From 4dd2ceabfdccdaa3cf5430023b5daebd0ae45c7a Mon Sep 17 00:00:00 2001
From: Puskar Basu <45908484+pskrbasu@users.noreply.github.com>
Date: Fri, 15 Mar 2024 15:51:42 +0530
Subject: [PATCH] Temporary changes to fix a published docker image (#4197)

---
 .github/workflows/publish_docker.yml | 48 ++++++++++++++++++++++++
 Dockerfile                           | 56 ++++++++++++++++++++++++++++
 docker-entrypoint.sh                 | 12 ++++++
 3 files changed, 116 insertions(+)
 create mode 100644 .github/workflows/publish_docker.yml
 create mode 100644 Dockerfile
 create mode 100755 docker-entrypoint.sh

diff --git a/.github/workflows/publish_docker.yml b/.github/workflows/publish_docker.yml
new file mode 100644
index 000000000..ef18a460d
--- /dev/null
+++ b/.github/workflows/publish_docker.yml
@@ -0,0 +1,48 @@
+name: Publish Docker
+on:
+  workflow_dispatch:
+    inputs:
+      release:
+        description: "The name of the released version to publish"
+        required: true
+env:
+  STEAMPIPE_VERSION: ${{ github.event.inputs.release }}
+  GH_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
+  GH_PUBLISH_ACCESS_TOKEN: ${{ secrets.GH_PUBLISH_ACCESS_TOKEN }}
+
+jobs:
+  publish_docker:
+    name: Push Docker image to Docker Hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Clean Version for Tag
+        id: generate_docker_tag
+        run: |
+          echo "docker_tag=${STEAMPIPE_VERSION#"v"}" >> $GITHUB_OUTPUT
+
+      - name: Build and Push to GitHub Container Registry
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            TARGETVERSION=${{ env.STEAMPIPE_VERSION }}
+          tags: |
+            turbot/steampipe:${{ steps.generate_docker_tag.outputs.docker_tag }}
+            turbot/steampipe:latest
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..aa17ab8bc
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,56 @@
+FROM debian:bullseye-slim
+LABEL maintainer="Turbot Support <help@turbot.com>"
+
+ARG TARGETVERSION
+ARG TARGETARCH
+
+# add a non-root 'steampipe' user
+RUN adduser --system --disabled-login --ingroup 0 --gecos "steampipe user" --shell /bin/false --uid 9193 steampipe
+
+# updates and installs - 'wget' for downloading steampipe, 'less' for paging in 'steampipe query' interactive mode
+RUN apt-get update -y && apt-get install -y wget less && rm -rf /var/lib/apt/lists/*
+
+# download the release as given in TARGETVERSION and TARGETARCH
+RUN echo \
+ && cd /tmp \
+ && wget -nv https://github.com/turbot/steampipe/releases/download/${TARGETVERSION}/steampipe_linux_${TARGETARCH}.tar.gz \
+ && tar xzf steampipe_linux_${TARGETARCH}.tar.gz \
+ && mv steampipe /usr/local/bin/ \
+ && rm -rf /tmp/steampipe_linux_${TARGETARCH}.tar.gz 
+
+# Change user to non-root
+USER steampipe:0
+
+# Use a constant workspace directory that can be mounted to
+WORKDIR /workspace
+
+# disable auto-update
+ENV STEAMPIPE_UPDATE_CHECK=false
+
+# disable telemetry
+ENV STEAMPIPE_TELEMETRY=none
+
+# Create a temporary mod - this is required to make sure that the dashboard server starts without problems
+RUN steampipe mod init
+
+# Run steampipe service once
+RUN steampipe service start --dashboard
+
+# and stop it
+RUN steampipe service stop
+
+# Cleanup
+# remove the generated service .passwd file from this image, so that it gets regenerated in the container
+RUN rm -f /home/steampipe/.steampipe/internal/.passwd
+# remove the temporary mod
+RUN rm -f ./mod.sp
+
+# expose postgres service default port
+EXPOSE 9193
+
+# expose dashboard service default port
+EXPOSE 9194
+
+COPY docker-entrypoint.sh /usr/local/bin
+ENTRYPOINT [ "docker-entrypoint.sh" ]
+CMD [ "steampipe"]
\ No newline at end of file
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100755
index 000000000..18e8da8b6
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -Eeo pipefail
+
+chown steampipe:0 /home/steampipe/.steampipe/db/14.2.0/data/
+
+# if first arg is anything other than `steampipe`, assume we want to run steampipe
+# this is for when other commands are passed to the container
+if [ "${1:0}" != 'steampipe' ]; then
+    set -- steampipe "$@"
+fi
+
+exec "$@"
\ No newline at end of file