feat: First version (#1)

.babelrc

@@ -0,0 +1,9 @@
+{
+    "env": {
+        "test": {
+            "plugins": [
+                "@babel/plugin-transform-modules-commonjs"
+            ]
+        }
+    }
+}

.gitattributes

@@ -0,0 +1,4 @@
+* text=auto
+*.sh            eol=lf
+*.yml           eol=lf
+root/**         eol=lf

.github/dependabot.yml

@@ -0,0 +1,32 @@
+version: 2
+updates:
+- package-ecosystem: docker
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+  commit-message:
+    prefix: fix
+    include: scope
+- package-ecosystem: gradle
+  directory: "/tests"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+  commit-message:
+    prefix: chore
+    include: scope
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - dependencies
+  commit-message:
+    prefix: ci
+    include: scope

.github/semantic.yml

@@ -0,0 +1,11 @@
+titleOnly: true
+types:
+  - feat
+  - fix
+  - docs
+  - refactor
+  - test
+  - build
+  - ci
+  - chore
+  - revert

.github/workflows/ci_cd.yml

@@ -0,0 +1,23 @@
+name: CI/CD
+on:
+  push:
+
+env:
+  DEBUG: testcontainers:containers
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # To add version tags
+      packages: write # To push docker image
+      issues: write   # Semantic release to link issues
+    steps:
+      - uses: actions/checkout@master
+
+      - uses: homecentr/action-build-docker-image@master
+        with:
+          imageName: "homecentr/qbittorrent"
+          gitHubToken: ${{ secrets.GITHUB_TOKEN }}
+          dockerHubUserName: ${{ secrets.DOCKERHUB_USERNAME }}
+          dockerHubPassword: ${{ secrets.DOCKERHUB_PASSWORD }}

.gitignore

@@ -0,0 +1 @@
+node_modules

.vscode/settings.json

@@ -0,0 +1,11 @@
+{
+    "files.exclude": {
+        "**/.git": true,
+        "**/.svn": true,
+        "**/.hg": true,
+        "**/CVS": true,
+        "**/.DS_Store": true,
+        "**/Thumbs.db": true,
+        "node_modules": true
+    }
+}

Dockerfile

@@ -0,0 +1,32 @@
+FROM linuxserver/qbittorrent:4.4.3
+
+ARG USER_UID=1000
+ARG USER_GID=1000
+
+COPY ./root/ /
+
+RUN mkdir -p /downloads && \
+    rm -rf /etc/cont-init.d && \
+    rm -rf /etc/services.d && \
+    deluser guest && \
+    deluser abc && \
+    delgroup users && \
+    addgroup --gid ${USER_GID} nonroot && \
+    adduser -u ${USER_UID} -G nonroot -D -H -g "" nonroot && \
+    chown ${USER_UID} /config && \
+    chgrp ${USER_GID} /config && \
+    chown ${USER_UID} /downloads && \
+    chgrp ${USER_GID} /downloads && \
+    chown -R ${USER_UID} /defaults && \
+    chgrp -R ${USER_GID} /defaults && \
+    chmod a+x /entrypoint.sh && \
+    echo "WebUI\AuthSubnetWhitelistEnabled=true" >> /defaults/qBittorrent.conf && \
+    echo "WebUI\AuthSubnetWhitelist=0.0.0.0/0" >> /defaults/qBittorrent.conf 
+
+EXPOSE 8080
+VOLUME "/config"
+VOLUME "/downloads"
+
+USER 1000:1000
+
+ENTRYPOINT [ "ash", "entrypoint.sh" ]

README.md

@@ -0,0 +1,28 @@
+[![Project status](https://badgen.net/badge/project%20status/stable%20%26%20actively%20maintaned?color=green)](https://github.com/homecentr/docker-qbittorrent/graphs/commit-activity) [![](https://badgen.net/github/label-issues/homecentr/docker-qbittorrent/bug?label=open%20bugs&color=green)](https://github.com/homecentr/docker-qbittorrent/labels/bug) [![](https://badgen.net/github/release/homecentr/docker-qbittorrent)](https://hub.docker.com/repository/docker/homecentr/qbittorrent)
+[![](https://badgen.net/docker/pulls/homecentr/qbittorrent)](https://hub.docker.com/repository/docker/homecentr/qbittorrent) 
+[![](https://badgen.net/docker/size/homecentr/qbittorrent)](https://hub.docker.com/repository/docker/homecentr/qbittorrent)
+
+[![CI/CD](https://github.com/homecentr/docker-qbittorrent/actions/workflows/ci_cd.yml/badge.svg)](https://github.com/homecentr/docker-qbittorrent/actions/workflows/ci_cd.yml)
+
+
+# Homecentr - qbittorrent
+Docker image of qBittorrent based on [LinuxServer.io's image](https://fleet.linuxserver.io/image?name=linuxserver/qbittorrent) just with removed bells and whistles which I do not consider secure - LSIO requires SET_UID, SET_GID and other capabilities. It also generally relies on running as root which I am not comfortable with and therefore this image runs strictly as a non-root user.
+
+## Exposed ports
+
+| Port | Protocol | Description |
+|------|------|-------------|
+| 8080 | TCP | WebUI |
+
+## Volumes
+
+| Container path | Description |
+|------------|---------------|
+| /config | qBittorrent configuration and state |
+| /downloads | Downloaded files from the torrents |
+
+## Security
+The container is regularly scanned for vulnerabilities and updated. Further info can be found in the [Security tab](https://github.com/homecentr/docker-qbittorrent/security).
+
+### Container user
+The container uses UID:GID of 1000:1000 by default. Image must be rebuilt in case you need to use a different UID or GID due to file permissions.

SECURITY.md

@@ -0,0 +1,15 @@
+# Security policy
+
+## Disclosure policy
+
+In case you find a security issues with this docker image, please reach out to me at security@homecentr.io and provide 5 business days to release a fixed version.
+
+## Security update policy
+
+Known security issues will be published in GitHub repository's Security / Security advisories.
+
+## Automated processes
+
+The Docker image is regularly scanned for vulnerabilities with [Snyk.io](https://snyk.io/).
+
+The dependencies are automatically scanned using [Dependabot](https://dependabot.com/). Dependencies are regularly updated. You can check for pending dependency updates by listing open Pull requests with the "dependencies" label.

docker-compose.yml

@@ -0,0 +1,10 @@
+version: "3.9"
+services:
+  image:
+    build: .
+    image: homecentr/qbittorrent:preview
+    ports:
+      - "8080:8080"
+    tmpfs:
+      - /config:mode=770,uid=1000,gid=1000
+      - /downloads:mode=770,uid=1000,gid=1000

package.json

@@ -0,0 +1,31 @@
+{
+  "name": "@homecentr/qbittorrent",
+  "version": "1.0.0",
+  "description": "",
+  "author": "Lukas Holota",
+  "license": "MIT",
+  "scripts": {
+    "build": "docker-compose build",
+    "start": "docker-compose up",
+    "start:shell": "docker-compose run --user=0:0 --entrypoint ash image",
+    "test": "jest --testTimeout=60000",
+    "push:preview": "docker-compose push image"
+  },
+  "release": {
+    "branches": [
+      "master"
+    ],
+    "plugins": [
+      "@semantic-release/commit-analyzer",
+      "@semantic-release/release-notes-generator",
+      "@semantic-release/github"
+    ]
+  },
+  "devDependencies": {
+    "@babel/plugin-transform-modules-commonjs": "^7.18.6",
+    "axios": "^0.27.2",
+    "cross-env": "^7.0.3",
+    "jest": "^28.1.3",
+    "testcontainers": "^8.12.0"
+  }
+}

root/entrypoint.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env ash
+
+# Ensure the config directory exists
+mkdir -p /config/qBittorrent
+
+# Copy default config if none exists
+if [[ ! -e /config/qBittorrent/qBittorrent.conf ]]
+then
+    cp /defaults/qBittorrent.conf /config/qBittorrent/qBittorrent.conf
+fi
+
+/usr/bin/qbittorrent-nox --webui-port=8080

tests/container.spec.js

@@ -0,0 +1,33 @@
+const path = require("path");
+const axios = require("axios");
+const { DockerComposeEnvironment } = require("testcontainers");
+
+describe("qBittorrent container should", () => {
+    var container;
+    var composeEnvironment;
+
+    beforeAll(async () => {
+        const composeFilePath = path.resolve(__dirname, "..");
+
+        composeEnvironment = await new DockerComposeEnvironment(composeFilePath, "docker-compose.yml")
+            .withBuild()
+            .up();
+
+        container = composeEnvironment.getContainer("image_1");
+    });
+
+    afterAll(async () => {
+        await composeEnvironment.down();
+    });
+
+    it("Listen on configured port", async () => {
+        // Arrange
+        const url = `http://localhost:${container.getMappedPort(8080)}/`
+
+        // Act
+        const response = await axios.get(url);
+
+        // Assert
+        expect(response.status).toBe(200);
+    });
+});