diff --git a/docker/Dockerfile b/docker/Dockerfile index 57ac807..e828157 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,8 +1,6 @@ # This Dockerfile has buildkit syntax, to allow build steps to be cached # and speed up when rebuilding -# TODO: Check if we can build this FROM python:3-alpine to slim down the image - FROM python:3.8.8-slim-buster AS base # Build ARGs @@ -10,34 +8,16 @@ ARG BOT_PROJECT="captcha-bot" ARG BOT_USER="nobody" ARG BOT_GROUP="nogroup" ARG BOT_HOME_DIR="/srv" -ARG REPO_NAME="TLG_JoinCaptchaBot" ARG APP_DIR="${BOT_HOME_DIR}/app" -ARG GITHUB_URL="https://github.com/J-Rios/${REPO_NAME}" - -# This represents an invalid token and should always exist in -# the "stock" constants.py file. -ARG INVALID_TOKEN="XXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - -# Use the BOT_TOKEN argument to override your token. We don't use environment -# here, since there's no need to have the token available to the container as -# an environment variable. -ARG BOT_TOKEN - -# Default language (override when building -- must be all CAPS.) -# check Makefile for a list of supported languages -ARG BOT_LANG="EN" +ARG GITHUB_URL="https://github.com/J-Rios/TLG_JoinCaptchaBot" # Export ARGs as ENV vars so they can be shared among steps ENV BOT_PROJECT="${BOT_PROJECT}" \ BOT_USER="${BOT_USER}" \ BOT_GROUP="${BOT_GROUP}" \ BOT_HOME_DIR="${BOT_HOME_DIR}" \ - REPO_NAME="${REPO_NAME}" \ APP_DIR="${APP_DIR}" \ GITHUB_URL="${GITHUB_URL}" \ - INVALID_TOKEN="${INVALID_TOKEN}" \ - BOT_TOKEN="${BOT_TOKEN}" \ - BOT_LANG="${BOT_LANG}" \ DEBIAN_FRONTEND=noninteractive \ APT_OPTS="-q=2 --yes" @@ -73,11 +53,9 @@ FROM builder-deps AS builder # Build the code as unprivileged user USER ${BOT_USER} WORKDIR ${BOT_HOME_DIR} -RUN git clone --recurse-submodules ${GITHUB_URL} ${APP_DIR} && \ +RUN git clone ${GITHUB_URL} ${APP_DIR} && \ pip3 install --user --requirement ${APP_DIR}/requirements.txt && \ cd ${APP_DIR}/sources && \ - sed -i -e "s/${INVALID_TOKEN}/${BOT_TOKEN}/g" settings.py && \ - sed -i -e "s/\"${BOT_LANG}\"/\"${BOT_LANG}\"/g" settings.py && \ chown -cR ${BOT_USER}:${BOT_GROUP} ${BOT_HOME_DIR} && \ rm -rf ${BOT_HOME_DIR}/.cache && \ find ${APP_DIR} -iname '.git*' -print0 | xargs -0 -r -t rm -rf @@ -100,4 +78,3 @@ RUN chown -R "${BOT_USER}:${BOT_GROUP}" ${BOT_HOME_DIR} && \ USER ${BOT_USER} WORKDIR ${APP_DIR}/sources CMD ["./entrypoint.sh"] - diff --git a/docker/Makefile b/docker/Makefile index 79244fb..9bf9175 100644 --- a/docker/Makefile +++ b/docker/Makefile @@ -1,40 +1,20 @@ + SHELL = /bin/bash NAME = captcha-bot -BOT_LANG ?= EN -SUPPORTED_LANGUAGES = AR CA DE EN EO ES EU FR GL ID IT KN NL PL PT_BR RU SK TR UK ZH_CN DOCKERFILE = Dockerfile -# Check if Bot token has been provided -ifndef BOT_TOKEN - $(error BOT_TOKEN is not set. Use make -e BOT_TOKEN=.) -endif - -# Set docker container build name to lowercases -NAME_LOW = $(shell echo $(NAME) | tr A-Z a-z) - -# Set bot language argument to uppercases -BOT_LANG_UPP = $(shell echo $(BOT_LANG) | tr a-z A-Z) - -# Check if it is a supported language argument -VALID_LANG = $(foreach lang, $(SUPPORTED_LANGUAGES),$(if $(findstring $(lang), $(BOT_LANG_UPP)),true)) -ifneq ($(strip $(VALID_LANG)), true) - $(info ) - $(info Provided default language: $(BOT_LANG_UPP)) - $(info Languages supported: $(SUPPORTED_LANGUAGES)) - $(error Invalid default language provided) -endif .PHONY: build force test debug build: - docker build -f "${DOCKERFILE}" -t "${NAME_LOW}" --build-arg BOT_TOKEN="${BOT_TOKEN}" --build-arg BOT_LANG="${BOT_LANG_UPP}" . + docker build -f "${DOCKERFILE}" -t "${NAME}" . force: - docker build -f "${DOCKERFILE}" -t "${NAME_LOW}" --no-cache --build-arg BOT_TOKEN="${BOT_TOKEN}" --build-arg BOT_LANG="${BOT_LANG_UPP}" . + docker build -f "${DOCKERFILE}" -t "${NAME}" --no-cache . test: - $(MAKE) -e BOT_TOKEN=XXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - docker run -it $(NAME_LOW):latest + $(MAKE) + docker run -it $(NAME):latest debug: test - docker run -it --user=root --entrypoint ${SHELL} $(NAME_LOW):latest + docker run -it --user=root --entrypoint ${SHELL} $(NAME):latest diff --git a/docker/README.md b/docker/README.md index f331634..b99c19d 100644 --- a/docker/README.md +++ b/docker/README.md @@ -15,24 +15,17 @@ container. ## Building a new image Create a new bot on Telegram using [The BotFather](http://t.me/BotFather). Make -sure your bot can be invited to channels and has privacy set to _disabled_. -Without this, the bot won't be able to read messages on the channel. +sure your bot can be invited to groups and has privacy set to _disabled_. +Without this, the bot won't be able to read messages on the group. Save the bot token. The token _should not publicly visible_ as anyone with it -could take control of your bot instance. We'll use the token to create the +could take control of your bot instance. We'll use the token to create the docker image containing the bot (below). -Create a docker image: +Create the docker image: ```bash -make BOT_TOKEN="" -``` - -It is also possible to specify a different default language for the bot to use -by setting the `BOT_LANG` variable at build time, like: - -```bash -make BOT_TOKEN="" BOT_LANG="PT_BR" +make ``` The build process may take a while, depending on your computer and connection @@ -44,30 +37,28 @@ Successfully built (number) Successfully tagged captcha-bot:latest ``` -**Note on token security**: A little bit of paranoia never hurts! Once your -container has been built, remove the lines from your bash history containing -your token. This can be accomplished with the `history -d` command on -individual lines. An easier (but coarser) approach is to run `history -c`, -followed by `history -r`. This will clear the history buffer and re-read the -history from disk. - ## Running -To run an instance, use: +To run an instance, use the next command placing your Bot token to pass it as +an enviroment variable: ```bash -docker run -d --name captcha-bot captcha-bot +sudo docker run -d --name captcha-bot --env CAPTCHABOT_TOKEN="XXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" captcha-bot ``` This will start the container in the background. Use `docker ps` to check if the container is up and running, and `docker logs captcha-bot` to investigate the logs. -You can also run with other environment variable. For list of available environment variable, please check `sources/settings.py`. For example: +You can also run with other environment variable. For list available +environment variables, please check `sources/settings.py`. -```bash -docker run -d --name captcha-bot --env CAPTCHABOT_OWNER="@owner" captcha-bot -``` +**Note on Token security**: A little bit of paranoia never hurts! Once your +container has been built, remove the lines from your bash history containing +your token. This can be accomplished with the `history -d` command on +individual lines. An easier (but coarser) approach is to run `history -c`, +followed by `history -r`. This will clear the history buffer and re-read the +history from disk. ## Stopping the bot