NUKIB · ondj · May 17, 2025 · May 17, 2025 · May 17, 2025 · May 17, 2025
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -13,13 +13,13 @@ env:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      matrix:
+        runner: [ ubuntu-24.04-arm, ubuntu-latest ]
     steps:
     - name: Checkout
       uses: actions/checkout@v4
-    -
-      name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
     -
       name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
@@ -28,9 +28,9 @@ jobs:
       uses: actions/cache@v4
       with:
         path: /tmp/.buildx-cache
-        key: ${{ runner.os }}-buildx-${{ github.sha }}
+        key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }}
         restore-keys: |
-          ${{ runner.os }}-buildx-
+          ${{ runner.os }}-${{ runner.arch }}-buildx-
     -
       name: Build and export to Docker
       uses: docker/build-push-action@v6
@@ -47,15 +47,6 @@ jobs:
         sleep 10 # Wait until container is ready
         curl --fail http://localhost:6666/modules | jq
         docker stop misp-modules
-    -
-      name: Build Docker for linux/arm64
-      uses: docker/build-push-action@v6
-      with:
-        context: .
-        platforms: linux/arm64
-        tags: ${{ env.TEST_TAG }}
-        cache-from: type=local,src=/tmp/.buildx-cache/arm64
-        cache-to: type=local,dest=/tmp/.buildx-cache-new/arm64,mode=max
     -
       # Temp fix
       # https://github.com/docker/build-push-action/issues/252
@@ -81,12 +72,11 @@ jobs:
         username: nukib
         password: ${{ secrets.DOCKERHUB_TOKEN }}
     -
-      name: Build and push
+      name: Push
       if: github.event_name != 'pull_request'
       uses: docker/build-push-action@v6
       with:
         context: .
-        platforms: linux/amd64,linux/arm64
         push: true
         tags: |
           nukib/misp-modules:latest

diff --git a/Dockerfile b/Dockerfile
@@ -20,7 +20,8 @@ RUN set -x && \
 FROM base AS python-build
 RUN dnf install -y --setopt=install_weak_deps=False python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-wheel gcc-toolset-14 git-core poppler-cpp-devel && \
     rm -rf /var/cache/dnf && \
-    curl -sSL https://install.python-poetry.org | python3 -
+    curl --proto '=https' --tlsv1.3 -sSL https://install.python-poetry.org | python3 - && \
+    /root/.local/bin/poetry self add poetry-plugin-export
 ARG MISP_MODULES_VERSION=main
 RUN --mount=type=tmpfs,target=/tmp set -x && \
     source scl_source enable gcc-toolset-14 && \
@@ -31,9 +32,9 @@ RUN --mount=type=tmpfs,target=/tmp set -x && \
     curl --proto '=https' --tlsv1.3 --fail -sSL https://github.com/MISP/misp-modules/archive/$COMMIT.tar.gz | tar zx --strip-components=1 && \
     sed -i "s/^python = .*/python = \"$(python3 -c 'import platform; print(platform.python_version())')\"/" pyproject.toml && \
     /root/.local/bin/poetry lock && \
-    /root/.local/bin/poetry export --with unstable --without-hashes -f requirements.txt -o requirements.txt && \
+    /root/.local/bin/poetry export -E all --without-hashes -f requirements.txt -o requirements.txt && \
     pip3 --no-cache-dir wheel --wheel-dir /wheels -r requirements.txt && \
-    pip3 --no-cache-dir wheel --wheel-dir /wheels . && \
+    pip3 --no-cache-dir wheel --no-deps --wheel-dir /wheels . && \
     echo $COMMIT > /misp-modules-commit
 
 # Final image
@@ -46,11 +47,10 @@ RUN dnf install -y --setopt=install_weak_deps=False libglvnd-glx poppler-cpp zba
 COPY --from=python-build /wheels /wheels
 COPY --from=python-build /misp-modules-commit /home/misp-modules/
 USER misp-modules
-RUN pip3 --no-cache-dir install --no-warn-script-location --user /wheels/* sentry-sdk==2.16.0 orjson && \
-    echo "__all__ = ['cache', 'sentry']" > /home/misp-modules/.local/lib/python${PYTHON_VERSION}/site-packages/misp_modules/helpers/__init__.py && \
-    chmod -R u-w /home/misp-modules/.local/
-COPY sentry.py /home/misp-modules/.local/lib/python${PYTHON_VERSION}/site-packages/misp_modules/helpers/
+COPY --chmod=755 misp-modules.py /usr/bin/misp-modules
+RUN pip3 --no-cache-dir install --no-warn-script-location --user /wheels/* sentry-sdk==2.16.0 && \
+    /usr/bin/misp-modules --test
 
 EXPOSE 6666/tcp
-CMD ["/home/misp-modules/.local/bin/misp-modules", "-l", "0.0.0.0"]
+CMD ["/usr/bin/misp-modules", "--listen", "0.0.0.0"]
 HEALTHCHECK CMD curl -s localhost:6666/healthcheck
diff --git a/sentry.py → misp-modules.py b/sentry.py → misp-modules.py
@@ -1,5 +1,7 @@
 #!/usr/bin/env python3
 import os
+import sys
+from misp_modules.__main__ import main
 
 sentry_dsn = os.getenv("SENTRY_DSN")
 
@@ -13,12 +15,4 @@
         integrations=[TornadoIntegration()]
     )
 
-
-def selftest():
-    if not sentry_dsn:
-        return 'SENTRY_DSN env variable is not set. Helper will be disabled.'
-
-
-if __name__ == "__main__":
-    if selftest() is None:
-        sentry_sdk.capture_exception(Exception("This is an example of an error message."))
+sys.exit(main())