google
diff --git a/‎contrib/docker/dev/.env.template‎
Lines changed: 3 additions & 0 deletions b/‎contrib/docker/dev/.env.template‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎contrib/docker/dev/compose.yaml‎
Lines changed: 132 additions & 13 deletions b/‎contrib/docker/dev/compose.yaml‎
Lines changed: 132 additions & 13 deletions
diff --git a/‎contrib/docker/dev/postgresql/postgresql.env‎
Lines changed: 3 additions & 3 deletions b/‎contrib/docker/dev/postgresql/postgresql.env‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎contrib/docker/dev/timesketch/Dockerfile‎
Lines changed: 103 additions & 31 deletions b/‎contrib/docker/dev/timesketch/Dockerfile‎
Lines changed: 103 additions & 31 deletions
@@ -11,6 +11,9 @@ TIMESKETCH_CONF_DIR="/etc/timesketch"
 TIMESKETCH_SECRET_KEY="L4np0jV3yAdAFdbVzWRMaBqiFMV8FKYd+Je1WKE40o8="
 TIMESKETCH_USER="dev"
 TIMESKETCH_PASSWORD="dev"
+TIMESKETCH_USER_NAME="timesketch"
+TIMESKETCH_USER_UID="1000"
+TIMESKETCH_USER_GID="1000"
 
 POSTGRES_USER="timesketch"
 POSTGRES_PASSWORD="password"
 
@@ -4,19 +4,111 @@ networks:
   timesketch-dev:
 
 volumes:
+  setup-data:
   opensearch-data:
   postgresql-data:
   redis-data:
   prometheus-data:
 
 services:
-  timesketch:
-    image: timesketch-timesketch/dev:latest
+  setup:
+    image: timesketch-setup:latest
     build:
       context: ../../..
       dockerfile: contrib/docker/dev/timesketch/Dockerfile
+      target: setup
       args:
         BASE_IMAGE: "${TIMESKETCH_BASE_IMAGE:?}"
+        TIMESKETCH_USER_NAME: "${TIMESKETCH_USER_NAME:?}"
+        TIMESKETCH_USER_UID: "${TIMESKETCH_USER_UID:?}"
+        TIMESKETCH_USER_GID: "${TIMESKETCH_USER_GID:?}"
+        TIMESKETCH_CONF_DIR: "${TIMESKETCH_CONF_DIR:?}"
+        GIFT_PPA_TRACK: "${GIFT_PPA_TRACK:?}"
+        GIFT_PPA_URL: "${GIFT_PPA_URL:?}"
+        NODE_VERSION: "${NODE_VERSION:?}"
+        NODE_PPA_URL: "${NODE_PPA_URL:?}"
+        NODE_NPMRC: "${NODE_NPMRC?}"
+        YARN_YARNRC: "${YARN_YARNRC?}"
+        PYTHON_PIP_CONF: "${PYTHON_PIP_CONF?}"
+    command: timesketch
+    env_file:
+      - timesketch/timesketch.env
+    volumes:
+      - "setup-data:/usr/local/src/sigma"
+      - "../../../:/usr/local/src/timesketch"
+      - "./timesketch/timesketch.conf:${TIMESKETCH_CONF_DIR:?}/timesketch.conf:ro"
+      - "./timesketch/sigma_rules.txt:${TIMESKETCH_CONF_DIR:?}/sigma_rules.txt:ro"
+      - "../../../data/sigma_config.yaml:${TIMESKETCH_CONF_DIR:?}/sigma_config.yaml:ro"
+      - "../../../data/sigma:${TIMESKETCH_CONF_DIR:?}/sigma:ro"
+    depends_on:
+      postgresql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    networks:
+      - timesketch-dev
+
+  celery-worker:
+    image: timesketch-celery-worker:latest
+    build:
+      context: ../../..
+      dockerfile: contrib/docker/dev/timesketch/Dockerfile
+      target: celery-worker
+      args:
+        BASE_IMAGE: "${TIMESKETCH_BASE_IMAGE:?}"
+        TIMESKETCH_USER_NAME: "${TIMESKETCH_USER_NAME:?}"
+        TIMESKETCH_USER_UID: "${TIMESKETCH_USER_UID:?}"
+        TIMESKETCH_USER_GID: "${TIMESKETCH_USER_GID:?}"
+        TIMESKETCH_CONF_DIR: "${TIMESKETCH_CONF_DIR:?}"
+        GIFT_PPA_TRACK: "${GIFT_PPA_TRACK:?}"
+        GIFT_PPA_URL: "${GIFT_PPA_URL:?}"
+        NODE_VERSION: "${NODE_VERSION:?}"
+        NODE_PPA_URL: "${NODE_PPA_URL:?}"
+        NODE_NPMRC: "${NODE_NPMRC?}"
+        YARN_YARNRC: "${YARN_YARNRC?}"
+        PYTHON_PIP_CONF: "${PYTHON_PIP_CONF?}"
+    command: timesketch
+    env_file:
+      - timesketch/timesketch.env
+    volumes:
+      - "../../../:/usr/local/src/timesketch/"
+      - "./timesketch/timesketch.conf:${TIMESKETCH_CONF_DIR:?}/timesketch.conf:ro"
+      - "../../../data/regex_features.yaml:${TIMESKETCH_CONF_DIR:?}/regex_features.yaml:ro"
+      - "../../../data/winevt_features.yaml:${TIMESKETCH_CONF_DIR:?}/winevt_features.yaml:ro"
+      - "../../../data/tags.yaml:${TIMESKETCH_CONF_DIR:?}/tags.yaml:ro"
+      - "../../../data/intelligence_tag_metadata.yaml:${TIMESKETCH_CONF_DIR:?}/intelligence_tag_metadata.yaml:ro"
+      - "../../../data/plaso.mappings:${TIMESKETCH_CONF_DIR:?}/plaso.mappings:ro"
+      - "../../../data/generic.mappings:${TIMESKETCH_CONF_DIR:?}/generic.mappings:ro"
+      - "../../../data/ontology.yaml:${TIMESKETCH_CONF_DIR:?}/ontology.yaml:ro"
+      - "../../../data/data_finder.yaml:${TIMESKETCH_CONF_DIR:?}/data_finder.yaml:ro"
+      - "../../../data/bigquery_matcher.yaml:${TIMESKETCH_CONF_DIR:?}/bigquery_matcher.yaml:ro"
+      - "../../../data/sigma_config.yaml:${TIMESKETCH_CONF_DIR:?}/sigma_config.yaml:ro"
+      - "../../../data/sigma:${TIMESKETCH_CONF_DIR:?}/sigma:ro"
+      - "../../../data/dfiq:${TIMESKETCH_CONF_DIR:?}/dfiq:ro"
+      - "../../../data/context_links.yaml:${TIMESKETCH_CONF_DIR:?}/context_links.yaml:ro"
+      - "../../../data/plaso_formatters.yaml:${TIMESKETCH_CONF_DIR:?}/plaso_formatters.yaml:ro"
+      - "../../../data/nl2q:${TIMESKETCH_CONF_DIR:?}/nl2q:ro"
+      - "../../../data/llm_summarize:${TIMESKETCH_CONF_DIR:?}/llm_summarize:ro"
+    depends_on:
+      setup:
+        condition: service_completed_successfully
+      opensearch:
+        condition: service_started
+    networks:
+      - timesketch-dev
+
+  gunicorn:
+    image: timesketch-gunicorn:latest
+    build:
+      context: ../../..
+      dockerfile: contrib/docker/dev/timesketch/Dockerfile
+      target: gunicorn
+      args:
+        BASE_IMAGE: "${TIMESKETCH_BASE_IMAGE:?}"
+        TIMESKETCH_USER_NAME: "${TIMESKETCH_USER_NAME:?}"
+        TIMESKETCH_USER_UID: "${TIMESKETCH_USER_UID:?}"
+        TIMESKETCH_USER_GID: "${TIMESKETCH_USER_GID:?}"
+        TIMESKETCH_CONF_DIR: "${TIMESKETCH_CONF_DIR:?}"
         GIFT_PPA_TRACK: "${GIFT_PPA_TRACK:?}"
         GIFT_PPA_URL: "${GIFT_PPA_URL:?}"
         NODE_VERSION: "${NODE_VERSION:?}"
@@ -29,9 +121,6 @@ services:
       - name: gunicorn
         published: "5000"
         target: 5000
-      - name: vite
-        published: "5001"
-        target: 5001
       - name: metrics
         published: "8080"
         target: 8080
@@ -40,7 +129,6 @@ services:
     volumes:
       - "../../../:/usr/local/src/timesketch/"
       - "./timesketch/timesketch.conf:${TIMESKETCH_CONF_DIR:?}/timesketch.conf:ro"
-      - "./timesketch/sigma_rules.txt:${TIMESKETCH_CONF_DIR:?}/sigma_rules.txt:ro"
       - "../../../data/regex_features.yaml:${TIMESKETCH_CONF_DIR:?}/regex_features.yaml:ro"
       - "../../../data/winevt_features.yaml:${TIMESKETCH_CONF_DIR:?}/winevt_features.yaml:ro"
       - "../../../data/tags.yaml:${TIMESKETCH_CONF_DIR:?}/tags.yaml:ro"
@@ -58,11 +146,41 @@ services:
       - "../../../data/nl2q:${TIMESKETCH_CONF_DIR:?}/nl2q:ro"
       - "../../../data/llm_summarize:${TIMESKETCH_CONF_DIR:?}/llm_summarize:ro"
     depends_on:
-      postgresql:
-        condition: service_healthy
-      opensearch:
-        condition: service_healthy
-      redis:
+      setup:
+        condition: service_completed_successfully
+    networks:
+      - timesketch-dev
+
+  vue-cli-service:
+    image: timesketch-vue-cli-service:latest
+    build:
+      context: ../../..
+      dockerfile: contrib/docker/dev/timesketch/Dockerfile
+      target: vue-cli-service
+      args:
+        BASE_IMAGE: "${TIMESKETCH_BASE_IMAGE:?}"
+        TIMESKETCH_USER_NAME: "${TIMESKETCH_USER_NAME:?}"
+        TIMESKETCH_USER_UID: "${TIMESKETCH_USER_UID:?}"
+        TIMESKETCH_USER_GID: "${TIMESKETCH_USER_GID:?}"
+        TIMESKETCH_CONF_DIR: "${TIMESKETCH_CONF_DIR:?}"
+        GIFT_PPA_TRACK: "${GIFT_PPA_TRACK:?}"
+        GIFT_PPA_URL: "${GIFT_PPA_URL:?}"
+        NODE_VERSION: "${NODE_VERSION:?}"
+        NODE_PPA_URL: "${NODE_PPA_URL:?}"
+        NODE_NPMRC: "${NODE_NPMRC?}"
+        YARN_YARNRC: "${YARN_YARNRC?}"
+        PYTHON_PIP_CONF: "${PYTHON_PIP_CONF?}"
+    command: timesketch
+    ports:
+      - name: vue-cli-service
+        published: "5001"
+        target: 5001
+    env_file:
+      - timesketch/timesketch.env
+    volumes:
+      - "../../../:/usr/local/src/timesketch/"
+    depends_on:
+      gunicorn:
         condition: service_healthy
     networks:
       - timesketch-dev
@@ -129,7 +247,8 @@ services:
 
     command: --config.file=/etc/prometheus/prometheus.yml
     depends_on:
-      - timesketch
+      gunicorn:
+        condition: service_healthy
     networks:
       - timesketch-dev
 
@@ -149,6 +268,6 @@ services:
       - "/tmp/:/usr/local/src/picadata/"
     depends_on:
       opensearch:
-        condition: service_healthy
+        condition: service_started
     networks:
       - timesketch-dev
@@ -1,3 +1,3 @@
-POSTGRES_USER="${POSTGRES_USER}"
-POSTGRES_PASSWORD="${POSTGRES_PASSWORD}"
-POSTGRES_DB="${POSTGRES_DB}"
+POSTGRES_USER="${POSTGRES_USER?-}"
+POSTGRES_PASSWORD="${POSTGRES_PASSWORD?-}"
+POSTGRES_DB="${POSTGRES_DB?-}"
@@ -1,12 +1,32 @@
 # Use the official Docker Hub Ubuntu base image
 ARG BASE_IMAGE="ubuntu:24.04"
-FROM $BASE_IMAGE
+FROM ${BASE_IMAGE} AS common
 
-# Prevent needing to configure debian packages, stopping the setup of
-# the docker container.
-RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
+USER root
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
+ARG TIMESKETCH_USER_NAME="timesketch"
+ARG TIMESKETCH_USER_UID="1000"
+ARG TIMESKETCH_USER_GID="1000"
+ARG TIMESKETCH_CONF_DIR="/etc/timesketch"
+RUN if ! id -u "${TIMESKETCH_USER_UID}" &>/dev/null; then \
+    echo "Creating user ${USER_NAME} (${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID})..."; \
+      if getent group "${TIMESKETCH_USER_GID}" >/dev/null; then \
+        echo "Group with GID ${TIMESKETCH_USER_GID} already exists."; \
+      else \
+        echo "Creating group ${TIMESKETCH_USER_NAME} with GID ${TIMESKETCH_USER_GID}..."; \
+        groupadd -g "${TIMESKETCH_USER_GID}" "${TIMESKETCH_USER_NAME}"; \
+      fi; \
+      useradd -m -u "${TIMESKETCH_USER_UID}" -g "${TIMESKETCH_USER_GID}" -s /bin/bash "${TIMESKETCH_USER_NAME}"; \
+  else \
+    echo "User with UID ${TIMESKETCH_USER_UID} already exists."; \
+  fi \
+  && for d in "${TIMESKETCH_CONF_DIR}" "/usr/local/src/sigma"; do \
+    mkdir -p "${d}" \
+    && chown "${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" "${d}"; \
+    done \
+  && echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections \
+  && apt-get update \
+  && apt-get install -y --no-install-recommends \
     software-properties-common \
     apt-transport-https \
     apt-utils \
@@ -26,6 +46,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     python3-venv \
   && rm -rf /var/lib/apt/lists/*
 
+FROM common AS common-python
+
 # Install Plaso
 ARG GIFT_PPA_TRACK="stable"
 ARG GIFT_PPA_URL="http://ppa.launchpad.net/gift/${GIFT_PPA_TRACK}/ubuntu"
@@ -39,12 +61,70 @@ RUN set -eux \
   && apt-get install -y --no-install-recommends \
     plaso-tools \
   && apt-get clean \
-  && rm -rf /var/lib/apt/lists/* ~/.gnupg
+  && rm -rf /var/lib/apt/lists/* /root/.gnupg
 
 # Fix for broken PPA dependency in Ubuntu 24.04: Plaso needs the 'events'
 # library for its opensearch output module.
 RUN pip3 install --break-system-packages events
 
+ARG PYTHON_PIP_CONF=""
+RUN if [ -n "${PYTHON_PIP_CONF}" ]; then \
+    mkdir -p /root/.config/pip /home/${TIMESKETCH_USER_NAME}/.config/pip; \
+    env echo -e "${PYTHON_PIP_CONF}" > /root/.config/pip/pip.conf; \
+    cp /root/.config/pip/pip.conf /home/${TIMESKETCH_USER_NAME}/.config/pip/pip.conf; \
+    chown -R "${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" /home/${TIMESKETCH_USER_NAME}/.config; \
+  fi
+
+USER "${TIMESKETCH_USER_NAME}"
+
+# Install dependencies for Timesketch in a virtual environment
+COPY --chown="${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" ["api_client", "/usr/local/src/timesketch/api_client/"]
+COPY --chown="${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" ["cli_client", "/usr/local/src/timesketch/cli_client/"]
+COPY --chown="${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" ["end_to_end_tests", "/usr/local/src/timesketch/end_to_end_tests/"]
+COPY --chown="${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" ["importer_client", "/usr/local/src/timesketch/importer_client/"]
+COPY --chown="${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" ["timesketch", "/usr/local/src/timesketch/timesketch/"]
+COPY --chown="${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" ["tests", "/usr/local/src/timesketch/tests/"]
+COPY --chown="${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" [ \
+  "requirements.txt", \
+  "setup.py", \
+  "test_requirements.txt", \
+  "/usr/local/src/timesketch/" \
+]
+
+RUN python3 -m venv --upgrade-deps --system-site-packages "${HOME}/venv" \
+  && . "${HOME}/venv/bin/activate" \
+  && pip install --no-cache-dir \
+    -r /usr/local/src/timesketch/requirements.txt \
+    -r /usr/local/src/timesketch/test_requirements.txt \
+  && pip install -e /usr/local/src/timesketch
+
+# Update the PATH to include the virtual environment
+ENV PATH="/home/${TIMESKETCH_USER_NAME}/venv/bin:${PATH}"
+ENV TIMESKETCH_CONF_DIR="${TIMESKETCH_CONF_DIR}"
+
+FROM common-python AS setup
+
+COPY --chown=root:root --chmod=755 ["contrib/docker/dev/timesketch/setup-docker-entrypoint.sh", "/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+FROM common-python AS celery-worker
+
+COPY --chown=root:root --chmod=755 ["contrib/docker/dev/timesketch/celery-worker-docker-entrypoint.sh", "/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+FROM common-python AS gunicorn
+
+COPY --chown=root:root --chmod=755 ["contrib/docker/dev/timesketch/gunicorn-docker-entrypoint.sh", "/usr/local/bin/docker-entrypoint.sh"]
+
+HEALTHCHECK --interval=10s --timeout=5s --start-period=15s --start-interval=2s --retries=1 \
+    CMD ["curl", "-f", "-s", "http://localhost:5000/"]
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+FROM common AS vue-cli-service
+
+USER root
+
 # Install NodeJS for frontend development
 ARG NODE_VERSION="20.x"
 ARG NODE_PPA_URL="https://deb.nodesource.com/node_${NODE_VERSION}"
@@ -56,43 +136,35 @@ RUN set -eux \
   && apt-get install -y --no-install-recommends \
     nodejs \
   && apt-get clean \
-  && rm -rf /var/lib/apt/lists/* ~/.gnupg
+  && rm -rf /var/lib/apt/lists/* /root/.gnupg
 
+ARG TIMESKETCH_USER_NAME="timesketch"
+ARG TIMESKETCH_USER_UID="1000"
+ARG TIMESKETCH_USER_GID="1000"
 ARG NODE_NPMRC=""
 RUN if [ -n "${NODE_NPMRC}" ]; then \
-    env echo -e "${NODE_NPMRC}" > ~/.npmrc; \
+    env echo -e "${NODE_NPMRC}" > /root/.npmrc; \
+    cp /root/.npmrc /home/${TIMESKETCH_USER_NAME}/.npmrc; \
+    chown "${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" /home/${TIMESKETCH_USER_NAME}/.npmrc; \
   fi
 
 ARG YARN_YARNRC=""
 RUN if [ -n "${YARN_YARNRC}" ]; then \
-    env echo -e "${YARN_YARNRC}" > ~/.yarnrc; \
-  fi
-
-ARG PYTHON_PIP_CONF=""
-RUN if [ -n "${PYTHON_PIP_CONF}" ]; then \
-    mkdir -p ~/.config/pip; \
-    env echo -e "${PYTHON_PIP_CONF}" > ~/.config/pip/pip.conf; \
+    env echo -e "${YARN_YARNRC}" > /root/.yarnrc; \
+    cp /root/.yarnrc /home/${TIMESKETCH_USER_NAME}/.yarnrc; \
+    chown "${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" /home/${TIMESKETCH_USER_NAME}/.yarnrc; \
   fi
 
 # Install Yarn for frontend development
 RUN npm install --global yarn
 
-# Install dependencies for Timesketch in a virtual environment
-COPY ["requirements.txt", "/timesketch-requirements.txt"]
-COPY ["test_requirements.txt", "/timesketch-test-requirements.txt"]
-RUN python3 -m venv --upgrade-deps --system-site-packages /opt/venv \
-    && . /opt/venv/bin/activate \
-    && pip install --no-cache-dir \
-        -r /timesketch-requirements.txt \
-        -r /timesketch-test-requirements.txt \
-        psycopg2-binary
+USER "${TIMESKETCH_USER_NAME}"
 
-# Update the PATH to include the virtual environment
-ENV PATH="/opt/venv/bin:${PATH}"
+COPY --chown="${TIMESKETCH_USER_UID}:${TIMESKETCH_USER_GID}" ["timesketch", "/usr/local/src/timesketch/timesketch/"]
 
-# Copy the entrypoint script into the container
-COPY ["contrib/docker/dev/timesketch/docker-entrypoint.sh", "/"]
-RUN chmod a+x /docker-entrypoint.sh
+RUN if ! yarn --cwd=/usr/local/src/timesketch/timesketch/frontend-ng install; then \
+  yarn --cwd=/usr/local/src/timesketch/timesketch/frontend-ng install --no-lockfile; \
+fi
 
-# Load the entrypoint script to be run later
-ENTRYPOINT ["/docker-entrypoint.sh"]
+COPY --chown=root:root --chmod=755 ["contrib/docker/dev/timesketch/vue-cli-service-docker-entrypoint.sh", "/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["docker-entrypoint.sh"]