chore: update goss tests and add JSON schema to goss files (#1005)

.github/scripts/templates/README.md.j2

@@ -27,9 +27,24 @@ The goal of this project is to support [semantically versioned](https://semver.o
 
 It also adheres to a [KISS principle](https://en.wikipedia.org/wiki/KISS_principle), logging to stdout, [one process per container](https://testdriven.io/tips/59de3279-4a2d-4556-9cd0-b444249ed31e/), no [s6-overlay](https://github.com/just-containers/s6-overlay) and all images are built on top of [Alpine](https://hub.docker.com/_/alpine) or [Ubuntu](https://hub.docker.com/_/ubuntu).
 
+## Tag immutability
+
+The containers built here do not use immutable tags, as least not in the more common way you have seen from [linuxserver.io](https://fleet.linuxserver.io/) or [Bitnami](https://bitnami.com/stacks/containers).
+
+We do take a similar approach but instead of appending a `-ls69` or `-r420` prefix to the tag we instead insist on pinning to the sha256 digest of the image, while this is not as pretty it is just as functional in making the images immutable.
+
+| Container                                          | Immutable |
+|----------------------------------------------------|-----------|
+| `ghcr.io/onedr0p/sonarr:rolling`                   | ❌         |
+| `ghcr.io/onedr0p/sonarr:3.0.8.1507`                | ❌         |
+| `ghcr.io/onedr0p/sonarr:rolling@sha256:8053...`    | ✅         |
+| `ghcr.io/onedr0p/sonarr:3.0.8.1507@sha256:8053...` | ✅         |
+
+_If pinning an image to the sha256 digest, tools like [Renovate](https://github.com/renovatebot/renovate) support updating the container on a digest or application version change._
+
 ## Rootless
 
-To run these containers as non-root make sure you update your configuration.
+To run these containers as non-root make sure you update your configuration to the user and group you want.
 
 ### Docker compose
 
@@ -61,29 +76,13 @@ spec:
     spec:
       # ...
       securityContext:
-        runAsNonRoot: true
         runAsUser: 65534
         runAsGroup: 65534
         fsGroup: 65534
         fsGroupChangePolicy: OnRootMismatch
 # ...
 ```
 
-## Tag immutability
-
-The containers built here do not use immutable tags, as least not in the more common way you have seen from [linuxserver.io](https://fleet.linuxserver.io/) or [Bitnami](https://bitnami.com/stacks/containers).
-
-We do take a similar approach but instead of appending a `-ls69` or `-r420` prefix to the tag we instead insist on pinning to the sha256 digest of the image, while this is not as pretty it is just as functional in making the images immutable.
-
-| Container                                          | Immutable |
-|----------------------------------------------------|-----------|
-| `ghcr.io/onedr0p/sonarr:rolling`                   | ❌         |
-| `ghcr.io/onedr0p/sonarr:3.0.8.1507`                | ❌         |
-| `ghcr.io/onedr0p/sonarr:rolling@sha256:8053...`    | ✅         |
-| `ghcr.io/onedr0p/sonarr:3.0.8.1507@sha256:8053...` | ✅         |
-
-_If pinning an image to the sha256 digest, tools like [Renovate](https://github.com/renovatebot/renovate) support updating the container on a digest or application version change._
-
 ## Passing arguments to a application
 
 Some applications do not support defining configuration via environment variables and instead only allow certain config to be set in the command line arguments for the app. To circumvent this, for applications that have an `entrypoint.sh` read below.

apps/actions-runner/ci/goss.yaml

@@ -1,5 +1,5 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#file
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 file:
   /usr/bin/git:
     exists: true

apps/bazarr/ci/goss.yaml

@@ -1,16 +1,16 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   python3:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp:6767:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:6767:
     status: 200
+file:
+  /usr/bin/python3:
+    exists: true
+  /usr/bin/unrar:
+    exists: true

apps/home-assistant/ci/goss.yaml

@@ -1,16 +1,14 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   hass:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
+file:
+  /usr/local/bin/hass:
+    exists: true
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp6:8123:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:8123:
     status: 200

apps/home-assistant/entrypoint.sh

@@ -1,9 +1,7 @@
 #!/usr/bin/env bash
 
-# Make sure the config and log directory exist
 mkdir -p /config/logs
 
-# Install HACS if requested
 if [[ "${HOME_ASSISTANT__HACS_INSTALL}" == "true" ]]; then
     curl -sfSL https://hacs.xyz/install | bash -
 fi

apps/jbops/Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/library/alpine:3.19
+FROM docker.io/library/python:3.11-alpine
 
 ARG TARGETPLATFORM
 ARG VERSION
@@ -30,16 +30,13 @@ RUN apk add --no-cache \
         curl \
         jq \
         nano \
-        python3 \
         tzdata \
     && \
     apk add --no-cache --virtual=.build-deps \
         build-base \
         libffi-dev \
         openssl-dev \
         musl-dev \
-        python3-dev \
-        py3-pip \
         git \
     && \
     git clone https://github.com/blacktwin/JBOPS.git . \

apps/jbops/ci/goss.yaml

@@ -1,6 +1,8 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#file
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 file:
+  /usr/local/bin/python:
+    exists: true
   /app/requirements.txt:
     exists: true
   /app/fun/plexapi_haiku.py:

apps/jbops/entrypoint.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
 exec \
-    /usr/bin/python3 \
+    /usr/local/bin/python \
         "/app/${JBOPS__SCRIPT_PATH}" \
         "$@"

apps/lidarr/ci/goss.yaml

@@ -1,17 +1,15 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   Lidarr:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp6:8686:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:8686:
     status: 200
     timeout: 5000
+file:
+  /usr/local/bin/envsubst:
+    exists: true

apps/par2cmdline-turbo/ci/goss.yaml

@@ -1,4 +1,5 @@
 ---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 file:
   /usr/local/bin/par2:
     exists: true

apps/plex/ci/goss.yaml

@@ -1,6 +1,5 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp6:32400:
     listening: true

apps/postgres-init/ci/goss.yaml

@@ -1,4 +1,5 @@
 ---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 file:
   /usr/libexec/postgresql16/psql:
     exists: true

apps/prowlarr/ci/goss.yaml

@@ -1,17 +1,15 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   Prowlarr:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp6:9696:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:9696:
     status: 200
     timeout: 5000
+file:
+  /usr/local/bin/envsubst:
+    exists: true

apps/qbittorrent/ci/goss.yaml

@@ -1,16 +1,11 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   qbittorrent-nox:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp6:8080:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:8080:
     status: 200

apps/radarr/ci/goss.yaml

@@ -1,17 +1,15 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   Radarr:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp6:7878:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:7878:
     status: 200
     timeout: 5000
+file:
+  /usr/local/bin/envsubst:
+    exists: true

apps/readarr/ci/goss.yaml

@@ -1,17 +1,15 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   Readarr:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp6:8787:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:8787:
     status: 200
     timeout: 5000
+file:
+  /usr/local/bin/envsubst:
+    exists: true

apps/sabnzbd/ci/goss.yaml

@@ -1,22 +1,19 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   python:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp:8080:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:8080/sabnzbd:
     status: 200
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#file
 file:
+  /usr/local/bin/python:
+    exists: true
+  /usr/bin/unrar:
+    exists: true
   /usr/local/bin/par2:
     exists: true
   /usr/local/bin/par2create:

apps/sabnzbd/entrypoint.sh

@@ -18,7 +18,7 @@ fi
 
 #shellcheck disable=SC2086
 exec \
-    python \
+    /usr/local/bin/python \
         /app/SABnzbd.py \
         --browser 0 \
         --server 0.0.0.0:${SABNZBD__PORT:-8080} \

apps/sonarr/ci/goss.yaml

@@ -1,16 +1,14 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   Sonarr:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp6:8989:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:8989:
     status: 200
+file:
+  /usr/local/bin/envsubst:
+    exists: true

apps/tautulli/ci/goss.yaml

@@ -1,16 +1,14 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   python:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp:8181:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:8181:
     status: 200
+file:
+  /usr/local/bin/python:
+    exists: true

apps/tautulli/entrypoint.sh

@@ -2,7 +2,7 @@
 
 #shellcheck disable=SC2086
 exec \
-    python \
+    /usr/local/bin/python \
         /app/Tautulli.py \
         --nolaunch \
         --config /config/config.ini \

apps/theme-park/ci/goss.yaml

@@ -1,16 +1,11 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 process:
   nginx:
     running: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port
 port:
-  # https://github.com/aelsabbahy/goss/issues/149
   tcp:8080:
     listening: true
-
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#http
 http:
   http://localhost:8080:
     status: 200

apps/volsync/ci/goss.yaml

@@ -1,5 +1,5 @@
 ---
-# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#file
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
 file:
   /manager:
     exists: true