feat: add Docker Compose deployment driver and image management by j4n · Pull Request #6 · chatmail/cmlxc

j4n · 2026-04-22T15:30:22Z

This adds a docker deploy driver that allows deploying Docker image in LXC containers (with nesting enabled) with docker compose. Docker commands are of the shape cmlxc docker cmd.

Containers with Docker or other networking can expose IPs on multiple interfaces. _extract_ip() now accepts an optional subnet filter so wait_ready() and list_managed() only pick addresses on incusbr0.

Move the initialization check (DNS container running + base image present) from cli._check_init() into Incus.check_init() so that drivers can call it without depending on the CLI module.

…ure() Allows drivers to pass additional Incus config keys (e.g. security.nesting=true for Docker-in-LXC) when launching containers. Threaded through Container and RelayContainer.

…nd on_init_relay default Move the initenv.sh hook from CmdeployDriver.on_init_relay() into the Driver base class as the default implementation -- both cmdeploy and docker drivers used identical bodies. Extract run_cmdeploy_pytest() as a standalone function so that any driver sharing the cmdeploy test suite (currently CmdeployDriver and DockerDriver) can call it without duplicating the env_exports / pytest command construction.

When the source ref is a full 40-char SHA (e.g. from CI dispatch), the shallow git-main clone won't have it. Detect this case and fetch just that commit with --depth 1 before checkout.

When no explicit -v flags are passed and RUNNER_DEBUG=1 is set (GitHub Actions "Enable debug logging" rerun), auto-bump to -vvv.

The `git reset --hard origin/{ref}` is only useful for branch refs (fast-forward to latest remote). For SHA refs it always fails silently since there's no remote tracking branch. Only run it for branch refs.

…elease tags prep_builder() in driver_base.py did not pull tags, so a subsequent `git checkout <tag>` fails, needed for release builds.

…ript Both the cmdeploy and docker drivers need to generate chatmail.ini with relaxed rate limits for testing. Extract the overrides dict and the Python snippet builder into shared helpers.

Wrap bash(..., check=False)

1. driver_cmdeploy.py: CmdeployDriver.on_init_relay() was removed during the be9d325 refactor but was never moved to the base class as the commit message claimed. The method runs scripts/initenv.sh inside the builder to create the relay's venv. Without it, every subsequent step that calls `source .../venv/bin/activate` fails with "No such file or directory".

Add DockerDriver for deploying chatmail relays via Docker Compose inside LXC containers (Docker-in-LXC with security.nesting). Features: - Pull pre-built images from GHCR (--source ghcr:TAG) - Inject local builds - Healthcheck polling / log streaming - SSH forwarding into Docker containers (for test compatibility) - DNS zone extraction and PowerDNS loading - security.privileged fenced behind CI=true CLI subcommands: deploy, pull, logs, ps, shell

- Register DockerDriver in DRIVER_BY_NAME - test-cmdeploy: dispatch to driver class from container metadata - Fix _print_builder_repos to use driver REPO_NAME (avoids dupes)

- Add cmlxc_ref input to test feature branches - Disable AppArmor for Docker-in-LXC systemd support - Cache localchat-docker image (strip Docker images before export) - Split cache into restore/save for better failure handling - Per-service failure diagnostics (dovecot, postfix, failed units) - install incus-base instead of full incus package - trimmed=: normalise whitespace via xargs before eval so indented commands in the multiline cmlxc_commands input parse correctly and display cleanly in CI ::group:: labels - get_service_logs.sh: debug logging calls /usr/local/sbin/get-service-logs (installed via COPY in the Docker image) which dumps per-service journalctl output, failed units, dovecot config, and TLS cert paths

j4n marked this pull request as draft April 22, 2026 15:30

j4n force-pushed the j4n/docker-support branch from 59363ea to 20a246d Compare April 22, 2026 15:35