From 137a473cfe591e19843036264ce1b9398a1c0cad Mon Sep 17 00:00:00 2001 From: Nicholas Wilde Date: Sat, 22 May 2021 08:07:52 +0000 Subject: [PATCH] Move ls, version, and checksum to own files Signed-off-by: Nicholas Wilde --- .github/workflows/ci.yaml | 217 +++++++++++++++++++++++++++++--------- .taskfiles/build.yaml | 23 ++++ .taskfiles/builder.yaml | 34 ++++++ .taskfiles/chk.yaml | 74 +++++++++++++ .taskfiles/date.yaml | 8 ++ .taskfiles/deps.yaml | 109 +++++++++++++++++++ .taskfiles/goss.yaml | 17 +++ .taskfiles/image.yaml | 16 +++ .taskfiles/load.yaml | 8 ++ .taskfiles/ls.yaml | 18 ++++ .taskfiles/pkgs.yaml | 18 ++++ .taskfiles/run.yaml | 8 ++ .taskfiles/shell.yaml | 8 ++ .taskfiles/snyk.yaml | 25 +++++ .taskfiles/version.yaml | 20 ++++ CHECKSUM | 1 + Dockerfile | 16 +-- LS | 1 + Taskfile.yml | 190 +++++++++++++++++++++++++++++++++ VERSION | 1 + task.env | 29 +++++ 21 files changed, 781 insertions(+), 60 deletions(-) create mode 100644 .taskfiles/build.yaml create mode 100644 .taskfiles/builder.yaml create mode 100644 .taskfiles/chk.yaml create mode 100644 .taskfiles/date.yaml create mode 100644 .taskfiles/deps.yaml create mode 100644 .taskfiles/goss.yaml create mode 100644 .taskfiles/image.yaml create mode 100644 .taskfiles/load.yaml create mode 100644 .taskfiles/ls.yaml create mode 100644 .taskfiles/pkgs.yaml create mode 100644 .taskfiles/run.yaml create mode 100644 .taskfiles/shell.yaml create mode 100644 .taskfiles/snyk.yaml create mode 100644 .taskfiles/version.yaml create mode 100644 CHECKSUM create mode 100644 LS create mode 100644 Taskfile.yml create mode 100644 VERSION create mode 100644 task.env diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7fcf238..ee3c2d6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,98 +13,211 @@ name: ci # or API. on: workflow_dispatch: - # Inputs the workflow accepts. - inputs: - version: - # Friendly description to be shown in the UI instead of 'name' - description: 'Version' - # Default value if no value is explicitly provided - default: '2.1.7' - # Input has to be provided for the workflow to run - required: true - ls: - description: 'ls' - default: 'ls5' - required: true + pull_request: + paths: + - 'Dockerfile' + - 'LS' + - 'VERSION' + push: + branches: + - main + paths: + - 'Dockerfile' + - 'LS' + - 'VERSION' + +env: + # How long to sleep before running the tests (gives the application time to start) + GOSS_SLEEP: 30 jobs: - main: + prep: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.prep.outputs.version }} + checksum: ${{ steps.prep.outputs.checksum }} + ls: ${{ steps.prep.outputs.ls }} + goss: ${{ steps.prep.outputs.goss }} + push: ${{ steps.prep.outputs.push }} + tag: ${{ steps.prep.outputs.version }}-ls${{ steps.prep.outputs.ls }} + repo_name: ${{ steps.prep.outputs.repo_name }} + date: ${{ steps.prep.outputs.date }} + + steps: + - name: Checkout + uses: actions/checkout@v2.3.4 + + # Define if tests and push should be run against which versions/platforms + - name: Prepare + id: prep + run: | + VERSION=$(cat ./VERSION) + echo ::set-output name=version::${VERSION} + LS=$(cat ./LS) + echo ::set-output name=ls::${LS} + REPO_NAME=$(echo "${{ github.event.repository.name }}" | sed 's/[^-]*-//') + echo ::set-output name=repo_name::${REPO_NAME} + DATE=$(date -u +%Y-%m-%dT%H%M%SZ) + echo ::set-output name=date::${DATE} + if test -f "./CHECKSUM"; then + CHECKSUM=$(cat ./CHECKSUM) + echo ::set-output name=checksum::${CHECKSUM} + else + echo ::set-output name=checksum::"" + fi + if test -f "./goss.yaml"; then + echo ::set-output name=goss::true + else + echo ::set-output name=goss::false + fi + if [ "${{github.event_name}}" == "pull_request" ]; then + echo ::set-output name=push::false + else + echo ::set-output name=push::true + fi + + tag-does-not-exist: + runs-on: ubuntu-latest + needs: prep + outputs: + exists: ${{ steps.checkTag.outputs.exists }} + steps: + - name: Check if tag already exists + uses: mukunku/tag-exists-action@v1.0.0 + id: checkTag + with: + tag: ${{ needs.prep.outputs.tag }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Fail if tag already exists + id: set + run: | + if ${{ steps.checkTag.outputs.exists }} == true; then + echo "${{needs.prep.outputs.tag}} already exists" + exit 1 + fi + + build: runs-on: ubuntu-latest + if: always() # Run regardless if tag-does-not-exist fails + needs: + - prep + - tag-does-not-exist steps: - - - name: Get tag - run: echo "tag=${{ github.event.inputs.version }}-${{ github.event.inputs.ls }}" >> $GITHUB_ENV - - - name: Remove docker from the repo name - run: echo "repo_name=$(echo "${{ github.event.repository.name }}" | sed 's/[^-]*-//')" >> $GITHUB_ENV - - - name: Get current date - run: echo "date=$(date -u +%Y-%m-%dT%H%M%SZ)" >> $GITHUB_ENV - - - name: Checkout + - name: Checkout uses: actions/checkout@v2.3.4 - - - name: Set up QEMU + + - name: Set up QEMU uses: docker/setup-qemu-action@v1.1.0 - - - name: Set up Docker Buildx + + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1.3.0 with: driver-opts: image=moby/buildkit:master - - - name: Cache Docker layers + + - name: Cache Docker layers uses: actions/cache@v2.1.5 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-buildx- - - - name: Login to DockerHub + + # Install the GOSS testing framework + - name: Set up goss/dgoss + uses: e1himself/goss-installation-action@v1.0.3 + if: needs.prep.outputs.goss == 'true' + with: + version: 'v0.3.16' + + # Creates a local build to run tests on + - name: Build and Load local test-container + uses: docker/build-push-action@v2 + if: needs.prep.outputs.goss == 'true' + with: + build-args: | + VERSION=${{ needs.prep.outputs.version }} + CHECKSUM=${{ needs.prep.outputs.checksum }} + context: . + file: ./Dockerfile + load: true + tags: | + ghcr.io/${{ github.repository_owner }}/${{needs.prep.outputs.repo_name}}:test + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new + + # Run GOSS tests if included with the container + - name: Run GOSS tests + if: needs.prep.outputs.goss == 'true' + env: + GOSS_FILE: ./goss.yaml + run: | + dgoss run ghcr.io/${{ github.repository_owner }}/${{needs.prep.outputs.repo_name}}:test + + - name: Login to DockerHub uses: docker/login-action@v1.9.0 + if: github.event_name != 'pull_request' && needs.tag-does-not-exist.outputs.exists == 'false' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Login to GitHub Container Registry + + - name: Login to GitHub Container Registry uses: docker/login-action@v1.9.0 + if: github.event_name != 'pull_request' && needs.tag-does-not-exist.outputs.exists == 'false' with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.CR_PAT }} - - - name: Login to Quay Registry + + - name: Login to Quay Registry uses: docker/login-action@v1.9.0 + if: github.event_name != 'pull_request' && needs.tag-does-not-exist.outputs.exists == 'false' with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_TOKEN }} - - - name: Build and push + + - name: Build and push uses: docker/build-push-action@v2.4.0 with: context: . file: ./Dockerfile platforms: linux/amd64,linux/arm/v7,linux/arm64 - push: true + push: ${{ needs.prep.outputs.push }} build-args: | - BUILD_DATE=${{ env.date }} - VERSION=${{ github.event.inputs.version }} + BUILD_DATE=${{ needs.prep.outputs.date }} + VERSION=${{ needs.prep.outputs.version }} + CHECKSUM=${{ needs.prep.outputs.checksum }} tags: | - ${{ github.repository_owner }}/${{ env.repo_name }}:latest - ${{ github.repository_owner }}/${{ env.repo_name }}:${{ env.tag }} - ghcr.io/${{ github.repository_owner }}/${{ env.repo_name }}:latest - ghcr.io/${{ github.repository_owner }}/${{ env.repo_name }}:${{ env.tag }} - quay.io/${{ github.repository_owner }}/${{ env.repo_name }}:latest - quay.io/${{ github.repository_owner }}/${{ env.repo_name }}:${{ env.tag }} - - - name: Create Release + ${{ github.repository_owner }}/${{needs.prep.outputs.repo_name}}:latest + ${{ github.repository_owner }}/${{needs.prep.outputs.repo_name}}:${{needs.prep.outputs.tag}} + ghcr.io/${{ github.repository_owner }}/${{needs.prep.outputs.repo_name}}:latest + ghcr.io/${{ github.repository_owner }}/${{needs.prep.outputs.repo_name}}:${{needs.prep.outputs.tag}} + quay.io/${{ github.repository_owner }}/${{needs.prep.outputs.repo_name}}:latest + quay.io/${{ github.repository_owner }}/${{needs.prep.outputs.repo_name}}:${{needs.prep.outputs.tag}} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new + + # This ugly bit is necessary if you don't want your cache to grow forever + # till it hits GitHub's limit of 5GB. + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + if: needs.prep.outputs.push == 'true' + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Create Release id: create_release uses: actions/create-release@v1.1.4 + if: github.event_name != 'pull_request' && needs.tag-does-not-exist.outputs.exists == 'false' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token with: - tag_name: ${{ env.tag }} - release_name: ${{ env.tag }} + tag_name: ${{needs.prep.outputs.tag}} + release_name: ${{needs.prep.outputs.tag}} draft: false prerelease: false diff --git a/.taskfiles/build.yaml b/.taskfiles/build.yaml new file mode 100644 index 0000000..bd60d39 --- /dev/null +++ b/.taskfiles/build.yaml @@ -0,0 +1,23 @@ +--- +version: '3' + +tasks: + all: + desc: Build all platforms + cmds: + - "{{ .BUILD }} {{ .TAG_VERSION }} {{ .PLATFORMS }} -f Dockerfile ." + deps: + - build-deps + + latest: + desc: Build the latest Docker image + cmds: + - "{{ .BUILD }} {{ .TAG_LATEST }} -f Dockerfile ." + deps: + - build-deps + + build-deps: + preconditions: + - sh: "docker buildx version" + msg: "buildx is not installed" + silent: true diff --git a/.taskfiles/builder.yaml b/.taskfiles/builder.yaml new file mode 100644 index 0000000..007f856 --- /dev/null +++ b/.taskfiles/builder.yaml @@ -0,0 +1,34 @@ +--- +version: '3' + +vars: + BUILDER: "mybuilder" + BUILDER_NAME: "buildx_buildkit_{{ .BUILDER }}0" + BUILDER_PATH: "~/.docker/buildx/instances/{{ .BUILDER }}" + +tasks: + install: + desc: Install buildx builder, {{ .BUILDER }} + cmds: + - "docker run --rm --privileged multiarch/qemu-user-static --reset -p yes" + status: + - "test -f {{ .BUILDER_PATH }}" + + create: + desc: Create buildx builder, {{ .BUILDER }} + cmds: + - task: install + - "export DOCKER_BUILDKIT=1" + - "docker buildx create --use --name {{ .BUILDER }}" + - "docker buildx use {{ .BUILDER }}" + - "docker buildx inspect --bootstrap" + - "docker buildx install" + status: + - "test -f {{ .BUILDER }}" + + restart: + desc: Restart the builder container + cmds: + - "docker restart {{ .BUILDER_NAME }}" + preconditions: + - test -f {{ .BUILDER }} diff --git a/.taskfiles/chk.yaml b/.taskfiles/chk.yaml new file mode 100644 index 0000000..de0f974 --- /dev/null +++ b/.taskfiles/chk.yaml @@ -0,0 +1,74 @@ +--- +version: '3' + +tasks: + print: + desc: Get the checksum of the release or source package. + deps: + - _varcheck + - _release + - _source + + export: + silent: true + desc: Export the checksum of the release or source package to CHECKSUM + deps: + - _varcheck + - _release-export + - _source-export + + _release-export: + silent: true + cmds: + - task: _dl-export + vars: + URL: "https://github.com/{{ .SOURCE_ORG }}/{{ .SOURCE_REPO }}/releases/download/v{{ .VERSION }}/{{ .FILENAME }}" + status: + - test {{ .TYPE }} != "release" + + _source-export: + silent: true + cmds: + - task: _dl-export + vars: + URL: "https://github.com/{{ .SOURCE_ORG }}/{{ .SOURCE_REPO }}/archive/{{ .VERSION }}.tar.gz" + status: + - test {{ .TYPE }} != "source" + - test {{ .TYPE }} != "commit" + + _dl-export: + slient: true + cmds: + - | + SUM=$(wget -q {{ .URL }} -O- | sha256sum|awk '{print $1}') + printf "%s" "$SUM" > CHECKSUM + cat CHECKSUM + + _release: + cmds: + - task: _dl + vars: + URL: "https://github.com/{{ .SOURCE_ORG }}/{{ .SOURCE_REPO }}/releases/download/v{{ .VERSION }}/{{ .FILENAME }}" + status: + - test {{ .TYPE }} != "release" + + _source: + cmds: + - task: _dl + vars: + URL: "https://github.com/{{ .SOURCE_ORG }}/{{ .SOURCE_REPO }}/archive/{{ .VERSION }}.tar.gz" + status: + - test {{ .TYPE }} != "source" + - test {{ .TYPE }} != "commit" + + _varcheck: + cmds: + - cmd: > + (test {{ .TYPE }} = "source" || + test {{ .TYPE }} = "release" || + test {{ .TYPE }} = "commit") || + (echo "TYPE is not 'source','commit', or 'release'"; exit 1) + silent: true + + _dl: + cmds: ["wget {{ .URL }} -O- | sha256sum"] diff --git a/.taskfiles/date.yaml b/.taskfiles/date.yaml new file mode 100644 index 0000000..a268070 --- /dev/null +++ b/.taskfiles/date.yaml @@ -0,0 +1,8 @@ +--- +version: '3' + +tasks: + exec: + desc: Get the date of the container + cmds: + - "{{ .EXEC }} date" diff --git a/.taskfiles/deps.yaml b/.taskfiles/deps.yaml new file mode 100644 index 0000000..9aecfaf --- /dev/null +++ b/.taskfiles/deps.yaml @@ -0,0 +1,109 @@ +--- +version: '3' + +vars: + URL_SNYK: "https://github.com/snyk/snyk/releases/download/v1.458.0/snyk-linux" + URL_HADOLINT: "https://github.com/hadolint/hadolint/releases/download/v1.22.1/hadolint-Linux-x86_64" + URL_GOREPLACE: 'https://github.com/webdevops/go-replace/releases/download/1.1.2/gr-{{ ARCH | replace "amd" "" }}-linux' + GIT_ROOT: + sh: "git rev-parse --show-toplevel" + +tasks: + install: + desc: Install all developer dependencies + deps: + - _distrib-reqs + - pre-commit + - snyk + - yamllint + - hadolint + - go-replace + silent: true + + yamllint: + desc: Install a precommit pip package + cmds: + - echo "Installing yamllint" + - python3 -m pip install --user yamllint + status: + - type yamllint + deps: + - _distrib-reqs + silent: true + + pre-commit: + desc: Install a pre-commit pip package + cmds: + - echo "Installing pre-commit" + - python3 -m pip install --user pre-commit + status: + - type pre-commit + deps: + - _distrib-reqs + silent: true + + snyk: + desc: Install snyk + cmds: + - echo "Installing snyk" + - mkdir -p ".bin" + - "wget -q {{ .URL_SNYK }} -O .bin/snyk" + - "chmod +x .bin/snyk" + - task: _path-notify + status: + - test -e .bin/snyk + deps: + - _distrib-reqs + silent: true + + hadolint: + desc: Install hadolint + cmds: + - echo "Installing hadolint" + - mkdir -p ".bin" + - "wget -q {{ .URL_HADOLINT }} -O .bin/hadolint" + - "chmod +x .bin/hadolint" + - task: _path-notify + status: + - test -e .bin/hadolint + deps: + - _distrib-reqs + silent: true + + go-replace: + desc: Install go-replace + cmds: + - echo "Installing go-replace" + - mkdir -p ".bin" + - echo "{{ .URL_GOREPLACE }}" + - wget -q {{ .URL_GOREPLACE }} -O .bin/go-replace + - chmod +x .bin/go-replace + - task: _path-notify + status: + - test -e .bin/go-replace + deps: + - _distrib-reqs + silent: true + + _path-notify: + cmds: + - echo "Be sure to update your PATH, PATH=\$PATH:\$PWD/.bin" + silent: true + + _distrib-reqs: + cmds: + - task deps:_need BIN=wget + - task deps:_need BIN=python3 + - task deps:_need BIN=docker + silent: true + + _secrets-reqs: + cmds: + - task deps:_need BIN=pass + - task deps:_need BIN=gh + silent: true + + _need: + cmds: + - type {{ .BIN }} 2>&1 >/dev/null || (echo "Please install {{ .BIN }}"; exit 1) + silent: true diff --git a/.taskfiles/goss.yaml b/.taskfiles/goss.yaml new file mode 100644 index 0000000..4ba4571 --- /dev/null +++ b/.taskfiles/goss.yaml @@ -0,0 +1,17 @@ +--- +version: '3' + +tasks: + run: + desc: Run dgoss + cmds: + - "{{ .DGOSS_RUN }} {{ .TAG_VERSION }}" + preconditions: + - docker images -q {{ .TAG_VERSION }} 2> /dev/null + + edit: + desc: Edit dgoss + cmds: + - "{{ .DGOSS_EDIT }} {{ .TAG_VERSION }}" + preconditions: + - docker images -q {{ .TAG_VERSION }} 2> /dev/null diff --git a/.taskfiles/image.yaml b/.taskfiles/image.yaml new file mode 100644 index 0000000..0564efb --- /dev/null +++ b/.taskfiles/image.yaml @@ -0,0 +1,16 @@ +--- +version: '3' + +tasks: + create: + desc: "Create a new Docker image" + cmds: + - ./.bin/go-replace -s '${CHARTNAME}' -r "{{ .IMAGE }}" --path={{.GIT_ROOT}}/charts/{{.CHART}} --path-pattern='*.*' + deps: + - check-image + silent: true + + _check-image: + cmds: + - test ! -z "{{ .IMAGE }}" || (echo "Please define IMAGE parameter"; exit 1) + silent: true diff --git a/.taskfiles/load.yaml b/.taskfiles/load.yaml new file mode 100644 index 0000000..0322080 --- /dev/null +++ b/.taskfiles/load.yaml @@ -0,0 +1,8 @@ +--- +version: '3' + +tasks: + latest: + desc: Load the release image + cmds: + - "{{ .BUILD }} {{ .TAG_LATEST }} -f Dockerfile . --load" diff --git a/.taskfiles/ls.yaml b/.taskfiles/ls.yaml new file mode 100644 index 0000000..f4eeae6 --- /dev/null +++ b/.taskfiles/ls.yaml @@ -0,0 +1,18 @@ +--- +version: '3' + +tasks: + print: + desc: Print the LS value + silent: true + cmds: + - printf "%s" "{{ .LS }}" + + increment: + desc: Increment the LS value + silent: true + cmds: + - | + LS=$(( {{ .LS }} + 1 )) + printf "%s" "$LS" > LS + cat LS diff --git a/.taskfiles/pkgs.yaml b/.taskfiles/pkgs.yaml new file mode 100644 index 0000000..060877d --- /dev/null +++ b/.taskfiles/pkgs.yaml @@ -0,0 +1,18 @@ +--- +version: '3' + +tasks: + alpine: + desc: Check package versions for alpine based images + cmds: + - "{{ .RUN }} {{ .BASE }} /bin/sh -c 'apk update && apk policy {{ .PACKAGES }}'" + + debian: + desc: Check package versions for debian based images + cmds: + - "{{ .RUN }} {{ .BASE }} /bin/sh -c 'apt-get update && apt-cache policy {{ .PACKAGES }}'" + + pip: + desc: Show the installed pip package versions + cmds: + - "{{ .RUN }} {{ .BASE }} /bin/sh -c 'pip install {{ .PIP }} && pip show {{ .PIP }}'" diff --git a/.taskfiles/run.yaml b/.taskfiles/run.yaml new file mode 100644 index 0000000..72d4358 --- /dev/null +++ b/.taskfiles/run.yaml @@ -0,0 +1,8 @@ +--- +version: '3' + +tasks: + latest: + desc: Run the latest image + cmds: + - "{{ .RUN }} {{ .TAG_LATEST }}" diff --git a/.taskfiles/shell.yaml b/.taskfiles/shell.yaml new file mode 100644 index 0000000..66b9b35 --- /dev/null +++ b/.taskfiles/shell.yaml @@ -0,0 +1,8 @@ +--- +version: '3' + +tasks: + exec: + desc: Get a shell of a running container + cmds: + - "{{ .EXEC }} /bin/sh" diff --git a/.taskfiles/snyk.yaml b/.taskfiles/snyk.yaml new file mode 100644 index 0000000..42239ca --- /dev/null +++ b/.taskfiles/snyk.yaml @@ -0,0 +1,25 @@ +--- +version: '3' + +tasks: + test: + desc: Test local project for vulnerabilities + cmds: + - "snyk container test {{ .TAG_VERSION }} --file=Dockerfile" + deps: + - :load + - _snyk-deps + + monitor: + desc: Monitor the image with snyk + cmds: + - "snyk container monitor {{ .TAG_VERSION }}" + deps: + - :load + - _snyk-deps + + _snyk-deps: + preconditions: + - sh: "snyk version" + msg: "snyk is not installed" + silient: true diff --git a/.taskfiles/version.yaml b/.taskfiles/version.yaml new file mode 100644 index 0000000..f883b41 --- /dev/null +++ b/.taskfiles/version.yaml @@ -0,0 +1,20 @@ +--- +version: '3' + +tasks: + print: + desc: Print the latest app version + silent: true + cmds: + - printf %s {{ .VERSION }} + vars: + VERSION: + sh: curl -sX GET {{ .API_URL }} | jq --raw-output '.tag_name' | sed 's/v//' + + export: + desc: Export the latest app version to VERSION + cmds: + - printf "%s" "{{ .VERSION }}" > VERSION + vars: + VERSION: + sh: curl -sX GET {{ .API_URL }} | jq --raw-output '.tag_name' | sed 's/v//' diff --git a/CHECKSUM b/CHECKSUM new file mode 100644 index 0000000..04309dc --- /dev/null +++ b/CHECKSUM @@ -0,0 +1 @@ +3a5e0cb794cf2dc6c97b32ffad4ccdfbb84d3e987e910c5d3fef686e7ac2463f \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 3dba380..b01adce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,15 @@ # Base image version FROM php:7.2-fpm-alpine as php -FROM alpine:3.13.1 as dl -ARG VERSION=2.1.7 -ARG CHECKSUM=3a5e0cb794cf2dc6c97b32ffad4ccdfbb84d3e987e910c5d3fef686e7ac2463f +FROM alpine:3.13.5 as dl +ARG VERSION +ARG CHECKSUM WORKDIR /app SHELL ["/bin/ash", "-eo", "pipefail", "-c"] RUN \ echo "**** install packages ****" && \ apk add --no-cache \ - curl=7.74.0-r0 && \ + curl=7.76.1-r0 && \ echo "**** download leantime ****" && \ curl -LJO "https://github.com/Leantime/leantime/releases/download/v${VERSION}/Leantime-V${VERSION}.tar.gz" && \ echo "$CHECKSUM Leantime-v${VERSION}.tar.gz" | sha256sum -c && \ @@ -38,7 +38,7 @@ RUN \ echo "**** install packages ****" && \ apk add --no-cache \ libpng-dev=1.6.37-r1 \ - libjpeg-turbo-dev=2.0.5-r0 && \ + libjpeg-turbo-dev=2.1.0-r0 && \ docker-php-ext-configure gd \ --with-gd \ --with-jpeg-dir=/usr/include/ \ @@ -89,13 +89,13 @@ COPY ./config/app.conf /etc/apache2/conf.d/app.conf RUN \ echo "**** install packages ****" && \ apk add --no-cache \ - mysql-client=10.4.17-r1 \ + mysql-client=10.4.18-r0 \ freetype=2.10.4-r0 \ libpng=1.6.37-r1 \ - libjpeg-turbo=2.0.5-r0 \ + libjpeg-turbo=2.1.0-r0 \ freetype-dev=2.10.4-r0 \ libpng-dev=1.6.37-r1 \ - libjpeg-turbo-dev=2.0.5-r0 \ + libjpeg-turbo-dev=2.1.0-r0 \ icu-libs=67.1-r0 \ jpegoptim=1.4.6-r0 \ optipng=0.7.7-r0 \ diff --git a/LS b/LS new file mode 100644 index 0000000..62f9457 --- /dev/null +++ b/LS @@ -0,0 +1 @@ +6 \ No newline at end of file diff --git a/Taskfile.yml b/Taskfile.yml new file mode 100644 index 0000000..efb1a7a --- /dev/null +++ b/Taskfile.yml @@ -0,0 +1,190 @@ +--- +version: '3' + +dotenv: ['task.env'] + +vars: + VERSION: + sh: cat VERSION + CHECKSUM: + sh: cat CHECKSUM + LS: + sh: cat LS + FILENAME: "Leantime-v{{ .VERSION }}.tar.gz" + BUILD_DATE: + sh: "date -u +%Y-%m-%dT%H%M%S%Z" + BUILD_ARGS: >- + --build-arg VERSION={{ .VERSION }} + --build-arg CHECKSUM={{ .CHECKSUM }} + --build-arg BUILD_DATE={{ .BUILD_DATE }} + TAG_VERSION: "{{ .NS }}/{{ .IMAGE_NAME }}:{{ .VERSION }}-ls{{ .LS }}" + TAG_LATEST: "{{ .NS }}/{{ .IMAGE_NAME }}:latest" + CONTAINER: "{{ .CONTAINER_NAME }}-{{ .CONTAINER_INSTANCE }}" + RUN: "docker run -it --rm --name {{ .CONTAINER_NAME }}-{{ .CONTAINER_INSTANCE }} {{ .ENV }} {{ .PORTS }}" + DGOSS_RUN: "dgoss run -it --rm --name {{ .CONTAINER_NAME }}-{{ .CONTAINER_INSTANCE }} {{ .ENV }} {{ .PORTS }}" + DGOSS_EDIT: "dgoss edit -it --rm --name {{ .CONTAINER_NAME }}-{{ .CONTAINER_INSTANCE }} {{ .ENV }} {{ .PORTS }}" + EXEC: "docker exec -it {{ .CONTAINER }}" + BUILD: "docker buildx build {{ .BUILD_ARGS }} -t" + API_URL: "https://api.github.com/repos/{{ .SOURCE_ORG }}/{{ .SOURCE_REPO }}/releases/latest" + +includes: + build: ./.taskfiles/build.yaml + builder: ./.taskfiles/builder.yaml + chk: ./.taskfiles/chk.yaml + date: ./.taskfiles/date.yaml + deps: ./.taskfiles/deps.yaml + goss: ./.taskfiles/goss.yaml + image: ./.taskfiles/image.yaml + load: ./.taskfiles/load.yaml + ls: ./.taskfiles/ls.yaml + pkgs: ./.taskfiles/pkgs.yaml + run: ./.taskfiles/run.yaml + shell: ./.taskfiles/shell.yaml + snyk: ./.taskfiles/snyk.yaml + version: ./.taskfiles/version.yaml + +tasks: + build: + desc: Build the native Docker image + cmds: + - "{{ .BUILD }} {{ .TAG_VERSION }} -f Dockerfile ." + deps: + - build:build-deps + + date: + desc: Get the date of the image + cmds: + - "{{ .RUN }} --entrypoint date {{ .TAG_VERSION }}" + + lint: + desc: Lint the repoistory + cmds: + - "hadolint Dockerfile" + - "yamllint ." + preconditions: + - sh: type hadolint + msg: "hadolint is not installed. Run 'task deps:hadolint'" + - sh: type yamllint + msg: "yamllint is not installed. Run 'task deps:yamllint'" + silent: true + + load: + desc: Load the release image + cmds: + - "{{ .BUILD }} {{ .TAG_VERSION }} -f Dockerfile . --load" + + pre-commit: + desc: Install pre-commit hooks + cmds: + - "pre-commit install" + - "pre-commit install-hooks" + preconditions: + - sh: type pre-commit + msg: "pre-commit is not installed. Run 'task deps:pre-commit'" + silent: true + + prune: + desc: Prune the builder + cmds: + - "docker builder prune --all -f" + + push: + desc: Push the image to all repositories + cmds: + - "{{ .BUILD }} {{ .TAG_LATEST }} {{ .PLATFORMS }} -f Dockerfile . --push" + - "{{ .BUILD }} {{ .TAG_VERSION }} {{ .PLATFORMS }} -f Dockerfile . --push" + - "{{ .BUILD }} {{ .QUAY_LATEST }} {{ .PLATFORMS }} -f Dockerfile . --push" + - "{{ .BUILD }} {{ .QUAY_VERSION }} {{ .PLATFORMS }} -f Dockerfile . --push" + - "{{ .BUILD }} {{ .GHCR_LATEST }} {{ .PLATFORMS }} -f Dockerfile . --push" + - "{{ .BUILD }} {{ .GHCR_VERSION }} {{ .PLATFORMS }} -f Dockerfile . --push" + vars: + QUAY_VERSION: "quay.io/{{ .TAG_VERSION }}" + QUAY_LATEST: "quay.io/{{ .TAG_LATEST }}" + GHCR_VERSION: "ghcr.io/{{ .TAG_VERSION }}" + GHCR_LATEST: "ghcr.io/{{ .TAG_LATEST }}" + + readme: + desc: Update the README.md by replacing template with the image name. + cmds: + - "sed -i 's/template/{{ .IMAGE_NAME }}/g' README.md" + + rm: + desc: Remove the image + cmds: + - "docker rmi -f {{ .TAG_VERSION }}" + + run: + desc: Run the image in the foreground + cmds: + - "{{ .RUN }} {{ .TAG_VERSION }}" + preconditions: + - docker images -q {{ .TAG_VERSION }} 2> /dev/null + + rund: + desc: Run the image in the background + cmds: + - "{{ .RUN }} -d {{ .TAG_VERSION }}" + + secrets: + desc: Upload secrets to repo from pass + cmds: + - "pass github/login-action | gh secret set CR_PAT" + - "pass docker/username | gh secret set DOCKERHUB_USERNAME" + - "pass docker/token | gh secret set DOCKERHUB_TOKEN" + - "pass quay.io/robot | gh secret set QUAY_USERNAME" + - "pass quay.io/token | gh secret set QUAY_TOKEN" + deps: + - deps:_secrets-reqs + silent: true + + shell: + desc: Run a shell of an image + cmds: + - "{{ .RUN }} --entrypoint /bin/sh -u {{ .U }} {{ .TAG_VERSION }}" + vars: + U: '{{ default "0" .U }}' + + stop: + desc: Stop a running container + cmds: + - "docker stop {{ .CONTAINER }}" + + up: + desc: Run docker-compose up + cmds: + - docker-compose -f docker-compose.yaml up + deps: + - load:latest + + vars: + desc: Print all the variables + cmds: + - "printf 'task: Available variables for this project:\n'" + - 'printf "{{ .COLOR }}* BASE\e[m %s\n" "{{ .BASE }}"' + - 'printf "{{ .COLOR }}* CHECKSUM\e[m %s\n" "{{ .CHECKSUM }}"' + - 'printf "{{ .COLOR }}* CONTAINER\e[m %s\n" "{{ .CONTAINER }}"' + - 'printf "{{ .COLOR }}* CONTAINER_INSTANCE\e[m %s\n" "{{ .CONTAINER_INSTANCE }}"' + - 'printf "{{ .COLOR }}* CONTAINER_NAME\e[m %s\n" "{{ .CONTAINER_NAME }}"' + - 'printf "{{ .COLOR }}* ENV\e[m %s\n" "{{ .ENV }}"' + - 'printf "{{ .COLOR }}* FILENAME\e[m %s\n" "{{ .FILENAME }}"' + - 'printf "{{ .COLOR }}* GIT_ROOT\e[m %s\n" "{{ .GIT_ROOT }}"' + - 'printf "{{ .COLOR }}* IMAGE_NAME\e[m %s\n" "{{ .IMAGE_NAME }}"' + - 'printf "{{ .COLOR }}* LS\e[m %s\n" "{{ .LS }}"' + - 'printf "{{ .COLOR }}* NS\e[m %s\n" "{{ .NS }}"' + - 'printf "{{ .COLOR }}* PACKAGES\e[m %s\n" "{{ .PACKAGES }}"' + - 'printf "{{ .COLOR }}* PIP\e[m %s\n" "{{ .PIP }}"' + - 'printf "{{ .COLOR }}* PLATFORMS\e[m %s\n" "{{ .PLATFORMS }}"' + - 'printf "{{ .COLOR }}* PORTS\e[m %s\n" "{{ .PORTS }}"' + - 'printf "{{ .COLOR }}* SOURCE_ORG\e[m %s\n" "{{ .SOURCE_ORG }}"' + - 'printf "{{ .COLOR }}* SOURCE_REPO\e[m %s\n" "{{ .SOURCE_REPO }}"' + - 'printf "{{ .COLOR }}* TYPE\e[m %s\n" "{{ .TYPE }}"' + - 'printf "{{ .COLOR }}* VERSION\e[m %s\n" "{{ .VERSION }}"' + vars: + # Blue + COLOR: '\e[1;34m' + silent: true + + default: + cmds: + - task -l + silent: true diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..9671f9a --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +2.1.7 \ No newline at end of file diff --git a/task.env b/task.env new file mode 100644 index 0000000..c137f90 --- /dev/null +++ b/task.env @@ -0,0 +1,29 @@ +# Release +NS=nicholaswilde + +IMAGE_NAME=leantime +CONTAINER_NAME=${IMAGE_NAME} +CONTAINER_INSTANCE=default + +# Source information used to download source files +# release, source, or commit +TYPE=release +SOURCE_REPO=${IMAGE_NAME} +SOURCE_ORG=Leantime + +# Run +ENV=-e TZ=America/Los_Angeles -e LEAN_DB_HOST=mysql_leantime -e LEAN_DB_USER=admin -e LEAN_DB_PASSWORD=321.qwerty -e LEAN_DB_DATABASE=leantime + +PORTS=-p 80:80 -p 9000:9000 + +# Build +PLATFORMS="--platform linux/arm/v7,linux/arm64,linux/amd64" + +# Packages +BASE=alpine:3.13.5 +PACKAGES=wget ca-certificates git curl npm nodejs tzdata + +PIP= + +# Goss +GOSS_SLEEP=0