From f698f179adfd959f8aab7c97d0a3954d594a9a04 Mon Sep 17 00:00:00 2001 From: Tobias Waslowski Date: Thu, 7 Aug 2025 13:33:08 +0200 Subject: [PATCH 1/6] feat: add docker-compose file for quickstart and testing --- .gitignore | 5 ++++- README.md | 17 +++++------------ docker-compose.yaml | 25 +++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 13 deletions(-) create mode 100644 docker-compose.yaml diff --git a/.gitignore b/.gitignore index 26e82f6..4f66732 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,7 @@ .env .air -build \ No newline at end of file +build + +.vscode +.idea \ No newline at end of file diff --git a/README.md b/README.md index dbf3e5f..19106e4 100644 --- a/README.md +++ b/README.md @@ -89,25 +89,18 @@ Or you can start the service with Docker: #### Starting with Docker Compose -Or you can start the service with Docker Compose. This can be combined with the `memos` itself in the same compose file: +You can also use Docker Compose to manage the service. There is a sample `docker-compose.yaml` file in this repository +that includes memos and memogram as a quickstart setup. 1. Create a folder where the service will be located. 2. Clone this repository in a subfolder `git clone https://github.com/usememos/telegram-integration memogram` 3. Create `.env` file ```sh - SERVER_ADDR=dns:yourMemosUrl.com:5230 + SERVER_ADDR=dns:memos:5230 BOT_TOKEN=your_telegram_bot_token ``` -4. Create Docker Compose `docker-compose.yml` file: - ```yaml - services: - memogram: - env_file: .env - build: memogram - container_name: memogram - ``` -5. Run the bot via `docker compose up -d` -6. The Memogram service should now be running inside the Docker container. You can interact with it via your Telegram bot. +4. Run the bot via `docker compose up -d` +5. The Memogram service should now be running inside the Docker container. You can interact with it via your Telegram bot. ### Interaction Commands diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..3967b50 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,25 @@ +services: + memos: + image: neosmemo/memos:stable + container_name: memos + ports: + - 5230:5230 + networks: + - memos-network + + memogram: + build: . + env_file: .env + container_name: memogram + depends_on: + - memos + networks: + - memos-network + volumes: + - type: bind + source: data.txt + target: /app/data.txt + +networks: + memos-network: + name: memos-network From 0cceea762b8320bc4f6718578cdb5f3f161f4156 Mon Sep 17 00:00:00 2001 From: Tobias Waslowski Date: Thu, 7 Aug 2025 13:53:30 +0200 Subject: [PATCH 2/6] feat: change permissions such that data.txt can be created by non-root user --- Dockerfile | 16 ++++++++++++++-- docker-compose.yaml | 4 ---- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index ef386dd..cc8ccb5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,29 @@ # Build stage FROM cgr.dev/chainguard/go:latest AS builder + WORKDIR /app + COPY go.mod go.sum ./ RUN go mod download + COPY . . RUN CGO_ENABLED=0 go build -o memogram ./bin/memogram RUN chmod +x memogram # Run stage FROM cgr.dev/chainguard/static:latest-glibc + +# Create a non-root user and group +# Chainguard images often run as uid 65532 (nonroot) +USER 65532:65532 + WORKDIR /app + ENV SERVER_ADDR=dns:localhost:5230 ENV BOT_TOKEN=your_telegram_bot_token -COPY .env.example .env -COPY --from=builder /app/memogram . + +# Copy files with proper ownership +COPY --from=builder --chown=65532:65532 /app/memogram . +COPY --chown=65532:65532 .env.example .env + CMD ["./memogram"] diff --git a/docker-compose.yaml b/docker-compose.yaml index 3967b50..da51d8e 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -15,10 +15,6 @@ services: - memos networks: - memos-network - volumes: - - type: bind - source: data.txt - target: /app/data.txt networks: memos-network: From 6c96b074432713960a7f19b7fbd3ae44fc84736b Mon Sep 17 00:00:00 2001 From: Tobias Waslowski Date: Thu, 7 Aug 2025 14:05:37 +0200 Subject: [PATCH 3/6] feat: build and push images to dockerhub and ghcr --- .github/workflows/build-artifacts.yml | 2 +- .github/workflows/build-image.yml | 81 +++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/build-image.yml diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml index c2b7484..2db88d0 100644 --- a/.github/workflows/build-artifacts.yml +++ b/.github/workflows/build-artifacts.yml @@ -30,4 +30,4 @@ jobs: version: latest args: release --clean env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml new file mode 100644 index 0000000..f7e292e --- /dev/null +++ b/.github/workflows/build-image.yml @@ -0,0 +1,81 @@ +name: Build docker image + +on: + push: + branches: + - main + tags: + - "*" + +env: + DOCKER_PLATFORMS: | + linux/amd64 + linux/arm/v7 + linux/arm64 + +permissions: + contents: write + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: ${{ env.DOCKER_PLATFORMS }} + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + with: + version: latest + install: true + platforms: ${{ env.DOCKER_PLATFORMS }} + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + twaslowski/memogram + tags: | + type=semver,pattern={{version}},value=${{ env.VERSION }} + type=semver,pattern={{major}}.{{minor}},value=${{ env.VERSION }} + type=raw,value=stable + flavor: | + latest=false + labels: | + org.opencontainers.image.version=${{ env.VERSION }} + + - name: Build and Push + uses: docker/build-push-action@v6 + with: + context: . + file: Dockerfile + platforms: ${{ env.DOCKER_PLATFORMS }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + BUILDKIT_INLINE_CACHE=1 From e47bccdc12322cb15add89eb4a5098020741f80f Mon Sep 17 00:00:00 2001 From: Tobias Waslowski Date: Thu, 7 Aug 2025 14:13:43 +0200 Subject: [PATCH 4/6] chore: remove linux/armv7 architecture support --- .github/workflows/build-image.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index f7e292e..e3c89f2 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -10,7 +10,6 @@ on: env: DOCKER_PLATFORMS: | linux/amd64 - linux/arm/v7 linux/arm64 permissions: From b7ba4297e972305150b85bdb85c6462d27f8fb0d Mon Sep 17 00:00:00 2001 From: Tobias Waslowski Date: Thu, 7 Aug 2025 14:50:21 +0200 Subject: [PATCH 5/6] feat: ensure the entire /app directory is owned by 65532 also only build stable on tag pushes; build canary images by default --- .github/workflows/build-artifacts.yml | 2 +- .github/workflows/build-image.yml | 80 --------------------------- Dockerfile | 2 +- 3 files changed, 2 insertions(+), 82 deletions(-) delete mode 100644 .github/workflows/build-image.yml diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml index 2db88d0..c2b7484 100644 --- a/.github/workflows/build-artifacts.yml +++ b/.github/workflows/build-artifacts.yml @@ -30,4 +30,4 @@ jobs: version: latest args: release --clean env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml deleted file mode 100644 index e3c89f2..0000000 --- a/.github/workflows/build-image.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: Build docker image - -on: - push: - branches: - - main - tags: - - "*" - -env: - DOCKER_PLATFORMS: | - linux/amd64 - linux/arm64 - -permissions: - contents: write - -jobs: - goreleaser: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: ${{ env.DOCKER_PLATFORMS }} - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - with: - version: latest - install: true - platforms: ${{ env.DOCKER_PLATFORMS }} - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ github.token }} - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - twaslowski/memogram - tags: | - type=semver,pattern={{version}},value=${{ env.VERSION }} - type=semver,pattern={{major}}.{{minor}},value=${{ env.VERSION }} - type=raw,value=stable - flavor: | - latest=false - labels: | - org.opencontainers.image.version=${{ env.VERSION }} - - - name: Build and Push - uses: docker/build-push-action@v6 - with: - context: . - file: Dockerfile - platforms: ${{ env.DOCKER_PLATFORMS }} - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max - build-args: | - BUILDKIT_INLINE_CACHE=1 diff --git a/Dockerfile b/Dockerfile index cc8ccb5..a53ebcc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ ENV SERVER_ADDR=dns:localhost:5230 ENV BOT_TOKEN=your_telegram_bot_token # Copy files with proper ownership -COPY --from=builder --chown=65532:65532 /app/memogram . +COPY --from=builder --chown=65532:65532 /app /app COPY --chown=65532:65532 .env.example .env CMD ["./memogram"] From 75a27854f43a07883feb527dad8885bd22acd61a Mon Sep 17 00:00:00 2001 From: Tobias Waslowski Date: Thu, 7 Aug 2025 16:45:02 +0200 Subject: [PATCH 6/6] feat(docs): add explanation of DATA env to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 19106e4..b8c92ae 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,7 @@ ALLOWED_USERNAMES=user1,user2,user3 - `BOT_TOKEN`: Your Telegram bot token - `BOT_PROXY_ADDR`: Optional proxy address for Telegram API (leave empty if not needed) - `ALLOWED_USERNAMES`: Optional comma-separated list of allowed usernames (without @ symbol) +- `DATA`: Path to the file storing the user's authentication token ### Username Restrictions