Enhance configuration and Docker setup: update .gitignore, refactor Dockerfile for container2wasm, and remove deprecated entrypoint script. Add detailed configuration schema and usage instructions in README.md.

Author: microchipgnu

.github/dependabot.yml

@@ -0,0 +1,21 @@
+# ─────────────────────────────────────────────────────────────────────────────
+# Dependabot Configuration
+# ─────────────────────────────────────────────────────────────────────────────
+# Keeps GitHub Actions up to date automatically
+# ─────────────────────────────────────────────────────────────────────────────
+
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    commit-message:
+      prefix: "ci"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    open-pull-requests-limit: 5
+

.github/workflows/build.yml

@@ -0,0 +1,152 @@
+# ─────────────────────────────────────────────────────────────────────────────
+# Release WASM Containers
+# ─────────────────────────────────────────────────────────────────────────────
+# Manual workflow to build containers and create a GitHub release
+# Trigger from: Actions → Release WASM Containers → Run workflow
+# ─────────────────────────────────────────────────────────────────────────────
+
+name: Release WASM Containers
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_tag:
+        description: 'Release tag (e.g., v1.0.0)'
+        required: true
+        type: string
+      prerelease:
+        description: 'Mark as pre-release'
+        required: false
+        default: false
+        type: boolean
+
+env:
+  IMAGE_NAME: c4c2w:latest
+
+jobs:
+  release:
+    name: Build & Release
+    runs-on: ubuntu-latest
+    timeout-minutes: 120  # container2wasm can be slow
+    
+    permissions:
+      contents: write    # For creating releases
+    
+    steps:
+      - name: Validate tag format
+        run: |
+          TAG="${{ inputs.release_tag }}"
+          if [[ ! "$TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-.*)?$ ]]; then
+            echo "⚠️  Warning: Tag '$TAG' doesn't follow semver (vX.Y.Z)"
+            echo "Continuing anyway..."
+          fi
+          echo "Release tag: $TAG"
+      
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      
+      - name: Free up disk space
+        run: |
+          # container2wasm needs significant disk space
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /usr/local/lib/android
+          sudo rm -rf /opt/ghc
+          sudo rm -rf /opt/hostedtoolcache/CodeQL
+          df -h
+      
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      
+      - name: Build c4c2w image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          load: true
+          tags: ${{ env.IMAGE_NAME }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      
+      - name: Create output directory
+        run: mkdir -p ./out
+      
+      - name: Run container2wasm conversion
+        run: |
+          echo "🚀 Starting conversion..."
+          docker run --rm --privileged \
+            -v $(pwd)/out:/out \
+            -v /var/lib/docker \
+            -v $(pwd)/config.yaml:/work/config.yaml:ro \
+            ${{ env.IMAGE_NAME }}
+          echo "✅ Conversion complete!"
+      
+      - name: List outputs
+        run: |
+          echo "📦 Output artifacts:"
+          find ./out -type f -name "manifest.json" -exec sh -c '
+            dir=$(dirname "$1")
+            name=$(jq -r ".name" "$1")
+            mode=$(jq -r ".mode" "$1")
+            size=$(jq -r ".total_size" "$1")
+            size_mb=$(echo "scale=2; $size / 1048576" | bc)
+            echo "  • $name ($mode) - ${size_mb}MB"
+            echo "    Files: $(ls -1 "$dir" | wc -l)"
+          ' sh {} \;
+      
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: wasm-containers-${{ inputs.release_tag }}
+          path: out/
+          retention-days: 90
+          compression-level: 0
+      
+      - name: Generate release notes
+        run: |
+          {
+            echo "## 📦 WASM Container Artifacts"
+            echo ""
+            echo "**Tag:** \`${{ inputs.release_tag }}\`"
+            echo "**Commit:** \`${{ github.sha }}\`"
+            echo "**Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')"
+            echo ""
+            echo "### Containers"
+            echo ""
+            find ./out -type f -name "manifest.json" -exec sh -c '
+              name=$(jq -r ".name" "$1")
+              mode=$(jq -r ".mode" "$1")
+              arch=$(jq -r ".arch // \"amd64\"" "$1")
+              size=$(jq -r ".total_size" "$1")
+              size_mb=$(echo "scale=2; $size / 1048576" | bc)
+              parts=$(jq -r ".parts | length // 1" "$1")
+              echo "| **$name** | \`$arch\` | \`$mode\` | ${size_mb}MB | $parts part(s) |"
+            ' sh {} \;
+            echo ""
+            echo "### Usage"
+            echo ""
+            echo "Download and reassemble WASI containers:"
+            echo ""
+            echo "\`\`\`bash"
+            echo "# Download release assets"
+            echo "gh release download ${{ inputs.release_tag }} -D ./wasm"
+            echo ""
+            echo "# Reassemble"
+            echo "cd wasm/<container-name>"
+            echo "./reassemble.sh output.wasm"
+            echo ""
+            echo "# Run"
+            echo "wasmtime output.wasm"
+            echo "\`\`\`"
+          } > release_notes.md
+          cat release_notes.md
+      
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ inputs.release_tag }}
+          name: ${{ inputs.release_tag }}
+          body_path: release_notes.md
+          prerelease: ${{ inputs.prerelease }}
+          files: |
+            out/**/*
+          fail_on_unmatched_files: false

.github/workflows/validate.yml

@@ -0,0 +1,96 @@
+# ─────────────────────────────────────────────────────────────────────────────
+# Validate Configuration
+# ─────────────────────────────────────────────────────────────────────────────
+# Quick validation of config.yaml and Dockerfile syntax
+# Runs on all PRs - faster than full build
+# ─────────────────────────────────────────────────────────────────────────────
+
+name: Validate
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+    paths:
+      - 'config.yaml'
+      - 'Dockerfile'
+      - 'entrypoint.sh'
+
+jobs:
+  validate:
+    name: Validate Configuration
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      
+      - name: Validate YAML syntax
+        run: |
+          echo "Validating config.yaml..."
+          python3 -c "import yaml; yaml.safe_load(open('config.yaml'))"
+          echo "✅ YAML syntax is valid"
+      
+      - name: Validate config schema
+        run: |
+          echo "Checking required fields..."
+          
+          # Check that containers array exists and has entries
+          containers=$(yq '.containers | length' config.yaml)
+          if [ "$containers" -eq 0 ]; then
+            echo "❌ Error: No containers defined in config.yaml"
+            exit 1
+          fi
+          echo "✅ Found $containers container(s)"
+          
+          # Validate each container entry
+          for i in $(seq 0 $((containers - 1))); do
+            name=$(yq ".containers[$i].name" config.yaml)
+            
+            if [ "$name" == "null" ] || [ -z "$name" ]; then
+              echo "❌ Error: Container at index $i missing 'name' field"
+              exit 1
+            fi
+            
+            image=$(yq ".containers[$i].image" config.yaml)
+            dockerfile=$(yq ".containers[$i].dockerfile" config.yaml)
+            
+            if [ "$image" == "null" ] && [ "$dockerfile" == "null" ]; then
+              echo "❌ Error: Container '$name' must have either 'image' or 'dockerfile'"
+              exit 1
+            fi
+            
+            if [ "$image" != "null" ] && [ "$dockerfile" != "null" ]; then
+              echo "❌ Error: Container '$name' cannot have both 'image' and 'dockerfile'"
+              exit 1
+            fi
+            
+            mode=$(yq ".containers[$i].mode // \"wasi\"" config.yaml)
+            if [ "$mode" != "wasi" ] && [ "$mode" != "emscripten" ]; then
+              echo "❌ Error: Container '$name' has invalid mode '$mode' (must be 'wasi' or 'emscripten')"
+              exit 1
+            fi
+            
+            arch=$(yq ".containers[$i].arch // \"amd64\"" config.yaml)
+            if [ "$arch" != "amd64" ] && [ "$arch" != "arm64" ]; then
+              echo "❌ Error: Container '$name' has invalid arch '$arch' (must be 'amd64' or 'arm64')"
+              exit 1
+            fi
+            
+            echo "✅ Container '$name' ($arch, $mode) is valid"
+          done
+      
+      - name: Validate Dockerfile syntax
+        run: |
+          echo "Validating Dockerfile..."
+          docker build --check .
+          echo "✅ Dockerfile syntax is valid"
+      
+      - name: Check entrypoint.sh
+        run: |
+          echo "Checking entrypoint.sh..."
+          bash -n entrypoint.sh
+          echo "✅ entrypoint.sh syntax is valid"
+

.gitignore

@@ -1,2 +1,16 @@
+# Output directory
+out/
+
+# Docker artifacts
+*.tar
+*.tgz
+
+# macOS
 .DS_Store
-out
+
+# Editor
+.vscode/
+.idea/
+*.swp
+*.swo
+

Dockerfile

@@ -1,47 +1,48 @@
-FROM alpine:latest
+# c4c2w - Container for Container2Wasm
+# Base: Official Docker-in-Docker image (no openrc dance needed)
+FROM docker:27-dind
 
-# Install necessary packages
-RUN apk update && apk add --no-cache \
-    docker \
-    openrc \
+# Tools for config parsing and file operations
+RUN apk add --no-cache \
     bash \
     curl \
-    iptables \
-    e2fsprogs \
-    fuse-overlayfs \
-    linux-headers \
-    util-linux \
-    shadow \
     git \
-    tar \
-    wget \
     jq \
-    yq
-
-# Install c2w binaries
-ENV C2W_VERSION="v0.6.4"
-RUN wget https://github.com/ktock/container2wasm/releases/download/${C2W_VERSION}/container2wasm-${C2W_VERSION}-linux-amd64.tar.gz && \
-    echo "Downloaded container2wasm-${C2W_VERSION}-linux-amd64.tar.gz" && \
-    tar -xzvf container2wasm-${C2W_VERSION}-linux-amd64.tar.gz && \
-    echo "Extracted container2wasm-${C2W_VERSION}-linux-amd64.tar.gz" && \
-    mv c2w /usr/local/bin/c2w && \
-    echo "Moved c2w to /usr/local/bin/" && \
-    mv c2w-net /usr/local/bin/c2w-net && \
-    echo "Moved c2w-net to /usr/local/bin/" && \
-    rm -rf container2wasm-${C2W_VERSION}-linux-amd64.tar.gz && \
-    echo "Cleaned up downloaded tar.gz file"
-
-# Add docker_entrypoint.sh script
-RUN mkdir -p /usr/local/bin/
-COPY docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
-RUN chmod +x /usr/local/bin/docker_entrypoint.sh
-
-# Copy the config.yaml file
-COPY config.yaml /usr/local/bin/config.yaml
-
-# Expose port 8080
-EXPOSE 8080
-
-# Set the entrypoint
-ENTRYPOINT ["/usr/local/bin/docker_entrypoint.sh"]
-CMD ["sh"]
+    yq \
+    tar \
+    gzip \
+    coreutils \
+    fuse-overlayfs \
+    ca-certificates
+
+# Install container2wasm (c2w + c2w-net)
+# Detect architecture and download appropriate binary
+ARG C2W_VERSION=v0.8.3
+RUN ARCH=$(uname -m) && \
+    case "$ARCH" in \
+        x86_64) C2W_ARCH="amd64" ;; \
+        aarch64) C2W_ARCH="arm64" ;; \
+        *) echo "Unsupported architecture: $ARCH" && exit 1 ;; \
+    esac && \
+    curl -fsSL -o /tmp/c2w.tgz \
+        "https://github.com/ktock/container2wasm/releases/download/${C2W_VERSION}/container2wasm-${C2W_VERSION}-linux-${C2W_ARCH}.tar.gz" \
+ && tar -xzf /tmp/c2w.tgz -C /usr/local/bin c2w c2w-net \
+ && rm -f /tmp/c2w.tgz \
+ && chmod +x /usr/local/bin/c2w /usr/local/bin/c2w-net
+
+# Docker daemon config: use vfs storage driver for maximum compatibility in nested Docker
+# (slower but works reliably in DinD scenarios)
+RUN mkdir -p /etc/docker \
+ && printf '{\n  "storage-driver": "vfs"\n}\n' > /etc/docker/daemon.json
+
+WORKDIR /work
+
+COPY config.yaml /work/config.yaml
+COPY entrypoint.sh /work/entrypoint.sh
+RUN chmod +x /work/entrypoint.sh
+
+# /out will be a bind mount from host
+VOLUME ["/out"]
+
+ENTRYPOINT ["/work/entrypoint.sh"]
+