diff --git a/.ffmpeg/Dockerfile b/.ffmpeg/Dockerfile index 55bcad929..2a3cb9e10 100644 --- a/.ffmpeg/Dockerfile +++ b/.ffmpeg/Dockerfile @@ -2,6 +2,7 @@ FROM ubuntu:noble AS builder ARG VERSION_FFMPEG="7.1" ARG VERSION_RCLONE="v1.68.2" ARG VERSION_GO="latest" +ARG GO_CRYPTO_VERSION="v0.31.0" USER root @@ -9,7 +10,7 @@ USER root # Install build tools #====================================== ARG TOOLS_DEPS="autoconf automake cmake libfreetype6 gcc build-essential libtool make nasm pkg-config zlib1g-dev numactl \ -libnuma-dev libx11-6 libxcb1 libxcb1-dev yasm git curl jq wget ca-certificates" +libnuma-dev libx11-dev libxcb-shm0 libxcb1-dev yasm git curl jq wget ca-certificates" RUN apt-get update -qqy \ && apt-get upgrade -yq \ @@ -30,6 +31,10 @@ RUN cd /usr/local/src \ && git clone https://github.com/rclone/rclone.git \ && cd rclone \ && git checkout $VERSION_RCLONE \ + # Patch deps version in go.mod to fix CVEs + && sed -i "s|golang.org/x/crypto v.*|golang.org/x/crypto ${GO_CRYPTO_VERSION}|g" go.mod \ + && go mod tidy \ + # Build rclone && make \ && mv ~/go/bin/rclone /usr/local/bin/ \ && rclone version @@ -74,8 +79,9 @@ COPY --from=builder /usr/local/bin/rclone /usr/local/bin/rclone RUN apt-get -qqy update \ && apt-get -qqy --no-install-recommends install \ - libx11-dev libxcb1 libxcb-shm0 \ + libx11-dev libxcb-shm0 libxcb1-dev \ && rm -rf /var/lib/apt/lists/* /var/cache/apt/* -RUN ffmpeg -version \ +RUN ldd /usr/local/bin/ffmpeg \ + && ffmpeg -version \ && rclone --version diff --git a/.github/workflows/build-ffmpeg.yml b/.github/workflows/build-ffmpeg.yml new file mode 100644 index 000000000..c13c81677 --- /dev/null +++ b/.github/workflows/build-ffmpeg.yml @@ -0,0 +1,68 @@ +name: Build and Deploy FFmpeg + +on: + push: + paths: + - '.ffmpeg/Dockerfile' + workflow_dispatch: + inputs: + release: + description: 'Deploy a new release' + required: false + type: boolean + default: false + +jobs: + deploy: + name: Build and Deploy FFmpeg + runs-on: blacksmith-8vcpu-ubuntu-2204 + permissions: write-all + steps: + - name: Checkout code + uses: actions/checkout@main + with: + persist-credentials: false + fetch-depth: 0 + - name: Set up containerd image store feature + uses: nick-invision/retry@master + with: + timeout_minutes: 10 + max_attempts: 3 + command: | + make setup_dev_env + - name: Output Docker info + run: docker info + - name: Sets build date + run: | + echo "BUILD_DATE=$(date '+%Y%m%d')" >> $GITHUB_ENV + echo "NAME=${NAMESPACE}" >> $GITHUB_ENV + make set_build_multiarch + cat .env | xargs -I {} echo {} >> $GITHUB_ENV + env: + NAMESPACE: ${{ vars.DOCKER_NAMESPACE || 'selenium' }} + AUTHORS: ${{ vars.AUTHORS || 'SeleniumHQ' }} + - name: Build images + uses: nick-invision/retry@master + with: + timeout_minutes: 300 + max_attempts: 2 + retry_wait_seconds: 60 + command: | + PLATFORMS="${PLATFORMS}" make ffmpeg + make tag_ffmpeg_latest + - name: Login Docker Hub + if: ${{ github.event.inputs.release == 'true' }} + run: docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD" + env: + DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}} + DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} + - name: Deploy new images + if: ${{ github.event.inputs.release == 'true' }} + uses: nick-invision/retry@master + with: + timeout_minutes: 20 + max_attempts: 5 + retry_wait_seconds: 300 + continue_on_error: true + command: | + make release_ffmpeg_latest diff --git a/Video/Dockerfile b/Video/Dockerfile index 18a8f0e91..1c9298829 100644 --- a/Video/Dockerfile +++ b/Video/Dockerfile @@ -17,10 +17,10 @@ COPY --from=source /usr/local/bin/rclone /usr/local/bin/rclone RUN apt-get -qqy update \ && apt-get -qqy --no-install-recommends install \ - libx11-6 libxcb1 libxcb-shm0 \ + libx11-dev libxcb-shm0 libxcb1-dev \ x11-xserver-utils x11-utils \ python3-pip \ - && pip install --break-system-packages --no-cache-dir setuptools psutil \ + && pip install --upgrade --break-system-packages --no-cache-dir setuptools psutil \ && rm -rf /var/lib/apt/lists/* /var/cache/apt/* COPY *.conf /etc/supervisor/conf.d/