furlongm · RicardoJeronimo · Jan 31, 2022 · Feb 15, 2022 · Feb 16, 2022 · Mar 20, 2025
diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
@@ -0,0 +1,42 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches: [ "main" ]
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          file: docker/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:latest,${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:${{github.ref_name}}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Checkout for next job
+        uses: actions/checkout@v4
+
+      - name: Docker Hub Description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          repository: ${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}
+          readme-filepath: docker/README.md
diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml
@@ -28,6 +28,10 @@ jobs:
           pip install flake8
           flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
           flake8 . --count --max-line-length=120 --show-source --statistics
+      - name: Check isort
+        run: |
+          pip install isort
+          isort --check --profile=django .
       - name: Set secret key
         run: ./sbin/patchman-set-secret-key
       - name: Test with django

diff --git a/arch/admin.py b/arch/admin.py
@@ -16,7 +16,8 @@
 # along with Patchman. If not, see <http://www.gnu.org/licenses/>
 
 from django.contrib import admin
-from arch.models import PackageArchitecture, MachineArchitecture
+
+from arch.models import MachineArchitecture, PackageArchitecture
 
 admin.site.register(PackageArchitecture)
 admin.site.register(MachineArchitecture)
diff --git a/arch/serializers.py b/arch/serializers.py
@@ -16,7 +16,7 @@
 
 from rest_framework import serializers
 
-from arch.models import PackageArchitecture, MachineArchitecture
+from arch.models import MachineArchitecture, PackageArchitecture
 
 
 class PackageArchitectureSerializer(serializers.HyperlinkedModelSerializer):

diff --git a/arch/utils.py b/arch/utils.py
@@ -14,8 +14,8 @@
 # You should have received a copy of the GNU General Public License
 # along with Patchman. If not, see <http://www.gnu.org/licenses/>
 
-from arch.models import PackageArchitecture, MachineArchitecture
-from patchman.signals import info_message
+from arch.models import MachineArchitecture, PackageArchitecture
+from util.logging import info_message
 
 
 def clean_package_architectures():
@@ -24,9 +24,9 @@ def clean_package_architectures():
     parches = PackageArchitecture.objects.filter(package__isnull=True)
     plen = parches.count()
     if plen == 0:
-        info_message.send(sender=None, text='No orphaned PackageArchitectures found.')
+        info_message(text='No orphaned PackageArchitectures found.')
     else:
-        info_message.send(sender=None, text=f'Removing {plen} orphaned PackageArchitectures')
+        info_message(text=f'Removing {plen} orphaned PackageArchitectures')
         parches.delete()
 
 
@@ -39,9 +39,9 @@ def clean_machine_architectures():
     )
     mlen = marches.count()
     if mlen == 0:
-        info_message.send(sender=None, text='No orphaned MachineArchitectures found.')
+        info_message(text='No orphaned MachineArchitectures found.')
     else:
-        info_message.send(sender=None, text=f'Removing {mlen} orphaned MachineArchitectures')
+        info_message(text=f'Removing {mlen} orphaned MachineArchitectures')
         marches.delete()
 
 

diff --git a/arch/views.py b/arch/views.py
@@ -16,9 +16,10 @@
 
 from rest_framework import viewsets
 
-from arch.models import PackageArchitecture, MachineArchitecture
-from arch.serializers import PackageArchitectureSerializer, \
-    MachineArchitectureSerializer
+from arch.models import MachineArchitecture, PackageArchitecture
+from arch.serializers import (
+    MachineArchitectureSerializer, PackageArchitectureSerializer,
+)
 
 
 class PackageArchitectureViewSet(viewsets.ModelViewSet):

diff --git a/debian/control b/debian/control
@@ -20,7 +20,7 @@ Depends: ${misc:Depends}, python3 (>= 3.11), python3-django (>= 4.2),
  python3-requests, python3-colorama, python3-magic, python3-humanize,
  python3-yaml, libapache2-mod-wsgi-py3, apache2, sqlite3,
  celery, python3-celery, python3-django-celery-beat, redis-server,
- python3-redis, python3-git, python3-django-taggit
+ python3-redis, python3-git, python3-django-taggit, python3-zstandard
 Suggests: python3-mysqldb, python3-psycopg2, python3-pymemcache, memcached
 Description: Django-based patch status monitoring tool for linux systems.
  .

diff --git a/debian/copyright b/debian/copyright
@@ -6,7 +6,7 @@ Source: https://github.com/furlongm/patchman
 Files: *
 Copyright: 2011-2012 VPAC http://www.vpac.org
            2013-2021 Marcus Furlong <furlongm@gmail.com>
-License: GPL-3.0
+License: GPL-3.0-only
  This package is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; version 3 only.

diff --git a/debian/python3-patchman.cron.daily b/debian/python3-patchman.cron.daily
diff --git a/debian/python3-patchman.install b/debian/python3-patchman.install
@@ -1,4 +1,5 @@
 #!/usr/bin/dh-exec
 etc/patchman/apache.conf.example => etc/apache2/conf-available/patchman.conf
 etc/patchman/local_settings.py etc/patchman
-etc/systemd/system/patchman-celery.service => lib/systemd/system/patchman-celery.service
+etc/systemd/system/patchman-celery-worker.service => lib/systemd/system/patchman-celery-worker@.service
+etc/systemd/system/patchman-celery-beat.service => lib/systemd/system/patchman-celery-beat.service
diff --git a/debian/python3-patchman.postinst b/debian/python3-patchman.postinst
@@ -22,10 +22,39 @@ if [ "$1" = "configure" ] ; then
     patchman-manage migrate --run-syncdb --fake-initial
     sqlite3 /var/lib/patchman/db/patchman.db 'PRAGMA journal_mode=WAL;'
 
-    chown -R www-data:www-data /var/lib/patchman
-    adduser --system --group patchman-celery
-    usermod -a -G www-data patchman-celery
+    adduser --quiet --system --group patchman
+    adduser --quiet www-data patchman
+    chown root:patchman /etc/patchman/celery.conf
+    chmod 640 /etc/patchman/celery.conf
     chmod g+w /var/lib/patchman /var/lib/patchman/db /var/lib/patchman/db/patchman.db
+    chown -R patchman:patchman /var/lib/patchman
+
+    WORKER_COUNT=1
+    if [ -f /etc/patchman/celery.conf ]; then
+        . /etc/patchman/celery.conf
+        WORKER_COUNT=${CELERY_WORKER_COUNT:-1}
+    fi
+
+    if [ -d /run/systemd/system ]; then
+        systemctl daemon-reload >/dev/null || true
+        for i in $(seq 1 "${WORKER_COUNT}"); do
+            deb-systemd-helper enable "patchman-celery-worker@$i.service" >/dev/null || true
+            deb-systemd-invoke start "patchman-celery-worker@$i.service" >/dev/null || true
+        done
+
+        active_instances=$(systemctl list-units --type=service --state=active "patchman-celery-worker@*" --no-legend | awk '{print $1}')
+
+        for service in $active_instances; do
+            inst_num=$(echo "$service" | cut -d'@' -f2 | cut -d'.' -f1)
+            if [ "$inst_num" -gt "${WORKER_COUNT}" ]; then
+                deb-systemd-invoke stop "$service" >/dev/null || true
+                deb-systemd-helper disable "$service" >/dev/null || true
+            fi
+        done
+
+        deb-systemd-helper enable "patchman-celery-beat.service" >/dev/null || true
+        deb-systemd-invoke start "patchman-celery-beat.service" >/dev/null || true
+    fi
 
     echo
     echo "Remember to run 'patchman-manage createsuperuser' to create a user."

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -0,0 +1,22 @@
+FROM debian:bookworm-slim
+
+RUN apt -y update && apt -y upgrade
+RUN apt install -y apache2 git libapache2-mod-wsgi-py3 mariadb-client python-celery-common python3-celery python3-debian python3-defusedxml python3-lxml python3-mysqldb python3-pip python3-progressbar python3-psycopg2 python3-redis python3-rpm 
+
+WORKDIR /srv/patchman
+
+COPY . /srv/patchman/
+COPY ./etc/patchman/apache.conf.example /etc/apache2/sites-available/patchman.conf
+
+RUN /srv/patchman/setup.py install
+
+RUN a2enmod wsgi
+RUN a2ensite patchman
+
+RUN mkdir -p /var/lib/patchman/db
+RUN chown :www-data /var/lib/patchman/db && chmod 2770 /var/lib/patchman/db
+
+EXPOSE 80
+
+COPY ./docker/docker-entrypoint.sh docker-entrypoint.sh
+ENTRYPOINT ["./docker-entrypoint.sh"]
diff --git a/docker/README.md b/docker/README.md
@@ -0,0 +1,89 @@
+Source: https://github.com/ricardojeronimo/patchman
+
+Upstream: https://github.com/furlongm/patchman
+
+
+## Getting Started
+
+To get started, pull the latest image from Docker Hub and run it.
+```
+docker pull ricardojeronim0/patchman:latest
+docker run -d -p 80:80 --name patchman ricardojeronim0/patchman
+```
+
+This container will run migrations on first startup, but you still need to create a superuser before being able to log in on the web interface.
+
+```
+docker exec -it patchman patchman-manage createsuperuser
+```
+
+## Configuration
+
+This container is configured using environment variables. The following variables are available to customize the container's behavior.
+
+| Variable | Default Value | Description |
+| :--- | :--- | :--- |
+| `ADMIN_NAME` | `Your Name` | Your name |
+| `ADMIN_EMAIL` | `you@example.com` | Your e-mail address |
+| `TIMEZONE` | `America/New_York` | Your timezone |
+| `DB_ENGINE` | `SQLite` | Database engine to be used. Choose between `MySQL` or `PostgreSQL`, leave empty to use default `SQLite` |
+| `DB_HOST` |  | Database hostname, IP or container name |
+| `DB_PORT` |` | Database port |
+| `DB_DATABASE` |  | Database name |
+| `DB_USER` |  | Database user |
+| `DB_PASSWORD` |  | Database password |
+| `REDIS_HOST` | `127.0.0.1` | Redis hostname, IP or container name |
+| `REDIS_PORT` | `6379` | Redis port |
+| `USE_CELERY` | `False` | Change to `True` for realtime processing of reports from clients |
+| `USE_CACHE` | `False` | Change to `True` cache contents and reduce the load on the server |
+| `CACHE_TIMEOUT` | `30` | Cache time in seconds. Be aware that the UI results may be out of date for this amount of time |
+
+
+## Docker Compose Example
+
+For more complex deployments, `docker-compose` is the recommended approach. Below is an example `docker-compose.yaml` file that demonstrates how to configure the container and connect it to a separate MySQL service, and Redis for async processing and/or caching.
+
+```yaml
+---
+services:
+  patchman:
+    container_name: patchman
+    image: ricardojeronim0/patchman:latest 
+    restart: unless-stopped
+    environment:
+      ADMIN_NAME: admin_name
+      ADMIN_EMAIL: admin_mail@domain.tld
+      TIMEZONE: America/New_York
+      DB_ENGINE: MySQL
+      DB_HOST: patchman-db
+      DB_PORT: 3306
+      DB_DATABASE: patchman
+      DB_USER: user
+      DB_PASSWORD: changeme
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      USE_CELERY: True
+      USE_CACHE: True
+      CACHE_TIMEOUT: 20
+    ports:
+      - 80:80/tcp
+    depends_on:
+      - patchman-db
+      - redis
+
+  patchman-db:
+    container_name: patchman-db
+    image: mysql:latest
+    restart: unless-stopped
+    command: ["mysqld", "--character-set-server=utf8", "--collation-server=utf8_general_ci"]
+    environment:
+      MYSQL_ROOT_PASSWORD: changeme 
+      MYSQL_DATABASE: patchman 
+      MYSQL_USER: user
+      MYSQL_PASSWORD: changeme
+
+  redis:
+    container_name: redis
+    image: redis:latest
+    restart: unless-stopped
+```
diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
@@ -0,0 +1,42 @@
+---
+services:
+  patchman:
+    container_name: patchman
+    image: furlongm/patchman:latest 
+    restart: unless-stopped
+    environment:
+      ADMIN_NAME: admin_name
+      ADMIN_EMAIL: admin_mail@domain.tld
+      TIMEZONE: America/New_York
+      DB_ENGINE: MySQL
+      DB_HOST: patchman-db
+      DB_PORT: 3306
+      DB_DATABASE: patchman
+      DB_USER: user
+      DB_PASSWORD: changeme
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      USE_CELERY: True
+      USE_CACHE: True
+      CACHE_TIMEOUT: 20
+    ports:
+      - 80:80/tcp
+    depends_on:
+      - patchman-db
+      - redis
+
+  patchman-db:
+    container_name: patchman-db
+    image: mysql:latest
+    restart: unless-stopped
+    command: ["mysqld", "--character-set-server=utf8", "--collation-server=utf8_general_ci"]
+    environment:
+      MYSQL_ROOT_PASSWORD: changeme 
+      MYSQL_DATABASE: patchman 
+      MYSQL_USER: user
+      MYSQL_PASSWORD: changeme
+
+  redis:
+    container_name: redis
+    image: redis:latest
+    restart: unless-stopped