feat: Add Docker Support and GHCR Publish Workflow #537
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| # .dockerignore | ||
| # Copyright (C) 2026 FNGarvin. All rights reserved. | ||
| # License: BSD-3-Clause | ||
|
|
||
| # Version control | ||
| .git | ||
| .gitignore | ||
| .github | ||
|
|
||
| # Python / Build artifacts | ||
| __pycache__/ | ||
| *.pyc | ||
| *.pyo | ||
| *.pyd | ||
| .Python | ||
| env/ | ||
| venv/ | ||
| .venv/ | ||
| build/ | ||
| develop-eggs/ | ||
| dist/ | ||
| downloads/ | ||
| eggs/ | ||
| .eggs/ | ||
| lib/ | ||
| lib64/ | ||
| parts/ | ||
| sdist/ | ||
| var/ | ||
| wheels/ | ||
| share/python-wheels/ | ||
| *.egg-info/ | ||
| .installed.cfg | ||
| *.egg | ||
|
|
||
| # Testing / Tooling | ||
| .pytest_cache/ | ||
| .tox/ | ||
| .coverage | ||
| .coverage.* | ||
| .cache | ||
| nosetests.xml | ||
| coverage.xml | ||
| *.cover | ||
| *.log | ||
| .mypy_cache/ | ||
| .hypothesis/ | ||
|
|
||
| # IDE / Project files | ||
| .vscode/ | ||
| .idea/ | ||
| *.swp | ||
| *.swo | ||
| .DS_Store | ||
|
|
||
| # Project specific exclusions (to keep the image lean) | ||
| test_clips/ | ||
| tests/ | ||
| docs/ | ||
| website/ | ||
| benchmark/ | ||
| scenedetect.cfg | ||
|
|
||
| # EOF .dockerignore |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| name: Publish Docker Image | ||
|
|
||
| # Copyright (C) 2026 FNGarvin. All rights reserved. | ||
| # License: BSD-3-Clause | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: [ "main", "fng-infra-docker-ci" ] | ||
| release: | ||
| types: [published] | ||
|
|
||
| env: | ||
| REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }} | ||
|
|
||
| jobs: | ||
| build-and-push: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| attestations: write | ||
| id-token: write | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Docker buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Log in to the Container registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Extract metadata (tags, labels) for Docker | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=semver,pattern={{version}} | ||
| type=semver,pattern={{major}}.{{minor}} | ||
| type=semver,pattern={{major}} | ||
| type=sha | ||
|
|
||
| - name: Build and push Docker image | ||
| id: push | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: . | ||
| push: true | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
|
|
||
| - name: Generate artifact attestation | ||
| uses: actions/attest-build-provenance@v1 | ||
| with: | ||
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| subject-digest: ${{ steps.push.outputs.digest }} | ||
| push-to-registry: true | ||
|
|
||
| # EOF docker-publish.yml | ||
|
Author
There was a problem hiding this comment. Security, same as the jinja bump. User could provide, eg, "; console.log(process.env); //" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -87,3 +87,4 @@ dmypy.json | |
| .pyre/ | ||
| .pytype/ | ||
| cython_debug/ | ||
| test_clips/ | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # Containerfile for PySceneDetect | ||
| # Copyright (C) 2026 FNGarvin. All rights reserved. | ||
|
Owner
There was a problem hiding this comment. Can we change this to use the same copyright header as standard for the project? You're welcome to add a shout-out for yourself in the changelog or the docs somewhere, but the project license and copyright needs to be retained for all commits to this repo.
Author
There was a problem hiding this comment. Sorry, environment setup that bled through. Not at all intentional, just unnoticed. |
||
| # License: BSD-3-Clause | ||
|
|
||
| FROM python:3.11.11-slim | ||
|
|
||
| # Create a non-root user for security hardening | ||
| RUN useradd -m scenedetect | ||
|
|
||
| # Set working directory and copy files with correct ownership | ||
| WORKDIR /app | ||
| COPY --chown=scenedetect:scenedetect . . | ||
|
|
||
| # Install necessary system dependencies as root first | ||
| RUN apt-get update && \ | ||
| apt-get install -y --no-install-recommends \ | ||
| ffmpeg \ | ||
| mkvtoolnix && \ | ||
| rm -rf /var/lib/apt/lists/* | ||
|
|
||
| # Install PySceneDetect with headless OpenCV and other optional media backends | ||
| # pyav is highly recommended for faster/more robust video decodes | ||
| # moviepy provides an alternative video splitting backend | ||
| RUN --mount=type=cache,target=/root/.cache/pip \ | ||
| pip install ".[opencv-headless,pyav,moviepy]" | ||
|
|
||
| # Switch to the non-root user | ||
| USER scenedetect | ||
|
|
||
| # The default behavior is to run the CLI | ||
| ENTRYPOINT ["scenedetect"] | ||
|
|
||
| # EOF Dockerfile | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| mkdocs==1.5.2 | ||
| jinja2==3.1.6 |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be updated before merging? Should we include release branches here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I required the dispatch to run on demand and used the feature branch trigger to test utility. If you merge into main (the target of the PR), then the old trigger is naturally useless but not harmful.
No, I don't think so. The current configuration is functional.
You are right to adapt it to your vision for trigger behavior, but I don't know what that vision is. I inferred from the extensive list of workflows already present that you had preferences, but even if you change nothing you will have the option to generate the container images on demand. What you change beyond that is naturally your prerogative.