pytmbot

pyTMbot Docker Image

Docker Pulls Image Size GitHub Release

A secure, lightweight Docker container for pyTMbot - your Telegram-based monitoring and management solution.

Quick Reference

Security Features

Supply Chain Security

pyTMbot follows modern software supply chain security practices, with each release image providing:

Software Bill of Materials (SBOM)

The SBOM provides a complete inventory of all components and dependencies in the image:

# Get SBOM in SPDX format
docker buildx imagetools inspect orenlab/pytmbot:latest \
  --format "" > sbom.spdx.json

# Get SBOM in CycloneDX format
docker buildx imagetools inspect orenlab/pytmbot:latest \
  --format "" > sbom.cyclonedx.json

SLSA Provenance

The Provenance attestation contains cryptographically signed build information including:

To verify Provenance:

# Get Provenance attestation
docker buildx imagetools inspect orenlab/pytmbot:latest \
  --format "" > provenance.json

# Verify signature using cosign
cosign verify-attestation orenlab/pytmbot:latest

Image Verification

Release images are signed using cosign. Verify the signature:

# Install cosign if not installed
brew install cosign  # macOS
# or
sudo apt-get install cosign  # Ubuntu

# Verify image signature
cosign verify orenlab/pytmbot:latest

Prerequisites

Quick Start

# 1. Generate authentication salt
docker run --rm orenlab/pytmbot:latest --salt

# 2. Create config directory
mkdir -p /etc/pytmbot

# 3. Download sample config
curl -o /etc/pytmbot/config.yaml \
  https://raw.githubusercontent.com/orenlab/pytmbot/master/pytmbot.yaml.sample

# 4. Edit configuration
nano /etc/pytmbot/config.yaml

# 5. Run container
docker run -d \
  --name pytmbot \
  --restart unless-stopped \
  --env TZ="UTC" \
  --volume /etc/pytmbot/config.yaml:/opt/app/pytmbot.yaml:ro \
  --volume /var/run/docker.sock:/var/run/docker.sock:ro \
  --security-opt no-new-privileges \
  --read-only \
  --cap-drop ALL \
  --pid host \
  orenlab/pytmbot:latest

Docker Compose Usage

services:
  pytmbot:
    image: orenlab/pytmbot:latest
    container_name: pytmbot
    restart: unless-stopped
    environment:
      - TZ=UTC
    volumes:
      - /etc/pytmbot/config.yaml:/opt/app/pytmbot.yaml:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    security_opt:
      - no-new-privileges
    read_only: true
    cap_drop:
      - ALL
    pid: host
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

Configuration

Environment Variables

Variable Description Default
TZ Container timezone UTC

Volume Mounts

Path Purpose
/opt/app/pytmbot.yaml Main configuration file
/var/run/docker.sock Docker socket for container monitoring

Plugin System

pyTMbot supports various plugins to extend functionality:

Core Plugins

Enable plugins via command line argument:

docker run ... orenlab/pytmbot:latest --plugins monitor,outline

Health Checks

The container includes built-in health checks that monitor:

Upgrading

# Pull latest version
docker pull orenlab/pytmbot:latest

# Stop current container
docker stop pytmbot
docker rm pytmbot

# Start new container
docker run ... # (use same run command as above)

Reproducible Builds

Each release image is built in an isolated GitHub Actions environment with pinned dependency versions. The build process is fully automated and reproducible. The GitHub Action source code is available in the repository.

Troubleshooting

Common Issues

  1. Configuration errors: 
    docker logs pytmbot
  2. Permission issues:
    • Ensure Docker socket has correct permissions
    • Verify configuration file ownership
  3. Network connectivity: 
    docker exec pytmbot ping -c 1 api.telegram.org

Resource Usage

Development

See our Contributing Guidelines for information on:

Support

License

Released under the MIT License.

This site is open source. Improve this page.