Merge pull request #92 from jumanjiman/updates

Updates
jumanjihouse · Mar 22, 2023 · 6a74eef · 6a74eef
2 parents 1f8896d + 94dada8
commit 6a74eef
Show file tree

Hide file tree

Showing 11 changed files with 100 additions and 75 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -5,7 +5,7 @@ jobs:
   build:
     docker:
       # https://github.com/jumanjihouse/cci/pulls?q=is%3Apr+is%3Aclosed
-      - image: jumanjiman/cci:20180710T1802-git-9a2a87a
+      - image: jumanjiman/cci:20220712.1639
 
     working_directory: ~/workdir/
 

diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,30 @@
+# Config for https://editorconfig.org/
+# top-most EditorConfig file
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+charset = utf-8
+binary_next_line   = true  # like shfmt -bn
+switch_case_indent = true  # like shfmt -ci
+max_line_length = 80
+
+[*.md]
+indent_size = 2
+# https://github.com/updownpress/markdown-lint/blob/c535ca7f/rules/013-line-length.md
+max_line_length = 80
+
+[Makefile]
+indent_style = tab
+indent_size = unset
+
+[*.go]
+indent_style = tab
+indent_size = unset
+
+[COMMIT_EDITMSG]
+max_line_length = 72
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -6,7 +6,7 @@ fail_fast: false
 
 repos:
   - repo: https://github.com/jumanjihouse/pre-commit-hooks
-    rev: 1.8.0
+    rev: 3.0.0
     hooks:
       - id: check-mailmap
       - id: forbid-binary
@@ -22,13 +22,13 @@ repos:
         exclude: ^ci/ansi$  # 3rd-party
 
   - repo: https://github.com/adrienverge/yamllint.git
-    rev: v1.11.1
+    rev: v1.30.0
     hooks:
       - id: yamllint
         args: ['--format', 'parsable', '--strict']
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v1.3.0
+    rev: v4.4.0
     hooks:
       - id: check-added-large-files
       - id: check-case-conflict
@@ -40,7 +40,7 @@ repos:
       - id: detect-private-key
 
   - repo: https://github.com/Lucas-C/pre-commit-hooks
-    rev: v1.1.5
+    rev: v1.4.2
     hooks:
       - id: forbid-crlf
       - id: forbid-tabs

diff --git a/README.md b/README.md
@@ -1,14 +1,11 @@
 SSL site scanner
 ================
 
-[![Download size](https://images.microbadger.com/badges/image/jumanjiman/ssllabs-scan.svg)](http://microbadger.com/images/jumanjiman/ssllabs-scan "View on microbadger.com")&nbsp;
-[![Version](https://images.microbadger.com/badges/version/jumanjiman/ssllabs-scan.svg)](http://microbadger.com/images/jumanjiman/ssllabs-scan "View on microbadger.com")&nbsp;
 [![Docker Registry](https://img.shields.io/docker/pulls/jumanjiman/ssllabs-scan.svg)](https://registry.hub.docker.com/u/jumanjiman/ssllabs-scan "Go to Docker hub")&nbsp;
 [![Circle CI](https://circleci.com/gh/jumanjihouse/docker-ssllabs-scan.png?style=svg&circle-token=b75db48608f115c0cb9760708be3839b48d41f8e)](https://circleci.com/gh/jumanjihouse/docker-ssllabs-scan/tree/master 'View CI builds')
 
 Source code:    https://github.com/jumanjihouse/docker-ssllabs-scan/<br/>
 Docker image:   https://registry.hub.docker.com/u/jumanjiman/ssllabs-scan/<br/>
-Image metadata: http://microbadger.com/images/jumanjiman/ssllabs-scan/
 
 :warning: You must use version 1.4.0 or later of this image
 for compatibility with the Qualys SSL Labs Service API.

diff --git a/ci/bootstrap b/ci/bootstrap
@@ -10,39 +10,39 @@ set -o pipefail
 . ci/functions.sh
 
 main() {
-  setup_python_path
-  install_precommit
-  add_upstream_git_remote
-  fetch_upstream
+    setup_python_path
+    install_precommit
+    add_upstream_git_remote
+    fetch_upstream
 }
 
 setup_python_path() {
-  PYTHON_PATH="$(python -c "import site; print(site.USER_BASE)")"
-  readonly PYTHON_PATH
+    PYTHON_PATH="$(python -c "import site; print(site.USER_BASE)")"
+    readonly PYTHON_PATH
 
-  if ! grep "${PYTHON_PATH}/bin" <(printenv PATH) &>/dev/null; then
-    export PATH="${PATH}:${PYTHON_PATH}/bin"
-  fi
+    if ! grep "${PYTHON_PATH}/bin" <(printenv PATH) &>/dev/null; then
+        export PATH="${PATH}:${PYTHON_PATH}/bin"
+    fi
 }
 
 install_precommit() {
-  if ! command -v pre-commit &>/dev/null; then
-    run pip install --user -Iv --compile --no-cache-dir pre-commit
-  fi
+    if ! command -v pre-commit &>/dev/null; then
+        run pip install --user -Iv --compile --no-cache-dir pre-commit
+    fi
 }
 
 run_precommit() {
-  run pre-commit run --all-files --hook-stage manual
+    run pre-commit run --all-files --hook-stage manual
 }
 
 add_upstream_git_remote() {
-  if ! git remote show upstream &>/dev/null; then
-    git remote add upstream https://github.com/jumanjihouse/docker-ssllabs-scan.git
-  fi
+    if ! git remote show upstream &>/dev/null; then
+        git remote add upstream https://github.com/jumanjihouse/docker-ssllabs-scan.git
+    fi
 }
 
 fetch_upstream() {
-  git fetch upstream
+    git fetch upstream
 }
 
 main
diff --git a/ci/build b/ci/build
@@ -9,7 +9,7 @@ set -o pipefail
 . ci/functions.sh
 
 cat >ci/vars <<EOF
-declare -rx  VERSION=1.5.0
+declare -rx  VERSION='7a9f44e'
 declare -rx  BUILD_DATE=$(date +%Y%m%dT%H%M)
 declare -rx  VCS_REF=$(git describe --abbrev=7 --tags --always)
 declare -rx  TAG=\${VERSION}-\${BUILD_DATE}-git-\${VCS_REF}

diff --git a/ci/functions.sh b/ci/functions.sh
@@ -10,57 +10,57 @@ declare -i VERBOSITY=${VERBOSITY:-1}
 . ci/ansi
 
 run() {
-  ansi --yellow-intense --newline "[RUN] $*"
-  "$@"
+    ansi --yellow-intense --newline "[RUN] $*"
+    "$@"
 }
 
 err() {
-  ansi --bold --red --newline "[ERROR] $*"
+    ansi --bold --red --newline "[ERROR] $*"
 }
 
 info() {
-  ansi --faint --newline "[INFO] $*"
+    ansi --faint --newline "[INFO] $*"
 }
 
 pass() {
-  ansi --bold --green --newline "[PASS] $*"
-  echo
+    ansi --bold --green --newline "[PASS] $*"
+    echo
 }
 
 warn() {
-  ansi --yellow-intense --newline "[WARN] $*"
+    ansi --yellow-intense --newline "[WARN] $*"
 }
 
 debug() {
-  if [[ ${VERBOSITY} -ge 2 ]]; then
-    ansi --yellow-intense --newline "[DEBUG] $*"
-  fi
+    if [[ ${VERBOSITY} -ge 2 ]]; then
+        ansi --yellow-intense --newline "[DEBUG] $*"
+    fi
 }
 
 finish() {
-  declare -ri RC=$?
+    declare -ri RC=$?
 
-  if [ ${RC} -eq 0 ]; then
-    pass "$0 OK"
-  else
-    err "$0" failed with exit code ${RC}
-  fi
+    if [ ${RC} -eq 0 ]; then
+        pass "$0 OK"
+    else
+        err "$0" failed with exit code ${RC}
+    fi
 }
 
 is_ci() {
-  # Are we running in hands-free CI?
-  [[ -n "${CIRCLECI:-}" ]]
+    # Are we running in hands-free CI?
+    [[ -n "${CIRCLECI:-}" ]]
 }
 
 check_top_dir() {
-  declare git_dir
-  git_dir="$(git rev-parse --show-toplevel)"
-  readonly git_dir
+    declare git_dir
+    git_dir="$(git rev-parse --show-toplevel)"
+    readonly git_dir
 
-  if ! [[ "$PWD" == "${git_dir}" ]]; then
-    err Please run these scripts from the root of the repo
-    exit 1
-  fi
+    if ! [[ "$PWD" == "${git_dir}" ]]; then
+        err Please run these scripts from the root of the repo
+        exit 1
+    fi
 }
 
 # Traps.

diff --git a/ci/publish b/ci/publish
@@ -17,7 +17,3 @@ run docker tag jumanjiman/ssllabs-scan jumanjiman/ssllabs-scan:"${TAG}"
 run docker push jumanjiman/ssllabs-scan:"${TAG}"
 run docker push jumanjiman/ssllabs-scan:latest
 docker logout
-
-info Trigger update on microbadger.
-run curl -X POST 'https://hooks.microbadger.com/images/jumanjiman/ssllabs-scan/dsQe3-XA4hIfa2qdd_qndJZrOMg='
-echo
diff --git a/ci/test b/ci/test
@@ -29,11 +29,11 @@ file ssllabs-scan | grep -oh 'stripped'
 file ssllabs-scan | grep -vq 'not stripped'
 
 if [ "${CIRCLECI:-false}" == true ]; then
-  info Check that image has ci-build-url label.
-  docker inspect \
-    -f '{{ index .Config.Labels "io.github.jumanjiman.ci-build-url" }}' \
-    jumanjiman/ssllabs-scan |
-    grep 'circleci.com'
+    info Check that image has ci-build-url label.
+    docker inspect \
+        -f '{{ index .Config.Labels "io.github.jumanjiman.ci-build-url" }}' \
+        jumanjiman/ssllabs-scan \
+        | grep 'circleci.com'
 fi
 
 info Check that binary works.
@@ -50,12 +50,12 @@ info Check that sleeper runs as unprivileged user.
 info This proves that the technique to run a scratch container as a user still works.
 info The sleeper container does not have the "ps" command, so we
 info attach a regular container to the namespace of the sleeper container.
-run docker run --rm -it --pid container:"${cid}" --network container:"${cid}" alpine:3.9 ps -o pid,user,group,comm |
-  grep -E -e run -e '1 1000     1000     sleeper'
+run docker run --rm -it --pid container:"${cid}" --network container:"${cid}" alpine:3.17.2 ps -o pid,user,group,comm \
+    | grep -E -e run -e '1 1000     1000     sleeper'
 
 info 'Check that /etc/hosts entries are used.'
 info 'The sleeper container does not have the "ping" command, so we'
 info 'attach a regular container to the namespace of the sleeper container.'
-run docker run --rm -it --pid container:"${cid}" --network container:"${cid}" alpine:3.9 ping -c1 -W2 static-host.com
+run docker run --rm -it --pid container:"${cid}" --network container:"${cid}" alpine:3.17.2 ping -c1 -W2 static-host.com
 
 run docker-compose down
diff --git a/scanner/Dockerfile b/scanner/Dockerfile
@@ -1,18 +1,16 @@
-FROM alpine:3.12.0 as scanner_builder
-
-ARG VERSION
+FROM alpine:3.17.2 as scanner_builder
 
 RUN apk add --no-cache \
       curl \
       musl-dev \
       && :
 
 RUN apk add --no-cache -X http://dl-4.alpinelinux.org/alpine/edge/community \
-      'go>=1.11.5-r0' \
+      'go>=1.19.7-r0' \
       && :
 
 RUN apk add --no-cache -X http://dl-4.alpinelinux.org/alpine/edge/main \
-      'ca-certificates>=20190108-r0' \
+      'ca-certificates>=20220614-r4' \
       && :
 
 RUN adduser -D developer
@@ -21,10 +19,14 @@ RUN adduser -D developer
 USER developer
 
 # https://github.com/golang/go/issues/9344#issuecomment-69944514
+ARG VERSION
 RUN cd /tmp && \
-    curl -sSLO https://github.com/ssllabs/ssllabs-scan/archive/v${VERSION}.tar.gz && \
-    tar xvzf v${VERSION}.tar.gz && \
-    cd ssllabs-scan-${VERSION} && \
+    curl -sSL "https://github.com/ssllabs/ssllabs-scan/tarball/${VERSION}" -o ssllabs-scan.tgz \
+        && \
+    tar xvzf ssllabs-scan.tgz \
+        && \
+    cd "ssllabs-ssllabs-scan-${VERSION}" \
+        && \
     GOPATH=~ \
     CGO_ENABLED=0 \
     GOOS=linux \
@@ -46,7 +48,7 @@ ENTRYPOINT ["/ssllabs-scan"]
 CMD ["--help"]
 
 ARG VERSION
-COPY --from=scanner_builder /tmp/ssllabs-scan-${VERSION}/ssllabs-scan-v3 /ssllabs-scan
+COPY --from=scanner_builder /tmp/ssllabs-ssllabs-scan-${VERSION}/ssllabs-scan-v3 /ssllabs-scan
 COPY --from=scanner_builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY . /
 

diff --git a/sleeper/Dockerfile b/sleeper/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.12.0 as sleeper_builder
+FROM alpine:3.17.2 as sleeper_builder
 
 ARG VERSION
 
@@ -8,11 +8,11 @@ RUN apk add --no-cache \
       && :
 
 RUN apk add --no-cache -X http://dl-4.alpinelinux.org/alpine/edge/community \
-      'go>=1.11.5-r0' \
+      'go>=1.19.7-r0' \
       && :
 
 RUN apk add --no-cache -X http://dl-4.alpinelinux.org/alpine/edge/main \
-      'ca-certificates>=20190108-r0' \
+      'ca-certificates>=20220614-r4' \
       && :
 
 RUN adduser -D developer