Add container-canary.

.github/workflows/docker-publish.yml

@@ -82,6 +82,14 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+      - name: Install Container Canary
+        run: |
+          curl -L https://github.com/NVIDIA/container-canary/releases/download/v0.2.1/canary_linux_amd64 > /usr/local/bin/canary
+          chmod +x /usr/local/bin/canary
+
+      - name: Validate container
+        run: canary validate --file canary-validator.yml ${{ steps.meta.outputs.tags }}
+
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
       # repository is public to avoid leaking data.  If you would like to publish

Dockerfile

@@ -6,7 +6,7 @@ COPY requirements.txt .
 RUN pip install --no-cache-dir --upgrade pip wheel
 RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt
 
-COPY . . 
+COPY . .
 RUN pip install '.'
 
 CMD ["uvicorn", "nsls2api.main:api", "--proxy-headers", "--host", "0.0.0.0", "--port", "8080", "--workers", "4", "--ssl-keyfile=/etc/nsls2/tls/server.key", "--ssl-certfile=/etc/nsls2/tls/server.cer"]

canary-validator.yml

@@ -0,0 +1,33 @@
+# This is used to verify that a container image has the basic expected behavior.
+# See https://github.com/NVIDIA/container-canary
+#
+# Run locally like:
+#
+# canary validate --file canary-validator.yml ghcr.io/bluesky/tiled:latest
+
+apiVersion: container-canary.nvidia.com/v2
+kind: Validator
+name: nsls2api
+description: Validate that container image is operational.
+# env:
+#  - name: ...
+#    value: 
+ports:
+ - port: 31415
+   protocol: TCP
+volumes: []
+checks:
+  - name: tcp
+    description: Is listening via TCP on port 31415
+    probe:
+      tcpSocket:
+        port: 31415
+  - name: http
+    description: Responds HTTP GET on port 31415 at route /
+    probe:
+      httpGet:
+        path: /
+        port: 31415
+      initialDelaySeconds: 5
+      timeoutSeconds: 10
+      failureThreshold: 3