Merge pull request #66 from microsoftgraph/chore/docker_image

Add docker build config

Author: calebkiage

.dockerignore

@@ -0,0 +1,10 @@
+**/.git/
+**/.github/
+**/.vs/
+**/.vscode/
+**/[Bb]in/
+**/[Oo]bj/
+**/*.sample.*
+tmp/
+**/.env
+**/*.md

.github/workflows/docker-publish.yml

@@ -0,0 +1,53 @@
+name: Publish Docker image
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'The tag to build'
+        required: true
+        type: string
+  push:
+    branches: [main]
+    tags: ['v*']
+    paths: ['src/**', '.github/workflows/**']
+jobs:
+  push_to_registry:
+    name: Push Docker image to GitHub Packages
+    runs-on: ubuntu-latest
+    env:
+      MSGRAPH_DOCKER_REGISTRY_URL: docker.pkg.github.com
+      PACKAGE_VERSION: ${{github.event.inputs.tag || github.ref_name || 'v0.1.0'}}
+    steps:
+      - id: get-version
+        run: |
+          PACKAGE_VERSION=$(echo $PACKAGE_VERSION | sed s/^v//)
+          echo "::set-output name=version::$PACKAGE_VERSION"
+      - name: Check out the repo
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+          ref: ${{github.event.inputs.tag || ''}}
+      - name: Login to GitHub package feed
+        uses: docker/[email protected] 
+        with:
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: docker.pkg.github.com
+      - name: Push to GitHub Packages - Nightly
+        if: contains(github.ref, 'refs/head/main')
+        uses: docker/[email protected]
+        with:
+          push: true
+          tags: docker.pkg.github.com/microsoftgraph/msgraph-cli/msgraph-cli:nightly
+          secrets: |
+            "user=${{ secrets.NUGET_USER }}"
+            "token=${{ secrets.NUGET_PASSWORD }}"
+      - name: Push to GitHub Packages - Release
+        if: contains(github.ref, 'refs/tags/v')
+        uses: docker/[email protected]
+        with:
+          push: true
+          tags: docker.pkg.github.com/microsoftgraph/msgraph-cli/msgraph-cli:latest,docker.pkg.github.com/microsoftgraph/msgraph-cli/msgraph-cli:${{ steps.get-version.outputs.version }}
+          secrets: |
+            "user=${{ secrets.NUGET_USER }}"
+            "token=${{ secrets.NUGET_PASSWORD }}"

.gitignore

@@ -573,4 +573,7 @@ FodyWeavers.xsd
 # End of https://www.toptal.com/developers/gitignore/api/visualstudiocode,visualstudio,intellij+all,dotnetcore,windows,macos,linux
 
 app-settings.*.json
-!app-settings.sample.json
+!app-settings.sample.json
+
+# docker compose mounts
+tmp/

Dockerfile

@@ -0,0 +1,53 @@
+# To get around the bug in https://github.com/moby/buildkit/issues/1366 on windows hosts, you can either:
+#   1. Enable long file path support in windows
+#   2. Use the \\?\ prefix when specifying the path in the docker build command. e.g.
+#      docker build \\?\C:\path -f .\Dockerfile
+# See https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation
+FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine AS build-env
+
+ARG MS_NUGET_URL=https://nuget.pkg.github.com/microsoft/index.json
+ARG MSGRAPH_NUGET_URL=https://nuget.pkg.github.com/microsoftgraph/index.json
+
+WORKDIR /app
+
+COPY ./src ./msgraph-cli/src
+COPY ./msgraph-cli-core ./msgraph-cli/msgraph-cli-core
+WORKDIR /app/msgraph-cli
+
+RUN --mount=type=secret,id=user,required=true --mount=type=secret,id=token,required=true \
+    dotnet nuget add source ${MS_NUGET_URL} -n ms-gh -u $(cat /run/secrets/user) -p $(cat /run/secrets/token) --store-password-in-clear-text &&\
+    dotnet nuget add source ${MSGRAPH_NUGET_URL} -n msgraph-gh -u $(cat /run/secrets/user) -p $(cat /run/secrets/token) --store-password-in-clear-text
+
+RUN dotnet publish -p:PublishSingleFile=false -p:PublishReadyToRun=true -p:PublishReadyToRunShowWarnings=true ./src/msgraph-cli.csproj --configuration Release --no-self-contained --runtime linux-musl-x64 --output /app/output
+
+FROM mcr.microsoft.com/dotnet/runtime:6.0-alpine as runtime
+
+# Change this password by providing a different value when running the container
+ENV KEYRING_PASSWORD="password"
+
+RUN apk add --no-cache libsecret dbus gnome-keyring libcap &&\
+    dbus-uuidgen > /var/lib/dbus/machine-id &&\
+    setcap cap_ipc_lock=+ep $(which gnome-keyring-daemon)
+
+RUN addgroup mgc &&\
+    adduser -D -G mgc -h /app mgc
+
+WORKDIR /app
+
+COPY --from=build-env /app/output ./dist
+
+RUN ln -s /app/dist/mgc /usr/bin/mgc
+
+USER mgc
+
+COPY --chown=mgc:mgc ./docker/* ./dist/
+
+RUN mkdir -p /app/.mgc /app/.local/share/.IdentityService /app/.local/share/keyrings &&\
+    chmod +x /app/dist/init.sh
+
+VOLUME [ "/app/.mgc", "/app/.local/share/.IdentityService", "/app/.local/share/keyrings" ]
+
+ENTRYPOINT ["./dist/init.sh"]
+
+LABEL description="# Welcome to the Microsoft Graph CLI  \
+[Source dockerfile](https://github.com/microsoftgraph/msgraph-cli/blob/main/Dockerfile)"

docker-compose.yml

@@ -0,0 +1,14 @@
+version: '2'
+services:
+  mgc:
+    image: msgraph-cli
+    cap_add:
+    # https://man7.org/linux/man-pages/man7/capabilities.7.html
+    # 
+    - IPC_LOCK # Required by gnome-keyring daemon, the dbus secret service
+    environment:
+      - KEYRING_PASSWORD=changeit
+    volumes:
+      - ./tmp/.mgc:/app/.mgc
+      - ./tmp/.IdentityService:/app/.local/share/.IdentityService
+      - ./tmp/keyrings:/app/.local/share/keyrings

docker/README.md

@@ -0,0 +1,38 @@
+# Microsoft Graph CLI
+## Docker Image Help
+
+### Quick start
+#### Running the container
+If you are using docker-compose:
+```sh
+$ docker-compose run -it mgc sh
+```
+
+Otherwise use docker to run the container.
+```sh
+$ docker run -it --cap-add=IPC_LOCK --rm msgraph-cli sh
+```
+
+> The IPC_LOCK capability is required by the `gnome-keyring-daemon` process which
+> performs token encryption.
+
+#### Building an image
+Ensure you have a docker engine with API access [1.39+](https://docs.docker.com/engine/api/v1.39/) and BuildKit enabled.
+Create 2 files `nuget_user.txt` and `nuget_token.txt` and set their content to a username and a matching personal access token
+that has pull access to both the [microsoft](https://github.com/microsoft) and [microsoftgraph](https://github.com/microsoftgraph)
+GitHub organizations' package registries.
+
+To build an image in windows powershell:
+```powershell
+$ docker build \\?\$(Get-Location) -f . -t msgraph-cli --secret id=user,src=./tmp/nuget_user.txt --secret id=token,src=./tmp/nuget_token.txt
+```
+
+> The `\\?\$(Get-Location)` section of the command is used to get around the 260 character
+> limitation on windows systems that could cause issues when copying files to the docker
+> context. This issue impacts buildkit builds. For more information, check
+> [this issue](https://github.com/moby/buildkit/issues/1366).
+
+To build an image in linux or WSL:
+```sh
+$ docker build -t msgraph-cli --secret id=user,src=./tmp/nuget_user.txt --secret id=token,src=./tmp/nuget_token.txt .
+```

docker/app-settings.json

@@ -0,0 +1,7 @@
+{
+    "Logging": {
+        "LogLevel": {
+            "Default": "Debug"
+        }
+    }
+}

docker/init.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env sh
+
+set -e
+
+script="$0"
+DIR="$(dirname $script)"
+
+capabilities=$(capsh --print | grep -e "Current: .*ipc_lock" | sed s/\n// | sed s/\ //)
+ipc_error="IPC_LOCK capability is not enabled. If you are running a docker container, add the capability using the '--cap-add' option."
+
+if [ -z "$capabilities" ]; then
+    echo "$ipc_error"
+    exit 2
+fi
+
+if ! pgrep -x "dbus-daemon" > /dev/null
+then
+    export DBUS_SESSION_BUS_ADDRESS=$(dbus-daemon --session --fork --print-address)
+else
+    echo "dbus-daemon already running"
+fi
+
+dbus-run-session -- echo "$KEYRING_PASSWORD" | gnome-keyring-daemon --daemonize --components=secrets --unlock && "$@"

msgraph-cli-core

@@ -8,20 +8,14 @@
 using Microsoft.Graph.Cli.Core.Commands.Authentication;
 using Microsoft.Graph.Cli.Core.Configuration;
 using Microsoft.Graph.Cli.Core.IO;
-using Microsoft.Graph.Cli.Core.Utils;
-using Microsoft.Kiota.Abstractions;
 using Microsoft.Kiota.Authentication.Azure;
 using Microsoft.Kiota.Cli.Commons.IO;
 using Microsoft.Kiota.Http.HttpClientLibrary;
-using Microsoft.Kiota.Http.HttpClientLibrary.Middleware;
-using Microsoft.Kiota.Http.HttpClientLibrary.Middleware.Options;
 using System.CommandLine;
 using System.CommandLine.Builder;
 using System.CommandLine.Hosting;
 using System.CommandLine.Parsing;
 using System.IO;
-using System.Linq;
-using System.Net.Http;
 using System.Reflection;
 using System.Threading.Tasks;
 using System.Collections.Generic;
@@ -123,7 +117,7 @@ static IHostBuilder CreateHostBuilder(string[] args) =>
 
         static void ConfigureAppConfiguration(IConfigurationBuilder builder) {
             builder.Sources.Clear();
-            builder.AddJsonFile("app-settings.json", optional: false);
+            builder.AddJsonFile(Path.Combine(Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location), "app-settings.json"), optional: false);
             var pathUtil = new PathUtility();
             var authCache = new AuthenticationCacheUtility(pathUtil);
             var dataDir = pathUtil.GetApplicationDataDirectory();