feat[ci]: docker, and various fix

docker... remove simd shills for [ci] and fmt shill dockerfile uwu fix: typo might cool but why oops... huhuh troll as f T-T sekfjsefjkse
ThiccMC · Jul 31, 2024 · 9b1edcb · 9b1edcb
1 parent 3102730
commit 9b1edcb
Show file tree

Hide file tree

Showing 7 changed files with 158 additions and 27 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,3 @@
+**/.git
+**/target
+**/.cache
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,97 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '16 2 * * *'
+  push:
+    branches: [ "main" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@v3
+        with:
+          cosign-release: 'v2.1.1'
+
+      # Workaround: https://github.com/docker/build-push-action/issues/461
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+
+    # Sign the resulting Docker image digest except on PRs.
+    # This will only write to the public Rekor transparency log when the Docker
+    # repository is public to avoid leaking data.  If you would like to publish
+    # transparency data even for private images, pass --force to cosign below.
+    # https://github.com/sigstore/cosign
+    #   - name: Sign the published Docker image
+    #     if: ${{ github.event_name != 'pull_request' }}
+    #     env:
+    #       # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+    #       TAGS: ${{ steps.meta.outputs.tags }}
+    #       DIGEST: ${{ steps.build-and-push.outputs.digest }}
+    #     # This step uses the identity token to provision an ephemeral certificate
+    #     # against the sigstore community Fulcio instance.
+    #     run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
diff --git a/Cargo.toml b/Cargo.toml
@@ -3,6 +3,10 @@ name = "renskin"
 version = "0.1.0"
 edition = "2021"
 
+[[bin]]
+name = "rskd"
+path = "src/main.rs"
+
 [features]
 default = []
 simd = []

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,31 @@
+FROM rust:1-slim AS builder
+WORKDIR /app
+
+COPY . .
+RUN cargo install --path .
+
+# Stage 2: Create the final image
+FROM debian:bookworm-slim
+
+WORKDIR /app
+COPY --from=builder /usr/local/cargo/bin/rskd /app/rskd
+
+# Copy cleaning script
+COPY ./scripts/gc.sh ./
+RUN chmod +x /app/gc.sh
+
+# Install cron and dependencies
+RUN apt-get update && \
+    apt-get install -y cron && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN echo "0 * * * * /usr/bin/sh /app/gc.sh" > /etc/cron.d/clean_cache
+
+# Set permissions for crontab
+RUN chmod 644 /etc/cron.d/clean_cache
+
+# Expose port (if necessary)
+EXPOSE 3727
+
+# Command to run the application
+CMD ["/app/rskd"]
diff --git a/scripts/gc.sh b/scripts/gc.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# Get the number of days from environment variable
+days_to_keep=${DAYS_TO_KEEP:-1}
+
+# Find files older than $days_to_keep days
+find /app/.cache -type f -mtime +$days_to_keep -delete
diff --git a/src/ihacks.rs b/src/ihacks.rs
@@ -1,9 +1,11 @@
 use image::{Pixel, Rgb, RgbImage, Rgba, RgbaImage};
 
 #[cfg(feature = "simd")]
+#[feature(portable_simd)]
 use std::arch::x86_64::*;
 
 #[cfg(feature = "simd")]
+#[feature(portable_simd)]
 pub fn comp(rx: u32, ry: u32, dst: &mut [u8; 256], src: &RgbaImage) {
     let sw = src.width();
 

diff --git a/src/main.rs b/src/main.rs
@@ -1,28 +1,18 @@
-#![feature(portable_simd)]
-#![feature(stdarch_x86_avx512)]
-
-use image::{
-    codecs::png::PngEncoder, GenericImage, GenericImageView, ImageBuffer, Pixel, Rgb, Rgba,
-    RgbaImage,
-};
+use image::{codecs::png::PngEncoder, GenericImage, ImageBuffer, Pixel, Rgba, RgbaImage};
 use regex::Regex;
-use tide::{Body, Middleware, Request, Response};
+use tide::{Body, Request, Response};
 
-use image::{ImageReader, RgbImage};
+use image::ImageReader;
 use serde::Deserialize;
 use sqlx::{MySql, MySqlPool, Pool};
 use std::{
     env,
     error::Error,
-    fmt::Debug,
     fs::{self, File},
     io::Cursor,
     path::Path,
-    str::Bytes,
-};
-use tide_prometheus::prometheus::{
-    register_counter, register_int_counter, register_int_counter_vec, Counter, IntCounterVec, Opts,
 };
+use tide_prometheus::prometheus::{register_int_counter_vec, IntCounterVec, Opts};
 
 #[cfg(feature = "simd")]
 mod ihacks;
@@ -49,7 +39,7 @@ struct AvatarMeta {
     textures: TextureListMeta,
 }
 
-static PLACEHOLDER: &'static [u8] = include_bytes!("placeholder.png");
+static PLACEHOLDER: &[u8] = include_bytes!("placeholder.png");
 
 async fn query(pool: &Pool<MySql>, nick: &String) -> Result<AvatarMeta, tide::Error> {
     let sq: sqlx::Result<(String, i32)> = sqlx::query_as(
@@ -67,15 +57,13 @@ async fn query(pool: &Pool<MySql>, nick: &String) -> Result<AvatarMeta, tide::Er
     .bind(nick)
     .fetch_one(pool)
     .await;
-    return if let Ok((sqd, _)) = sq {
+    if let Ok((sqd, _)) = sq {
         Ok(serde_json::from_str::<AvatarMeta>(&sqd)?)
+    } else if let Some(er) = sq.err() {
+        Err(tide::Error::from_str(404, format!("{}", er)))
     } else {
-        if let Some(er) = sq.err() {
-            Err(tide::Error::from_str(404, format!("{}", er)))
-        } else {
-            Err(tide::Error::from_str(404, "unk err"))
-        }
-    };
+        Err(tide::Error::from_str(404, "unk err"))
+    }
 }
 
 async fn fetch(met: &AvatarMeta, path: &Path) -> Result<Vec<u8>, tide::Error> {
@@ -98,7 +86,7 @@ async fn draw_face(
             .decode()?
     } else {
         state.counter_cache.with_label_values(&["missed"]).inc();
-        let b = fetch(&met, raw_path).await?;
+        let b = fetch(met, raw_path).await?;
         let buf = Cursor::new(b);
         ImageReader::new(buf).with_guessed_format()?.decode()?
     }
@@ -236,24 +224,24 @@ async fn face(res: Request<State>) -> tide::Result {
         if cache_hit {
             res.state().counter_cache.with_label_values(&["hit_scl"]);
         }
-        return Ok(Response::builder(200)
+        Ok(Response::builder(200)
             .header("X-Powered-By", "ThiccMC/renskin")
             .header("X-State", "upscaled")
             .header("Cache-Control", "public")
             .header("Content-Type", "image/png")
             .body(Body::from_file(scale_path).await?)
-            .build());
+            .build())
     } else {
         if cache_hit {
             res.state().counter_cache.with_label_values(&["hit_rend"]);
         }
-        return Ok(Response::builder(200)
+        Ok(Response::builder(200)
             .header("X-Powered-By", "ThiccMC/renskin")
             .header("X-State", "rendered")
             .header("Cache-Control", "public")
             .header("Content-Type", "image/png")
             .body(Body::from_file(face_path).await?)
-            .build());
+            .build())
     }
 }