Merge branch 'sumner/bri-2662' into 'main'

Make mautrix-discord ready for deployment on Beeper infra

Closes #16

See merge request beeper/discord!1

.gitlab-ci.yml

@@ -0,0 +1,72 @@
+stages:
+- build
+- build docker
+
+.build: &build
+  stage: build
+  cache:
+    paths:
+    - .cache
+  before_script:
+  - mkdir -p .cache
+  - export GOPATH="$CI_PROJECT_DIR/.cache"
+  - export GOCACHE="$CI_PROJECT_DIR/.cache/build"
+  - export GO_LDFLAGS="-s -w -linkmode external -extldflags -static -X main.Tag=$CI_COMMIT_TAG -X main.Commit=$CI_COMMIT_SHA -X 'main.BuildTime=`date '+%b %_d %Y, %H:%M:%S'`'"
+  script:
+  - go build -ldflags "$GO_LDFLAGS" -o mautrix-discord
+  - sha256sum mautrix-discord | tee mautrix-discord.sha256sum
+  artifacts:
+    paths:
+    - mautrix-discord
+    - mautrix-discord.sha256sum
+    - example-config.yaml
+
+.build-docker: &build-docker
+  image: docker:stable
+  stage: build docker
+  before_script:
+  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  script:
+  - docker pull $CI_REGISTRY_IMAGE:latest || true
+  - docker build --pull --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA-$DOCKER_ARCH . --file Dockerfile.ci
+  - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA-$DOCKER_ARCH
+  - docker rmi $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA-$DOCKER_ARCH
+  - if [ "$CI_COMMIT_BRANCH" = "master" ]; then docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest && docker push $CI_REGISTRY_IMAGE:latest; fi
+
+build amd64:
+  <<: *build
+  image: dock.mau.dev/tulir/gomuks-build-docker:linux-amd64
+
+build docker amd64:
+  <<: *build-docker
+  dependencies:
+  - build amd64
+  needs:
+  - build amd64
+  variables:
+    DOCKER_ARCH: amd64
+  after_script:
+  - |
+    if [[ "$CI_COMMIT_BRANCH" == "master" && "$CI_JOB_STATUS" == "success" ]]; then
+      apk add --update curl jq
+      rm -rf /var/cache/apk/*
+
+      jq -n '
+         {
+           password:  env.BEEPER_DEV_ADMIN_NIGHTLY_PASS,
+           bridge:    env.BEEPER_BRIDGE_TYPE,
+           image:     "\(env.CI_REGISTRY_IMAGE):\(env.CI_COMMIT_SHA)-amd64",
+           channel:   "STABLE"
+         }
+        ' | curl "$BEEPER_DEV_ADMIN_API_URL" -H "Content-Type: application/json" -d @-
+
+      jq -n '
+         {
+           password:    env.BEEPER_PROD_ADMIN_NIGHTLY_PASS,
+           bridge:      env.BEEPER_BRIDGE_TYPE,
+           image:       "\(env.CI_REGISTRY_IMAGE):\(env.CI_COMMIT_SHA)-amd64",
+           channel:     "INTERNAL",
+           deployNext:  true
+         }
+         ' | curl "$BEEPER_PROD_ADMIN_API_URL" -H "Content-Type: application/json" -d @-
+    fi

Dockerfile

@@ -0,0 +1,21 @@
+FROM golang:1-alpine3.15 AS builder
+
+RUN apk add --no-cache git ca-certificates build-base su-exec olm-dev
+
+COPY . /build
+WORKDIR /build
+RUN go build -o /usr/bin/mautrix-discord
+
+FROM alpine:3.15
+
+ENV UID=1337 \
+    GID=1337
+
+RUN apk add --no-cache ffmpeg su-exec ca-certificates olm bash jq yq curl
+
+COPY --from=builder /usr/bin/mautrix-discord /usr/bin/mautrix-discord
+COPY --from=builder /build/example-config.yaml /opt/mautrix-discord/example-config.yaml
+COPY --from=builder /build/docker-run.sh /docker-run.sh
+VOLUME /data
+
+CMD ["/docker-run.sh"]

Dockerfile.ci

@@ -0,0 +1,14 @@
+FROM alpine:3.15
+
+ENV UID=1337 \
+    GID=1337
+
+RUN apk add --no-cache ffmpeg su-exec ca-certificates bash jq curl yq
+
+ARG EXECUTABLE=./mautrix-discord
+COPY $EXECUTABLE /usr/bin/mautrix-discord
+COPY ./example-config.yaml /opt/mautrix-discord/example-config.yaml
+COPY ./docker-run.sh /docker-run.sh
+VOLUME /data
+
+CMD ["/docker-run.sh"]

config/bridge.go

@@ -43,7 +43,7 @@ func (b *bridge) validate() error {
 	var err error
 
 	if b.UsernameTemplate == "" {
-		b.UsernameTemplate = "Discord_{{.}}"
+		b.UsernameTemplate = "discord_{{.}}"
 	}
 
 	b.usernameTemplate, err = template.New("username").Parse(b.UsernameTemplate)

docker-run.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+if [[ -z "$GID" ]]; then
+	GID="$UID"
+fi
+
+# Define functions.
+function fixperms {
+	chown -R $UID:$GID /data
+
+	# /opt/mautrix-discord is read-only, so disable file logging if it's pointing there.
+	if [[ "$(yq e '.logging.directory' /data/config.yaml)" == "./logs" ]]; then
+		yq -I4 e -i '.logging.file_name_format = ""' /data/config.yaml
+	fi
+}
+
+if [[ ! -f /data/config.yaml ]]; then
+	cp /opt/mautrix-discord/example-config.yaml /data/config.yaml
+	echo "Didn't find a config file."
+	echo "Copied default config file to /data/config.yaml"
+	echo "Modify that config file to your liking."
+	echo "Start the container again after that to generate the registration file."
+	exit
+fi
+
+if [[ ! -f /data/registration.yaml ]]; then
+	/usr/bin/mautrix-discord -g -c /data/config.yaml -r /data/registration.yaml
+	echo "Didn't find a registration file."
+	echo "Generated one for you."
+	echo "See https://docs.mau.fi/bridges/general/registering-appservices.html on how to use it."
+	exit
+fi
+
+cd /data
+fixperms
+exec su-exec $UID:$GID /usr/bin/mautrix-discord

example-config.yaml

@@ -0,0 +1,115 @@
+# Homeserver details.
+homeserver:
+    # The address that this appservice can use to connect to the homeserver.
+    address: http://localhost:29326
+    # The domain of the homeserver (for MXIDs, etc).
+    domain: example.com
+
+    # Is the homeserver actually mautrix-asmux?
+    asmux: false
+    # The URL to push real-time bridge status to.
+    # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
+    # The bridge will use the appservice as_token to authorize requests.
+    status_endpoint: null
+
+# Application service host/registration related details.
+# Changing these values requires regeneration of the registration.
+appservice:
+    # The address that the homeserver can use to connect to this appservice.
+    address: http://localhost:29350
+
+    # The hostname and port where this appservice should listen.
+    hostname: 0.0.0.0
+    port: 29350
+    # Database config.
+    database:
+        # The database type. "sqlite3" and "postgres" are supported.
+        type: sqlite3
+        # The database URI.
+        #   SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
+        #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+        #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+        uri: mautrix-whatsapp.db
+        # Maximum number of connections. Mostly relevant for Postgres.
+        max_open_conns: 20
+        max_idle_conns: 2
+        # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+        # Parsed with https://pkg.go.dev/time#ParseDuration
+        max_conn_idle_time: null
+        max_conn_lifetime: null
+
+    # Settings for provisioning API
+    provisioning:
+        # Prefix for the provisioning API paths.
+        prefix: /_matrix/provision
+        # Shared secret for authentication. If set to "generate", a random secret will be generated,
+        # or if set to "disable", the provisioning API will be disabled.
+        shared_secret: generate
+
+    id: discord
+    bot:
+      username: discordbot
+      displayname: Discord bridge bot
+      avatar: mxc://beeper.com/222332ba2b197e57b73ef2db236232db79af62d0
+
+    # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+    as_token: "This value is generated when generating the registration"
+    hs_token: "This value is generated when generating the registration"
+
+# Bridge config
+bridge:
+    # Localpart template of MXIDs for Discord users.
+    # {{.}} is replaced with the phone number of the WhatsApp user.
+    username_template: discord_{{.}}
+    # Displayname template for Discord userss.
+    displayname_template: '{{.Username}}#{{.Discriminator}} (D){{if .Bot}} (bot){{end}}'
+
+    portal_message_buffer: 128
+
+    # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
+    sync_with_custom_puppets: true
+    # Should the bridge update the m.direct account data event when double puppeting is enabled.
+    # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+    # and is therefore prone to race conditions.
+    sync_direct_chat_list: false
+    # When double puppeting is enabled, users can use `!wa toggle` to change whether
+    # presence and read receipts are bridged. These settings set the default values.
+    # Existing users won't be affected when these are changed.
+    default_bridge_receipts: true
+    default_bridge_presence: true
+    # Servers to always allow double puppeting from
+    double_puppet_server_map:
+        example.com: https://example.com
+    # Allow using double puppeting from any server with a valid client .well-known file.
+    double_puppet_allow_discovery: false
+    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
+    #
+    # If set, double puppeting will be enabled automatically for local users
+    # instead of users having to find an access token and run `login-matrix`
+    # manually.
+    login_shared_secret_map:
+        example.com: foobar
+
+    # The prefix for commands. Only required in non-management rooms.
+    command_prefix: '!dis'
+    # Messages sent upon joining a management room.
+    # Markdown is supported. The defaults are listed below.
+    management_room_text:
+        # Sent when joining a room.
+        welcome: "Hello, I'm a WhatsApp bridge bot."
+        # Sent when joining a management room and the user is already logged in.
+        welcome_connected: "Use `help` for help."
+        # Sent when joining a management room and the user is not logged in.
+        welcome_unconnected: "Use `help` for help or `login` to log in."
+        # Optional extra text sent when joining a management room.
+        additional_help: ""
+
+logging:
+  directory: ./logs
+  file_name_format: '{{.Date}}-{{.Index}}.log'
+  file_date_format: "2006-01-02"
+  file_mode: 384
+  timestamp_format: Jan _2, 2006 15:04:05
+  print_level: debug
+  print_json: false
+  file_json: false