update image

udx · Feb 18, 2025 · 389f2c0 · 389f2c0
1 parent 43824cb
commit 389f2c0
Show file tree

Hide file tree

Showing 37 changed files with 2,508 additions and 467 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -4,13 +4,27 @@ FROM ubuntu:25.04
 # Set the maintainer of the image
 LABEL maintainer="UDX CAG Team"
 
-# Set environment variables to avoid interactive prompts and set a fixed timezone
+# Set base environment variables
 ENV DEBIAN_FRONTEND=noninteractive \
     TZ=Etc/UTC \
     USER=udx \
     UID=500 \
     GID=500 \
-    HOME=/home/udx
+    HOME=/home/udx \
+    # Worker specific paths
+    WORKER_BASE_DIR=/opt/worker \
+    WORKER_CONFIG_DIR=/etc/worker \
+    WORKER_APP_DIR=/opt/worker/apps \
+    WORKER_DATA_DIR=/opt/worker/data \
+    WORKER_LIB_DIR=/usr/local/worker/lib \
+    WORKER_BIN_DIR=/usr/local/worker/bin \
+    WORKER_ETC_DIR=/usr/local/worker/etc \
+    # Add worker bin to PATH
+    PATH=/usr/local/worker/bin:${PATH} \
+    # Cloud SDK configurations
+    CLOUDSDK_CONFIG=/usr/local/configs/gcloud \
+    AWS_CONFIG_FILE=/usr/local/configs/aws \
+    AZURE_CONFIG_DIR=/usr/local/configs/azure
 
 # Set the shell with pipefail option
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
@@ -22,10 +36,10 @@ USER root
 # hadolint ignore=DL3015
 RUN apt-get update && \
     apt-get install -y \
-    tzdata=2024b-6ubuntu1 \
+    tzdata=2025a-2ubuntu1 \
     curl=8.12.0+git20250209.89ed161+ds-1ubuntu1 \
     bash=5.2.37-1ubuntu1 \
-    apt-utils=2.9.28 \
+    apt-utils=2.9.29 \
     gettext=0.23.1-1 \
     gnupg=2.4.4-2ubuntu22 \
     ca-certificates=20241223 \
@@ -110,34 +124,73 @@ RUN groupadd -g ${GID} ${USER} && \
 RUN mkdir -p /var/log/supervisor /var/run/supervisor && \
     chown -R ${USER}:${USER} /var/log/supervisor /var/run/supervisor
 
-# Copy the CLI tool into the image
-COPY lib/cli.sh /usr/local/bin/worker_mgmt
-RUN chmod +x /usr/local/bin/worker_mgmt && \
-    ln -s /usr/local/bin/worker_mgmt /usr/local/bin/worker    
-
-# Copy the bin, etc, and lib directories
-COPY etc/configs /usr/local/configs
-COPY lib /usr/local/lib
-COPY bin/entrypoint.sh /usr/local/bin/entrypoint.sh
-
-# Set permissions during build
-# Set ownership
-RUN chown -R ${UID}:${GID} /usr/local/configs /usr/local/bin /usr/local/lib && \
-    # Make specific scripts executable
-    chmod 755 /usr/local/bin/entrypoint.sh /usr/local/lib/process_manager.sh && \
-    # Set read-only permissions for config files
-    find /usr/local/configs -type f -exec chmod 644 {} + && \
-    # Set read-only permissions for library files
-    find /usr/local/lib -type f ! -name process_manager.sh -exec chmod 644 {} + && \
-    # Ensure directories are accessible
-    find /usr/local/configs /usr/local/bin /usr/local/lib -type d -exec chmod 755 {} +
-
-# Create a symbolic link for the supervisord configuration file
-RUN ln -sf /usr/local/configs/supervisor/supervisord.conf /etc/supervisord.conf    
-
-# Prepare directories for the user and worker configuration
-RUN mkdir -p ${HOME} && \
-    chown -R ${USER}:${USER} ${HOME}
+# Create directory structure
+RUN mkdir -p \
+    # Worker directories
+    ${WORKER_CONFIG_DIR} \
+    ${WORKER_APP_DIR} \
+    ${WORKER_DATA_DIR} \
+    ${WORKER_LIB_DIR} \
+    ${WORKER_BIN_DIR} \
+    ${WORKER_ETC_DIR} \
+    # Environment and secrets files directory
+    ${WORKER_CONFIG_DIR}/environment.d \
+    # User and config directories
+    ${HOME}/.config/worker \
+    # Cloud SDK config directories
+    ${CLOUDSDK_CONFIG} \
+    ${AWS_CONFIG_FILE%/*} \
+    ${AZURE_CONFIG_DIR} && \
+    # Create and set permissions for environment files
+    touch ${WORKER_CONFIG_DIR}/environment ${WORKER_CONFIG_DIR}/secrets && \
+    chown ${USER}:${USER} \
+        ${WORKER_CONFIG_DIR}/environment \
+        ${WORKER_CONFIG_DIR}/secrets && \
+    chmod 644 ${WORKER_CONFIG_DIR}/environment && \
+    chmod 600 ${WORKER_CONFIG_DIR}/secrets
+
+# Copy worker files
+COPY bin/entrypoint.sh ${WORKER_BIN_DIR}/
+COPY lib ${WORKER_LIB_DIR}/
+COPY etc/configs/worker/default.yaml ${WORKER_CONFIG_DIR}/worker.yaml
+COPY etc/configs/supervisor ${WORKER_CONFIG_DIR}/supervisor/
+
+# Make scripts executable and initialize environment
+RUN chmod +x ${WORKER_LIB_DIR}/*.sh && \
+    ${WORKER_LIB_DIR}/env_handler.sh init_environment
+
+# Set up CLI tool
+COPY lib/cli.sh ${WORKER_BIN_DIR}/worker_mgmt
+RUN chmod +x ${WORKER_BIN_DIR}/worker_mgmt && \
+    ln -s ${WORKER_BIN_DIR}/worker_mgmt ${WORKER_BIN_DIR}/worker
+
+# Set permissions
+RUN \
+    # Set base ownership
+    chown -R ${UID}:${GID} \
+        ${WORKER_BASE_DIR} \
+        ${WORKER_CONFIG_DIR} \
+        ${WORKER_LIB_DIR} \
+        ${WORKER_BIN_DIR} \
+        ${HOME} \
+        ${CLOUDSDK_CONFIG} \
+        ${AWS_CONFIG_FILE%/*} \
+        ${AZURE_CONFIG_DIR} && \
+    # Set directory permissions
+    find ${WORKER_BASE_DIR} ${WORKER_CONFIG_DIR} ${WORKER_LIB_DIR} ${WORKER_BIN_DIR} -type d -exec chmod 755 {} + && \
+    # Set file permissions
+    find ${WORKER_CONFIG_DIR} -type f -exec chmod 644 {} + && \
+    find ${WORKER_LIB_DIR} -type f ! -name process_manager.sh -exec chmod 644 {} + && \
+    # Make specific files executable
+    chmod 755 \
+        ${WORKER_BIN_DIR}/entrypoint.sh \
+        ${WORKER_BIN_DIR}/worker_mgmt \
+        ${WORKER_LIB_DIR}/process_manager.sh && \
+    # Set runtime directories permissions
+    chmod 775 ${WORKER_APP_DIR} ${WORKER_DATA_DIR}
+
+# Set up supervisor configuration
+RUN ln -sf ${WORKER_CONFIG_DIR}/supervisor/supervisord.conf /etc/supervisord.conf
 
 # Switch to the user directory
 WORKDIR ${HOME}
@@ -146,7 +199,7 @@ WORKDIR ${HOME}
 USER ${USER}
 
 # Set the entrypoint to run the entrypoint script using shell form
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+ENTRYPOINT ["/usr/local/worker/bin/entrypoint.sh"]
 
 # Set the default command
 CMD ["tail", "-f", "/dev/null"]
diff --git a/Makefile b/Makefile
@@ -28,15 +28,28 @@ build:
 		printf "$(COLOR_BLUE)$(SYM_ARROW) Starting Docker build...$(COLOR_RESET)\n"; \
 		if [ "$(MULTIPLATFORM)" = "true" ]; then \
 			printf "$(COLOR_BLUE)$(SYM_ARROW) Building for multiple platforms: [linux/amd64, linux/arm64]$(COLOR_RESET)\n"; \
-			docker buildx build --progress=plain \
-				--platform linux/amd64,linux/arm64 \
-				-t $(DOCKER_IMAGE) \
-				--load . 2>&1 | grep -E "$$filter" || exit 1; \
+			if [ "$(DEBUG)" = "true" ]; then \
+				docker buildx build --progress=plain \
+					--platform linux/amd64,linux/arm64 \
+					-t $(DOCKER_IMAGE) \
+					--load .; \
+			else \
+				docker buildx build --progress=plain \
+					--platform linux/amd64,linux/arm64 \
+					-t $(DOCKER_IMAGE) \
+					--load . 2>&1 | grep -E "$$filter" || exit 1; \
+			fi; \
 		else \
 			printf "$(COLOR_BLUE)$(SYM_ARROW) Building for local platform$(COLOR_RESET)\n"; \
-			DOCKER_BUILDKIT=1 docker build \
-				--progress=plain \
-				-t $(DOCKER_IMAGE) . 2>&1 | grep -E "$$filter" || exit 1; \
+			if [ "$(DEBUG)" = "true" ]; then \
+				DOCKER_BUILDKIT=1 docker build \
+					--progress=plain \
+					-t $(DOCKER_IMAGE) .; \
+			else \
+				DOCKER_BUILDKIT=1 docker build \
+					--progress=plain \
+					-t $(DOCKER_IMAGE) . 2>&1 | grep -E "$$filter" || exit 1; \
+			fi; \
 		fi && \
 		printf "$(COLOR_GREEN)$(SYM_SUCCESS) Docker image build completed$(COLOR_RESET)\n" || \
 		{ printf "$(COLOR_RED)$(SYM_ERROR) Docker build failed$(COLOR_RESET)\n"; exit 1; }'
@@ -88,10 +101,11 @@ clean:
 
 test: clean
 	@printf "$(COLOR_BLUE)$(SYM_ARROW) Running tests...$(COLOR_RESET)\n"
+	@chmod +x src/tests/*.sh
 	@$(MAKE) run \
-		VOLUMES="$(TEST_WORKER_CONFIG):/home/$(USER)/worker.yaml:ro $(TEST_SERVICES_CONFIG):/home/$(USER)/services.yaml:ro $(TESTS_TASKS_DIR):/home/$(USER)/tasks:ro $(TESTS_MAIN_SCRIPT):/home/$(USER)/main.sh:ro" \
-		COMMAND="/home/$(USER)/main.sh" || exit 1
-	@$(MAKE) log FOLLOW_LOGS=true || exit 1
+		INTERACTIVE=true \
+		VOLUMES="$(PWD)/src/tests:/tests" \
+		COMMAND="/bin/bash -c '/tests/env.sh && /tests/service.sh'" || exit 1
 	@$(MAKE) clean || exit 1
 	@printf "$(COLOR_GREEN)$(SYM_SUCCESS) Tests completed successfully$(COLOR_RESET)\n"
 

diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh
@@ -1,16 +1,16 @@
 #!/bin/bash
 
 # shellcheck disable=SC1091
-source /usr/local/lib/utils.sh
+source ${WORKER_LIB_DIR}/utils.sh
 
 log_info "Welcome to UDX Worker Container. Initializing environment..."
 
 # shellcheck disable=SC1091
-source /usr/local/lib/environment.sh
+source ${WORKER_LIB_DIR}/environment.sh
 
 # Start the process manager in the background
 log_info "Starting process manager..."
-/usr/local/lib/process_manager.sh &
+${WORKER_LIB_DIR}/process_manager.sh &
 
 # Main execution logic
 if [ "$#" -gt 0 ]; then

diff --git a/etc/configs/worker/services.yaml b/etc/configs/worker/services.yaml
diff --git a/lib/auth.sh b/lib/auth.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-# shellcheck source=/usr/local/lib/utils.sh disable=SC1091
-source /usr/local/lib/utils.sh
+# shellcheck source=${WORKER_LIB_DIR}/utils.sh disable=SC1091
+source ${WORKER_LIB_DIR}/utils.sh
 
 # Array to track configured providers
 declare -a configured_providers=()
@@ -61,7 +61,7 @@ authenticate_actors() {
         # Proceed only if creds are valid JSON
         if echo "$creds" | jq empty &>/dev/null; then
             log_info "Processing credentials for $provider"
-            auth_script="/usr/local/lib/auth/${provider}.sh"
+            auth_script="${WORKER_LIB_DIR}/auth/${provider}.sh"
             auth_function="${provider}_authenticate"
 
             if [[ -f "$auth_script" ]]; then

diff --git a/lib/auth/aws.sh b/lib/auth/aws.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-# shellcheck source=/usr/local/lib/utils.sh disable=SC1091
-source /usr/local/lib/utils.sh
+# shellcheck source=${WORKER_LIB_DIR}/utils.sh disable=SC1091
+source ${WORKER_LIB_DIR}/utils.sh
 
 # Example usage of the function
 # aws_authenticate "/path/to/your/aws_creds.json"

diff --git a/lib/auth/azure.sh b/lib/auth/azure.sh
@@ -5,8 +5,8 @@
 # Example usage of the function
 # azure_authenticate "/path/to/your/azure_creds.json"
 
-# shellcheck source=/usr/local/lib/utils.sh disable=SC1091
-source /usr/local/lib/utils.sh
+# shellcheck source=${WORKER_LIB_DIR}/utils.sh disable=SC1091
+source ${WORKER_LIB_DIR}/utils.sh
 
 # Function to authenticate Azure accounts
 azure_authenticate() {

diff --git a/lib/auth/bitwarden.sh b/lib/auth/bitwarden.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-# shellcheck source=/usr/local/lib/utils.sh disable=SC1091
-source /usr/local/lib/utils.sh
+# shellcheck source=${WORKER_LIB_DIR}/utils.sh disable=SC1091
+source ${WORKER_LIB_DIR}/utils.sh
 
 # Function to authenticate Bitwarden using API key or master password
 #

diff --git a/lib/auth/gcp.sh b/lib/auth/gcp.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-# shellcheck source=/usr/local/lib/utils.sh disable=SC1091
-source /usr/local/lib/utils.sh
+# shellcheck source=${WORKER_LIB_DIR}/utils.sh disable=SC1091
+source ${WORKER_LIB_DIR}/utils.sh
 
 # Function to authenticate GCP service accounts
 #

diff --git a/lib/cleanup.sh b/lib/cleanup.sh
@@ -2,10 +2,10 @@
 
 # Include worker config utilities first
 # shellcheck source=/dev/null
-source /usr/local/lib/worker_config.sh
+source ${WORKER_LIB_DIR}/worker_config.sh
 
 # shellcheck source=/dev/null
-source /usr/local/lib/utils.sh
+source ${WORKER_LIB_DIR}/utils.sh
 
 # Generic function to clean up authentication for any provider
 cleanup_provider() {