refactor: dockerfile adjustments, add lefthook and megalinter

.circleci/config.yml

@@ -8,9 +8,9 @@ workflows:
           requires:
             - test
           filters:
-             branches:
-               only: 
-                 - master
+            branches:
+              only:
+                - master
       - build_children:
           context: circle-api
           requires:
@@ -58,8 +58,7 @@ jobs:
           destination: docker-lancachenet-monolithic.tar
       - persist_to_workspace:
           root: workspace
-          paths:
-            lancachenet-monolithic.tar
+          paths: lancachenet-monolithic.tar
   publish_latest:
     executor: testbuild-executor
     steps:
@@ -78,7 +77,7 @@ jobs:
       - run:
           name: "Request API to build children"
           command: |
-              for child in {"generic"}; do
-                 echo "Asking API to trigger build for $child"
-                 curl -X POST --header "Content-Type: application/json" -d '{"branch":"master"}' https://circleci.com/api/v1.1/project/github/lancachenet/$child/build?circle-token=${CIRCLE_API_USER_TOKEN}
-              done
+            for child in {"generic"}; do
+              echo "Asking API to trigger build for $child"
+              curl -X POST --header "Content-Type: application/json" -d '{"branch":"master"}' https://circleci.com/api/v1.1/project/github/lancachenet/$child/build?circle-token=${CIRCLE_API_USER_TOKEN}
+            done

.editorconfig

@@ -0,0 +1,14 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+end_of_line = lf
+insert_final_newline = true
+
+[*.md]
+indent_size = 0
+
+[*.sh]
+indent_style = tab

.github/workflows/mega-linter.yml

@@ -0,0 +1,55 @@
+# MegaLinter GitHub Action configuration file
+# More info at https://megalinter.io
+---
+name: MegaLinter
+
+on:
+  pull_request:
+    branches:
+      - master
+
+env:
+  GITHUB_STATUS_REPORTER: true
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  megalinter:
+    name: MegaLinter
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
+
+      - name: MegaLinter
+        uses: oxsecurity/megalinter@v8
+        id: ml
+        env:
+          VALIDATE_ALL_CODEBASE: >-
+            ${{
+              github.event_name == 'push' &&
+              github.ref == 'refs/heads/master'
+            }}
+
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: MegaLinter reports
+          include-hidden-files: "true"
+          path: |
+            megalinter-reports
+            mega-linter.log

.gitignore

@@ -1 +1,2 @@
 reports
+megalinter-reports

.lefthook.yml

@@ -0,0 +1,6 @@
+pre-commit:
+  parallel: true
+  jobs:
+    - name: megalinter
+      run: docker run --rm -e USER=$(id -u) -e GROUP=$(id -g) -v "$PWD:/tmp/lint" oxsecurity/megalinter:beta
+      stage_fixed: true

.mega-linter.yml

@@ -0,0 +1,28 @@
+# Configuration file for MegaLinter
+#
+# See all available variables at https://megalinter.io/latest/config-file/ and in
+# linters documentation
+
+APPLY_FIXES: all
+FLAVOR_SUGGESTIONS: false
+PRINT_ALPACA: false
+SHOW_ELAPSED_TIME: true
+
+ENABLE:
+  - ACTION
+  - BASH
+  - DOCKERFILE
+  - EDITORCONFIG
+  - MARKDOWN
+  - YAML
+
+DISABLE_LINTERS:
+  - MARKDOWN_MARKDOWNLINT
+  - YAML_V8R
+
+BASH_SHELLCHECK_ARGUMENTS: "-f gcc"
+EDITORCONFIG_EDITORCONFIG_CHECKER_ARGUMENTS: "-f gcc"
+
+POST_COMMANDS:
+  - command: find . -user root -group root -exec chown ${USER}:${GROUP} {} \;
+    cwd: workspace

Dockerfile

@@ -1,50 +1,55 @@
+# hadolint ignore=DL3007
 FROM lancachenet/ubuntu-nginx:latest
-LABEL version=3
-LABEL description="Single caching container for caching game content at LAN parties."
-LABEL maintainer="LanCache.Net Team <team@lancache.net>"
-
-RUN	apt-get update							;\
-	apt-get install -y jq git				;
-
-ENV GENERICCACHE_VERSION=2 \
-    CACHE_MODE=monolithic \
-    WEBUSER=www-data \
-    CACHE_INDEX_SIZE=500m \
-    CACHE_DISK_SIZE=1000g \
-    MIN_FREE_DISK=10g \
-    CACHE_MAX_AGE=3560d \
-    CACHE_SLICE_SIZE=1m \
-    UPSTREAM_DNS="8.8.8.8 8.8.4.4" \
-    BEAT_TIME=1h \
-    LOGFILE_RETENTION=3560 \
-    CACHE_DOMAINS_REPO="https://github.com/uklans/cache-domains.git" \
-    CACHE_DOMAINS_BRANCH=master \
-    NGINX_WORKER_PROCESSES=auto \
-    NGINX_LOG_FORMAT=cachelog
-
-COPY overlay/ /
-
-RUN rm /etc/nginx/sites-enabled/* /etc/nginx/stream-enabled/* ;\
-    rm /etc/nginx/conf.d/gzip.conf ;\
-    chmod 754  /var/log/tallylog ; \
-    id -u ${WEBUSER} &> /dev/null || adduser --system --home /var/www/ --no-create-home --shell /bin/false --group --disabled-login ${WEBUSER} ;\
-    chmod 755 /scripts/*		;\
-	  mkdir -m 755 -p /data/cache		;\
-	  mkdir -m 755 -p /data/info		;\
-    mkdir -m 755 -p /data/logs		;\
-    mkdir -m 755 -p /tmp/nginx/		;\
-    chown -R ${WEBUSER}:${WEBUSER} /data/	;\
-    mkdir -p /etc/nginx/sites-enabled	;\
-    ln -s /etc/nginx/sites-available/10_cache.conf /etc/nginx/sites-enabled/10_generic.conf; \
-    ln -s /etc/nginx/sites-available/20_upstream.conf /etc/nginx/sites-enabled/20_upstream.conf; \
-    ln -s /etc/nginx/sites-available/30_metrics.conf /etc/nginx/sites-enabled/30_metrics.conf; \
-    ln -s /etc/nginx/stream-available/10_sni.conf /etc/nginx/stream-enabled/10_sni.conf; \
-    mkdir -m 755 -p /data/cachedomains		;\
-    mkdir -m 755 -p /tmp/nginx
-
-RUN git clone --depth=1 --no-single-branch https://github.com/uklans/cache-domains/ /data/cachedomains
 
-VOLUME ["/data/logs", "/data/cache", "/data/cachedomains", "/var/www"]
+LABEL org.opencontainers.image.version=3
+LABEL org.opencontainers.image.description="Single container for caching game content at LAN parties."
+LABEL org.opencontainers.image.authors="LanCache.Net Team <team@lancache.net>"
+
+SHELL ["/bin/bash", "-c"]
+
+# hadolint ignore=DL3008
+RUN	<<EOF
+  apt-get update
+  apt-get install -y ca-certificates git jq --no-install-recommends
+  apt-get -y clean
+  rm -rf /var/lib/apt/lists/*
+EOF
+
+ENV \
+  GENERICCACHE_VERSION=2 \
+  CACHE_MODE=monolithic \
+  WEBUSER=www-data \
+  CACHE_INDEX_SIZE=500m \
+  CACHE_DISK_SIZE=1000g \
+  MIN_FREE_DISK=10g \
+  CACHE_MAX_AGE=3560d \
+  CACHE_SLICE_SIZE=1m \
+  UPSTREAM_DNS="8.8.8.8 8.8.4.4" \
+  BEAT_TIME=1h \
+  LOGFILE_RETENTION=3560 \
+  CACHE_DOMAINS_REPO="https://github.com/uklans/cache-domains.git" \
+  CACHE_DOMAINS_BRANCH=master \
+  NGINX_WORKER_PROCESSES=auto \
+  NGINX_LOG_FORMAT=cachelog
 
+COPY --link overlay/ /
+
+RUN <<EOF
+  id -u ${WEBUSER} &> /dev/null || adduser --system --home /var/www/ --no-create-home --shell /bin/false --group --disabled-login ${WEBUSER}
+  mkdir -p /etc/nginx/sites-enabled /data/{cache,cachedomains,info,logs} /tmp/nginx
+  rm /etc/nginx/sites-enabled/* /etc/nginx/stream-enabled/* /etc/nginx/conf.d/gzip.conf
+  chown -R ${WEBUSER}: /data/
+  chmod 754 /var/log/tallylog
+  for file in sites-available/10_cache.conf sites-available/20_upstream.conf sites-available/30_metrics.conf stream-available/10_sni.conf; do
+    ln -s "/etc/nginx/${file}" "/etc/nginx/${file/available/enabled}"
+  done
+EOF
+
+RUN <<EOF
+git clone --depth=1 --no-single-branch https://github.com/uklans/cache-domains.git /data/cachedomains
+git config --global --add safe.directory /data/cachedomains
+EOF
+
+VOLUME ["/data/logs", "/data/cache", "/data/cachedomains", "/var/www"]
 EXPOSE 80 443 8080
 WORKDIR /scripts

build-locally.sh

@@ -3,20 +3,20 @@
 
 PURPLEBOLD="$(tput setf 5 bold)"
 
-printf "${PURPLEBOLD}Building temporary modified Ubuntu image:\n"
+printf "%sBuilding temporary modified Ubuntu image:\n" "${PURPLEBOLD}"
 docker build -t lancachenet/ubuntu:latest --progress tty https://github.com/lancachenet/ubuntu.git
 
-printf  "${PURPLEBOLD}Building temporary Ubuntu-Nginx image:\n"
+printf "%sBuilding temporary Ubuntu-Nginx image:\n" "${PURPLEBOLD}"
 docker build -t lancachenet/ubuntu-nginx:latest --progress tty https://github.com/lancachenet/ubuntu-nginx.git
 
-printf "${PURPLEBOLD}Building Monolithic image:\n"
+printf "%sBuilding Monolithic image:\n" "${PURPLEBOLD}"
 docker build -t lancachenet/monolithic:latest --progress tty .
 
-printf "${PURPLEBOLD}Removing temporary Ubuntu image:\n"
+printf "%sRemoving temporary Ubuntu image:\n" "${PURPLEBOLD}"
 docker rmi lancachenet/ubuntu
 
-printf "${PURPLEBOLD}Removing temporary Ubuntu-Nginx image:\n"
+printf "%sRemoving temporary Ubuntu-Nginx image:\n" "${PURPLEBOLD}"
 docker rmi lancachenet/ubuntu-nginx
 
-printf "${PURPLEBOLD}Completed local build. Image now available as lancachenet/monolithic:latest\n"
-docker image ls lancachenet/monolithic:latest
+printf "%sCompleted local build. Image now available as lancachenet/monolithic:latest\n" "${PURPLEBOLD}"
+docker image ls lancachenet/monolithic:latest

goss.yaml

@@ -12,7 +12,7 @@ command:
   /scripts/cache_test.sh:
     exit-status: 0
     stdout:
-    - Succesfully Cached
+      - Succesfully Cached
     timeout: 20000
 process:
   nginx:

overlay/etc/nginx/conf.d/10_log_format.conf

@@ -1,2 +1,2 @@
-    log_format cachelog '[$cacheidentifier] $remote_addr / $http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$upstream_cache_status" "$host" "$http_range"';
-    log_format cachelog-json escape=json '{"timestamp":"$msec","time_local":"$time_local","cache_identifier":"$cacheidentifier","remote_addr":"$remote_addr","forwarded_for":"$http_x_forwarded_for","remote_user":"$remote_user","status":"$status","bytes_sent":$body_bytes_sent,"referer":"$http_referer","user_agent":"$http_user_agent","upstream_cache_status":"$upstream_cache_status","host":"$host","http_range":"$http_range","method":"$request_method","path":"$request_uri","proto":"$server_protocol","scheme":"$scheme"}';
+log_format cachelog '[$cacheidentifier] $remote_addr / $http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$upstream_cache_status" "$host" "$http_range"';
+log_format cachelog-json escape=json '{"timestamp":"$msec","time_local":"$time_local","cache_identifier":"$cacheidentifier","remote_addr":"$remote_addr","forwarded_for":"$http_x_forwarded_for","remote_user":"$remote_user","status":"$status","bytes_sent":$body_bytes_sent,"referer":"$http_referer","user_agent":"$http_user_agent","upstream_cache_status":"$upstream_cache_status","host":"$host","http_range":"$http_range","method":"$request_method","path":"$request_uri","proto":"$server_protocol","scheme":"$scheme"}';

overlay/etc/nginx/conf.d/30_maps.conf

@@ -1,4 +1,4 @@
 map "$http_user_agent£££$http_host" $cacheidentifier {
-    default $http_host;
-    ~Valve\/Steam\ HTTP\ Client\ 1\.0£££.* steam;
+  default $http_host;
+  ~Valve\/Steam\ HTTP\ Client\ 1\.0£££.* steam;
 }

overlay/etc/nginx/nginx.conf

@@ -1,8 +1,7 @@
 user www-data;
 include /etc/nginx/workers.conf;
-pid /run/nginx.pid;
-
 include /etc/nginx/modules-enabled/*.conf;
+pid /run/nginx.pid;
 
 events {
   worker_connections 4096;
@@ -24,18 +23,13 @@ http {
   access_log /var/log/nginx/access.log;
   error_log /var/log/nginx/error.log;
 
-
-
   gzip on;
 
   include /etc/nginx/conf.d/*.conf;
-
   include /etc/nginx/sites-enabled/*.conf;
 }
 
-
-stream {                                
-  include /etc/nginx/stream.d/*.conf; 
+stream {
+  include /etc/nginx/stream.d/*.conf;
   include /etc/nginx/stream-enabled/*;
-}                                       
-
+}

overlay/etc/nginx/sites-available/20_upstream.conf

@@ -4,7 +4,6 @@
 # This is particularly important for sony / ps5 as upstreams redirect between them which confuses slice map on caching
 
 server {
-
   # Internal bind on 3128, this should not be externally mapped
   listen localhost:3128 reuseport;
 

overlay/etc/nginx/sites-available/cache.conf.d/10_root.conf

@@ -1,7 +1,7 @@
-  resolver UPSTREAM_DNS ipv6=off;
+resolver UPSTREAM_DNS ipv6=off;
 
-  location / {
+location / {
 
-    include /etc/nginx/sites-available/cache.conf.d/root/*.conf;
+  include /etc/nginx/sites-available/cache.conf.d/root/*.conf;
 
-  }
+}

overlay/etc/nginx/sites-available/cache.conf.d/20_lol.conf

@@ -1,4 +1,4 @@
-  # Fix for League of Legends Updater
-  location ~ ^.+(releaselisting_.*|.version$) {
-    proxy_pass http://$host;
-  }
+# Fix for League of Legends Updater
+location ~ ^.+(releaselisting_.*|.version$) {
+  proxy_pass http://$host;
+}

overlay/etc/nginx/sites-available/cache.conf.d/21_arenanet_manifest.conf

@@ -1,6 +1,6 @@
-  # Fix for GW2 manifest
-  location ^~ /latest64 {
-    proxy_cache_bypass 1;
-    proxy_no_cache 1;
-    proxy_pass http://$host$request_uri;
-  }
+# Fix for GW2 manifest
+location ^~ /latest64 {
+  proxy_cache_bypass 1;
+  proxy_no_cache 1;
+  proxy_pass http://$host$request_uri;
+}

overlay/etc/nginx/sites-available/cache.conf.d/22_wsus_cabs.conf

@@ -1,6 +1,6 @@
-  # Fix for WSUS authroot cab files
-  location ~* (authrootstl.cab|pinrulesstl.cab|disallowedcertstl.cab)$ {
-    proxy_cache_bypass 1;
-    proxy_no_cache 1;
-    proxy_pass http://$host$request_uri;
-  }
+# Fix for WSUS authroot cab files
+location ~* (authrootstl.cab|pinrulesstl.cab|disallowedcertstl.cab)$ {
+  proxy_cache_bypass 1;
+  proxy_no_cache 1;
+  proxy_pass http://$host$request_uri;
+}

overlay/etc/nginx/sites-available/cache.conf.d/23_steam_server_status.conf

@@ -1,4 +1,4 @@
-  location = /server-status {
-    proxy_no_cache 1;
-    proxy_cache_bypass 1;
-  }
+location = /server-status {
+  proxy_no_cache 1;
+  proxy_cache_bypass 1;
+}