From 1e492373febd868700d2ab4c68ff7a6b51db4c2b Mon Sep 17 00:00:00 2001 From: ajgon Date: Sat, 2 Dec 2023 09:33:31 +0000 Subject: [PATCH] chore(workflow): update github actions scripts --- .github/labeler.yaml | 10 +++ .github/labels.yaml | 39 ++++++++++++ .github/renovate-bot.json5 | 5 ++ .github/renovate.json5 | 25 ++++++++ .github/renovate/autoMerge.json5 | 14 +++++ .github/renovate/commitMessage.json5 | 12 ++++ .../customManagers.json5} | 14 ++--- .github/renovate/labels.json5 | 33 ++++++++++ .github/renovate/semanticCommits.json5 | 62 +++++++++++++++++++ .github/scripts/templates/README.md.j2 | 18 +++--- .github/workflows/deploy.yaml | 32 +++++++--- .github/workflows/lint.yaml | 47 -------------- .github/workflows/linter.yaml | 53 ++++++++++++++++ .github/workflows/meta-labeler.yaml | 29 +++++++++ .github/workflows/meta-sync-labels.yaml | 37 +++++++++++ .github/workflows/on-merge-master.yaml | 6 +- .github/workflows/on-pr.yaml | 5 +- .github/workflows/prepare-matrix.yaml | 16 ++++- .github/workflows/render-readme.yaml | 22 +++++-- .github/workflows/renovate.yaml | 62 +++++++++++++++++++ .github/workflows/test.yaml | 29 ++++++--- README.md | 18 +++--- Taskfile.yaml | 4 +- apps/ubuntu/Dockerfile | 2 + 24 files changed, 487 insertions(+), 107 deletions(-) create mode 100644 .github/labeler.yaml create mode 100644 .github/labels.yaml create mode 100644 .github/renovate-bot.json5 create mode 100644 .github/renovate.json5 create mode 100644 .github/renovate/autoMerge.json5 create mode 100644 .github/renovate/commitMessage.json5 rename .github/{renovate.json => renovate/customManagers.json5} (83%) create mode 100644 .github/renovate/labels.json5 create mode 100644 .github/renovate/semanticCommits.json5 delete mode 100644 .github/workflows/lint.yaml create mode 100644 .github/workflows/linter.yaml create mode 100644 .github/workflows/meta-labeler.yaml create mode 100644 .github/workflows/meta-sync-labels.yaml create mode 100644 .github/workflows/renovate.yaml diff --git a/.github/labeler.yaml b/.github/labeler.yaml new file mode 100644 index 00000000..8e176b2c --- /dev/null +++ b/.github/labeler.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: disabled +area/github: + - ".github/**/*" +area/kubernetes: + - "kubernetes/**/*" +area/hack: + - "hack/**/*" +area/tofu: + - "tofu/**/*" diff --git a/.github/labels.yaml b/.github/labels.yaml new file mode 100644 index 00000000..1a24a366 --- /dev/null +++ b/.github/labels.yaml @@ -0,0 +1,39 @@ +--- +# yaml-language-server: disabled +# Area +- name: area/github + color: "72ccf3" + description: >- + Changes made in the github directory +- name: area/kubernetes + color: "72ccf3" + description: >- + Changes made in the kubernetes directory +- name: area/hack + color: "72ccf3" + description: >- + Changes made in the hack directory +- name: area/tofu + color: "72ccf3" + description: >- + Changes made in the tofu directory +# Renovate +- name: renovate/container + color: "009485" +- name: renovate/github-action + color: "009485" +- name: renovate/github-release + color: "009485" +- name: renovate/helm + color: "009485" +- name: renovate/tofu + color: "009485" +# Semantic Type +- name: type/digest + color: "ffec19" +- name: type/patch + color: "ffec19" +- name: type/minor + color: "ff9800" +- name: type/major + color: "f6412d" diff --git a/.github/renovate-bot.json5 b/.github/renovate-bot.json5 new file mode 100644 index 00000000..353ca5dc --- /dev/null +++ b/.github/renovate-bot.json5 @@ -0,0 +1,5 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "username": "RoboDexo2000[bot]", + "gitAuthor": "RoboDexo2000 <150604236+RoboDexo2000[bot]@users.noreply.github.com>" +} diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 00000000..01ded926 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,25 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", + "docker:enableMajor", + ":disableRateLimiting", + ":dependencyDashboard", + ":semanticCommits", + ":automergeDigest", + ":automergeBranch", + ":automergePatch", + "github>dexters-ops/containers//.github/renovate/autoMerge.json5", + "github>dexters-ops/containers//.github/renovate/commitMessage.json5", + "github>dexters-ops/containers//.github/renovate/customManagers.json5", + "github>dexters-ops/containers//.github/renovate/labels.json5", + "github>dexters-ops/containers//.github/renovate/semanticCommits.json5" + ], + "platform": "github", + "onboarding": false, + "requireConfig": "optional", + "ignoreDeps": [ + "public.ecr.aws/docker/library/ubuntu", + "node" + ] +} diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5 new file mode 100644 index 00000000..3930b010 --- /dev/null +++ b/.github/renovate/autoMerge.json5 @@ -0,0 +1,14 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "description": "Auto merge GitHub Actions", + "matchManagers": ["github-actions"], + "matchDatasources": ["github-tags"], + "automerge": true, + "ignoreTests": true, + "automergeType": "branch", + "matchUpdateTypes": ["minor", "patch"] + } + ] +} diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5 new file mode 100644 index 00000000..52ae185e --- /dev/null +++ b/.github/renovate/commitMessage.json5 @@ -0,0 +1,12 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "to {{newVersion}}", + "commitMessageSuffix": "", + "packageRules": [ + { + "matchDatasources": ["docker"], + "commitMessageTopic": "image {{depName}}" + } + ] +} diff --git a/.github/renovate.json b/.github/renovate/customManagers.json5 similarity index 83% rename from .github/renovate.json rename to .github/renovate/customManagers.json5 index 93cb92ed..452b3de7 100644 --- a/.github/renovate.json +++ b/.github/renovate/customManagers.json5 @@ -1,14 +1,8 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "config:base", - ":disableRateLimiting", - ":skipStatusChecks", - "group:all", - "schedule:daily" - ], - "regexManagers": [ + "customManagers": [ { + "customType": "regex", "description": "Process metadata versions", "fileMatch": [ "apps/.+/metadata\\.json$" @@ -20,6 +14,7 @@ "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}docker{{/if}}", "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" }, { + "customType": "regex", "description": "Process renovate comments", "fileMatch": [ ".github/workflows/.*\\.ya?ml$" @@ -30,6 +25,5 @@ "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}docker{{/if}}", "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" } - ], - "ignoreDeps": ["public.ecr.aws/docker/library/ubuntu", "ghcr.io/ajgon/ubuntu", "node"] + ] } diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5 new file mode 100644 index 00000000..55095874 --- /dev/null +++ b/.github/renovate/labels.json5 @@ -0,0 +1,33 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "matchUpdateTypes": ["major"], + "labels": ["type/major"] + }, + { + "matchUpdateTypes": ["minor"], + "labels": ["type/minor"] + }, + { + "matchUpdateTypes": ["patch"], + "labels": ["type/patch"] + }, + { + "matchUpdateTypes": ["digest"], + "labels": ["type/digest"] + }, + { + "matchDatasources": ["docker"], + "addLabels": ["renovate/container"] + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "addLabels": ["renovate/github-release"] + }, + { + "matchManagers": ["github-actions"], + "addLabels": ["renovate/github-action"] + } + ] +} diff --git a/.github/renovate/semanticCommits.json5 b/.github/renovate/semanticCommits.json5 new file mode 100644 index 00000000..9ba0ef1a --- /dev/null +++ b/.github/renovate/semanticCommits.json5 @@ -0,0 +1,62 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "packageRules": [ + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(container)!: " + }, + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "container" + }, + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "container" + }, + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["digest"], + "semanticCommitType": "chore", + "semanticCommitScope": "container" + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(github-release)!: " + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "github-release" + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "github-release" + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(github-action)!: " + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "github-action" + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "github-action" + } + ] +} diff --git a/.github/scripts/templates/README.md.j2 b/.github/scripts/templates/README.md.j2 index 347f08ed..171b6d6e 100644 --- a/.github/scripts/templates/README.md.j2 +++ b/.github/scripts/templates/README.md.j2 @@ -13,18 +13,18 @@ _A Collection of Container Images Optimized for Kubernetes_
-![GitHub Repo stars](https://img.shields.io/github/stars/ajgon/containers?style=for-the-badge) -![GitHub forks](https://img.shields.io/github/forks/ajgon/containers?style=for-the-badge) +![GitHub Repo stars](https://img.shields.io/github/stars/dexters-ops/containers?style=for-the-badge) +![GitHub forks](https://img.shields.io/github/forks/dexters-ops/containers?style=for-the-badge)
-Welcome to my container images, if looking for a container start by [browsing the container packages](https://github.com/ajgon?tab=packages&repo_name=containers). +Welcome to my container images, if looking for a container start by [browsing the container packages](https://github.com/dexters-ops?tab=packages&repo_name=containers). ## Mission statement The goal of this project is to support containers for various applications, while following the best practices including: -- [Semating versioning](https://semver.org/) +- [Semantic versioning](https://semver.org/) - [Multiple architectures](https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/) - Security best practices - [Rootless PID 1](https://rootlesscontaine.rs/) @@ -60,10 +60,10 @@ A similar approach applies here, but instead of appending a `-ls69` or `-r420` p | Container | Immutable | |------------------------------------------------------|-----------| -| `ghcr.io/ajgon/paperless-ngx:latest` | ❌ | -| `ghcr.io/ajgon/paperless-ngx:1.17.4` | ❌ | -| `ghcr.io/ajgon/paperless-ngx:latest@sha256:613c...` | ✅ | -| `ghcr.io/ajgon/paperless-ngx:1.17.4@sha256:613c...` | ✅ | +| `ghcr.io/dexters-ops/paperless-ngx:latest` | ❌ | +| `ghcr.io/dexters-ops/paperless-ngx:1.17.4` | ❌ | +| `ghcr.io/dexters-ops/paperless-ngx:latest@sha256:613c...` | ✅ | +| `ghcr.io/dexters-ops/paperless-ngx:1.17.4@sha256:613c...` | ✅ | _If pinning an image to the sha256 digest, tools like [Renovate](https://github.com/renovatebot/renovate) support updating the container on a digest or application version change._ @@ -74,7 +74,7 @@ Each Image will be built with a `latest` tag, along with tags specific to it's v Container | Channel | Image | Latest Tags --- | --- | --- | --- {% for image in app_images | sort(attribute="name") -%} -[{{ image.name }}]({{ image.html_url }}) | {{ image.channel }} | ghcr.io/ajgon/{{ image.name }} | +[{{ image.name }}]({{ image.html_url }}) | {{ image.channel }} | ghcr.io/dexters-ops/{{ image.name }} | {%- set space = joiner(" ") -%} {%- for tag in image.tags -%} {{ space() }}![{{ tag }}](https://img.shields.io/badge/{{ tag.replace("-", "--") }}-{% if tag == "latest" %}green{% else %}blue{% endif %}?style=flat-square) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 8c60cc99..91484fca 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -1,3 +1,4 @@ +# yamllint disable rule:comments --- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Create and publish a Docker images @@ -8,7 +9,8 @@ env: jobs: prepare-matrix: - uses: ajgon/containers/.github/workflows/prepare-matrix.yaml@master + uses: dexters-ops/containers/.github/workflows/prepare-matrix.yaml@master + secrets: inherit deploy: needs: prepare-matrix @@ -21,8 +23,17 @@ jobs: fail-fast: false # yamllint disable rule:line-length steps: - - uses: actions/checkout@v4 + - name: Generate Token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + id: generate-token with: + app_id: "${{ secrets.BOT_APP_ID }}" + private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + token: "${{ steps.generate-token.outputs.token }}" fetch-depth: 1 - name: Setup workflow Variables @@ -64,28 +75,28 @@ jobs: echo "tags=${tags}" >> $GITHUB_OUTPUT - name: Setup QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 with: image: "public.ecr.aws/eks-distro-build-tooling/binfmt-misc:qemu-v7.0.0" - name: Setup Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 with: version: latest driver-opts: | image=public.ecr.aws/vend/moby/buildkit:buildx-stable-1 - name: Setup GHCR - uses: docker/login-action@v3 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ${{ env.IMAGE_REGISTRY }} username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + password: "${{ steps.generate-token.outputs.token }}" - name: Build all platforms id: release - uses: docker/build-push-action@v5 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: build-args: |- BASEIMGVERSION=${{ steps.vars.outputs.baseimg_build_version }} @@ -96,9 +107,9 @@ jobs: ${{ steps.vars.outputs.label_type }}.title="${{ matrix.apps.app }} (${{ matrix.apps.channel }})" ${{ steps.vars.outputs.label_type }}.version="${{ steps.vars.outputs.build_version }}" ${{ steps.vars.outputs.label_type }}.authors="Igor Rzegocki " - ${{ steps.vars.outputs.label_type }}.url="https://github.com/ajgon/containers/tree/master/apps/${{ matrix.apps.app }}" - ${{ steps.vars.outputs.label_type }}.build.url="https://github.com/ajgon/containers/actions/runs/${{ github.run_id }}" - ${{ steps.vars.outputs.label_type }}.documentation="https://github.com/ajgon/containers/tree/master/apps/${{ matrix.apps.app }}/README.md" + ${{ steps.vars.outputs.label_type }}.url="https://github.com/dexters-ops/containers/tree/master/apps/${{ matrix.apps.app }}" + ${{ steps.vars.outputs.label_type }}.build.url="https://github.com/dexters-ops/containers/actions/runs/${{ github.run_id }}" + ${{ steps.vars.outputs.label_type }}.documentation="https://github.com/dexters-ops/containers/tree/master/apps/${{ matrix.apps.app }}/README.md" ${{ steps.vars.outputs.label_type }}.revision="${{ github.sha }}" context: apps/${{ matrix.apps.app }} platforms: ${{ steps.vars.outputs.platforms }} @@ -123,3 +134,4 @@ jobs: - name: Check build matrix status if: ${{ needs.deploy.result != 'success' && needs.deploy.result != 'skipped' }} run: exit 1 +# yamllint enable rule:comments diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml deleted file mode 100644 index e9169a8f..00000000 --- a/.github/workflows/lint.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -name: Run all the linters -'on': workflow_call - -jobs: - lint: - name: Run linters - runs-on: ubuntu-latest - steps: - - name: Check out repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Setup CUE - uses: cue-lang/setup-cue@v1.0.0 - - - name: "Linter: CUE" - shell: bash - run: |- - cue vet --schema '#Spec' ./apps/*/metadata.json ./metadata.rules.cue - - - name: "Linter: hadolint" - uses: jbergstroem/hadolint-gh-action@v1 - with: - annotate: true - dockerfile: "apps/*/Dockerfile" - error_level: 1 - # renovate: datasource=github-releases depName=hadolint/hadolint - version: 2.12.0 - - - name: "Linter: shellcheck" - uses: ludeeus/action-shellcheck@master - with: - severity: warning - # renovate: datasource=github-releases depName=koalaman/shellcheck - version: v0.9.0 - - - name: "Linter: yamllint" - uses: karancode/yamllint-github-action@master - with: - yamllint_strict: true - yamllint_config_filepath: ./.yamllint - yamllint_comment: true - env: - GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml new file mode 100644 index 00000000..03d20be6 --- /dev/null +++ b/.github/workflows/linter.yaml @@ -0,0 +1,53 @@ +# yamllint disable rule:comments +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: Run all the linters +'on': workflow_call + +jobs: + lint: + name: Run linters + runs-on: ubuntu-latest + steps: + - name: Generate Token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + id: generate-token + with: + app_id: "${{ secrets.BOT_APP_ID }}" + private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + token: "${{ steps.generate-token.outputs.token }}" + fetch-depth: 1 + + - name: Setup CUE + uses: cue-lang/setup-cue@1713281ae501e533ff06108005dffeab9e2e5203 # v1.0.0 + + - name: "Linter: CUE" + shell: bash + run: |- + cue vet --schema '#Spec' ./apps/*/metadata.json ./metadata.rules.cue + + - name: "Linter: hadolint" + uses: jbergstroem/hadolint-gh-action@eac45b98f6d761309202bd201205a8f8c988bfad # v1.11.0 + with: + annotate: true + dockerfile: "apps/*/Dockerfile" + error_level: 1 + + - name: "Linter: shellcheck" + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 + with: + severity: warning + + - name: "Linter: yamllint" + uses: karancode/yamllint-github-action@fdef6bc189425ecc84cc4543b2674566c0827053 # v2.1.1 + with: + yamllint_strict: true + yamllint_config_filepath: ./.yamllint + yamllint_comment: true + env: + GITHUB_ACCESS_TOKEN: "${{ steps.generate-token.outputs.token }}" +# yamllint enable rule:comments diff --git a/.github/workflows/meta-labeler.yaml b/.github/workflows/meta-labeler.yaml new file mode 100644 index 00000000..83064ecd --- /dev/null +++ b/.github/workflows/meta-labeler.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:comments +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Meta Labeler" + +'on': + workflow_dispatch: + pull_request: + branches: + - master + +jobs: + labeler: + name: Labeler + runs-on: ubuntu-latest + steps: + - name: Generate Token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + id: generate-token + with: + app_id: "${{ secrets.BOT_APP_ID }}" + private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Labeler + uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0 + with: + configuration-path: .github/labeler.yaml + repo-token: "${{ steps.generate-token.outputs.token }}" +# yamllint enable rule:comments diff --git a/.github/workflows/meta-sync-labels.yaml b/.github/workflows/meta-sync-labels.yaml new file mode 100644 index 00000000..0e8014fe --- /dev/null +++ b/.github/workflows/meta-sync-labels.yaml @@ -0,0 +1,37 @@ +# yamllint disable rule:comments +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Meta Sync labels" + +'on': + workflow_dispatch: + push: + branches: + - master + paths: + - .github/labels.yaml + +jobs: + labels: + name: Sync Labels + runs-on: ubuntu-latest + steps: + - name: Generate Token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + id: generate-token + with: + app_id: "${{ secrets.BOT_APP_ID }}" + private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + token: "${{ steps.generate-token.outputs.token }}" + + - name: Sync Labels + uses: EndBug/label-sync@da00f2c11fdb78e4fae44adac2fdd713778ea3e8 # v2.3.2 + with: + config-file: .github/labels.yaml + token: "${{ steps.generate-token.outputs.token }}" + delete-other-labels: true +# yamllint enable rule:comments diff --git a/.github/workflows/on-merge-master.yaml b/.github/workflows/on-merge-master.yaml index c4f351fd..38832797 100644 --- a/.github/workflows/on-merge-master.yaml +++ b/.github/workflows/on-merge-master.yaml @@ -8,8 +8,10 @@ name: Deploy image jobs: deploy: - uses: ajgon/containers/.github/workflows/deploy.yaml@master + uses: dexters-ops/containers/.github/workflows/deploy.yaml@master + secrets: inherit build-readme: needs: deploy - uses: ajgon/containers/.github/workflows/render-readme.yaml@master + uses: dexters-ops/containers/.github/workflows/render-readme.yaml@master + secrets: inherit diff --git a/.github/workflows/on-pr.yaml b/.github/workflows/on-pr.yaml index eb324edf..1e0d09a2 100644 --- a/.github/workflows/on-pr.yaml +++ b/.github/workflows/on-pr.yaml @@ -5,8 +5,9 @@ name: Validate pull request jobs: lint: - uses: ajgon/containers/.github/workflows/lint.yaml@master + uses: dexters-ops/containers/.github/workflows/lint.yaml@master + secrets: inherit test: - uses: ajgon/containers/.github/workflows/test.yaml@master + uses: dexters-ops/containers/.github/workflows/test.yaml@master secrets: inherit diff --git a/.github/workflows/prepare-matrix.yaml b/.github/workflows/prepare-matrix.yaml index 933d56b8..d71f3468 100644 --- a/.github/workflows/prepare-matrix.yaml +++ b/.github/workflows/prepare-matrix.yaml @@ -1,3 +1,4 @@ +# yamllint disable rule:comments --- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Prepare matrix of changed images @@ -14,14 +15,22 @@ jobs: outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - - uses: actions/checkout@v4 + - name: Generate Token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + id: generate-token with: + app_id: "${{ secrets.BOT_APP_ID }}" + private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + token: "${{ steps.generate-token.outputs.token }}" fetch-depth: 0 - # Example 1 - name: Get changed files id: changed-files - uses: tj-actions/changed-files@v40 + uses: tj-actions/changed-files@da093c1609db0edd0a037ce9664e135f74bf30d9 # v40.2.0 - name: Setup matrix id: set-matrix @@ -43,3 +52,4 @@ jobs: done matrix="${matrix}]" sed -E 's@,\]@]@g' <<< "matrix=${matrix}" >> $GITHUB_OUTPUT +# yamllint enable rule:comments diff --git a/.github/workflows/render-readme.yaml b/.github/workflows/render-readme.yaml index 098a1c45..ce7b9fb2 100644 --- a/.github/workflows/render-readme.yaml +++ b/.github/workflows/render-readme.yaml @@ -1,3 +1,4 @@ +# yamllint disable rule:comments --- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: "Render Readme" @@ -9,11 +10,20 @@ jobs: name: Render README runs-on: ubuntu-latest steps: + - name: Generate Token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + id: generate-token + with: + app_id: "${{ secrets.BOT_APP_ID }}" + private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + token: "${{ steps.generate-token.outputs.token }}" - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: '3.11' cache: 'pip' # caching pip dependencies @@ -24,12 +34,16 @@ jobs: - name: Render README env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: "${{ steps.generate-token.outputs.token }}" run: | python ./.github/scripts/render-readme.py - name: Commit Changes - uses: stefanzweifel/git-auto-commit-action@v5 + uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 with: commit_message: "docs: render README.md" file_pattern: "README.md" + commit_user_name: "RoboDexo2000[bot]" + commit_user_email: "150604236+RoboDexo2000[bot]@users.noreply.github.com" + commit_author: "RoboDexo2000 <150604236+RoboDexo2000[bot]@users.noreply.github.com>" +# yamllint enable rule:comments diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 00000000..31248ec9 --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,62 @@ +# yamllint disable rule:comments +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Renovate" + +'on': + workflow_dispatch: + inputs: + dryRun: + description: Dry-Run + default: "false" + required: false + logLevel: + description: Log-Level + default: info + required: false + schedule: + - cron: "0 * * * *" + push: + branches: + - master + paths: + - .github/renovate-bot.json5 + - .github/renovate.json5 + - .github/renovate/**.json5 + +env: + LOG_LEVEL: info + RENOVATE_DRY_RUN: false + RENOVATE_CONFIG_FILE: .github/renovate-bot.json5 + RENOVATE_AUTODISCOVER: true + RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}" + +jobs: + renovate: + name: Renovate + runs-on: ubuntu-latest + steps: + - name: Generate Token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + id: generate-token + with: + app_id: "${{ secrets.BOT_APP_ID }}" + private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + token: "${{ steps.generate-token.outputs.token }}" + + - name: Override default config from dispatch variables + shell: bash + run: | + echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.RENOVATE_DRY_RUN }}" >> "${GITHUB_ENV}" + echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "${GITHUB_ENV}" + + - name: Renovate + uses: renovatebot/github-action@5d3fbef92a76cbf78f5732d17c07a2e76e6f7555 # v39.1.4 + with: + configurationFile: "${{ env.RENOVATE_CONFIG_FILE }}" + token: "${{ steps.generate-token.outputs.token }}" +# yamllint enable rule:comments diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 92ba893a..94c41850 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -8,7 +8,8 @@ env: jobs: prepare-matrix: - uses: ajgon/containers/.github/workflows/prepare-matrix.yaml@master + uses: dexters-ops/containers/.github/workflows/prepare-matrix.yaml@master + secrets: inherit test: needs: prepare-matrix @@ -21,8 +22,17 @@ jobs: fail-fast: false # yamllint disable rule:line-length steps: - - uses: actions/checkout@v4 + - name: Generate Token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + id: generate-token with: + app_id: "${{ secrets.BOT_APP_ID }}" + private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + token: "${{ steps.generate-token.outputs.token }}" fetch-depth: 1 - name: Setup workflow Variables @@ -44,24 +54,25 @@ jobs: fi - name: Setup Goss - uses: e1himself/goss-installation-action@v1.1.0 - with: - # renovate: datasource=github-releases depName=goss-org/goss - version: v0.4.4 + uses: e1himself/goss-installation-action@3b8952d233bcc9bb8e901ec819d8cde6daa7f546 # v1.1.0 - name: Setup Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + with: + version: latest + driver-opts: | + image=public.ecr.aws/vend/moby/buildkit:buildx-stable-1 - name: Check tests existence id: check_ci - uses: andstor/file-existence-action@v2 + uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2.0.0 with: files: apps/${{ matrix.apps.app }}/ci fail: false - name: Build container image for testing and snyk - uses: docker/build-push-action@v5 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: build-args: |- BASEIMGVERSION=${{ steps.vars.outputs.baseimg_build_version }} diff --git a/README.md b/README.md index 52a5b069..599a7168 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,8 @@ _A Collection of Container Images Optimized for Kubernetes_
-![GitHub Repo stars](https://img.shields.io/github/stars/ajgon/containers?style=for-the-badge) -![GitHub forks](https://img.shields.io/github/forks/ajgon/containers?style=for-the-badge) +![GitHub Repo stars](https://img.shields.io/github/stars/dexters-ops/containers?style=for-the-badge) +![GitHub forks](https://img.shields.io/github/forks/dexters-ops/containers?style=for-the-badge)
@@ -73,12 +73,12 @@ Each Image will be built with a `latest` tag, along with tags specific to it's v Container | Channel | Image | Latest Tags --- | --- | --- | --- -[authelia](https://github.com/ajgon/containers/pkgs/container/authelia) | stable | ghcr.io/ajgon/authelia |![4](https://img.shields.io/badge/4-blue?style=flat-square) ![4.37](https://img.shields.io/badge/4.37-blue?style=flat-square) ![4.37.5](https://img.shields.io/badge/4.37.5-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) -[lldap](https://github.com/ajgon/containers/pkgs/container/lldap) | stable | ghcr.io/ajgon/lldap |![0](https://img.shields.io/badge/0-blue?style=flat-square) ![0.5](https://img.shields.io/badge/0.5-blue?style=flat-square) ![0.5.0](https://img.shields.io/badge/0.5.0-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) -[lldap-devel](https://github.com/ajgon/containers/pkgs/container/lldap-devel) | devel | ghcr.io/ajgon/lldap-devel |![0](https://img.shields.io/badge/0-blue?style=flat-square) ![0.5](https://img.shields.io/badge/0.5-blue?style=flat-square) ![0.5.1](https://img.shields.io/badge/0.5.1-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) -[maddy](https://github.com/ajgon/containers/pkgs/container/maddy) | stable | ghcr.io/ajgon/maddy |![0](https://img.shields.io/badge/0-blue?style=flat-square) ![0.7](https://img.shields.io/badge/0.7-blue?style=flat-square) ![0.7.0](https://img.shields.io/badge/0.7.0-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) -[postgres-init](https://github.com/ajgon/containers/pkgs/container/postgres-init) | stable | ghcr.io/ajgon/postgres-init |![16](https://img.shields.io/badge/16-blue?style=flat-square) ![16.1](https://img.shields.io/badge/16.1-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) -[postgres-logical-backup](https://github.com/ajgon/containers/pkgs/container/postgres-logical-backup) | stable | ghcr.io/ajgon/postgres-logical-backup |![16](https://img.shields.io/badge/16-blue?style=flat-square) ![16.1](https://img.shields.io/badge/16.1-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) +[authelia](https://github.com/dexters-ops/containers/pkgs/container/authelia) | stable | ghcr.io/ajgon/authelia |![4](https://img.shields.io/badge/4-blue?style=flat-square) ![4.37](https://img.shields.io/badge/4.37-blue?style=flat-square) ![4.37.5](https://img.shields.io/badge/4.37.5-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) +[lldap](https://github.com/dexters-ops/containers/pkgs/container/lldap) | stable | ghcr.io/ajgon/lldap |![0](https://img.shields.io/badge/0-blue?style=flat-square) ![0.5](https://img.shields.io/badge/0.5-blue?style=flat-square) ![0.5.0](https://img.shields.io/badge/0.5.0-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) +[lldap-devel](https://github.com/dexters-ops/containers/pkgs/container/lldap-devel) | devel | ghcr.io/ajgon/lldap-devel |![0](https://img.shields.io/badge/0-blue?style=flat-square) ![0.5](https://img.shields.io/badge/0.5-blue?style=flat-square) ![0.5.1](https://img.shields.io/badge/0.5.1-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) +[maddy](https://github.com/dexters-ops/containers/pkgs/container/maddy) | stable | ghcr.io/ajgon/maddy |![0](https://img.shields.io/badge/0-blue?style=flat-square) ![0.7](https://img.shields.io/badge/0.7-blue?style=flat-square) ![0.7.0](https://img.shields.io/badge/0.7.0-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) +[postgres-init](https://github.com/dexters-ops/containers/pkgs/container/postgres-init) | stable | ghcr.io/ajgon/postgres-init |![16](https://img.shields.io/badge/16-blue?style=flat-square) ![16.1](https://img.shields.io/badge/16.1-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) +[postgres-logical-backup](https://github.com/dexters-ops/containers/pkgs/container/postgres-logical-backup) | stable | ghcr.io/ajgon/postgres-logical-backup |![16](https://img.shields.io/badge/16-blue?style=flat-square) ![16.1](https://img.shields.io/badge/16.1-blue?style=flat-square) ![latest](https://img.shields.io/badge/latest-green?style=flat-square) ## Credits @@ -87,4 +87,4 @@ A lot of inspiration (and a lot of copy-pasting to be honest) are thanks to the \ No newline at end of file +--> diff --git a/Taskfile.yaml b/Taskfile.yaml index 4983492d..6a9b0066 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -92,8 +92,8 @@ tasks: --label '{{ .LABEL_TYPE }}.title={{ .APP }} ({{ .CHANNEL }})' \ --label '{{ .LABEL_TYPE }}.version={{ .VERSION }}' \ --label '{{ .LABEL_TYPE }}.authors=Igor Rzegocki ' \ - --label '{{ .LABEL_TYPE }}.url=https://github.com/ajgon/containers/tree/master/apps/{{ .APP }}' \ - --label '{{ .LABEL_TYPE }}.documentation=https://github.com/ajgon/containers/tree/master/apps/{{ .APP }}/README.md' \ + --label '{{ .LABEL_TYPE }}.url=https://github.com/dexters-ops/containers/tree/master/apps/{{ .APP }}' \ + --label '{{ .LABEL_TYPE }}.documentation=https://github.com/dexters-ops/containers/tree/master/apps/{{ .APP }}/README.md' \ -f apps/{{ .APP }}/Dockerfile apps/{{ .APP }} done # yamllint enable diff --git a/apps/ubuntu/Dockerfile b/apps/ubuntu/Dockerfile index ee2c7f4e..c776ae76 100644 --- a/apps/ubuntu/Dockerfile +++ b/apps/ubuntu/Dockerfile @@ -75,3 +75,5 @@ COPY --chmod=0755 --chown=65000:65000 base-entrypoint.sh /usr/local/bin/base-ent ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/base-entrypoint.sh"] CMD ["/bin/bash"] + +# ee