From 51acfbb1c9e2583d12c6523aa34cb61d0590b8d2 Mon Sep 17 00:00:00 2001 From: thelamer Date: Sat, 1 Apr 2023 10:22:23 -0700 Subject: [PATCH 1/3] restructure the wrapper to be simplified and pass CLI args when launched --- .github/workflows/call_issue_pr_tracker.yml | 14 ++++++++++ .github/workflows/call_issues_cron.yml | 13 ++++++++++ .../workflows/package_trigger_scheduler.yml | 2 +- .github/workflows/permissions.yml | 3 ++- Jenkinsfile | 23 +++++++--------- README.md | 4 +++ readme-vars.yml | 5 ++++ root/defaults/autostart | 22 +--------------- root/defaults/menu.xml | 2 +- root/usr/bin/chromium-browser | 26 +++++++++++++++++++ 10 files changed, 77 insertions(+), 37 deletions(-) create mode 100644 .github/workflows/call_issue_pr_tracker.yml create mode 100644 .github/workflows/call_issues_cron.yml create mode 100755 root/usr/bin/chromium-browser diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml new file mode 100644 index 0000000..87243e2 --- /dev/null +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -0,0 +1,14 @@ +name: Issue & PR Tracker + +on: + issues: + types: [opened,reopened,labeled,unlabeled] + pull_request_target: + types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled] + +jobs: + manage-project: + permissions: + issues: write + uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1 + secrets: inherit diff --git a/.github/workflows/call_issues_cron.yml b/.github/workflows/call_issues_cron.yml new file mode 100644 index 0000000..529fe79 --- /dev/null +++ b/.github/workflows/call_issues_cron.yml @@ -0,0 +1,13 @@ +name: Mark stale issues and pull requests +on: + schedule: + - cron: '58 21 * * *' + workflow_dispatch: + +jobs: + stale: + permissions: + issues: write + pull-requests: write + uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1 + secrets: inherit diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index 7bf56d4..62a7753 100644 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -2,7 +2,7 @@ name: Package Trigger Scheduler on: schedule: - - cron: '03 7 * * 2' + - cron: '9 9 * * 3' workflow_dispatch: jobs: diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml index 2df6b61..1447bc5 100644 --- a/.github/workflows/permissions.yml +++ b/.github/workflows/permissions.yml @@ -1,9 +1,10 @@ name: Permission check on: - pull_request: + pull_request_target: paths: - '**/run' - '**/finish' + - '**/check' jobs: permission_check: uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 diff --git a/Jenkinsfile b/Jenkinsfile index fcc0916..f9d6145 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -56,7 +56,7 @@ pipeline { env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/' env.PULL_REQUEST = env.CHANGE_ID - env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/call_invalid_helper.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml' + env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml' } script{ env.LS_RELEASE_NUMBER = sh( @@ -228,17 +228,14 @@ pipeline { } sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash''' sh '''#! /bin/bash - set -e - docker pull ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest docker run --rm \ - -e DESTINATION=\"${IMAGE}/${META_TAG}/shellcheck-result.xml\" \ - -e FILE_NAME="shellcheck-result.xml" \ - -e MIMETYPE="text/xml" \ - -v ${WORKSPACE}:/mnt \ - -e SECRET_KEY=\"${S3_SECRET}\" \ - -e ACCESS_KEY=\"${S3_KEY}\" \ - -t ghcr.io/linuxserver/lsiodev-spaces-file-upload:latest \ - python /upload.py''' + -v ${WORKSPACE}:/mnt \ + -e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \ + -e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \ + ghcr.io/linuxserver/baseimage-alpine:3.17 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\ + apk add --no-cache py3-pip && \ + pip install s3cmd && \ + s3cmd put --no-preserve --acl-public -m text/xml /mnt/shellcheck-result.xml s3://ci-tests.linuxserver.io/${IMAGE}/${META_TAG}/shellcheck-result.xml" || :''' } } } @@ -275,7 +272,7 @@ pipeline { echo "Jenkinsfile is up to date." fi # Stage 2 - Delete old templates - OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md\n.github/ISSUE_TEMPLATE/issue.bug.md\n.github/ISSUE_TEMPLATE/issue.feature.md" + OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml" for i in ${OLD_TEMPLATES}; do if [[ -f "${i}" ]]; then TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}" @@ -292,7 +289,7 @@ pipeline { git commit -m 'Bot Updating Templated Files' git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER} - echo "Deleting old templates" + echo "Deleting old and deprecated templates" rm -Rf ${TEMPDIR} exit 0 else diff --git a/README.md b/README.md index 02ec30e..256e4a7 100644 --- a/README.md +++ b/README.md @@ -110,6 +110,7 @@ services: - PUID=1000 - PGID=1000 - TZ=Etc/UTC + - CHROME_CLI="https://www.linuxserver.io/" #optional volumes: - /path/to/config:/config ports: @@ -128,6 +129,7 @@ docker run -d \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Etc/UTC \ + -e CHROME_CLI="https://www.linuxserver.io/" `#optional` \ -p 3000:3000 \ -p 3001:3001 \ -v /path/to/config:/config \ @@ -148,6 +150,7 @@ Container images are configured using parameters passed at runtime (such as thos | `-e PUID=1000` | for UserID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation | | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | +| `-e CHROME_CLI="https://www.linuxserver.io/"` | Specify one or multiple Chromium CLI flags, this string will be passed to the application in full. | | `-v /config` | Users home directory in the container, stores local files and settings | | `--shm-size=` | This is needed for any modern website to function like youtube. | | `--security-opt seccomp=unconfined` | For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. Chromium runs in no-sandbox test mode without it. | @@ -261,4 +264,5 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **01.04.23:** - Preserve arguments passed to Chromium and restructure to use wrapper. * **18.03.23:** - Initial release. diff --git a/readme-vars.yml b/readme-vars.yml index 4aa1392..ee0d11c 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -31,6 +31,10 @@ param_ports: - { external_port: "3001", internal_port: "3001", port_desc: "HTTPS Chromium desktop gui." } custom_params: - { name: "shm-size", name_compose: "shm_size", value: "1gb",desc: "This is needed for any modern website to function like youtube." } +# optional variables +opt_param_usage_include_env: true +opt_param_env_vars: + - { env_var: "CHROME_CLI", env_value: "\"https://www.linuxserver.io/\"", desc: "Specify one or multiple Chromium CLI flags, this string will be passed to the application in full."} opt_security_opt_param: true opt_security_opt_param_vars: - { run_var: "seccomp=unconfined", compose_var: "seccomp:unconfined", desc: "For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. Chromium runs in no-sandbox test mode without it." } @@ -71,4 +75,5 @@ app_setup_block: | # changelog changelogs: + - { date: "01.04.23:", desc: "Preserve arguments passed to Chromium and restructure to use wrapper." } - { date: "18.03.23:", desc: "Initial release." } diff --git a/root/defaults/autostart b/root/defaults/autostart index a310610..15a39d2 100644 --- a/root/defaults/autostart +++ b/root/defaults/autostart @@ -1,22 +1,2 @@ #! /bin/bash - -# Only start in no-sandbox mode on unpriv systems -if grep -q 'Seccomp: 0' /proc/1/status; then - chromium-browser \ - --ignore-gpu-blocklist \ - --no-first-run \ - --password-store=basic \ - --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' \ - --start-maximized \ - --user-data-dir > /dev/null 2>&1 -else - chromium-browser \ - --ignore-gpu-blocklist \ - --no-first-run \ - --no-sandbox \ - --password-store=basic \ - --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' \ - --start-maximized \ - --test-type \ - --user-data-dir > /dev/null 2>&1 -fi +chromium-browser ${CHROME_CLI} diff --git a/root/defaults/menu.xml b/root/defaults/menu.xml index f52a8e7..684e205 100644 --- a/root/defaults/menu.xml +++ b/root/defaults/menu.xml @@ -2,6 +2,6 @@ /usr/bin/xterm -/usr/bin/chromium-browser --password-store=basic --no-sandbox --ignore-gpu-blocklist --user-data-dir --no-first-run --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --start-maximized --test-type +/usr/bin/chromium-browser diff --git a/root/usr/bin/chromium-browser b/root/usr/bin/chromium-browser new file mode 100755 index 0000000..d6cae87 --- /dev/null +++ b/root/usr/bin/chromium-browser @@ -0,0 +1,26 @@ +#! /bin/bash + +BIN=/usr/lib/chromium/chromium-launcher.sh + +# Run normally on privved containers or modified un non priv +if grep -q 'Seccomp: 0' /proc/1/status; then + ${BIN} \ + --ignore-gpu-blocklist \ + --no-first-run \ + --password-store=basic \ + --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' \ + --start-maximized \ + --user-data-dir \ + "$@" > /dev/null 2>&1 +else + ${BIN} \ + --ignore-gpu-blocklist \ + --no-first-run \ + --no-sandbox \ + --password-store=basic \ + --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' \ + --start-maximized \ + --test-type \ + --user-data-dir \ + "$@" > /dev/null 2>&1 +fi From 4d55421df101d1e5312d15f04753a2e5dcd552e1 Mon Sep 17 00:00:00 2001 From: thelamer Date: Sat, 1 Apr 2023 11:28:28 -0700 Subject: [PATCH 2/3] do not quote variable without spaces --- README.md | 6 +++--- readme-vars.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 256e4a7..6c3ef83 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ services: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - - CHROME_CLI="https://www.linuxserver.io/" #optional + - CHROME_CLI=https://www.linuxserver.io/ #optional volumes: - /path/to/config:/config ports: @@ -129,7 +129,7 @@ docker run -d \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Etc/UTC \ - -e CHROME_CLI="https://www.linuxserver.io/" `#optional` \ + -e CHROME_CLI=https://www.linuxserver.io/ `#optional` \ -p 3000:3000 \ -p 3001:3001 \ -v /path/to/config:/config \ @@ -150,7 +150,7 @@ Container images are configured using parameters passed at runtime (such as thos | `-e PUID=1000` | for UserID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation | | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | -| `-e CHROME_CLI="https://www.linuxserver.io/"` | Specify one or multiple Chromium CLI flags, this string will be passed to the application in full. | +| `-e CHROME_CLI=https://www.linuxserver.io/` | Specify one or multiple Chromium CLI flags, this string will be passed to the application in full. | | `-v /config` | Users home directory in the container, stores local files and settings | | `--shm-size=` | This is needed for any modern website to function like youtube. | | `--security-opt seccomp=unconfined` | For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. Chromium runs in no-sandbox test mode without it. | diff --git a/readme-vars.yml b/readme-vars.yml index ee0d11c..09799aa 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -34,7 +34,7 @@ custom_params: # optional variables opt_param_usage_include_env: true opt_param_env_vars: - - { env_var: "CHROME_CLI", env_value: "\"https://www.linuxserver.io/\"", desc: "Specify one or multiple Chromium CLI flags, this string will be passed to the application in full."} + - { env_var: "CHROME_CLI", env_value: "https://www.linuxserver.io/", desc: "Specify one or multiple Chromium CLI flags, this string will be passed to the application in full."} opt_security_opt_param: true opt_security_opt_param_vars: - { run_var: "seccomp=unconfined", compose_var: "seccomp:unconfined", desc: "For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. Chromium runs in no-sandbox test mode without it." } From 83498a43d2d0dc13d7dde15ca634ac17869d135d Mon Sep 17 00:00:00 2001 From: thelamer Date: Mon, 3 Apr 2023 11:24:18 -0700 Subject: [PATCH 3/3] styling changes for script --- root/defaults/autostart | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/defaults/autostart b/root/defaults/autostart index 15a39d2..365786c 100644 --- a/root/defaults/autostart +++ b/root/defaults/autostart @@ -1,2 +1,2 @@ -#! /bin/bash +#!/bin/bash chromium-browser ${CHROME_CLI}