From 5831167978d075010eb9eef9786cfef17249e9cf Mon Sep 17 00:00:00 2001 From: KingPin Date: Tue, 18 Mar 2025 17:22:01 -0400 Subject: [PATCH 01/21] Enhance Doxygen Docker images with non-root user, health checks, and improved package installation --- .github/workflows/docker-publish.yml | 278 ++++++++++++--------------- Dockerfile.alpine | 29 ++- Dockerfile.debian | 31 ++- 3 files changed, 182 insertions(+), 156 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 817c594..01869b8 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -4,190 +4,166 @@ on: schedule: - cron: '31 16 * * 1' workflow_dispatch: + push: + branches: [main] + paths: + - 'Dockerfile.*' + - '.github/workflows/docker-publish.yml' + pull_request: + branches: [main] + paths: + - 'Dockerfile.*' + - '.github/workflows/docker-publish.yml' -jobs: - Alpine: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +jobs: + build: runs-on: ubuntu-latest + strategy: + matrix: + distro: [alpine, debian] + include: + - distro: alpine + is_latest: true + - distro: debian + is_latest: false permissions: - contents: write + contents: read packages: write security-events: write - + id-token: write # For OIDC auth + steps: - - - name: Docker Setup QEMU - uses: docker/setup-qemu-action@v3 - id: qemu - with: - platforms: amd64,arm64,arm - - - name: Docker Setup Buildx - id: buildx + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Log into ghcr.io registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Login to Quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_ROBOT_TOKEN }} - - - name: Build and test docker image - uses: docker/build-push-action@v6 - with: - # context: . - file: ./Dockerfile.alpine - load: true - tags: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine-test - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Test - run: | - docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine-test doxygen --help - - - name: Retrieve doxygen version - run: | - echo "doxygen_version=$(docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine-test doxygen -v)" >> $GITHUB_OUTPUT - id: version - # ${{ steps.version.outputs.doxygen_version }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - scan-type: image - image-ref: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine-test - format: 'sarif' - output: 'trivy-results-alpine.sarif' - severity: 'MEDIUM,CRITICAL,HIGH' - hide-progress: false - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results-alpine.sarif' - - - name: Build and push Docker image - uses: docker/build-push-action@v6 - with: - # context: . - file: ./Dockerfile.alpine - platforms: linux/amd64,linux/arm64,linux/arm/v7 - push: true - cache-from: type=gha - cache-to: type=gha,mode=max - tags: | - ghcr.io/kingpin/${{ github.event.repository.name }}:latest - ghcr.io/kingpin/${{ github.event.repository.name }}:alpine - ghcr.io/kingpin/${{ github.event.repository.name }}:alpine-${{ steps.version.outputs.doxygen_version }} - docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:latest - docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine - docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine-${{ steps.version.outputs.doxygen_version }} - quay.io/kingpinx1/${{ github.event.repository.name }}:latest - quay.io/kingpinx1/${{ github.event.repository.name }}:alpine - quay.io/kingpinx1/${{ github.event.repository.name }}:alpine-${{ steps.version.outputs.doxygen_version }} - Debian: - - runs-on: ubuntu-latest - permissions: - contents: write - packages: write - security-events: write - - steps: - - - name: Docker Setup QEMU + + - name: Set up QEMU uses: docker/setup-qemu-action@v3 - id: qemu with: - platforms: amd64,arm64,arm - - - name: Docker Setup Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - uses: docker/login-action@v3 + platforms: linux/amd64,linux/arm64,linux/arm/v7 + + # Login to Docker Hub + - name: Login to Docker Hub + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Log into ghcr.io registry + + # Login to GitHub Container Registry + - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - - name: Login to Quay.io + + # Login to Quay.io + - name: Login to Quay.io uses: docker/login-action@v3 with: registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_ROBOT_TOKEN }} - - - name: Build and test docker image + username: kingpinx1 + password: ${{ secrets.QUAY_TOKEN }} + + # Build test image + - name: Build test image uses: docker/build-push-action@v6 with: - # context: . - file: ./Dockerfile.debian + context: . + file: ./Dockerfile.${{ matrix.distro }} load: true - tags: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Test - run: | - docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test doxygen --help - - - name: Retrieve doxygen version + tags: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test + cache-from: | + type=gha,scope=${{ matrix.distro }} + cache-to: | + type=gha,scope=${{ matrix.distro }},mode=max + + # Test image + - name: Test image run: | - echo "doxygen_version=$(docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test doxygen -v)" >> $GITHUB_OUTPUT + docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test doxygen --help + + # Get Doxygen version + - name: Extract Doxygen version id: version - # ${{ steps.version.outputs.doxygen_version }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + run: | + echo "doxygen_version=$(docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test doxygen -v | tr -d '\n')" >> $GITHUB_OUTPUT + + # Vulnerability scan + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@v0.18.0 with: scan-type: image - image-ref: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test + image-ref: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test format: 'sarif' - output: 'trivy-results-debian.sarif' + output: 'trivy-results-${{ matrix.distro }}.sarif' severity: 'MEDIUM,CRITICAL,HIGH' hide-progress: false - - - name: Upload Trivy scan results to GitHub Security tab + + # Upload scan results + - name: Upload Trivy scan results uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: 'trivy-results-debian.sarif' - - - name: Build and push Docker image + sarif_file: 'trivy-results-${{ matrix.distro }}.sarif' + + # Generate tag lists based on context + - name: Prepare tags + id: prep + run: | + # For PR builds, only create GHCR tags with PR number + if [[ "${{ github.event_name }}" == "pull_request" ]]; then + PR_NUMBER=$(echo $GITHUB_REF | awk -F / '{print $3}') + TAGS="ghcr.io/kingpin/${{ github.event.repository.name }}:${{ matrix.distro }}-pr-${PR_NUMBER} + ghcr.io/kingpin/${{ github.event.repository.name }}:${{ matrix.distro }}-${{ steps.version.outputs.doxygen_version }}-pr-${PR_NUMBER}" + + if [ "${{ matrix.is_latest }}" = "true" ]; then + TAGS="$TAGS + ghcr.io/kingpin/${{ github.event.repository.name }}:pr-${PR_NUMBER}" + fi + else + # For main branch, create all registry tags + TAGS="ghcr.io/kingpin/${{ github.event.repository.name }}:${{ matrix.distro }} + docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }} + quay.io/kingpinx1/${{ github.event.repository.name }}:${{ matrix.distro }} + ghcr.io/kingpin/${{ github.event.repository.name }}:${{ matrix.distro }}-${{ steps.version.outputs.doxygen_version }} + docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-${{ steps.version.outputs.doxygen_version }} + quay.io/kingpinx1/${{ github.event.repository.name }}:${{ matrix.distro }}-${{ steps.version.outputs.doxygen_version }}" + + # Add latest tags if this is the latest version + if [ "${{ matrix.is_latest }}" = "true" ]; then + TAGS="$TAGS + ghcr.io/kingpin/${{ github.event.repository.name }}:latest + docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:latest + quay.io/kingpinx1/${{ github.event.repository.name }}:latest" + fi + fi + + echo "tags<> $GITHUB_OUTPUT + echo "$TAGS" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + # Build and push the images + - name: Build and push uses: docker/build-push-action@v6 with: - # context: . - file: ./Dockerfile.debian + context: . + file: ./Dockerfile.${{ matrix.distro }} platforms: linux/amd64,linux/arm64,linux/arm/v7 - push: true - cache-from: type=gha - cache-to: type=gha,mode=max - tags: | - ghcr.io/kingpin/${{ github.event.repository.name }}:debian - docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian - quay.io/kingpinx1/${{ github.event.repository.name }}:debian - ghcr.io/kingpin/${{ github.event.repository.name }}:debian-${{ steps.version.outputs.doxygen_version }} - docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-${{ steps.version.outputs.doxygen_version }} - quay.io/kingpinx1/${{ github.event.repository.name }}:debian-${{ steps.version.outputs.doxygen_version }} + push: ${{ github.ref == 'refs/heads/main' || github.event_name == 'pull_request' }} + tags: ${{ steps.prep.outputs.tags }} + cache-from: | + type=gha,scope=${{ matrix.distro }} + cache-to: | + type=gha,scope=${{ matrix.distro }},mode=max + labels: | + org.opencontainers.image.title=${{ github.event.repository.name }} + org.opencontainers.image.description=Doxygen container based on ${{ matrix.distro }} + org.opencontainers.image.version=${{ steps.version.outputs.doxygen_version }} + org.opencontainers.image.created=${{ fromJSON(steps.prep.outputs.metadata).lastModified }} + org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} diff --git a/Dockerfile.alpine b/Dockerfile.alpine index ea63753..3df285a 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,5 +1,30 @@ -FROM alpine:latest +FROM alpine:3.19 -RUN apk --update --no-cache add doxygen graphviz git +LABEL org.opencontainers.image.title="Doxygen Docker Image" +LABEL org.opencontainers.image.description="Lightweight Doxygen container based on Alpine Linux" +LABEL org.opencontainers.image.source="https://github.com/kingpin/doxygen-docker" +# Install required packages +RUN apk --update --no-cache add \ + doxygen \ + graphviz \ + git \ + && rm -rf /var/cache/apk/* + +# Create non-root user +RUN addgroup -g 1000 doxygen && \ + adduser -u 1000 -G doxygen -s /bin/sh -D doxygen + +# Set up working directory +WORKDIR /Doxygen +RUN mkdir -p /Doxygen && chown -R doxygen:doxygen /Doxygen + +# Switch to non-root user +USER doxygen + +# Health check +HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ + CMD doxygen -v || exit 1 + +# Set entry point CMD ["doxygen", "/Doxygen"] diff --git a/Dockerfile.debian b/Dockerfile.debian index 26e25bc..664847e 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -1,8 +1,33 @@ FROM debian:stable-slim -# echo 'deb http://deb.debian.org/debian bookworm-backports main contrib non-free' > /etc/apt/sources.list.d/bullseye-backports.list && \ +LABEL org.opencontainers.image.title="Doxygen Docker Image" +LABEL org.opencontainers.image.description="Doxygen container based on Debian Linux" +LABEL org.opencontainers.image.source="https://github.com/kingpin/doxygen-docker" + +# Install required packages RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y doxygen graphviz git && \ - rm -rf /var/lib/apt/lists/* + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + doxygen \ + graphviz \ + git \ + ca-certificates \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Create non-root user +RUN groupadd -g 1000 doxygen && \ + useradd -u 1000 -g doxygen -s /bin/bash -m doxygen + +# Set up working directory +WORKDIR /Doxygen +RUN mkdir -p /Doxygen && chown -R doxygen:doxygen /Doxygen + +# Switch to non-root user +USER doxygen + +# Health check +HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ + CMD doxygen -v || exit 1 +# Set entry point CMD ["doxygen", "/Doxygen"] From f6b5ca26d441c5bd6e5118112002238d80b5da1b Mon Sep 17 00:00:00 2001 From: KingPin Date: Tue, 18 Mar 2025 21:53:04 -0400 Subject: [PATCH 02/21] Update README.md with enhanced usage instructions, container registries, and multi-architecture support --- README.md | 102 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 69 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index 0c6db5d..0eee513 100644 --- a/README.md +++ b/README.md @@ -1,36 +1,72 @@ # Doxygen in Docker -tutorial on how to use this : https://sumguy.com/install-use-doxygen-via-docker/ - -simple command line : docker run --rm -it -v ./source:/source -v ./output:/output -v ./Doxygen:/Doxygen ghcr.io/kingpin/doxygen-docker:latest - -you will need to mount the source, output and a Doxygen file. - -available OS's : - - - Alpine (using latest at time of build) - - Debian (using latest stable-slim at time of build) - -Available tags : - - - **latest** - - uses alpine as the base container along with latest available doxygen at time of build - - **alpine** - - uses alpine as the base container along with latest available doxygen at time of build - - **alpine-x.x.x** - - uses alpine as the base container along with a specific version of doxygen (usually latest packaged at time of build) - - e.g. - - alpine-1.9.8 - - see following pages for list - - https://hub.docker.com/r/kingpin/doxygen-docker/tags - - https://github.com/KingPin/doxygen-docker/pkgs/container/doxygen-docker - - **debian** - - uses debian as the base container along with latest available doxygen at time of build - - **debian-x.x.x** - - uses debian as the base container along with a specific version of doxygen (usually latest packaged at time of build) - - e.g. - - debian-1.9.4 - - see following pages for list - - https://hub.docker.com/r/kingpin/doxygen-docker/tags - - https://github.com/KingPin/doxygen-docker/pkgs/container/doxygen-docker +This project provides ready-to-use Doxygen Docker images for documentation generation. + +## Quick Start + +```bash +docker run --rm -it -v ./source:/docs/source -v ./output:/docs/output -v ./Doxyfile:/docs/Doxyfile ghcr.io/kingpin/doxygen-docker:latest +``` +Container Registries +Images are available on multiple registries: + + - GitHub: ghcr.io/kingpin/doxygen-docker + - Docker Hub: docker.io/kingpin/doxygen-docker + - Quay.io: quay.io/kingpinx1/doxygen-docker + +Base OS Options + + - Alpine: Lightweight container based on Alpine Linux + - Debian: Standard container based on Debian stable-slim + +Available Tags + + - latest + - Uses Alpine as the base container with latest available Doxygen + - alpine + - Uses Alpine as the base container with latest available Doxygen + - alpine-x.x.x + - Alpine with specific Doxygen version (e.g., alpine-1.9.8) + - debian + - Uses Debian as the base container with latest available Doxygen + - debian-x.x.x + - Debian with specific Doxygen version (e.g., debian-1.9.4) + - pr-XX (only on GitHub Container Registry) + - PR-specific builds for testing, where XX is the pull request number + +Multi-architecture Support + +All images are built for: + + - linux/amd64 (Intel/AMD) + - linux/arm64 (ARM 64-bit) + - linux/arm/v7 (ARM 32-bit) + +Usage Examples +Basic Usage + +```bash +docker run --rm -v $(pwd)/source:/docs/source \ +-v $(pwd)/output:/docs/output \ +-v $(pwd)/Doxyfile:/docs/Doxyfile \ +ghcr.io/kingpin/doxygen-docker:latest +``` +Generate a default Doxyfile +```bash +docker run --rm -v $(pwd):/docs ghcr.io/kingpin/doxygen-docker:latest doxygen -g +``` +Run with a specific version +```bash +docker run --rm -v $(pwd):/docs docker.io/kingpin/doxygen-docker:debian-1.9.4 doxygen Doxyfile +``` +Using Alpine-based image + +```bash +docker run --rm -v $(pwd):/docs quay.io/kingpinx1/doxygen-docker:alpine doxygen Doxyfile +``` +Security +Images are regularly scanned for vulnerabilities using Trivy. + +Further Information +For more details and tutorials, visit: https://sumguy.com/install-use-doxygen-via-docker/ From c0559ef991a808f578c5486a5df9249008b4acb9 Mon Sep 17 00:00:00 2001 From: KingPin Date: Tue, 18 Mar 2025 22:08:12 -0400 Subject: [PATCH 03/21] Update Trivy vulnerability scanner action to version 0.30.0 --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 01869b8..e05361f 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -97,7 +97,7 @@ jobs: # Vulnerability scan - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@v0.18.0 + uses: aquasecurity/trivy-action@0.30.0 with: scan-type: image image-ref: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test From 17f6475949019b80a27db04f235120b0ddd810b5 Mon Sep 17 00:00:00 2001 From: KingPin Date: Tue, 18 Mar 2025 22:14:52 -0400 Subject: [PATCH 04/21] Update Docker publish workflow to use secrets for Quay credentials --- .github/workflows/docker-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index e05361f..4040e05 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -68,8 +68,8 @@ jobs: uses: docker/login-action@v3 with: registry: quay.io - username: kingpinx1 - password: ${{ secrets.QUAY_TOKEN }} + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_ROBOT_TOKEN }} # Build test image - name: Build test image From 289078c8b6e20200017f67f2a685c3c3ea830854 Mon Sep 17 00:00:00 2001 From: KingPin Date: Tue, 18 Mar 2025 22:21:00 -0400 Subject: [PATCH 05/21] Add timestamp generation for image creation in Docker publish workflow --- .github/workflows/docker-publish.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 4040e05..62be617 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -116,6 +116,9 @@ jobs: - name: Prepare tags id: prep run: | + # Generate current timestamp in ISO 8601 format + echo "timestamp=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT + # For PR builds, only create GHCR tags with PR number if [[ "${{ github.event_name }}" == "pull_request" ]]; then PR_NUMBER=$(echo $GITHUB_REF | awk -F / '{print $3}') @@ -165,5 +168,5 @@ jobs: org.opencontainers.image.title=${{ github.event.repository.name }} org.opencontainers.image.description=Doxygen container based on ${{ matrix.distro }} org.opencontainers.image.version=${{ steps.version.outputs.doxygen_version }} - org.opencontainers.image.created=${{ fromJSON(steps.prep.outputs.metadata).lastModified }} + org.opencontainers.image.created=${{ steps.prep.outputs.timestamp }} org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} From 8c93b1321e142855431eb878666fd41e0cdb53af Mon Sep 17 00:00:00 2001 From: KingPin Date: Wed, 19 Mar 2025 23:24:20 -0400 Subject: [PATCH 06/21] Update Dockerfiles to use latest Alpine and Debian images, enhance directory setup, and set working directory for Doxygen --- Dockerfile.alpine | 11 +++++++---- Dockerfile.debian | 9 ++++++--- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 3df285a..6856685 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:latest LABEL org.opencontainers.image.title="Doxygen Docker Image" LABEL org.opencontainers.image.description="Lightweight Doxygen container based on Alpine Linux" @@ -15,13 +15,16 @@ RUN apk --update --no-cache add \ RUN addgroup -g 1000 doxygen && \ adduser -u 1000 -G doxygen -s /bin/sh -D doxygen -# Set up working directory -WORKDIR /Doxygen -RUN mkdir -p /Doxygen && chown -R doxygen:doxygen /Doxygen +# Set up working directories +RUN mkdir -p /input /output && \ + chown -R doxygen:doxygen /input /output # Switch to non-root user USER doxygen +# Set working directory +WORKDIR /input + # Health check HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ CMD doxygen -v || exit 1 diff --git a/Dockerfile.debian b/Dockerfile.debian index 664847e..5d6c4e2 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -18,13 +18,16 @@ RUN apt-get update && \ RUN groupadd -g 1000 doxygen && \ useradd -u 1000 -g doxygen -s /bin/bash -m doxygen -# Set up working directory -WORKDIR /Doxygen -RUN mkdir -p /Doxygen && chown -R doxygen:doxygen /Doxygen +# Set up working directories +RUN mkdir -p /input /output && \ + chown -R doxygen:doxygen /input /output # Switch to non-root user USER doxygen +# Set working directory +WORKDIR /input + # Health check HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ CMD doxygen -v || exit 1 From 86ff53fb96954dfcafa9c623a12661d9288acab4 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 10:37:44 -0400 Subject: [PATCH 07/21] Refactor Dockerfiles to improve readability by organizing package installation and user setup, and list packages alphabetically. --- Dockerfile.alpine | 19 ++++++++++--------- Dockerfile.debian | 23 ++++++++++++----------- 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 6856685..237e38b 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -4,21 +4,22 @@ LABEL org.opencontainers.image.title="Doxygen Docker Image" LABEL org.opencontainers.image.description="Lightweight Doxygen container based on Alpine Linux" LABEL org.opencontainers.image.source="https://github.com/kingpin/doxygen-docker" -# Install required packages -RUN apk --update --no-cache add \ - doxygen \ - graphviz \ - git \ - && rm -rf /var/cache/apk/* - -# Create non-root user +# Create non-root user first (rarely changes) RUN addgroup -g 1000 doxygen && \ adduser -u 1000 -G doxygen -s /bin/sh -D doxygen -# Set up working directories +# Set up working directories (rarely changes) RUN mkdir -p /input /output && \ chown -R doxygen:doxygen /input /output +# Install packages (may change more frequently) +# List packages alphabetically for better readability and to avoid duplication +RUN apk --update --no-cache add \ + doxygen \ + git \ + graphviz \ + && rm -rf /var/cache/apk/* + # Switch to non-root user USER doxygen diff --git a/Dockerfile.debian b/Dockerfile.debian index 5d6c4e2..d34de82 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -4,24 +4,25 @@ LABEL org.opencontainers.image.title="Doxygen Docker Image" LABEL org.opencontainers.image.description="Doxygen container based on Debian Linux" LABEL org.opencontainers.image.source="https://github.com/kingpin/doxygen-docker" -# Install required packages +# Create non-root user first (rarely changes) +RUN groupadd -g 1000 doxygen && \ + useradd -u 1000 -g doxygen -s /bin/bash -m doxygen + +# Set up working directories (rarely changes) +RUN mkdir -p /input /output && \ + chown -R doxygen:doxygen /input /output + +# Install required packages (may change more frequently) +# List packages alphabetically for better readability and to avoid duplication RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + ca-certificates \ doxygen \ - graphviz \ git \ - ca-certificates \ + graphviz \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# Create non-root user -RUN groupadd -g 1000 doxygen && \ - useradd -u 1000 -g doxygen -s /bin/bash -m doxygen - -# Set up working directories -RUN mkdir -p /input /output && \ - chown -R doxygen:doxygen /input /output - # Switch to non-root user USER doxygen From 4a5e8b31dc91b3554b24947b7f7a18929e6b04ee Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 10:37:50 -0400 Subject: [PATCH 08/21] Enhance Docker publish workflow by adding a hash generation step for Dockerfile and improving cache management for image builds --- .github/workflows/docker-publish.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 62be617..c0442b7 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -80,10 +80,18 @@ jobs: load: true tags: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test cache-from: | - type=gha,scope=${{ matrix.distro }} + type=gha,scope=${{ matrix.distro }}-${{ steps.hash.outputs.hash }} + type=registry,ref=ghcr.io/kingpin/${{ github.event.repository.name }}:${{ matrix.distro }}-cache cache-to: | type=gha,scope=${{ matrix.distro }},mode=max + ${{ github.ref == 'refs/heads/main' && format('type=registry,ref=ghcr.io/kingpin/{0}:{1}-cache,mode=max', github.event.repository.name, matrix.distro) || '' }} + # Add a hash step before build + - name: Generate Dockerfile hash + id: hash + run: | + echo "hash=$(sha256sum Dockerfile.${{ matrix.distro }} | cut -d ' ' -f 1)" >> $GITHUB_OUTPUT + # Test image - name: Test image run: | @@ -162,8 +170,11 @@ jobs: tags: ${{ steps.prep.outputs.tags }} cache-from: | type=gha,scope=${{ matrix.distro }} + docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test + type=registry,ref=ghcr.io/kingpin/${{ github.event.repository.name }}:${{ matrix.distro }}-cache cache-to: | type=gha,scope=${{ matrix.distro }},mode=max + ${{ github.ref == 'refs/heads/main' && format('type=registry,ref=ghcr.io/kingpin/{0}:{1}-cache,mode=max', github.event.repository.name, matrix.distro) || '' }} labels: | org.opencontainers.image.title=${{ github.event.repository.name }} org.opencontainers.image.description=Doxygen container based on ${{ matrix.distro }} From 78225cb3016da4a737267d361a7bbae20be8f4a8 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 10:47:06 -0400 Subject: [PATCH 09/21] Consolidate Dockerfiles into a single Dockerfile with multi-architecture support and add Dockerfile hash generation step in the publish workflow --- .github/workflows/docker-publish.yml | 24 +++++++----- Dockerfile | 55 ++++++++++++++++++++++++++++ Dockerfile.alpine | 34 ----------------- Dockerfile.debian | 37 ------------------- 4 files changed, 70 insertions(+), 80 deletions(-) create mode 100644 Dockerfile delete mode 100644 Dockerfile.alpine delete mode 100644 Dockerfile.debian diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index c0442b7..2468807 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -7,12 +7,12 @@ on: push: branches: [main] paths: - - 'Dockerfile.*' + - 'Dockerfile' - '.github/workflows/docker-publish.yml' pull_request: branches: [main] paths: - - 'Dockerfile.*' + - 'Dockerfile' - '.github/workflows/docker-publish.yml' concurrency: @@ -28,8 +28,10 @@ jobs: include: - distro: alpine is_latest: true + distro_version: 'latest' - distro: debian is_latest: false + debian_version: 'stable-slim' permissions: contents: read packages: write @@ -71,12 +73,22 @@ jobs: username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_ROBOT_TOKEN }} + # Generate Dockerfile hash + - name: Generate Dockerfile hash + id: hash + run: | + echo "hash=$(sha256sum Dockerfile | cut -d ' ' -f 1)" >> $GITHUB_OUTPUT + # Build test image - name: Build test image uses: docker/build-push-action@v6 with: context: . - file: ./Dockerfile.${{ matrix.distro }} + file: ./Dockerfile + build-args: | + DISTRO=${{ matrix.distro }} + DISTRO_VERSION=${{ matrix.distro_version }} + DEBIAN_VERSION=${{ matrix.debian_version }} load: true tags: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test cache-from: | @@ -85,12 +97,6 @@ jobs: cache-to: | type=gha,scope=${{ matrix.distro }},mode=max ${{ github.ref == 'refs/heads/main' && format('type=registry,ref=ghcr.io/kingpin/{0}:{1}-cache,mode=max', github.event.repository.name, matrix.distro) || '' }} - - # Add a hash step before build - - name: Generate Dockerfile hash - id: hash - run: | - echo "hash=$(sha256sum Dockerfile.${{ matrix.distro }} | cut -d ' ' -f 1)" >> $GITHUB_OUTPUT # Test image - name: Test image diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..200deb6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,55 @@ +ARG DISTRO=alpine +ARG DISTRO_VERSION=latest +ARG DEBIAN_VERSION=stable-slim + +# Select base image based on the DISTRO argument +FROM ${DISTRO}:${DISTRO == "alpine" ? DISTRO_VERSION : DEBIAN_VERSION} + +# Common labels +LABEL org.opencontainers.image.title="Doxygen Docker Image" +LABEL org.opencontainers.image.description="Doxygen container for documentation generation" +LABEL org.opencontainers.image.source="https://github.com/kingpin/doxygen-docker" + +# Create non-root user (using appropriate commands for each distro) +RUN if [ "$DISTRO" = "alpine" ]; then \ + addgroup -g 1000 doxygen && \ + adduser -u 1000 -G doxygen -s /bin/sh -D doxygen; \ + else \ + groupadd -g 1000 doxygen && \ + useradd -u 1000 -g doxygen -s /bin/bash -m doxygen; \ + fi + +# Set up working directories (common for both distros) +RUN mkdir -p /input /output && \ + chown -R doxygen:doxygen /input /output + +# Install required packages (distro-specific) +RUN if [ "$DISTRO" = "alpine" ]; then \ + apk --update --no-cache add \ + doxygen \ + git \ + graphviz \ + && rm -rf /var/cache/apk/*; \ + else \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + ca-certificates \ + doxygen \ + git \ + graphviz \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/*; \ + fi + +# Switch to non-root user +USER doxygen + +# Set working directory +WORKDIR /input + +# Health check +HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ + CMD doxygen -v || exit 1 + +# Set entry point +CMD ["doxygen", "/Doxyfile"] \ No newline at end of file diff --git a/Dockerfile.alpine b/Dockerfile.alpine deleted file mode 100644 index 237e38b..0000000 --- a/Dockerfile.alpine +++ /dev/null @@ -1,34 +0,0 @@ -FROM alpine:latest - -LABEL org.opencontainers.image.title="Doxygen Docker Image" -LABEL org.opencontainers.image.description="Lightweight Doxygen container based on Alpine Linux" -LABEL org.opencontainers.image.source="https://github.com/kingpin/doxygen-docker" - -# Create non-root user first (rarely changes) -RUN addgroup -g 1000 doxygen && \ - adduser -u 1000 -G doxygen -s /bin/sh -D doxygen - -# Set up working directories (rarely changes) -RUN mkdir -p /input /output && \ - chown -R doxygen:doxygen /input /output - -# Install packages (may change more frequently) -# List packages alphabetically for better readability and to avoid duplication -RUN apk --update --no-cache add \ - doxygen \ - git \ - graphviz \ - && rm -rf /var/cache/apk/* - -# Switch to non-root user -USER doxygen - -# Set working directory -WORKDIR /input - -# Health check -HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ - CMD doxygen -v || exit 1 - -# Set entry point -CMD ["doxygen", "/Doxygen"] diff --git a/Dockerfile.debian b/Dockerfile.debian deleted file mode 100644 index d34de82..0000000 --- a/Dockerfile.debian +++ /dev/null @@ -1,37 +0,0 @@ -FROM debian:stable-slim - -LABEL org.opencontainers.image.title="Doxygen Docker Image" -LABEL org.opencontainers.image.description="Doxygen container based on Debian Linux" -LABEL org.opencontainers.image.source="https://github.com/kingpin/doxygen-docker" - -# Create non-root user first (rarely changes) -RUN groupadd -g 1000 doxygen && \ - useradd -u 1000 -g doxygen -s /bin/bash -m doxygen - -# Set up working directories (rarely changes) -RUN mkdir -p /input /output && \ - chown -R doxygen:doxygen /input /output - -# Install required packages (may change more frequently) -# List packages alphabetically for better readability and to avoid duplication -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - ca-certificates \ - doxygen \ - git \ - graphviz \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Switch to non-root user -USER doxygen - -# Set working directory -WORKDIR /input - -# Health check -HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ - CMD doxygen -v || exit 1 - -# Set entry point -CMD ["doxygen", "/Doxygen"] From 2bc787f1dbff07c3fa464da837dd841d0cb49f84 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 11:06:33 -0400 Subject: [PATCH 10/21] Refactor Docker publish workflow to streamline build arguments for multi-distro support and simplify base image selection in Dockerfile --- .github/workflows/docker-publish.yml | 6 ++++-- Dockerfile | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 2468807..9bbac5a 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -87,8 +87,7 @@ jobs: file: ./Dockerfile build-args: | DISTRO=${{ matrix.distro }} - DISTRO_VERSION=${{ matrix.distro_version }} - DEBIAN_VERSION=${{ matrix.debian_version }} + ${{ matrix.distro == 'alpine' && format('DISTRO_VERSION={0}', matrix.distro_version) || format('DEBIAN_VERSION={0}', matrix.debian_version) }} load: true tags: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test cache-from: | @@ -171,6 +170,9 @@ jobs: with: context: . file: ./Dockerfile.${{ matrix.distro }} + build-args: | + DISTRO=${{ matrix.distro }} + ${{ matrix.distro == 'alpine' && format('DISTRO_VERSION={0}', matrix.distro_version) || format('DEBIAN_VERSION={0}', matrix.debian_version) }} platforms: linux/amd64,linux/arm64,linux/arm/v7 push: ${{ github.ref == 'refs/heads/main' || github.event_name == 'pull_request' }} tags: ${{ steps.prep.outputs.tags }} diff --git a/Dockerfile b/Dockerfile index 200deb6..1c4c692 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,8 @@ ARG DISTRO=alpine ARG DISTRO_VERSION=latest ARG DEBIAN_VERSION=stable-slim -# Select base image based on the DISTRO argument -FROM ${DISTRO}:${DISTRO == "alpine" ? DISTRO_VERSION : DEBIAN_VERSION} +# First set a default image +FROM ${DISTRO}:${DISTRO_VERSION} # Common labels LABEL org.opencontainers.image.title="Doxygen Docker Image" From be262c87af246ce5848620755b9b0da20383b89c Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 11:12:34 -0400 Subject: [PATCH 11/21] Re-declare DISTRO ARG in Dockerfile to ensure availability after FROM instruction --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 1c4c692..cd30888 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,9 @@ ARG DEBIAN_VERSION=stable-slim # First set a default image FROM ${DISTRO}:${DISTRO_VERSION} +# Re-declare ARG to make it available after FROM +ARG DISTRO=alpine + # Common labels LABEL org.opencontainers.image.title="Doxygen Docker Image" LABEL org.opencontainers.image.description="Doxygen container for documentation generation" From 16ead7d205e0de85120426374dfeb62c9cf0dff7 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 12:25:57 -0400 Subject: [PATCH 12/21] Improve user creation logic in Dockerfile to support multiple distributions and handle unsupported distros --- Dockerfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index cd30888..1aa3463 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,12 +14,14 @@ LABEL org.opencontainers.image.description="Doxygen container for documentation LABEL org.opencontainers.image.source="https://github.com/kingpin/doxygen-docker" # Create non-root user (using appropriate commands for each distro) -RUN if [ "$DISTRO" = "alpine" ]; then \ +RUN if [ -f /etc/alpine-release ]; then \ addgroup -g 1000 doxygen && \ adduser -u 1000 -G doxygen -s /bin/sh -D doxygen; \ - else \ + elif [ -f /etc/debian_version ]; then \ groupadd -g 1000 doxygen && \ useradd -u 1000 -g doxygen -s /bin/bash -m doxygen; \ + else \ + echo "Unsupported distribution" && exit 1; \ fi # Set up working directories (common for both distros) @@ -27,7 +29,7 @@ RUN mkdir -p /input /output && \ chown -R doxygen:doxygen /input /output # Install required packages (distro-specific) -RUN if [ "$DISTRO" = "alpine" ]; then \ +RUN if [ -f /etc/alpine-release ]; then \ apk --update --no-cache add \ doxygen \ git \ From b12b62f51c815d4fa5759b28f7c62749c9c9a21a Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 12:35:38 -0400 Subject: [PATCH 13/21] Update Docker publish workflow to use a single Dockerfile for all distributions --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 9bbac5a..4983d74 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -169,7 +169,7 @@ jobs: uses: docker/build-push-action@v6 with: context: . - file: ./Dockerfile.${{ matrix.distro }} + file: ./Dockerfile build-args: | DISTRO=${{ matrix.distro }} ${{ matrix.distro == 'alpine' && format('DISTRO_VERSION={0}', matrix.distro_version) || format('DEBIAN_VERSION={0}', matrix.debian_version) }} From c36547638a0a5e31b25964d0052b251db8a7d180 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 12:44:37 -0400 Subject: [PATCH 14/21] Fix entry point command in Dockerfile to reference the correct Doxygen file --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1aa3463..47e066f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -57,4 +57,4 @@ HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ CMD doxygen -v || exit 1 # Set entry point -CMD ["doxygen", "/Doxyfile"] \ No newline at end of file +CMD ["doxygen", "/Doxygen"] \ No newline at end of file From 78accbbf92c07269411ab09aef499bfbe815fa78 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 13:42:01 -0400 Subject: [PATCH 15/21] Refactor Dockerfile and add entrypoint script to improve user permissions handling and streamline container execution --- Dockerfile | 47 ++++++++++++++++++------------- README.md | 58 +++++++++++++++++++++++++------------- entrypoint.sh | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 144 insertions(+), 39 deletions(-) create mode 100644 entrypoint.sh diff --git a/Dockerfile b/Dockerfile index 47e066f..f41b589 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,27 +13,15 @@ LABEL org.opencontainers.image.title="Doxygen Docker Image" LABEL org.opencontainers.image.description="Doxygen container for documentation generation" LABEL org.opencontainers.image.source="https://github.com/kingpin/doxygen-docker" -# Create non-root user (using appropriate commands for each distro) -RUN if [ -f /etc/alpine-release ]; then \ - addgroup -g 1000 doxygen && \ - adduser -u 1000 -G doxygen -s /bin/sh -D doxygen; \ - elif [ -f /etc/debian_version ]; then \ - groupadd -g 1000 doxygen && \ - useradd -u 1000 -g doxygen -s /bin/bash -m doxygen; \ - else \ - echo "Unsupported distribution" && exit 1; \ - fi - -# Set up working directories (common for both distros) -RUN mkdir -p /input /output && \ - chown -R doxygen:doxygen /input /output - -# Install required packages (distro-specific) +# Install required packages (distro-specific) - including tools for the entrypoint RUN if [ -f /etc/alpine-release ]; then \ apk --update --no-cache add \ doxygen \ git \ graphviz \ + bash \ + su-exec \ + shadow \ && rm -rf /var/cache/apk/*; \ else \ apt-get update && \ @@ -42,19 +30,40 @@ RUN if [ -f /etc/alpine-release ]; then \ doxygen \ git \ graphviz \ + gosu \ && apt-get clean \ && rm -rf /var/lib/apt/lists/*; \ fi -# Switch to non-root user -USER doxygen +# Create non-root user (using appropriate commands for each distro) +RUN if [ -f /etc/alpine-release ]; then \ + addgroup -g 1000 doxygen && \ + adduser -u 1000 -G doxygen -s /bin/sh -D doxygen; \ + elif [ -f /etc/debian_version ]; then \ + groupadd -g 1000 doxygen && \ + useradd -u 1000 -g doxygen -s /bin/bash -m doxygen; \ + else \ + echo "Unsupported distribution" && exit 1; \ + fi + +# Set up working directories (common for both distros) +RUN mkdir -p /input /output && \ + chown -R doxygen:doxygen /input /output + +# Copy entrypoint script +COPY entrypoint.sh /usr/local/bin/entrypoint.sh +RUN chmod +x /usr/local/bin/entrypoint.sh # Set working directory WORKDIR /input +# Switch to non-root user by default +USER doxygen + # Health check HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ CMD doxygen -v || exit 1 # Set entry point -CMD ["doxygen", "/Doxygen"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +CMD ["doxygen", "/Doxyfile"] \ No newline at end of file diff --git a/README.md b/README.md index 0eee513..9308d01 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ - # Doxygen in Docker This project provides ready-to-use Doxygen Docker images for documentation generation. @@ -8,19 +7,20 @@ This project provides ready-to-use Doxygen Docker images for documentation gener ```bash docker run --rm -it -v ./source:/docs/source -v ./output:/docs/output -v ./Doxyfile:/docs/Doxyfile ghcr.io/kingpin/doxygen-docker:latest ``` -Container Registries + +## Container Registries Images are available on multiple registries: - GitHub: ghcr.io/kingpin/doxygen-docker - Docker Hub: docker.io/kingpin/doxygen-docker - Quay.io: quay.io/kingpinx1/doxygen-docker -Base OS Options +## Base OS Options - Alpine: Lightweight container based on Alpine Linux - Debian: Standard container based on Debian stable-slim -Available Tags +## Available Tags - latest - Uses Alpine as the base container with latest available Doxygen @@ -35,7 +35,7 @@ Available Tags - pr-XX (only on GitHub Container Registry) - PR-specific builds for testing, where XX is the pull request number -Multi-architecture Support +## Multi-architecture Support All images are built for: @@ -43,30 +43,48 @@ All images are built for: - linux/arm64 (ARM 64-bit) - linux/arm/v7 (ARM 32-bit) -Usage Examples -Basic Usage +## Usage Examples +### Basic Usage ```bash -docker run --rm -v $(pwd)/source:/docs/source \ --v $(pwd)/output:/docs/output \ --v $(pwd)/Doxyfile:/docs/Doxyfile \ -ghcr.io/kingpin/doxygen-docker:latest +docker run --rm \ + -v $(pwd)/source:/input \ + -v $(pwd)/output:/output \ + -v $(pwd)/Doxyfile:/Doxyfile \ + ghcr.io/kingpin/doxygen-docker:latest ``` -Generate a default Doxyfile + +### Generate a default Doxyfile ```bash -docker run --rm -v $(pwd):/docs ghcr.io/kingpin/doxygen-docker:latest doxygen -g +docker run --rm -v $(pwd):/input ghcr.io/kingpin/doxygen-docker:latest doxygen -g ``` -Run with a specific version + +### Run with a specific version ```bash -docker run --rm -v $(pwd):/docs docker.io/kingpin/doxygen-docker:debian-1.9.4 doxygen Doxyfile +docker run --rm -v $(pwd):/input docker.io/kingpin/doxygen-docker:debian-1.9.4 doxygen Doxyfile ``` -Using Alpine-based image +### Using Alpine-based image ```bash -docker run --rm -v $(pwd):/docs quay.io/kingpinx1/doxygen-docker:alpine doxygen Doxyfile +docker run --rm -v $(pwd):/input quay.io/kingpinx1/doxygen-docker:alpine doxygen Doxyfile ``` -Security + +## Handling Permissions + +If you encounter permission issues with volumes, you can use the `PUID` and `PGID` environment variables to match your host user: + +```bash +docker run --rm \ + -v $(pwd):/input \ + -e PUID=$(id -u) \ + -e PGID=$(id -g) \ + ghcr.io/kingpin/doxygen-docker:latest +``` + +This ensures that generated files will be owned by your user on the host system. + +## Security Images are regularly scanned for vulnerabilities using Trivy. -Further Information -For more details and tutorials, visit: https://sumguy.com/install-use-doxygen-via-docker/ +## Further Information +For more details and tutorials, visit: https://sumguy.com/install-use-doxygen-via-docker/ diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..b285199 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,78 @@ +#!/bin/sh +set -e + +# Function to output info messages +info() { + echo "[INFO] $@" +} + +# Function to output warning messages +warn() { + echo "[WARN] $@" >&2 +} + +# Function to fix permissions on a directory +fix_permissions() { + local dir=$1 + if [ -d "$dir" ]; then + info "Checking permissions for $dir" + if [ ! -w "$dir" ]; then + warn "Directory $dir is not writable, attempting to fix permissions" + # Try to fix with current user first + chmod -R u+rw "$dir" 2>/dev/null || true + + # If still not writable and we can use sudo, try as root + if [ ! -w "$dir" ] && command -v sudo >/dev/null 2>&1; then + warn "Using sudo to fix permissions on $dir" + sudo chmod -R u+rw "$dir" 2>/dev/null || warn "Still can't fix permissions on $dir" + fi + fi + fi +} + +# Check for custom user/group IDs +if [ -n "$PUID" ] && [ -n "$PGID" ]; then + info "Running with custom UID:GID - $PUID:$PGID" + + # Check if we're root (can modify user/group) + if [ "$(id -u)" = "0" ]; then + # Check if we need to modify the doxygen user/group + if [ -f /etc/alpine-release ]; then + # Alpine + deluser doxygen 2>/dev/null || true + delgroup doxygen 2>/dev/null || true + addgroup -g "$PGID" doxygen + adduser -u "$PUID" -G doxygen -s /bin/sh -D doxygen + elif [ -f /etc/debian_version ]; then + # Debian + groupmod -o -g "$PGID" doxygen + usermod -o -u "$PUID" doxygen + fi + + # Fix home directory ownership + chown -R doxygen:doxygen /home/doxygen + + # Drop to the doxygen user for the rest of the script + exec su-exec doxygen "$0" "$@" 2>/dev/null || exec gosu doxygen "$0" "$@" 2>/dev/null || exec su -p doxygen -c "$0 $*" + fi +fi + +# Check critical directories for permissions issues +fix_permissions /input +fix_permissions /output + +# Check if the command is doxygen and Doxyfile not readable +if [ "$1" = "doxygen" ] && [ -n "$2" ] && [ ! -r "$2" ]; then + warn "Doxyfile at $2 is not readable, this may cause issues" +fi + +# Check if running custom command or default +if [ "$#" -eq 0 ]; then + # No arguments provided, run default command + info "Running default command: doxygen /Doxyfile" + exec doxygen /Doxyfile +else + # Execute the passed command + info "Running command: $@" + exec "$@" +fi From d486b57d994c11c0cf53034b431562a55f05ae3d Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 13:47:19 -0400 Subject: [PATCH 16/21] Enhance Doxygen version extraction and entrypoint script for improved error handling and silent execution --- .github/workflows/docker-publish.yml | 10 +++++++++- entrypoint.sh | 20 ++++++++++++++++---- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 4983d74..8c509cb 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -106,7 +106,15 @@ jobs: - name: Extract Doxygen version id: version run: | - echo "doxygen_version=$(docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test doxygen -v | tr -d '\n')" >> $GITHUB_OUTPUT + # Run with environment variable to silence entrypoint output + echo "doxygen_version=$(docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ matrix.distro }}-test doxygen -v | tail -n1 | tr -d '\n')" >> $GITHUB_OUTPUT + + # Verify that we got a clean version + if ! [[ $(cat $GITHUB_OUTPUT | grep doxygen_version | cut -d= -f2) =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Error: Invalid Doxygen version extracted. Check entrypoint script output." + cat $GITHUB_OUTPUT + exit 1 + fi # Vulnerability scan - name: Run Trivy vulnerability scanner diff --git a/entrypoint.sh b/entrypoint.sh index b285199..fe7b3cd 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,9 +1,9 @@ #!/bin/sh set -e -# Function to output info messages +# Function to output info messages - always to stderr info() { - echo "[INFO] $@" + echo "[INFO] $@" >&2 } # Function to output warning messages @@ -30,6 +30,12 @@ fix_permissions() { fi } +# Check for version command (run silently) +if [ "$1" = "doxygen" ] && [ "$2" = "-v" ]; then + exec doxygen -v + exit 0 +fi + # Check for custom user/group IDs if [ -n "$PUID" ] && [ -n "$PGID" ]; then info "Running with custom UID:GID - $PUID:$PGID" @@ -62,12 +68,18 @@ fix_permissions /input fix_permissions /output # Check if the command is doxygen and Doxyfile not readable -if [ "$1" = "doxygen" ] && [ -n "$2" ] && [ ! -r "$2" ]; then +if [ "$1" = "doxygen" ] && [ -n "$2" ] && [ "$2" != "-v" ] && [ "$2" != "--help" ] && [ ! -r "$2" ]; then warn "Doxyfile at $2 is not readable, this may cause issues" fi +# Special handling for help command +if [ "$1" = "doxygen" ] && [ "$2" = "--help" ]; then + exec doxygen --help + exit 0 +fi + # Check if running custom command or default -if [ "$#" -eq 0 ]; then +if [ "$#" -eq 0; then # No arguments provided, run default command info "Running default command: doxygen /Doxyfile" exec doxygen /Doxyfile From 7304342b18db9ff13e8069f15e66ee0534b5dd61 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 13:56:40 -0400 Subject: [PATCH 17/21] Update README.md for improved clarity and structure, including enhanced usage examples and permission handling guidance --- README.md | 226 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 180 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index 9308d01..dbee8dc 100644 --- a/README.md +++ b/README.md @@ -1,90 +1,224 @@ -# Doxygen in Docker +# Doxygen Docker -This project provides ready-to-use Doxygen Docker images for documentation generation. +
-## Quick Start +![Doxygen Logo](https://www.doxygen.nl/images/doxygen_logo.png) + +[![Docker Build](https://img.shields.io/github/actions/workflow/status/kingpin/doxygen-docker/docker-publish.yml?branch=main&label=build&logo=github&style=flat-square)](https://github.com/kingpin/doxygen-docker/actions/workflows/docker-publish.yml) +[![Docker Pulls](https://img.shields.io/docker/pulls/kingpin/doxygen-docker?color=blue&logo=docker&style=flat-square)](https://hub.docker.com/r/kingpin/doxygen-docker) +[![Image Size](https://img.shields.io/docker/image-size/kingpin/doxygen-docker/latest?logo=docker&style=flat-square)](https://hub.docker.com/r/kingpin/doxygen-docker) + +*Ready-to-use containerized Doxygen for documentation generation with multi-architecture support* +
+ +## 📋 Table of Contents +- [Quick Start](#-quick-start) +- [Available Images](#-available-images) +- [Usage Examples](#-usage-examples) +- [Volume Mounting Guide](#-volume-mounting-guide) +- [Permission Handling](#-permission-handling) +- [Integration Examples](#-integration-examples) +- [Troubleshooting](#-troubleshooting) +- [Security](#-security) +- [Contributing](#-contributing) + +## 🚀 Quick Start ```bash -docker run --rm -it -v ./source:/docs/source -v ./output:/docs/output -v ./Doxyfile:/docs/Doxyfile ghcr.io/kingpin/doxygen-docker:latest +docker run --rm -v $(pwd):/input -v $(pwd)/docs:/output ghcr.io/kingpin/doxygen-docker:latest ``` -## Container Registries -Images are available on multiple registries: +## 📦 Available Images - - GitHub: ghcr.io/kingpin/doxygen-docker - - Docker Hub: docker.io/kingpin/doxygen-docker - - Quay.io: quay.io/kingpinx1/doxygen-docker +### Container Registries -## Base OS Options +| Registry | Image Path | +|----------|------------| +| GitHub Container Registry | `ghcr.io/kingpin/doxygen-docker` | +| Docker Hub | `docker.io/kingpin/doxygen-docker` | +| Quay.io | `quay.io/kingpinx1/doxygen-docker` | - - Alpine: Lightweight container based on Alpine Linux - - Debian: Standard container based on Debian stable-slim +### Base OS Options -## Available Tags +| OS | Description | Image Size | +|----|-------------|------------| +| Alpine | Lightweight container | ~30MB | +| Debian | Standard container with additional tools | ~120MB | - - latest - - Uses Alpine as the base container with latest available Doxygen - - alpine - - Uses Alpine as the base container with latest available Doxygen - - alpine-x.x.x - - Alpine with specific Doxygen version (e.g., alpine-1.9.8) - - debian - - Uses Debian as the base container with latest available Doxygen - - debian-x.x.x - - Debian with specific Doxygen version (e.g., debian-1.9.4) - - pr-XX (only on GitHub Container Registry) - - PR-specific builds for testing, where XX is the pull request number +### Available Tags -## Multi-architecture Support +| Tag Format | Example | Description | +|------------|---------|-------------| +| `latest` | `latest` | Latest Alpine-based image | +| `alpine` | `alpine` | Latest Alpine-based image | +| `alpine-x.x.x` | `alpine-1.9.8` | Alpine with specific Doxygen version | +| `debian` | `debian` | Latest Debian-based image | +| `debian-x.x.x` | `debian-1.9.4` | Debian with specific Doxygen version | +| `pr-XX` | `pr-42` | PR testing build (GitHub only) | + +### Multi-architecture Support All images are built for: +- `linux/amd64` - Intel/AMD 64-bit systems +- `linux/arm64` - ARM 64-bit systems (like Raspberry Pi 4, Apple M1/M2) +- `linux/arm/v7` - ARM 32-bit systems (like Raspberry Pi 3) - - linux/amd64 (Intel/AMD) - - linux/arm64 (ARM 64-bit) - - linux/arm/v7 (ARM 32-bit) +## 🧑‍💻 Usage Examples -## Usage Examples -### Basic Usage +### Basic Usage with Default Doxyfile ```bash docker run --rm \ - -v $(pwd)/source:/input \ - -v $(pwd)/output:/output \ + -v $(pwd):/input \ + -v $(pwd)/docs:/output \ -v $(pwd)/Doxyfile:/Doxyfile \ ghcr.io/kingpin/doxygen-docker:latest ``` -### Generate a default Doxyfile +### Generate a Default Doxyfile in Current Directory + ```bash -docker run --rm -v $(pwd):/input ghcr.io/kingpin/doxygen-docker:latest doxygen -g +docker run --rm \ + -v $(pwd):/input \ + ghcr.io/kingpin/doxygen-docker:latest doxygen -g ``` -### Run with a specific version +### Run with Custom Doxyfile Location + ```bash -docker run --rm -v $(pwd):/input docker.io/kingpin/doxygen-docker:debian-1.9.4 doxygen Doxyfile +docker run --rm \ + -v $(pwd):/input \ + -v $(pwd)/docs:/output \ + -v $(pwd)/config/my-doxyfile:/custom-doxyfile \ + ghcr.io/kingpin/doxygen-docker:latest doxygen /custom-doxyfile ``` -### Using Alpine-based image +### Run with Custom Working Directory Structure + ```bash -docker run --rm -v $(pwd):/input quay.io/kingpinx1/doxygen-docker:alpine doxygen Doxyfile +docker run --rm \ + -v $(pwd)/src:/input/src \ + -v $(pwd)/include:/input/include \ + -v $(pwd)/docs:/output \ + -v $(pwd)/doxygen.conf:/Doxyfile \ + ghcr.io/kingpin/doxygen-docker:latest +``` + +### Use a Specific Version + +```bash +docker run --rm \ + -v $(pwd):/input \ + docker.io/kingpin/doxygen-docker:debian-1.9.4 doxygen Doxyfile ``` -## Handling Permissions +## 📁 Volume Mounting Guide + +| Container Path | Description | Recommended Host Mount | +|----------------|-------------|------------------------| +| `/input` | Source code directory | `$(pwd)` or `$(pwd)/src` | +| `/output` | Generated documentation | `$(pwd)/docs` or `$(pwd)/build/docs` | +| `/Doxyfile` | Doxygen configuration file | `$(pwd)/Doxyfile` or `$(pwd)/doxygen.conf` | -If you encounter permission issues with volumes, you can use the `PUID` and `PGID` environment variables to match your host user: +## 🔐 Permission Handling + +### Using PUID/PGID For File Ownership + +To ensure files created in mounted volumes have the correct ownership: ```bash docker run --rm \ -v $(pwd):/input \ + -v $(pwd)/docs:/output \ -e PUID=$(id -u) \ -e PGID=$(id -g) \ ghcr.io/kingpin/doxygen-docker:latest ``` -This ensures that generated files will be owned by your user on the host system. +This matches the container's user with your host user ID, ensuring proper file permissions. + +### Common Permission Issues + +If you encounter permission errors, try: + +1. Use PUID/PGID as shown above +2. Ensure host directories exist with proper permissions before mounting +3. For CI/CD environments, add an explicit chmod step + +## 🔄 Integration Examples + +### GitLab CI Integration + +```yaml +documentation: + image: ghcr.io/kingpin/doxygen-docker:latest + script: + - doxygen Doxyfile + artifacts: + paths: + - docs/html +``` + +### Docker Compose Example + +```yaml +version: '3' +services: + doxygen: + image: ghcr.io/kingpin/doxygen-docker:latest + volumes: + - ./src:/input + - ./docs:/output + - ./Doxyfile:/Doxyfile + environment: + - PUID=1000 + - PGID=1000 +``` + +### GitHub Actions Example + +```yaml +- name: Generate Documentation + uses: docker://ghcr.io/kingpin/doxygen-docker:latest + with: + args: doxygen Doxyfile + env: + PUID: 1000 + PGID: 1000 +``` + +## ❓ Troubleshooting + +### "No such file" Errors + +Make sure your Doxyfile is accessible inside the container. If your Doxyfile references paths, ensure they're relative to the container's `/input` directory. + +### Empty Output + +Check that: +1. Your Doxyfile has the correct input/output paths +2. Output directory is properly mounted +3. Source files are in the expected format + +### Permission Denied Errors + +Use the PUID/PGID environment variables as described in the [Permission Handling](#-permission-handling) section. + +## 🛡️ Security + +- Images are regularly scanned for vulnerabilities using Trivy +- We follow a minimal installation approach to reduce attack surface +- Alpine-based images are recommended for production use +- We use non-root users by default + +## 🤝 Contributing + +Contributions are welcome! Please feel free to submit a Pull Request. + +## 📜 License + +This project is licensed under the MIT License - see the LICENSE file for details. -## Security -Images are regularly scanned for vulnerabilities using Trivy. +--- -## Further Information -For more details and tutorials, visit: https://sumguy.com/install-use-doxygen-via-docker/ +For more details and tutorials, visit: [Installing and Using Doxygen via Docker](https://sumguy.com/install-use-doxygen-via-docker/) From e34dbba95682d481161d5883c76b048eac827a85 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 14:01:44 -0400 Subject: [PATCH 18/21] Update Doxygen logo in README.md to use the SVG version for better quality --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dbee8dc..6a46ee5 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@
-![Doxygen Logo](https://www.doxygen.nl/images/doxygen_logo.png) +![Doxygen Logo](https://www.doxygen.nl/assets/doxygen.svg) [![Docker Build](https://img.shields.io/github/actions/workflow/status/kingpin/doxygen-docker/docker-publish.yml?branch=main&label=build&logo=github&style=flat-square)](https://github.com/kingpin/doxygen-docker/actions/workflows/docker-publish.yml) [![Docker Pulls](https://img.shields.io/docker/pulls/kingpin/doxygen-docker?color=blue&logo=docker&style=flat-square)](https://hub.docker.com/r/kingpin/doxygen-docker) From f790fe78d75cf4a189550f31e45c1ce33f022152 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 14:04:06 -0400 Subject: [PATCH 19/21] Remove Doxygen logo from README.md for a cleaner presentation, and not to seem like an official repo --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 6a46ee5..91f05e4 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,6 @@
-![Doxygen Logo](https://www.doxygen.nl/assets/doxygen.svg) - [![Docker Build](https://img.shields.io/github/actions/workflow/status/kingpin/doxygen-docker/docker-publish.yml?branch=main&label=build&logo=github&style=flat-square)](https://github.com/kingpin/doxygen-docker/actions/workflows/docker-publish.yml) [![Docker Pulls](https://img.shields.io/docker/pulls/kingpin/doxygen-docker?color=blue&logo=docker&style=flat-square)](https://hub.docker.com/r/kingpin/doxygen-docker) [![Image Size](https://img.shields.io/docker/image-size/kingpin/doxygen-docker/latest?logo=docker&style=flat-square)](https://hub.docker.com/r/kingpin/doxygen-docker) From d852d60541f0f94018d19f3adaf5e853c12cd041 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 14:19:25 -0400 Subject: [PATCH 20/21] Add disclaimer and support section to README.md for clarity on community maintenance and issue reporting --- README.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/README.md b/README.md index 91f05e4..e9153f7 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,8 @@ *Ready-to-use containerized Doxygen for documentation generation with multi-architecture support*
+> **DISCLAIMER**: This is a community-maintained Docker image and is not officially affiliated with, endorsed by, or connected to the Doxygen project. For the official Doxygen software, please visit [doxygen.nl](https://www.doxygen.nl/). + ## 📋 Table of Contents - [Quick Start](#-quick-start) - [Available Images](#-available-images) @@ -18,6 +20,7 @@ - [Integration Examples](#-integration-examples) - [Troubleshooting](#-troubleshooting) - [Security](#-security) +- [Support & Issue Reporting](#-support--issue-reporting) - [Contributing](#-contributing) ## 🚀 Quick Start @@ -209,6 +212,26 @@ Use the PUID/PGID environment variables as described in the [Permission Handling - Alpine-based images are recommended for production use - We use non-root users by default +## 🆘 Support & Issue Reporting + +Please direct your issues to the appropriate project: + +* **Docker Image Issues**: For problems with the container, entrypoint script, permissions, or image building, please [open an issue](https://github.com/kingpin/doxygen-docker/issues/new) in this repository. + +* **Doxygen Software Issues**: For problems with Doxygen itself, documentation generation, or Doxygen syntax/features, please refer to the [official Doxygen project](https://www.doxygen.nl/manual/problems.html) or [open an issue](https://github.com/doxygen/doxygen/issues) in the Doxygen repository. + +Examples of container-specific issues: +- Image won't build or pull +- Container crashes or exits unexpectedly +- Permission problems with mounted volumes +- Issues with entrypoint script + +Examples of Doxygen-specific issues: +- Documentation not generating correctly +- Questions about Doxygen syntax or commands +- Feature requests for Doxygen itself +- Output formatting problems + ## 🤝 Contributing Contributions are welcome! Please feel free to submit a Pull Request. From cb9067b4576b30ff8470d9a376779b820e959cb0 Mon Sep 17 00:00:00 2001 From: KingPin Date: Thu, 20 Mar 2025 22:16:39 -0400 Subject: [PATCH 21/21] Remove version specification from Docker Compose example for flexibility --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index e9153f7..df46c2f 100644 --- a/README.md +++ b/README.md @@ -163,7 +163,6 @@ documentation: ### Docker Compose Example ```yaml -version: '3' services: doxygen: image: ghcr.io/kingpin/doxygen-docker:latest