[Recognizer] Add docker image

Author: mickel8

.github/workflows/build-publish-image.yml

@@ -0,0 +1,38 @@
+on:
+  workflow_call:
+    inputs:
+      app-name:
+        required: true
+        type: string
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  build-publish-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}/${{ inputs.app-name }}
+          tags: type=match,pattern=${{ inputs.app-name }}-v(\d.\d.\d)
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: ./${{ inputs.app-name }}
+          platforms: linux/amd64
+          push: true
+          tags: ${{  steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/deploy-image.yml

@@ -0,0 +1,31 @@
+on:
+  workflow_call:
+    inputs:
+      app-name:
+        required: true
+        type: string
+    secrets:
+      ssh-host:
+        required: true
+      ssh-username:
+        required: true
+      ssh-priv-key:
+        required: true
+
+jobs:
+  deploy-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Deploy the new version
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ secrets.ssh-host }}
+          username: ${{ secrets.ssh-username }}
+          key: ${{ secrets.ssh-priv-key }}
+          script: |
+          docker run \
+            -e SECRET_KEY_BASE=${{ secrets.RECOGNIZER_SECRET_KEY_BASE }} \ 
+            -e PHX_HOST=${{ secrets.RECOGNIZER_PHX_HOST }} \
+            --network host \ 
+            ghcr.io/elixir-webrtc/apps/${{ inputs.app-name }}:${{ github.ref_name }#-v}

.github/workflows/recognizer-docker.yml

@@ -0,0 +1,27 @@
+name: Recognizer Docker
+
+on:
+  push:
+    tags:
+      - "recognizer-v*.*.*"
+
+permissions:
+  contents: read
+  packages: write
+
+jobs: 
+  build-publish-recognizer-image:
+    uses: ./.github/workflows/build-publish-image.yml
+    with:
+      app-name: recognizer
+  deploy-recognizer:
+    # needs: build-publish-recognizer-image
+    uses: ./.github/workflows/deploy-image.yml
+    with:
+      app-name: recognizer
+    secrets:
+      ssh-host: ${{ secrets.RECOGNIZER_SSH_HOST }}
+      ssh-username: ${{ secrets.RECOGNIZER_SSH_USERNAME }}
+      ssh-priv-key: ${{ secrets.RECOGNIZER_SSH_PRIV_KEY }}
+
+

recognizer/.dockerignore

@@ -0,0 +1,45 @@
+# This file excludes paths from the Docker build context.
+#
+# By default, Docker's build context includes all files (and folders) in the
+# current directory. Even if a file isn't copied into the container it is still sent to
+# the Docker daemon.
+#
+# There are multiple reasons to exclude files from the build context:
+#
+# 1. Prevent nested folders from being copied into the container (ex: exclude
+#    /assets/node_modules when copying /assets)
+# 2. Reduce the size of the build context and improve build time (ex. /build, /deps, /doc)
+# 3. Avoid sending files containing sensitive information
+#
+# More information on using .dockerignore is available here:
+# https://docs.docker.com/engine/reference/builder/#dockerignore-file
+
+.dockerignore
+
+# Ignore git, but keep git HEAD and refs to access current commit hash if needed:
+#
+# $ cat .git/HEAD | awk '{print ".git/"$2}' | xargs cat
+# d0b8727759e1e0e7aa3d41707d12376e373d5ecc
+.git
+!.git/HEAD
+!.git/refs
+
+# Common development/test artifacts
+/cover/
+/doc/
+/test/
+/tmp/
+.elixir_ls
+
+# Mix artifacts
+/_build/
+/deps/
+*.ez
+
+# Generated on crash by the VM
+erl_crash.dump
+
+# Static artifacts - These should be fetched and built inside the Docker image
+/assets/node_modules/
+/priv/static/assets/
+/priv/static/cache_manifest.json

recognizer/Dockerfile

@@ -0,0 +1,124 @@
+# Find eligible builder and runner images on Docker Hub. We use Ubuntu/Debian
+# instead of Alpine to avoid DNS resolution issues in production.
+#
+# https://hub.docker.com/r/hexpm/elixir/tags?page=1&name=ubuntu
+# https://hub.docker.com/_/ubuntu?tab=tags
+#
+# This file is based on these images:
+#
+#   - https://hub.docker.com/r/hexpm/elixir/tags - for the build image
+#   - https://hub.docker.com/_/debian?tab=tags&page=1&name=bullseye-20231009-slim - for the release image
+#   - https://pkgs.org/ - resource for finding needed packages
+#   - Ex: hexpm/elixir:1.16.0-erlang-26.2.1-debian-bullseye-20231009-slim
+#
+ARG ELIXIR_VERSION=1.17.2
+ARG OTP_VERSION=27.0.1
+ARG DEBIAN_VERSION=bookworm-20240701-slim
+
+ARG BUILDER_IMAGE="hexpm/elixir:${ELIXIR_VERSION}-erlang-${OTP_VERSION}-debian-${DEBIAN_VERSION}"
+ARG RUNNER_IMAGE="debian:${DEBIAN_VERSION}"
+
+FROM ${BUILDER_IMAGE} as builder
+
+# install build dependencies
+RUN apt-get update -y && apt-get install -y \ 
+    build-essential \
+    libssl-dev \
+    curl \ 
+    pkg-config \
+    git \
+    libsrtp2-dev \
+    libavcodec-dev \
+    libavformat-dev \ 
+    libavutil-dev \ 
+    libswscale-dev \ 
+    libavdevice-dev && \
+    apt-get clean && \
+    rm -f /var/lib/apt/lists/*_*
+    
+# prepare build dir
+WORKDIR /app
+
+# install hex + rebar
+RUN mix local.hex --force && \
+    mix local.rebar --force
+
+# set build ENV
+ENV MIX_ENV="prod"
+
+# install mix dependencies
+COPY mix.exs mix.lock ./
+RUN mix deps.get --only $MIX_ENV
+RUN mkdir config
+
+# copy compile-time config files before we compile dependencies
+# to ensure any relevant config change will trigger the dependencies
+# to be re-compiled.
+COPY config/config.exs config/${MIX_ENV}.exs config/
+RUN mix deps.compile
+
+COPY priv priv
+
+COPY lib lib
+
+COPY assets assets
+
+# compile assets
+RUN mix assets.deploy
+
+# Compile the release
+RUN mix compile
+
+# Changes to config/runtime.exs don't require recompiling the code
+COPY config/runtime.exs config/
+
+COPY rel rel
+RUN mix release
+
+# start a new build stage so that the final image will only contain
+# the compiled release and other runtime necessities
+FROM ${RUNNER_IMAGE}
+
+RUN apt-get update -y && \
+  apt-get install -y libstdc++6 \
+  openssl \
+  libncurses5 \
+  locales \
+  ca-certificates \
+  libsrtp2-dev \
+  libavcodec-dev \
+  libavformat-dev \
+  libavutil-dev \
+  libswscale-dev \
+  libavdevice-dev \
+  && apt-get clean \
+  && rm -f /var/lib/apt/lists/*_*
+
+# Set the locale
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
+
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+
+WORKDIR "/app"
+RUN chown nobody /app
+
+# set runner ENV
+ENV MIX_ENV="prod"
+
+# without setting this, bumblebee tries to use /nonexistent directory,
+# which does not exist and cannot be created
+ENV BUMBLEBEE_CACHE_DIR=/app/bin
+
+# Only copy the final release from the build stage
+COPY --from=builder --chown=nobody:root /app/_build/${MIX_ENV}/rel/recognizer ./
+
+USER nobody
+
+# If using an environment that doesn't automatically reap zombie processes, it is
+# advised to add an init process such as tini via `apt-get install`
+# above and adding an entrypoint. See https://github.com/krallin/tini for details
+# ENTRYPOINT ["/tini", "--"]
+
+CMD ["/app/bin/server"]

recognizer/README.md

@@ -8,3 +8,29 @@ To start your Phoenix server:
   * Start Phoenix endpoint with `mix phx.server` or inside IEx with `iex -S mix phx.server`
 
 Now you can visit [`localhost:5002`](http://localhost:5002) from your browser.
+
+## Running with Docker
+
+You can also run Recognizer using Docker.
+
+Build image:
+
+```
+docker build -t recognizer .
+```
+
+and run:
+
+```
+docker run -e SECRET_KEY_BASE="secret" -e PHX_HOST=localhost --network host recognizer
+```
+
+Note that secret has to be at least 64 bytes long.
+You can generate one with `mix phx.gen.secret`.
+
+If you are running on MacOS, instead of using `--network host` option, you have to explicitly publish ports:
+
+```
+docker run -e SECRET_KEY_BASE="secert" -e PHX_HOST=localhost -p 4000:4000 -p 50000-50010/udp recognizer
+```
+

recognizer/config/config.exs

@@ -55,6 +55,8 @@ config :nx, default_backend: EXLA.Backend
 
 config :recognizer, max_rooms: 5, max_session_time_s: 200
 
+config :bundlex, :disable_precompiled_os_deps, apps: [:ex_libsrtp]
+
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
 import_config "#{config_env()}.exs"

recognizer/lib/recognizer/application.ex

@@ -16,9 +16,13 @@ defmodule Recognizer.Application do
   end
 
   defp commit() do
-    case System.cmd("git", ["rev-parse", "--short", "HEAD"]) do
-      {hash, 0} -> "(#{String.trim(hash)})"
-      _ -> ""
+    try do
+      case System.cmd("git", ["rev-parse", "--short", "HEAD"]) do
+        {hash, 0} -> "(#{String.trim(hash)})"
+        _ -> ""
+      end
+    catch
+      _, _ -> ""
     end
   end
 

recognizer/mix.exs

@@ -54,9 +54,9 @@ defmodule Recognizer.MixProject do
       {:plug_cowboy, "~> 2.5"},
       {:ex_webrtc, "~> 0.3.0"},
       {:ex_webrtc_dashboard, "~> 0.3.0"},
-      {:xav, "~> 0.3.0"},
-      {:bumblebee, "~> 0.4.2"},
-      {:exla, "~> 0.5"},
+      {:xav, "~> 0.4.0"},
+      {:bumblebee, "~> 0.5.3"},
+      {:exla, "~> 0.7.1"},
 
       # Dialyzer and credo
       {:dialyxir, ">= 0.0.0", only: :dev, runtime: false},