From fbfebd0db8023ce5ca2bed0ea952e2e6bb8c34d4 Mon Sep 17 00:00:00 2001
From: Binaek Sarkar <binaek@turbot.com>
Date: Fri, 30 Jul 2021 03:06:49 +0530
Subject: [PATCH] Add `Dockerfile` for steampipe and automated image deploy.
 Closes #662. Closes #677

---
 .github/workflows/publish_docker.yml | 46 ++++++++++++++++++++++++++++
 .github/workflows/release.yml        |  9 +++---
 Dockerfile                           | 39 +++++++++++++++++++++++
 docker-entrypoint.sh                 | 12 ++++++++
 4 files changed, 101 insertions(+), 5 deletions(-)
 create mode 100644 .github/workflows/publish_docker.yml
 create mode 100644 Dockerfile
 create mode 100755 docker-entrypoint.sh

diff --git a/.github/workflows/publish_docker.yml b/.github/workflows/publish_docker.yml
new file mode 100644
index 000000000..5daa33a71
--- /dev/null
+++ b/.github/workflows/publish_docker.yml
@@ -0,0 +1,46 @@
+name: Publish Docker Release
+on:
+  workflow_dispatch:
+    inputs:
+      release:
+        description: "The name of the released version to publish"
+        required: true
+
+env:
+  STEAMPIPE_VERSION: ${{ github.event.inputs.release }}
+
+jobs:
+  publish_docker:  
+    name: Push Docker image to Docker Hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      
+      - name: Clean Version for Tag
+        id: generate_docker_tag
+        run: |
+          echo "::set-output name=docker_tag::${STEAMPIPE_VERSION#"v"}"
+          
+      - name: Build and Push to Docker Hub
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          build-args: |
+            TARGETOS=linux
+            TARGETARCH=amd64
+            TARGETVERSION=${{ env.STEAMPIPE_VERSION }}
+          tags: |
+            turbot/steampipe:${{ steps.generate_docker_tag.outputs.docker_tag }}
+            turbot/steampipe:latest
+          
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
+
+
+          
+        
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6c352d895..fbe726fb4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,10 +3,10 @@ on:
   workflow_dispatch:
     inputs:
       branch:
-        description: 'The branch that will be built'
+        description: "The branch that will be built"
         required: true
       tag:
-        description: 'The release tag that will be set'
+        description: "The release tag that will be set"
         required: true
 
 env:
@@ -16,7 +16,7 @@ jobs:
   goreleaser:
     name: Build
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -70,10 +70,9 @@ jobs:
     needs: goreleaser
     strategy:
       matrix:
-        platform: [ ubuntu-latest ]
+        platform: [ubuntu-latest]
     runs-on: ${{ matrix.platform }}
     steps:
-
       - name: Checkout
         uses: actions/checkout@v2
         with:
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..a4832bd0d
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,39 @@
+FROM debian:buster-slim
+LABEL maintainer="Turbot Support <help@turbot.com>"
+
+ARG TARGETVERSION
+ARG TARGETOS
+ARG TARGETARCH
+
+#  'wget' for downloading steampipe, 'less' for paging in the UI
+RUN apt-get update -y \
+ && apt-get install -y wget less \
+ && adduser --system --disabled-login --ingroup 0 --gecos "steampipe user" --shell /bin/false --uid 9193 steampipe
+
+# downlaod the published image
+RUN echo \
+ && cd /tmp \
+ && wget -nv https://github.com/turbot/steampipe/releases/download/${TARGETVERSION}/steampipe_${TARGETOS}_${TARGETARCH}.tar.gz \
+ && tar xzf steampipe_${TARGETOS}_${TARGETARCH}.tar.gz \
+ && mv steampipe /usr/local/bin/ \
+ && rm -rf /tmp/steampipe_${TARGETOS}_${TARGETARCH}.tar.gz 
+
+# Change user to non-root
+USER steampipe:0
+
+# Use a constant workspace directory that can be mounted to
+WORKDIR /workspace
+
+# disable auto-update
+ENV STEAMPIPE_UPDATE_CHECK=false
+
+# Run --version
+RUN steampipe --version
+
+# Run steampipe query to install db and fdw (they are installed on the first run)
+RUN steampipe query "select * from steampipe_mod"
+
+EXPOSE 9193
+COPY docker-entrypoint.sh /usr/local/bin
+ENTRYPOINT [ "docker-entrypoint.sh" ]
+CMD [ "steampipe"]
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100755
index 000000000..e8f0b571f
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -Eeo pipefail
+
+chown steampipe:0 /home/steampipe/.steampipe/db/12.1.0/data/
+
+# if first arg is anything other than `steampipe`, assume we want to run steampipe
+# this is for when other commands are passed to the container
+if [ "${1:0}" != 'steampipe' ]; then
+    set -- steampipe "$@"
+fi
+
+exec "$@"