diff --git a/.env b/.env new file mode 100644 index 0000000..b8dbec3 --- /dev/null +++ b/.env @@ -0,0 +1,2 @@ +LIMIT_CPU=20 #percents per process +LIMIT_MEMORY=5242880 #byte per process diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..bc61933 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,26 @@ + + +name: Publish Image to GHCR +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + publish-image: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build the Docker image + run: | + docker build . --tag ghcr.io/untitlecms/python-sandbox:v0 + docker push ghcr.io/untitlecms/python-sandbox:v0 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c48aa39 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +id_rsa* +authorized_keys + +!config/.gitkeep diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..7d472ae --- /dev/null +++ b/Dockerfile @@ -0,0 +1,24 @@ +FROM linuxserver/openssh-server:latest +LABEL org.opencontainers.image.source = "https://github.com/UntitleCMS/Python-Sandbox" + +ENV PUBLIC_KEY_FILE=/config/authorized_keys +ENV PUID=1000 +ENV PGID=1000 +ENV TZ=Etc/UTC +ENV SUDO_ACCESS=true +ENV USER_NAME=runner + +ENV LIMIT_CPU=10 +ENV LIMIT_MEMORY=1000000 + +RUN mkdir /sourcecode + +ENV PYTHONUNBUFFERED=1 +RUN apk add --update --no-cache python3 cpulimit && ln -sf python3 /usr/bin/python +RUN python3 -m ensurepip +RUN pip3 install --no-cache --upgrade pip setuptools + + +RUN echo "cd /sourcecode" >> /config/.profile +COPY ./scripts/run /config/run +RUN chmod 777 /config/run diff --git a/code/.gitignore b/code/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/code/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/config/.gitkeep b/config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..383f294 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,15 @@ +version: '3.4' + +services: + sandbox: + image: ghcr.io/untitlecms/python-sandbox:v0 + env_file: + - .env + build: + context: . + dockerfile: Dockerfile + volumes: + - ./code:/sourcecode + - ./config/authorized_keys:/config/authorized_keys + ports: + - "7777:2222" diff --git a/genkey.bat b/genkey.bat new file mode 100644 index 0000000..1d03daf --- /dev/null +++ b/genkey.bat @@ -0,0 +1,4 @@ +ssh-keygen -q -f %cd%\id_rsa -b 4096 -t rsa -q -N "" + +move /Y id_rsa ./config/id_rsa +move /Y id_rsa.pub ./config/authorized_keys diff --git a/scripts/run b/scripts/run new file mode 100644 index 0000000..68df28d --- /dev/null +++ b/scripts/run @@ -0,0 +1,18 @@ +#! /bin/bash + +# Check if the source file is provided +if [ "$#" -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +# echo '====================================================' +# echo "LIMIT_CPU\t:\t[$LIMIT_CPU]" +# echo "LIMIT_MEMORY\t:\t[$LIMIT_MEMORY]" +# echo '====================================================' + +# Set maximum virtual memory size to (Limit_MEMORY bytes) +ulimit -Sv $LIMIT_MEMORY + +# Run the program with CPU limit +cpulimit -l $LIMIT_CPU python -u /sourcecode/.$1