refactor: docker to integrate lxde container

.github/workflows/lxde-publish.yml

@@ -0,0 +1,70 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches: [ main, master ]
+    tags: [ 'v*' ]
+  pull_request:
+    branches: [ main, master ]
+  workflow_dispatch:  # Allow manual triggering
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha,format=short
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        id: build-push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: lxde-debian.dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          outputs: type=docker,dest=/tmp/image.tar
+
+      - name: Get image size
+        id: image-size
+        run: |
+          # Load the image from the build step output
+          docker load < /tmp/image.tar
+          # Get the image ID from the loaded image
+          IMAGE_ID=$(docker images --format "{{.ID}}" | head -n 1)
+          echo "Using image ID: $IMAGE_ID"
+          # Get the image size
+          SIZE=$(docker image inspect $IMAGE_ID --format='{{.Size}}')
+          SIZE_MB=$(echo "scale=2; $SIZE/1024/1024" | bc)
+          echo "size=$SIZE_MB MB" >> $GITHUB_OUTPUT
+          echo "Image size: $SIZE_MB MB"

.github/workflows/lxde-security-scan.yml

@@ -0,0 +1,140 @@
+name: Docker Security Scan
+
+on:
+  pull_request:
+    branches: [ main, master ]
+
+jobs:
+  security-scan:
+    name: Docker Build and Security Scan
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      security-events: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: lxde-debian.dockerfile
+          push: false
+          load: true
+          tags: test-image:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Get image size
+        id: image-size
+        run: |
+          SIZE=$(docker image inspect test-image:${{ github.sha }} --format='{{.Size}}')
+          SIZE_MB=$(echo "scale=2; $SIZE/1024/1024" | bc)
+          echo "size=$SIZE_MB MB" >> $GITHUB_OUTPUT
+
+      - name: Check image health
+        id: image-health
+        run: |
+          if docker run --rm --entrypoint sh test-image:${{ github.sha }} -c "exit 0"; then
+            echo "status=✅ Image is healthy" >> $GITHUB_OUTPUT
+          else
+            echo "status=❌ Image health check failed" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Run Trivy vulnerability scanner
+        id: trivy-scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: test-image:${{ github.sha }}
+          format: 'table'
+          output: 'trivy-results.txt'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Generate Trivy SARIF output
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: test-image:${{ github.sha }}
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Count vulnerabilities
+        id: count-vulns
+        run: |
+          CRITICAL=$(grep -c "CRITICAL" trivy-results.txt || echo 0)
+          HIGH=$(grep -c "HIGH" trivy-results.txt || echo 0)
+          MEDIUM=$(grep -c "MEDIUM" trivy-results.txt || echo 0)
+          echo "critical=$CRITICAL" >> $GITHUB_OUTPUT
+          echo "high=$HIGH" >> $GITHUB_OUTPUT
+          echo "medium=$MEDIUM" >> $GITHUB_OUTPUT
+
+      - name: Create PR comment
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require('fs');
+            let trivyOutput = '';
+            try {
+              const trivyFile = fs.readFileSync('trivy-results.txt', 'utf8');
+              trivyOutput = '```\n' + trivyFile.substring(0, 10000) + '\n```';
+              if (trivyFile.length > 10000) {
+                trivyOutput += '\n... (output truncated)';
+              }
+            } catch (error) {
+              trivyOutput = 'Error reading vulnerability scan results.';
+            }
+
+            const imageSize = process.env.IMAGE_SIZE;
+            const imageHealth = process.env.IMAGE_HEALTH;
+            const criticalCount = process.env.CRITICAL_COUNT;
+            const highCount = process.env.HIGH_COUNT;
+            const mediumCount = process.env.MEDIUM_COUNT;
+
+            const securityStatus = criticalCount > 0 || highCount > 0 
+              ? '❌ Security issues found' 
+              : '✅ No critical/high vulnerabilities';
+
+            const body = `## Docker Image Analysis
+
+            ### Image Status
+            - ${imageHealth}
+            - Image Size: ${imageSize}
+            - Security Status: ${securityStatus}
+
+            ### Vulnerability Summary
+            - Critical: ${criticalCount}
+            - High: ${highCount}
+            - Medium: ${mediumCount}
+
+            <details>
+            <summary>View Full Security Scan Results</summary>
+
+            ${trivyOutput}
+            </details>
+            `;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: body
+            });
+        env:
+          IMAGE_SIZE: ${{ steps.image-size.outputs.size }}
+          IMAGE_HEALTH: ${{ steps.image-health.outputs.status }}
+          CRITICAL_COUNT: ${{ steps.count-vulns.outputs.critical }}
+          HIGH_COUNT: ${{ steps.count-vulns.outputs.high }}
+          MEDIUM_COUNT: ${{ steps.count-vulns.outputs.medium }}

README.md

@@ -73,7 +73,6 @@ docker run -d -p 3389:3389 \
 - `debian.dockerfile` - Docker build instructions.
 - `supervisord.conf` - Supervisor configuration.
 - `conf.d/` - Supervisor program configs.
-- `browser_conf/` - Browser supervisor configs.
 - `base_entrypoint.sh` - Main entrypoint script.
 - `customizable_entrypoint.sh` - Entrypoint for custom startup logic.
 - `custom_entrypoints_scripts/` - Place your custom scripts here.