker-compose files in the repository - compose_files=$(find . -name "docker-compose*.yml" -o -name "docker-compose*.yaml" -o -name "compose*.yml" -o -name "compose*.yaml" | grep -v ".git") + # Find all compose files in the repository + compose_files=$(find . -name "compose*.yaml" -o -name "compose*.yaml" -o -name "compose*.yaml" -o -name "compose*.yaml" | grep -v ".git") if [ -n "$compose_files" ]; then echo "found=true" >> $GITHUB_OUTPUT echo "files<> $GITHUB_OUTPUT @@ -205,7 +205,7 @@ jobs: - name: Validate Docker Compose syntax if: steps.compose-files.outputs.found == 'true' run: | - # Validate each docker-compose file using modern docker compose + # Validate each compose file using modern docker compose echo "${{ steps.compose-files.outputs.files }}" | while IFS= read -r file; do if [ -n "$file" ]; then echo "Validating $file..." @@ -226,9 +226,9 @@ jobs: run: | # Install yamllint for YAML syntax validation sudo apt-get update && sudo apt-get install -y yamllint - + # Create yamllint config for Docker Compose specifics - cat > .yamllint.yml << EOF + cat > .yamllint.yaml << EOF extends: default rules: line-length: @@ -237,12 +237,12 @@ jobs: truthy: allowed-values: ['true', 'false', 'yes', 'no'] # Docker Compose uses various boolean formats EOF - - # Validate each docker-compose file with yamllint + + # Validate each compose file with yamllint echo "${{ steps.compose-files.outputs.files }}" | while IFS= read -r file; do if [ -n "$file" ]; then echo "Running yamllint on $file..." - yamllint -c .yamllint.yml "$file" + yamllint -c .yamllint.yaml "$file" fi done @@ -264,7 +264,7 @@ jobs: # Only run on pull requests to avoid resource waste on every push # Manual trigger available for security audits if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' - + steps: # REPOSITORY CHECKOUT # Full history not needed for security scanning @@ -278,9 +278,9 @@ jobs: id: security_changes with: files: | - **/Dockerfile* - docker-compose*.yml - docker-compose*.yaml + **/Containerfile* + compose*.yaml + compose*.yaml # EARLY TERMINATION FOR UNCHANGED DOCKER FILES # Skip security scan if no Docker files changed (unless manual trigger) @@ -295,13 +295,13 @@ jobs: - name: Build Docker image for security scanning if: steps.security_changes.outputs.any_changed == 'true' || github.event_name == 'workflow_dispatch' run: | - if [ -f "Dockerfile" ]; then + if [ -f "Containerfile" ]; then echo "Building Docker image for security scanning..." - docker build -t irc-security-scan:latest . + docker build -t irc-security-scan:latest -f=Containerfile . echo "✅ Docker image built successfully" else - echo "❌ No Dockerfile found in root directory" - echo "Security scan requires a Dockerfile to analyze" + echo "❌ No Containerfile found in root directory" + echo "Security scan requires a Containerfile to analyze" exit 1 fi @@ -386,4 +386,4 @@ jobs: # View linting results: # Check Actions tab for detailed logs and console output # -# ============================================================================== \ No newline at end of file +# ============================================================================== diff --git a/Dockerfile b/Containerfile similarity index 98% rename from Dockerfile rename to Containerfile index 5b1c6da..0df6445 100644 --- a/Dockerfile +++ b/Containerfile @@ -146,10 +146,10 @@ COPY --chown=ircd:ircd scripts/manage-modules.sh /usr/local/bin/manage-modules COPY --chown=ircd:ircd scripts/module-config.sh /usr/local/bin/module-config COPY --chown=ircd:ircd scripts/start-webpanel.sh /usr/local/bin/start-webpanel -# Set proper permissions and create necessary symlinks +# Set proper permissions and create necessary syamlinks RUN chmod 755 /usr/local/atheme/bin/* /usr/local/unrealircd/bin/* && \ chown -R ircd:ircd /var/log /var/run && \ - # Create symlinks for easier access + # Create syamlinks for easier access ln -sf /usr/local/atheme/bin/atheme-services /usr/local/bin/atheme-services && \ ln -sf /usr/local/unrealircd/bin/unrealircd /usr/local/bin/unrealircd && \ # Ensure proper ownership of configuration directories diff --git a/Makefile b/Makefile index 8662a4c..dbfeebf 100644 --- a/Makefile +++ b/Makefile @@ -337,10 +337,10 @@ lint: fi @if command -v hadolint >/dev/null 2>&1; then \ echo -e "$(BLUE)[INFO]$(NC) Running hadolint..."; \ - hadolint Dockerfile web/webpanel/Dockerfile; \ + hadolint Containerfile web/webpanel/Containerfile; \ echo -e "$(GREEN)[SUCCESS]$(NC) Hadolint completed!"; \ else \ - echo -e "$(YELLOW)[WARNING]$(NC) hadolint not found. Install it for Dockerfile validation."; \ + echo -e "$(YELLOW)[WARNING]$(NC) hadolint not found. Install it for Containerfile validation."; \ fi # ============================================================================ diff --git a/docker-compose.yml b/compose.yaml similarity index 88% rename from docker-compose.yml rename to compose.yaml index 83d11dc..8414e46 100644 --- a/docker-compose.yml +++ b/compose.yaml @@ -1,20 +1,17 @@ -version: '3.8' +--- + +name: irc.atl.chat services: ircd: build: context: . - dockerfile: Dockerfile + dockerfile: Containerfile target: runtime args: UNREALIRCD_VERSION: "6.1.10" ATHEME_VERSION: "7.2.12" container_name: ircd - restart: unless-stopped - ports: - - '6667:6667' # Standard IRC port - - '6697:6697' # IRC over SSL/TLS - - '8600:8600' # JSON-RPC API for webpanel volumes: - ircd_data:/usr/local/unrealircd/data - ircd_logs:/usr/local/unrealircd/logs @@ -23,8 +20,13 @@ services: - ircd_contrib:/usr/local/unrealircd/contrib environment: - TZ=UTC + ports: + - '6667:6667' # Standard IRC port + - '6697:6697' # IRC over SSL/TLS + - '8600' # JSON-RPC API for webpanel networks: - irc_network + restart: unless-stopped healthcheck: test: ["CMD", "pgrep", "-f", "unrealircd"] interval: 30s @@ -35,13 +37,15 @@ services: atheme: build: context: . - dockerfile: Dockerfile + dockerfile: Containerfile target: runtime args: UNREALIRCD_VERSION: "6.1.10" ATHEME_VERSION: "7.2.12" container_name: atheme - restart: unless-stopped + depends_on: + ircd: + condition: service_healthy volumes: - atheme_data:/usr/local/atheme/data - atheme_logs:/usr/local/atheme/logs @@ -52,19 +56,17 @@ services: - ATHEME_DATA=/usr/local/atheme/data networks: - irc_network - depends_on: - ircd: - condition: service_healthy command: ["/usr/local/bin/start-services", "start"] + restart: unless-stopped webpanel: build: context: . - dockerfile: web/webpanel/Dockerfile + dockerfile: web/webpanel/Containerfile container_name: webpanel - restart: unless-stopped - ports: - - '8080:80' # Web interface + depends_on: + ircd: + condition: service_healthy volumes: - webpanel_data:/var/www/html/unrealircd-webpanel/data - webpanel_config:/var/www/html/unrealircd-webpanel/config @@ -74,11 +76,11 @@ services: - UNREALIRCD_PORT=8600 - UNREALIRCD_RPC_USER=adminpanel - UNREALIRCD_RPC_PASSWORD=webpanel_password_2024 + ports: + - '8080:80' # Web interface networks: - irc_network - depends_on: - ircd: - condition: service_healthy + restart: unless-stopped healthcheck: test: ["CMD", "curl", "-f", "http://localhost/unrealircd-webpanel/"] interval: 30s @@ -89,16 +91,16 @@ services: gamja: build: context: . - dockerfile: web/gamja/Dockerfile + dockerfile: web/gamja/Containerfile container_name: gamja - restart: unless-stopped - ports: - - '8080:80' - environment: - - TZ=UTC depends_on: ircd: condition: service_healthy + environment: + - TZ=UTC + ports: + - '8081:80' + restart: unless-stopped healthcheck: test: ["CMD", "curl", "-f", "http://localhost/gamja/"] interval: 30s @@ -111,11 +113,16 @@ services: depends_on: ircd: condition: service_healthy + volumes: + - /opt/thelounge:/var/opt/thelounge # bind lounge config from the host's file system ports: - '9000:9000' - restart: always - volumes: - - /opt/thelounge:/var/opt/thelounge # bind lounge config from the host's file system + restart: unless-stopped + +networks: + irc_network: + driver: bridge + volumes: ircd_data: driver: local @@ -133,10 +140,3 @@ volumes: driver: local webpanel_config: driver: local - -networks: - irc_network: - driver: bridge - ipam: - config: - - subnet: 172.20.0.0/16 diff --git a/scripts/test-ci.sh b/scripts/test-ci.sh index 4aa2925..b593517 100755 --- a/scripts/test-ci.sh +++ b/scripts/test-ci.sh @@ -18,18 +18,18 @@ echo -e "${YELLOW}📋 Available jobs:${NC}" act --list echo "" -echo -e "${YELLOW}🐳 Testing Dockerfile Linting...${NC}" +echo -e "${YELLOW}🐳 Testing Containerfile Linting...${NC}" echo "----------------------------------------" -if act push -j dockerfile-lint --verbose; then - echo -e "${GREEN}✅ Dockerfile linting test PASSED${NC}" +if act push -j containerfile-lint --verbose; then + echo -e "${GREEN}✅ Containerfile linting test PASSED${NC}" else - echo -e "${RED}❌ Dockerfile linting test FAILED${NC}" + echo -e "${RED}❌ Containerfile linting test FAILED${NC}" fi echo "" echo -e "${YELLOW}📦 Testing Docker Compose Linting...${NC}" echo "----------------------------------------" -if act push -j docker-compose-lint --verbose; then +if act push -j compose-lint --verbose; then echo -e "${GREEN}✅ Docker Compose linting test PASSED${NC}" else echo -e "${RED}❌ Docker Compose linting test FAILED${NC}" @@ -56,7 +56,7 @@ fi echo "" echo -e "${GREEN}🎉 Testing complete!${NC}" echo "To run individual tests:" -echo " act push -j dockerfile-lint" -echo " act push -j docker-compose-lint" +echo " act push -j containerfile-lint" +echo " act push -j compose-lint" echo " act pull_request -j docker-security-scan" -echo " act push # run all push jobs" \ No newline at end of file +echo " act push # run all push jobs" diff --git a/web/gamja/Dockerfile b/web/gamja/Containerfile similarity index 100% rename from web/gamja/Dockerfile rename to web/gamja/Containerfile diff --git a/web/webpanel/Dockerfile b/web/webpanel/Containerfile similarity index 98% rename from web/webpanel/Dockerfile rename to web/webpanel/Containerfile index 10de14d..14e1849 100644 --- a/web/webpanel/Dockerfile +++ b/web/webpanel/Containerfile @@ -1,4 +1,4 @@ -# UnrealIRCd WebPanel Dockerfile +# UnrealIRCd WebPanel Containerfile # Provides web-based administration interface for UnrealIRCd # Based on official documentation: https://www.unrealircd.org/docs/UnrealIRCd_webpanel diff --git a/web/webpanel/README.md b/web/webpanel/README.md index c8cde94..130fa66 100644 --- a/web/webpanel/README.md +++ b/web/webpanel/README.md @@ -4,7 +4,7 @@ This directory contains the UnrealIRCd WebPanel - a web-based administration int ## Files -- **`Dockerfile`** - Container build configuration for the webpanel +- **`Containerfile`** - Container build configuration for the webpanel - **`config.php`** - PHP configuration file for the webpanel (template) ## What is the WebPanel?