Skip to content

Commit

Permalink
chore(workflow): update github actions scripts
Browse files Browse the repository at this point in the history
  • Loading branch information
ajgon committed Dec 2, 2023
1 parent ee18154 commit 642e07a
Show file tree
Hide file tree
Showing 24 changed files with 486 additions and 106 deletions.
10 changes: 10 additions & 0 deletions .github/labeler.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
# yaml-language-server: disabled
area/github:
- ".github/**/*"
area/kubernetes:
- "kubernetes/**/*"
area/hack:
- "hack/**/*"
area/tofu:
- "tofu/**/*"
39 changes: 39 additions & 0 deletions .github/labels.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
# yaml-language-server: disabled
# Area
- name: area/github
color: "72ccf3"
description: >-
Changes made in the github directory
- name: area/kubernetes
color: "72ccf3"
description: >-
Changes made in the kubernetes directory
- name: area/hack
color: "72ccf3"
description: >-
Changes made in the hack directory
- name: area/tofu
color: "72ccf3"
description: >-
Changes made in the tofu directory
# Renovate
- name: renovate/container
color: "009485"
- name: renovate/github-action
color: "009485"
- name: renovate/github-release
color: "009485"
- name: renovate/helm
color: "009485"
- name: renovate/tofu
color: "009485"
# Semantic Type
- name: type/digest
color: "ffec19"
- name: type/patch
color: "ffec19"
- name: type/minor
color: "ff9800"
- name: type/major
color: "f6412d"
5 changes: 5 additions & 0 deletions .github/renovate-bot.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"username": "RoboDexo2000[bot]",
"gitAuthor": "RoboDexo2000 <150604236+RoboDexo2000[bot]@users.noreply.github.com>"
}
25 changes: 25 additions & 0 deletions .github/renovate.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
"docker:enableMajor",
":disableRateLimiting",
":dependencyDashboard",
":semanticCommits",
":automergeDigest",
":automergeBranch",
":automergePatch",
"github>dexters-ops/containers//.github/renovate/autoMerge.json5",
"github>dexters-ops/containers//.github/renovate/commitMessage.json5",
"github>dexters-ops/containers//.github/renovate/customManagers.json5",
"github>dexters-ops/containers//.github/renovate/labels.json5",
"github>dexters-ops/containers//.github/renovate/semanticCommits.json5"
],
"platform": "github",
"onboarding": false,
"requireConfig": "optional",
"ignoreDeps": [
"public.ecr.aws/docker/library/ubuntu",
"node"
]
}
14 changes: 14 additions & 0 deletions .github/renovate/autoMerge.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"packageRules": [
{
"description": "Auto merge GitHub Actions",
"matchManagers": ["github-actions"],
"matchDatasources": ["github-tags"],
"automerge": true,
"ignoreTests": true,
"automergeType": "branch",
"matchUpdateTypes": ["minor", "patch"]
}
]
}
12 changes: 12 additions & 0 deletions .github/renovate/commitMessage.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"commitMessageTopic": "{{depName}}",
"commitMessageExtra": "to {{newVersion}}",
"commitMessageSuffix": "",
"packageRules": [
{
"matchDatasources": ["docker"],
"commitMessageTopic": "image {{depName}}"
}
]
}
14 changes: 4 additions & 10 deletions .github/renovate.json → .github/renovate/customManagers.json5
Original file line number Diff line number Diff line change
@@ -1,14 +1,8 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base",
":disableRateLimiting",
":skipStatusChecks",
"group:all",
"schedule:daily"
],
"regexManagers": [
"customManagers": [
{
"customType": "regex",
"description": "Process metadata versions",
"fileMatch": [
"apps/.+/metadata\\.json$"
Expand All @@ -20,6 +14,7 @@
"datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}docker{{/if}}",
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
}, {
"customType": "regex",
"description": "Process renovate comments",
"fileMatch": [
".github/workflows/.*\\.ya?ml$"
Expand All @@ -30,6 +25,5 @@
"datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}docker{{/if}}",
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
}
],
"ignoreDeps": ["public.ecr.aws/docker/library/ubuntu", "ghcr.io/ajgon/ubuntu", "node"]
]
}
33 changes: 33 additions & 0 deletions .github/renovate/labels.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"packageRules": [
{
"matchUpdateTypes": ["major"],
"labels": ["type/major"]
},
{
"matchUpdateTypes": ["minor"],
"labels": ["type/minor"]
},
{
"matchUpdateTypes": ["patch"],
"labels": ["type/patch"]
},
{
"matchUpdateTypes": ["digest"],
"labels": ["type/digest"]
},
{
"matchDatasources": ["docker"],
"addLabels": ["renovate/container"]
},
{
"matchDatasources": ["github-releases", "github-tags"],
"addLabels": ["renovate/github-release"]
},
{
"matchManagers": ["github-actions"],
"addLabels": ["renovate/github-action"]
}
]
}
62 changes: 62 additions & 0 deletions .github/renovate/semanticCommits.json5
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"packageRules": [
{
"matchDatasources": ["docker"],
"matchUpdateTypes": ["major"],
"commitMessagePrefix": "feat(container)!: "
},
{
"matchDatasources": ["docker"],
"matchUpdateTypes": ["minor"],
"semanticCommitType": "feat",
"semanticCommitScope": "container"
},
{
"matchDatasources": ["docker"],
"matchUpdateTypes": ["patch"],
"semanticCommitType": "fix",
"semanticCommitScope": "container"
},
{
"matchDatasources": ["docker"],
"matchUpdateTypes": ["digest"],
"semanticCommitType": "chore",
"semanticCommitScope": "container"
},
{
"matchDatasources": ["github-releases", "github-tags"],
"matchUpdateTypes": ["major"],
"commitMessagePrefix": "feat(github-release)!: "
},
{
"matchDatasources": ["github-releases", "github-tags"],
"matchUpdateTypes": ["minor"],
"semanticCommitType": "feat",
"semanticCommitScope": "github-release"
},
{
"matchDatasources": ["github-releases", "github-tags"],
"matchUpdateTypes": ["patch"],
"semanticCommitType": "fix",
"semanticCommitScope": "github-release"
},
{
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["major"],
"commitMessagePrefix": "feat(github-action)!: "
},
{
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["minor"],
"semanticCommitType": "feat",
"semanticCommitScope": "github-action"
},
{
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["patch"],
"semanticCommitType": "fix",
"semanticCommitScope": "github-action"
}
]
}
18 changes: 9 additions & 9 deletions .github/scripts/templates/README.md.j2
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,18 @@ _A Collection of Container Images Optimized for Kubernetes_

<div align="center">

![GitHub Repo stars](https://img.shields.io/github/stars/ajgon/containers?style=for-the-badge)
![GitHub forks](https://img.shields.io/github/forks/ajgon/containers?style=for-the-badge)
![GitHub Repo stars](https://img.shields.io/github/stars/dexters-ops/containers?style=for-the-badge)
![GitHub forks](https://img.shields.io/github/forks/dexters-ops/containers?style=for-the-badge)

</div>

Welcome to my container images, if looking for a container start by [browsing the container packages](https://github.com/ajgon?tab=packages&repo_name=containers).
Welcome to my container images, if looking for a container start by [browsing the container packages](https://github.com/dexters-ops?tab=packages&repo_name=containers).

## Mission statement

The goal of this project is to support containers for various applications, while following the best practices including:

- [Semating versioning](https://semver.org/)
- [Semantic versioning](https://semver.org/)
- [Multiple architectures](https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/)
- Security best practices
- [Rootless PID 1](https://rootlesscontaine.rs/)
Expand Down Expand Up @@ -60,10 +60,10 @@ A similar approach applies here, but instead of appending a `-ls69` or `-r420` p

| Container | Immutable |
|------------------------------------------------------|-----------|
| `ghcr.io/ajgon/paperless-ngx:latest` ||
| `ghcr.io/ajgon/paperless-ngx:1.17.4` ||
| `ghcr.io/ajgon/paperless-ngx:latest@sha256:613c...` ||
| `ghcr.io/ajgon/paperless-ngx:1.17.4@sha256:613c...` ||
| `ghcr.io/dexters-ops/paperless-ngx:latest` ||
| `ghcr.io/dexters-ops/paperless-ngx:1.17.4` ||
| `ghcr.io/dexters-ops/paperless-ngx:latest@sha256:613c...` ||
| `ghcr.io/dexters-ops/paperless-ngx:1.17.4@sha256:613c...` ||

_If pinning an image to the sha256 digest, tools like [Renovate](https://github.com/renovatebot/renovate) support updating the container on a digest or application version change._

Expand All @@ -74,7 +74,7 @@ Each Image will be built with a `latest` tag, along with tags specific to it's v
Container | Channel | Image | Latest Tags
--- | --- | --- | ---
{% for image in app_images | sort(attribute="name") -%}
[{{ image.name }}]({{ image.html_url }}) | {{ image.channel }} | ghcr.io/ajgon/{{ image.name }} |
[{{ image.name }}]({{ image.html_url }}) | {{ image.channel }} | ghcr.io/dexters-ops/{{ image.name }} |
{%- set space = joiner(" ") -%}
{%- for tag in image.tags -%}
{{ space() }}![{{ tag }}](https://img.shields.io/badge/{{ tag.replace("-", "--") }}-{% if tag == "latest" %}green{% else %}blue{% endif %}?style=flat-square)
Expand Down
30 changes: 21 additions & 9 deletions .github/workflows/deploy.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# yamllint disable rule:comments
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Create and publish a Docker images
Expand All @@ -8,7 +9,8 @@ env:

jobs:
prepare-matrix:
uses: ajgon/containers/.github/workflows/prepare-matrix.yaml@master
uses: dexters-ops/containers/.github/workflows/prepare-matrix.yaml@master
secrets: inherit

deploy:
needs: prepare-matrix
Expand All @@ -21,8 +23,17 @@ jobs:
fail-fast: false
# yamllint disable rule:line-length
steps:
- uses: actions/checkout@v4
- name: Generate Token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
id: generate-token
with:
app_id: "${{ secrets.BOT_APP_ID }}"
private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"

- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
token: "${{ steps.generate-token.outputs.token }}"
fetch-depth: 1

- name: Setup workflow Variables
Expand Down Expand Up @@ -64,28 +75,28 @@ jobs:
echo "tags=${tags}" >> $GITHUB_OUTPUT
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with:
image: "public.ecr.aws/eks-distro-build-tooling/binfmt-misc:qemu-v7.0.0"

- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with:
version: latest
driver-opts: |
image=public.ecr.aws/vend/moby/buildkit:buildx-stable-1
- name: Setup GHCR
uses: docker/login-action@v3
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build all platforms
id: release
uses: docker/build-push-action@v5
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
build-args: |-
BASEIMGVERSION=${{ steps.vars.outputs.baseimg_build_version }}
Expand All @@ -96,9 +107,9 @@ jobs:
${{ steps.vars.outputs.label_type }}.title="${{ matrix.apps.app }} (${{ matrix.apps.channel }})"
${{ steps.vars.outputs.label_type }}.version="${{ steps.vars.outputs.build_version }}"
${{ steps.vars.outputs.label_type }}.authors="Igor Rzegocki <[email protected]>"
${{ steps.vars.outputs.label_type }}.url="https://github.com/ajgon/containers/tree/master/apps/${{ matrix.apps.app }}"
${{ steps.vars.outputs.label_type }}.build.url="https://github.com/ajgon/containers/actions/runs/${{ github.run_id }}"
${{ steps.vars.outputs.label_type }}.documentation="https://github.com/ajgon/containers/tree/master/apps/${{ matrix.apps.app }}/README.md"
${{ steps.vars.outputs.label_type }}.url="https://github.com/dexters-ops/containers/tree/master/apps/${{ matrix.apps.app }}"
${{ steps.vars.outputs.label_type }}.build.url="https://github.com/dexters-ops/containers/actions/runs/${{ github.run_id }}"
${{ steps.vars.outputs.label_type }}.documentation="https://github.com/dexters-ops/containers/tree/master/apps/${{ matrix.apps.app }}/README.md"
${{ steps.vars.outputs.label_type }}.revision="${{ github.sha }}"
context: apps/${{ matrix.apps.app }}
platforms: ${{ steps.vars.outputs.platforms }}
Expand All @@ -123,3 +134,4 @@ jobs:
- name: Check build matrix status
if: ${{ needs.deploy.result != 'success' && needs.deploy.result != 'skipped' }}
run: exit 1
# yamllint enable rule:comments
Loading

0 comments on commit 642e07a

Please sign in to comment.