Feature/docker (#60)

* + in-docker mode
s0rg · Nov 26, 2023 · efe9cbc · efe9cbc
1 parent 9716107
commit efe9cbc
Show file tree

Hide file tree

Showing 16 changed files with 366 additions and 49 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,5 @@
+*.out
+*.md
+./bin
+./dist
+./examples
diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml
@@ -0,0 +1,39 @@
+name: Publish Docker image
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  update_registry:
+    name: Build and push Docker image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ github.actor }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/Dockerfile
+          platforms: linux/amd64
+          tags: |
+            ${{ env.GITHUB_REPOSITORY }}:${{ env.GITHUB_REF_NAME }}
+            ${{ env.GITHUB_REPOSITORY }}:latest
+          push: true
+      - name: Update Docker Hub Readme for dolt image
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ github.actor }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+          repository: ${{ env.GITHUB_REPOSITORY }}
+          readme-filepath: ./docker/README.md
diff --git a/.golangci.yml b/.golangci.yml
@@ -19,6 +19,7 @@ linters:
     - nosnakecase
     - exhaustruct
     - inamedparam
+    - exhaustive
     - interfacer
     - varnamelen
     - scopelint
@@ -60,9 +61,6 @@ issues:
       text: "G204" # G204: Subprocess launched with a potential tainted input
       linters:
         - gosec
-    - path: internal/client/docker\.go
-      linters:
-        - exhaustive # None mode, impossible
     - path: internal/builder/json\.go
       linters:
         - errchkjson

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -39,7 +39,8 @@ archives:
       {{- .Os }}_
       {{- if eq .Arch "amd64" }}x86_64
       {{- else if eq .Arch "386" }}i386
-      {{- else }}{{ .Arch }}{{ end }}
+      {{- else }}{{ .Arch }}_
+      {{- .Tag }}{{ end }}
     format_overrides:
       - goos: windows
         format: zip

diff --git a/README.md b/README.md
@@ -73,7 +73,7 @@ possible flags with default values:
   -cluster string
         json file with clusterization rules, or auto:<similarity> for auto-clustering, similarity is float in (0.0, 1.0] range
   -follow string
-        follow only this container by name
+        follow only this container by name(s), comma-separated or from @file
   -format string
         output format: json, dot, yaml, stat, tree or sdsl for structurizr dsl (default "json")
   -full
@@ -105,6 +105,7 @@ possible flags with default values:
 - `DOCKER_HOST` - connection uri
 - `DOCKER_CERT_PATH` - directory path containing key.pem, cert.pm and ca.pem
 - `DOCKER_TLS_VERIFY` - enable client TLS verification
+- `IN_DOCKER_PROC_ROOT` - for in-docker scenario - root for host-mounted /proc
 
 ## json stream format
 

diff --git a/cmd/decompose/main.go b/cmd/decompose/main.go
@@ -3,6 +3,7 @@
 package main
 
 import (
+	"bufio"
 	"errors"
 	"flag"
 	"fmt"
@@ -14,6 +15,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/s0rg/set"
+
 	"github.com/s0rg/decompose/internal/builder"
 	"github.com/s0rg/decompose/internal/client"
 	"github.com/s0rg/decompose/internal/cluster"
@@ -79,11 +82,10 @@ func setupFlags() {
 	flag.BoolVar(&fLocal, "local", false, "skip external hosts")
 	flag.BoolVar(&fFull, "full", false, "extract full process info: (cmd, args, env) and volumes info")
 	flag.BoolVar(&fNoLoops, "no-loops", false, "remove connection loops (node to itself) from output")
-
 	flag.StringVar(&fOut, "out", defaultOutput, "output: filename or \"-\" for stdout")
 	flag.StringVar(&fMeta, "meta", "", "json file with metadata for enrichment")
 	flag.StringVar(&fProto, "proto", defaultProto, "protocol to scan: tcp, udp or all")
-	flag.StringVar(&fFollow, "follow", "", "follow only this container by name")
+	flag.StringVar(&fFollow, "follow", "", "follow only this container by name(s), comma-separated or from @file")
 	flag.StringVar(
 		&fCluster,
 		"cluster",
@@ -194,6 +196,51 @@ func makeClusterizer(
 	return rv, nil
 }
 
+func loadFile(
+	s set.Unordered[string],
+	v string,
+) (err error) {
+	return feed(v, func(r io.Reader) (err error) {
+		sc := bufio.NewScanner(r)
+
+		for sc.Scan() {
+			s.Add(sc.Text())
+		}
+
+		if err = sc.Err(); err != nil {
+			return fmt.Errorf("read: %w", err)
+		}
+
+		return nil
+	})
+}
+
+func loadSet(v string) (rv set.Unordered[string]) {
+	rv = make(set.Unordered[string])
+
+	if v == "" {
+		return
+	}
+
+	const (
+		doggy = "@"
+		comma = ","
+	)
+
+	switch {
+	case strings.HasPrefix(v, doggy):
+		if err := loadFile(rv, v[1:]); err != nil {
+			log.Println("follow:", err)
+		}
+	case strings.Contains(v, comma):
+		set.Load(rv, strings.Split(v, comma)...)
+	default:
+		rv.Add(v)
+	}
+
+	return rv
+}
+
 func prepareConfig() (
 	cfg *graph.Config,
 	nwr graph.NamedWriter,
@@ -247,7 +294,7 @@ func prepareConfig() (
 		Builder:   bildr,
 		Meta:      meta,
 		Proto:     proto,
-		Follow:    fFollow,
+		Follow:    loadSet(fFollow),
 		OnlyLocal: fLocal,
 		FullInfo:  fFull,
 		NoLoops:   fNoLoops,

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -0,0 +1,22 @@
+FROM golang:1.21 AS builder
+
+ADD .. /go/src/github.com/s0rg/decompose
+WORKDIR /go/src/github.com/s0rg/decompose
+
+RUN make build
+
+FROM scratch
+
+ARG BUILD_DATE
+ARG BUILD_REV
+
+COPY --from=builder /go/src/github.com/s0rg/decompose/bin/decompose /decompose
+
+ENTRYPOINT ["/decompose"]
+
+LABEL org.opencontainers.image.created="${BUILD_DATE}" \
+      org.opencontainers.image.revision="${BUILD_REV}" \
+      org.opencontainers.image.title="decompose" \
+      org.opencontainers.image.authors="s0rg" \
+      org.opencontainers.image.vendor="s0rg" \
+      org.opencontainers.image.source="https://github.com/s0rg/decompose"
diff --git a/docker/README.md b/docker/README.md
@@ -0,0 +1,15 @@
+# decompose
+
+Reverse-engineering tool for docker environments.
+
+# how to run
+
+```
+docker run \
+        -v /var/run/docker.sock:/var/run/docker.sock \
+        -v /:/rootfs:ro \
+        -e IN_DOCKER_PROC_ROOT=/rootfs \
+        s0rg/decompose:latest -format stat
+```
+
+[more options and documentaion](https://github.com/s0rg/decompose)
diff --git a/go.mod b/go.mod
@@ -3,9 +3,10 @@ module github.com/s0rg/decompose
 go 1.21.4
 
 require (
-	github.com/antonmedv/expr v1.15.4
+	github.com/antonmedv/expr v1.15.5
 	github.com/docker/docker v24.0.7+incompatible
 	github.com/emicklei/dot v1.6.0
+	github.com/otterize/go-procnet v0.1.1
 	github.com/s0rg/set v1.2.0
 	github.com/s0rg/trie v1.3.0
 	gopkg.in/yaml.v3 v3.0.1

diff --git a/go.sum b/go.sum
@@ -2,9 +2,10 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOEl
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/antonmedv/expr v1.15.4 h1:CrNads8WDnDVJNWt/FeUINBO+vDNjurEwT7SoQN132o=
-github.com/antonmedv/expr v1.15.4/go.mod h1:0E/6TxnOlRNp81GMzX9QfDPAmHo2Phg00y4JUv1ihsE=
+github.com/antonmedv/expr v1.15.5 h1:y0Iz3cEwmpRz5/r3w4qQR0MfIqJGdGM1zbhD/v0G5Vg=
+github.com/antonmedv/expr v1.15.5/go.mod h1:0E/6TxnOlRNp81GMzX9QfDPAmHo2Phg00y4JUv1ihsE=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
@@ -41,6 +42,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
 github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/otterize/go-procnet v0.1.1 h1:5vRwX35VrsWcy2uP05sA4PmwpRoAu2L4vMJou4og8Kk=
+github.com/otterize/go-procnet v0.1.1/go.mod h1:WEm282HzrSVBZg6DX2fNB4dpVHBPTCjzHWvqOfauV+Q=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -51,6 +54,10 @@ github.com/s0rg/set v1.2.0 h1:53b207YMktNQJXYei/oHuTR5oOO2e9+eieZOncYsh9g=
 github.com/s0rg/set v1.2.0/go.mod h1:xz3nDbjF4nyMLvAHvmE7rigXpNrKKTsi6iANznIB1/4=
 github.com/s0rg/trie v1.3.0 h1:VeMjAJdVvAMt06QlrLJs9B7tplwyxGtCPPZHfvW4Duo=
 github.com/s0rg/trie v1.3.0/go.mod h1:P+hJUWvPu/imKrsdzOrVswr8Mme6GgFtZfBKojYYkfk=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -97,6 +104,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=