From 7bfb1f83b43fad830ee2da62dd9ba7035052ced8 Mon Sep 17 00:00:00 2001 From: Thomas Leplus Date: Fri, 13 Dec 2024 11:29:24 +0700 Subject: [PATCH] Initial version --- .github/ISSUE_TEMPLATE/bug_report.yml | 74 ++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.yml | 31 +++++++++ .github/ISSUE_TEMPLATE/question.yml | 20 ++++++ .github/dependabot.yml | 11 ++++ .github/workflows/automerge.yml | 34 ++++++++++ .github/workflows/dependency-review.yml | 15 +++++ .github/workflows/docker-build-push.yml | 48 ++++++++++++++ .github/workflows/docker-release.yml | 44 +++++++++++++ .github/workflows/dockerhub.yml | 24 +++++++ .github/workflows/linter.yml | 67 ++++++++++++++++++++ .github/workflows/osv-scanner.yml | 40 ++++++++++++ .github/workflows/scorecards.yml | 41 ++++++++++++ .github/workflows/trigger-release.yml | 59 +++++++++++++++++ .github/workflows/update-prs.yml | 43 +++++++++++++ .gitignore | 59 +++++++++++++++++ .jscpd.json | 6 ++ .whitesource | 12 ++++ README.md | 55 +++++++++++++++- SECURITY.md | 14 ++++ av/Dockerfile | 27 ++++++++ av/docker-compose.test.yml | 9 +++ 21 files changed, 731 insertions(+), 2 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml create mode 100644 .github/ISSUE_TEMPLATE/question.yml create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/automerge.yml create mode 100644 .github/workflows/dependency-review.yml create mode 100644 .github/workflows/docker-build-push.yml create mode 100644 .github/workflows/docker-release.yml create mode 100644 .github/workflows/dockerhub.yml create mode 100644 .github/workflows/linter.yml create mode 100644 .github/workflows/osv-scanner.yml create mode 100644 .github/workflows/scorecards.yml create mode 100644 .github/workflows/trigger-release.yml create mode 100644 .github/workflows/update-prs.yml create mode 100755 .gitignore create mode 100644 .jscpd.json create mode 100644 .whitesource create mode 100644 SECURITY.md create mode 100644 av/Dockerfile create mode 100644 av/docker-compose.test.yml diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..c13e7c2 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,74 @@ +--- +name: Bug report +description: Create a bug report. +title: "[Bug] " +labels: + - bug +assignees: + - thomasleplus +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + - type: checkboxes + attributes: + label: Is there an existing issue for this? + description: Search to see if an issue already exists for the bug you encountered. + options: + - label: I have searched the existing issues + required: true + - type: textarea + attributes: + label: Current Behavior + description: A concise description of what you're experiencing. + validations: + required: true + - type: textarea + attributes: + label: Expected Behavior + description: A concise description of what you expected to happen. + validations: + required: true + - type: textarea + attributes: + label: version + description: | + Version where you observed this issue + placeholder: | + vX.Y.Z + render: markdown + validations: + required: true + - type: textarea + id: logs + attributes: + label: Relevant log output + description: | + Copy and paste any relevant log output. + This will be automatically formatted into code, so no need for backticks. + Enable debug logging, either on GitHub Actions, or when running locally. + render: shell + validations: + required: true + - type: textarea + attributes: + label: Steps To Reproduce + description: | + Steps to reproduce the issue. + placeholder: | + 1. In this environment... + 1. With this config... + 1. Run '...' + 1. See error... + validations: + required: true + - type: textarea + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the issue you are encountering! + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..f90babc --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,31 @@ +--- +name: Feature request +description: Suggest a new feature for this project. +title: "[Feature] " +labels: + - enhancement +assignees: + - thomasleplus +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this feature request! + - type: textarea + attributes: + label: Feature description + description: | + A clear and concise description of what the desired feature is and why it would be useful. + render: markdown + validations: + required: true + - type: textarea + attributes: + label: Anything else? + description: | + If you think that there are some implementation details to be taken into consideration, or anything that is not obvious from the previous description, please specify it here. + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + render: markdown + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/question.yml b/.github/ISSUE_TEMPLATE/question.yml new file mode 100644 index 0000000..c213f62 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/question.yml @@ -0,0 +1,20 @@ +--- +name: Question +description: Ask a question. +title: "[Question] " +labels: + - question +assignees: + - thomasleplus +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this feature request! + - type: textarea + attributes: + label: What is your question? + description: Please include as many details and examples as possible. + render: markdown + validations: + required: true diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..27a1b94 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +--- +version: 2 +updates: + - package-ecosystem: "docker" + directory: "/av" + schedule: + interval: "daily" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 0000000..1b3b21d --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,34 @@ +--- +name: "Dependabot auto-merge" +on: pull_request + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Authenticate CLI with a PAT + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + if: env.RELEASE_TOKEN != '' + run: echo "${RELEASE_TOKEN}" | gh auth login --with-token + - name: Enable auto-merge for Dependabot PRs + run: | + # Checking the PR title is a poor substitute for the actual PR changes + # but as long as this is used only with dependabot PRs, + # it should be safe to assume that the title is not misleading. + regexp='^Bump .* from [0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)? to [0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)?( in .*)?$' + if [[ "${PR_TITLE}" =~ $regexp ]]; then + gh pr review --approve "${PR_URL}" + else + echo 'Non-semver upgrade needs manual review' + fi + gh pr merge --auto --squash "${PR_URL}" + env: + PR_TITLE: ${{github.event.pull_request.title}} + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..3dd86b4 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,15 @@ +--- +name: "Dependency Review" +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: "Checkout Repository" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: "Dependency Review" + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml new file mode 100644 index 0000000..6eadd34 --- /dev/null +++ b/.github/workflows/docker-build-push.yml @@ -0,0 +1,48 @@ +--- +name: Docker + +on: + push: + pull_request: + schedule: + - cron: "0 0 * * 0" + workflow_dispatch: + +permissions: {} + +jobs: + build: + if: ${{ ! startsWith(github.ref, 'refs/tags/') }} + runs-on: ubuntu-latest + steps: + - name: Set IMAGE + run: echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}" + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + id: meta + with: + images: ${{ github.repository_owner }}/${{ env.IMAGE }} + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=sha + - name: Test the Docker image + working-directory: ${{ env.IMAGE }} + run: docker compose -f docker-compose.test.yml run sut + - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + if: github.ref == 'refs/heads/main' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + with: + context: ${{ env.IMAGE }} + platforms: linux/amd64,linux/arm64 + pull: true + push: ${{ github.ref == 'refs/heads/main' }} + sbom: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml new file mode 100644 index 0000000..40687ed --- /dev/null +++ b/.github/workflows/docker-release.yml @@ -0,0 +1,44 @@ +--- +name: Docker Release + +on: + release: + types: [published] + +permissions: {} + +jobs: + release: + if: startsWith(github.ref, 'refs/tags/') + runs-on: ubuntu-latest + steps: + - name: Set IMAGE + run: echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}" + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + id: meta + with: + images: ${{ github.repository_owner }}/${{ env.IMAGE }} + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + with: + context: ${{ env.IMAGE }} + platforms: linux/amd64,linux/arm64 + pull: true + push: true + sbom: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml new file mode 100644 index 0000000..b82cd42 --- /dev/null +++ b/.github/workflows/dockerhub.yml @@ -0,0 +1,24 @@ +--- +name: Docker Hub + +on: + push: + pull_request: + schedule: + - cron: "0 0 * * 0" + workflow_dispatch: + +permissions: {} + +jobs: + pull: + strategy: + matrix: + platform: ["linux/amd64", "linux/arm64"] + runs-on: ubuntu-latest + steps: + - name: Set IMAGE + run: echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}" + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Pull the latest ${{ matrix.platform }} image + run: docker pull --platform "${{ matrix.platform }}" "${GITHUB_REPOSITORY_OWNER}/${IMAGE}" diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml new file mode 100644 index 0000000..7985fe7 --- /dev/null +++ b/.github/workflows/linter.yml @@ -0,0 +1,67 @@ +--- +################################# +################################# +## Super Linter GitHub Actions ## +################################# +################################# +name: Lint Code Base + +# +# Documentation: +# https://help.github.com/en/articles/workflow-syntax-for-github-actions +# + +############################# +# Start the job on all push # +############################# +on: + push: + pull_request: + schedule: + - cron: "0 0 * * 0" + workflow_dispatch: + +permissions: {} + +############### +# Set the Job # +############### +jobs: + build: + # Name the Job + name: Lint Code Base + # Set the agent to run on + runs-on: ubuntu-latest + + ############################################ + # Grant status permission for MULTI_STATUS # + ############################################ + permissions: + contents: read + packages: read + statuses: write + + ################## + # Load all steps # + ################## + steps: + ########################## + # Checkout the code base # + ########################## + - name: Checkout Code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + # Full git history is needed to get a proper list of changed + # files within `super-linter` + fetch-depth: 0 + + ################################ + # Run Linter against code base # + ################################ + - name: Lint Code Base + uses: super-linter/super-linter@e1cb86b6e8d119f789513668b4b30bf17fe1efe4 # v7.2.0 + env: + VALIDATE_ALL_CODEBASE: true + LINTER_RULES_PATH: . + DEFAULT_BRANCH: main + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml new file mode 100644 index 0000000..a77e193 --- /dev/null +++ b/.github/workflows/osv-scanner.yml @@ -0,0 +1,40 @@ +--- +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# A sample workflow which sets up periodic OSV-Scanner scanning for vulnerabilities, +# in addition to a PR check which fails if new vulnerabilities are introduced. +# +# For more examples and options, including how to ignore specific vulnerabilities, +# see https://google.github.io/osv-scanner/github-action/ + +name: OSV-Scanner + +on: + pull_request: + branches: ["main"] + push: + branches: ["main"] + schedule: + - cron: "0 0 * * 0" + workflow_dispatch: + +permissions: + # Require writing security events to upload SARIF file to security tab + security-events: write + # Read commit contents + contents: read + # Actions read-only + actions: read + +jobs: + scan: + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + with: + # Example of specifying custom arguments + scan-args: |- + -r + --skip-git + ./ diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml new file mode 100644 index 0000000..fbe2136 --- /dev/null +++ b/.github/workflows/scorecards.yml @@ -0,0 +1,41 @@ +--- +name: Scorecards supply-chain security +on: + push: + branches: + - main + - "releases/**" + schedule: + - cron: "0 0 * * 0" + workflow_dispatch: + +permissions: read-all + +jobs: + analysis: + name: Scorecards analysis + runs-on: ubuntu-latest + permissions: + security-events: write + id-token: write + steps: + - name: "Checkout code" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: "Run analysis" + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + with: + results_file: results.sarif + results_format: sarif + publish_results: true + - name: "Upload artifact" + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + with: + sarif_file: results.sarif diff --git a/.github/workflows/trigger-release.yml b/.github/workflows/trigger-release.yml new file mode 100644 index 0000000..96da142 --- /dev/null +++ b/.github/workflows/trigger-release.yml @@ -0,0 +1,59 @@ +--- +name: Trigger Release + +on: + push: + schedule: + - cron: "0 0 * * *" + workflow_dispatch: + +permissions: + contents: write + +jobs: + build: + if: ${{ ! startsWith(github.ref, 'refs/tags/') }} + runs-on: ubuntu-latest + steps: + - name: Set IMAGE + run: echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}" + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Set VERSION + if: github.ref == 'refs/heads/main' + run: | + # shellcheck disable=SC2086 + VERSION="$(\grep ${IMAGE}/Dockerfile -e '^FROM' | \head -n 1 | \sed -e 's/@.*$//; s/^.*://;')" + if [[ "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] ; then + \echo "VERSION=${VERSION}" >> "${GITHUB_ENV}" + fi + - name: Check if release already exists + if: env.VERSION != '' + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + id: check-release + with: + script: | + const { VERSION } = process.env + return github.rest.repos.getReleaseByTag({ + owner: context.repo.owner, + repo: context.repo.repo, + tag: `v${VERSION}`, + }).then(function(result) { + core.debug(JSON.stringify(result)) + core.info(`Release ${result.data.tag_name} found`) + return result.data.tag_name + }).catch(function(error) { + if (error.status === 404) { + core.info(`Release v${VERSION} not found`) + return + } else { + throw error + } + }) + result-encoding: string + - name: Trigger Release + if: env.VERSION != '' && steps.check-release.outputs.result == 'undefined' + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4 + env: + GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} + with: + tag_name: v${{ env.VERSION }} diff --git a/.github/workflows/update-prs.yml b/.github/workflows/update-prs.yml new file mode 100644 index 0000000..82f8365 --- /dev/null +++ b/.github/workflows/update-prs.yml @@ -0,0 +1,43 @@ +--- +name: Update PRs + +on: + push: + schedule: + - cron: "0 * * * *" + workflow_dispatch: + +permissions: + pull-requests: write + contents: write + +jobs: + update: + if: startsWith(github.ref, 'refs/heads/') + runs-on: ubuntu-latest + steps: + - name: Update Pull Requests + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + const opts = github.rest.pulls.list.endpoint.merge({ + owner: context.repo.owner, + repo: context.repo.repo, + state: 'open', + base: context.ref.replace('refs/heads/', ''), + }) + const prs = await github.paginate(opts) + for (const pr of prs) { + core.debug(JSON.stringify(pr)) + core.info(`Updating PR #${pr.number}`) + github.rest.pulls.updateBranch({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: pr.number, + }).then(function(result) { + core.debug(JSON.stringify(result)) + core.info(JSON.stringify(result.data)) + }).catch(function(error) { + core.error(error) + }) + } diff --git a/.gitignore b/.gitignore new file mode 100755 index 0000000..47ec70a --- /dev/null +++ b/.gitignore @@ -0,0 +1,59 @@ +*.log + +# ========================= +# Operating System Files +# ========================= + +# Linux +# ========================= + +*.bak +*~ + +# OSX +# ========================= + +.DS_Store +.AppleDouble +.LSOverride +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +# Windows +# ========================= + +# Windows image file caches +Thumbs.db +ehthumbs.db + +# Folder config file +Desktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msm +*.msp + +# Windows shortcuts +*.lnk diff --git a/.jscpd.json b/.jscpd.json new file mode 100644 index 0000000..a0aa18a --- /dev/null +++ b/.jscpd.json @@ -0,0 +1,6 @@ +{ + "ignore": [ + ".github/workflows/dockerimage.yml", + ".github/workflows/dockerrelease.yml" + ] +} diff --git a/.whitesource b/.whitesource new file mode 100644 index 0000000..55b922e --- /dev/null +++ b/.whitesource @@ -0,0 +1,12 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff" + }, + "issueSettings": { + "minSeverityLevel": "LOW" + } +} \ No newline at end of file diff --git a/README.md b/README.md index 7074d96..3d640ce 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,53 @@ -# docker-av -Docker container to manipulate audiovisual media (ffmpeg, mlt...). +# Images + +Docker container to manipulate audiovisual media (ffmpeg, mkvtoolnix, mlt...). + +[![Dockerfile](https://img.shields.io/badge/GitHub-Dockerfile-blue)](https://github.com/leplusorg/docker-av/blob/main/av/Dockerfile) +[![Docker Build](https://github.com/leplusorg/docker-av/workflows/Docker/badge.svg)](https://github.com/leplusorg/docker-av/actions?query=workflow:"Docker") +[![Docker Stars](https://img.shields.io/docker/stars/leplusorg/av)](https://hub.docker.com/r/leplusorg/av) +[![Docker Pulls](https://img.shields.io/docker/pulls/leplusorg/av)](https://hub.docker.com/r/leplusorg/av) +[![Docker Version](https://img.shields.io/docker/v/leplusorg/av?sort=semver)](https://hub.docker.com/r/leplusorg/av) + +## Example without using the filesystem + +Let's say that you have a MP3 `foo.mp3` in your current working directory that you want to extract its metadata: + +**Mac/Linux** + +```bash +cat foo.mp3 | docker run --rm -i --net=none leplusorg/av ffprobe -v error -show_streams - +``` + +**Windows** + +```batch +type foo.mp3 | docker run --rm -i --net=none leplusorg/av ffprobe -v error -show_streams - +``` + +## Example using the filesystem + +Same thing, assuming that you have a MP3 `foo.mp3` in your current working directory that you want to extract its metadata: + +**Mac/Linux** + +```bash +docker run --rm -t --user="$(id -u):$(id -g)" --net=none -v "$(pwd):/tmp" leplusorg/av ffprobe -v error -show_streams /tmp/foo.mp3 +``` + +**Windows** + +In `cmd`: + +```batch +docker run --rm -t --net=none -v "%cd%:/tmp" leplusorg/av ffprobe -v error -show_streams /tmp/foo.mp3 +``` + +In PowerShell: + +```pwsh +docker run --rm -t --net=none -v "${PWD}:/tmp" leplusorg/av ffprobe -v error -show_streams /tmp/foo.mp3 +``` + +## Request new tool + +Please use [this link](https://github.com/leplusorg/docker-av/issues/new?assignees=thomasleplus&labels=enhancement&template=feature_request.md&title=%5BFEAT%5D) (GitHub account required) to request that a new tool be added to the image. I am always interested in adding new capabilities to these images. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..2ef0a27 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +## Supported Versions + +Currently all versions of this project are +being supported with security updates. + +| Version | Supported | +| --------------- | ------------------ | +| 1.x.x and above | :white_check_mark: | + +## Reporting a Vulnerability + +For responsible disclosure, please use [this link](https://github.com/leplusorg/docker-av/security/advisories/new) (GitHub account required) to report an issue privatly. Otherwise you can also contact me using the info on my [profile page](https://github.com/thomasleplus). diff --git a/av/Dockerfile b/av/Dockerfile new file mode 100644 index 0000000..983f9ef --- /dev/null +++ b/av/Dockerfile @@ -0,0 +1,27 @@ +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 + +HEALTHCHECK NONE + +ENTRYPOINT [] + +ARG USER_NAME=default +ARG USER_HOME=/home/default +ARG USER_ID=1000 +ARG USER_GECOS=Default + +# hadolint ignore=DL3018 +RUN apk --update --no-cache add ffmpeg ffmpegthumbnailer ffmpegthumbs mlt mkvtoolnix mp3gain mp3splt mp3val \ + && rm -rf /var/cache/apk/* + +RUN adduser \ + --home "${USER_HOME}" \ + --uid "${USER_ID}" \ + --gecos "${USER_GECOS}" \ + --disabled-password \ + "${USER_NAME}" + +ENV HOME="${USER_HOME}" + +USER "${USER_NAME}" + +WORKDIR "${HOME}" diff --git a/av/docker-compose.test.yml b/av/docker-compose.test.yml new file mode 100644 index 0000000..4318cab --- /dev/null +++ b/av/docker-compose.test.yml @@ -0,0 +1,9 @@ +--- +version: "3.8" + +services: + sut: + build: + context: . + dockerfile: Dockerfile + command: "sh -c '[ $$(id -u) -eq 1000 ] && identify --version'"