diff --git a/.github/labeler.yaml b/.github/labeler.yaml
new file mode 100644
index 00000000..8e176b2c
--- /dev/null
+++ b/.github/labeler.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: disabled
+area/github:
+ - ".github/**/*"
+area/kubernetes:
+ - "kubernetes/**/*"
+area/hack:
+ - "hack/**/*"
+area/tofu:
+ - "tofu/**/*"
diff --git a/.github/labels.yaml b/.github/labels.yaml
new file mode 100644
index 00000000..1a24a366
--- /dev/null
+++ b/.github/labels.yaml
@@ -0,0 +1,39 @@
+---
+# yaml-language-server: disabled
+# Area
+- name: area/github
+ color: "72ccf3"
+ description: >-
+ Changes made in the github directory
+- name: area/kubernetes
+ color: "72ccf3"
+ description: >-
+ Changes made in the kubernetes directory
+- name: area/hack
+ color: "72ccf3"
+ description: >-
+ Changes made in the hack directory
+- name: area/tofu
+ color: "72ccf3"
+ description: >-
+ Changes made in the tofu directory
+# Renovate
+- name: renovate/container
+ color: "009485"
+- name: renovate/github-action
+ color: "009485"
+- name: renovate/github-release
+ color: "009485"
+- name: renovate/helm
+ color: "009485"
+- name: renovate/tofu
+ color: "009485"
+# Semantic Type
+- name: type/digest
+ color: "ffec19"
+- name: type/patch
+ color: "ffec19"
+- name: type/minor
+ color: "ff9800"
+- name: type/major
+ color: "f6412d"
diff --git a/.github/renovate-bot.json5 b/.github/renovate-bot.json5
new file mode 100644
index 00000000..353ca5dc
--- /dev/null
+++ b/.github/renovate-bot.json5
@@ -0,0 +1,5 @@
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "username": "RoboDexo2000[bot]",
+ "gitAuthor": "RoboDexo2000 <150604236+RoboDexo2000[bot]@users.noreply.github.com>"
+}
diff --git a/.github/renovate.json5 b/.github/renovate.json5
new file mode 100644
index 00000000..01ded926
--- /dev/null
+++ b/.github/renovate.json5
@@ -0,0 +1,25 @@
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "extends": [
+ "config:recommended",
+ "docker:enableMajor",
+ ":disableRateLimiting",
+ ":dependencyDashboard",
+ ":semanticCommits",
+ ":automergeDigest",
+ ":automergeBranch",
+ ":automergePatch",
+ "github>dexters-ops/containers//.github/renovate/autoMerge.json5",
+ "github>dexters-ops/containers//.github/renovate/commitMessage.json5",
+ "github>dexters-ops/containers//.github/renovate/customManagers.json5",
+ "github>dexters-ops/containers//.github/renovate/labels.json5",
+ "github>dexters-ops/containers//.github/renovate/semanticCommits.json5"
+ ],
+ "platform": "github",
+ "onboarding": false,
+ "requireConfig": "optional",
+ "ignoreDeps": [
+ "public.ecr.aws/docker/library/ubuntu",
+ "node"
+ ]
+}
diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5
new file mode 100644
index 00000000..3930b010
--- /dev/null
+++ b/.github/renovate/autoMerge.json5
@@ -0,0 +1,14 @@
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "packageRules": [
+ {
+ "description": "Auto merge GitHub Actions",
+ "matchManagers": ["github-actions"],
+ "matchDatasources": ["github-tags"],
+ "automerge": true,
+ "ignoreTests": true,
+ "automergeType": "branch",
+ "matchUpdateTypes": ["minor", "patch"]
+ }
+ ]
+}
diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5
new file mode 100644
index 00000000..52ae185e
--- /dev/null
+++ b/.github/renovate/commitMessage.json5
@@ -0,0 +1,12 @@
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "commitMessageTopic": "{{depName}}",
+ "commitMessageExtra": "to {{newVersion}}",
+ "commitMessageSuffix": "",
+ "packageRules": [
+ {
+ "matchDatasources": ["docker"],
+ "commitMessageTopic": "image {{depName}}"
+ }
+ ]
+}
diff --git a/.github/renovate.json b/.github/renovate/customManagers.json5
similarity index 83%
rename from .github/renovate.json
rename to .github/renovate/customManagers.json5
index 93cb92ed..452b3de7 100644
--- a/.github/renovate.json
+++ b/.github/renovate/customManagers.json5
@@ -1,14 +1,8 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
- "extends": [
- "config:base",
- ":disableRateLimiting",
- ":skipStatusChecks",
- "group:all",
- "schedule:daily"
- ],
- "regexManagers": [
+ "customManagers": [
{
+ "customType": "regex",
"description": "Process metadata versions",
"fileMatch": [
"apps/.+/metadata\\.json$"
@@ -20,6 +14,7 @@
"datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}docker{{/if}}",
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
}, {
+ "customType": "regex",
"description": "Process renovate comments",
"fileMatch": [
".github/workflows/.*\\.ya?ml$"
@@ -30,6 +25,5 @@
"datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}docker{{/if}}",
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
}
- ],
- "ignoreDeps": ["public.ecr.aws/docker/library/ubuntu", "ghcr.io/ajgon/ubuntu", "node"]
+ ]
}
diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5
new file mode 100644
index 00000000..55095874
--- /dev/null
+++ b/.github/renovate/labels.json5
@@ -0,0 +1,33 @@
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "packageRules": [
+ {
+ "matchUpdateTypes": ["major"],
+ "labels": ["type/major"]
+ },
+ {
+ "matchUpdateTypes": ["minor"],
+ "labels": ["type/minor"]
+ },
+ {
+ "matchUpdateTypes": ["patch"],
+ "labels": ["type/patch"]
+ },
+ {
+ "matchUpdateTypes": ["digest"],
+ "labels": ["type/digest"]
+ },
+ {
+ "matchDatasources": ["docker"],
+ "addLabels": ["renovate/container"]
+ },
+ {
+ "matchDatasources": ["github-releases", "github-tags"],
+ "addLabels": ["renovate/github-release"]
+ },
+ {
+ "matchManagers": ["github-actions"],
+ "addLabels": ["renovate/github-action"]
+ }
+ ]
+}
diff --git a/.github/renovate/semanticCommits.json5 b/.github/renovate/semanticCommits.json5
new file mode 100644
index 00000000..9ba0ef1a
--- /dev/null
+++ b/.github/renovate/semanticCommits.json5
@@ -0,0 +1,62 @@
+{
+ "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+ "packageRules": [
+ {
+ "matchDatasources": ["docker"],
+ "matchUpdateTypes": ["major"],
+ "commitMessagePrefix": "feat(container)!: "
+ },
+ {
+ "matchDatasources": ["docker"],
+ "matchUpdateTypes": ["minor"],
+ "semanticCommitType": "feat",
+ "semanticCommitScope": "container"
+ },
+ {
+ "matchDatasources": ["docker"],
+ "matchUpdateTypes": ["patch"],
+ "semanticCommitType": "fix",
+ "semanticCommitScope": "container"
+ },
+ {
+ "matchDatasources": ["docker"],
+ "matchUpdateTypes": ["digest"],
+ "semanticCommitType": "chore",
+ "semanticCommitScope": "container"
+ },
+ {
+ "matchDatasources": ["github-releases", "github-tags"],
+ "matchUpdateTypes": ["major"],
+ "commitMessagePrefix": "feat(github-release)!: "
+ },
+ {
+ "matchDatasources": ["github-releases", "github-tags"],
+ "matchUpdateTypes": ["minor"],
+ "semanticCommitType": "feat",
+ "semanticCommitScope": "github-release"
+ },
+ {
+ "matchDatasources": ["github-releases", "github-tags"],
+ "matchUpdateTypes": ["patch"],
+ "semanticCommitType": "fix",
+ "semanticCommitScope": "github-release"
+ },
+ {
+ "matchManagers": ["github-actions"],
+ "matchUpdateTypes": ["major"],
+ "commitMessagePrefix": "feat(github-action)!: "
+ },
+ {
+ "matchManagers": ["github-actions"],
+ "matchUpdateTypes": ["minor"],
+ "semanticCommitType": "feat",
+ "semanticCommitScope": "github-action"
+ },
+ {
+ "matchManagers": ["github-actions"],
+ "matchUpdateTypes": ["patch"],
+ "semanticCommitType": "fix",
+ "semanticCommitScope": "github-action"
+ }
+ ]
+}
diff --git a/.github/scripts/templates/README.md.j2 b/.github/scripts/templates/README.md.j2
index 347f08ed..171b6d6e 100644
--- a/.github/scripts/templates/README.md.j2
+++ b/.github/scripts/templates/README.md.j2
@@ -13,18 +13,18 @@ _A Collection of Container Images Optimized for Kubernetes_
-
-
+
+
-Welcome to my container images, if looking for a container start by [browsing the container packages](https://github.com/ajgon?tab=packages&repo_name=containers).
+Welcome to my container images, if looking for a container start by [browsing the container packages](https://github.com/dexters-ops?tab=packages&repo_name=containers).
## Mission statement
The goal of this project is to support containers for various applications, while following the best practices including:
-- [Semating versioning](https://semver.org/)
+- [Semantic versioning](https://semver.org/)
- [Multiple architectures](https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/)
- Security best practices
- [Rootless PID 1](https://rootlesscontaine.rs/)
@@ -60,10 +60,10 @@ A similar approach applies here, but instead of appending a `-ls69` or `-r420` p
| Container | Immutable |
|------------------------------------------------------|-----------|
-| `ghcr.io/ajgon/paperless-ngx:latest` | ❌ |
-| `ghcr.io/ajgon/paperless-ngx:1.17.4` | ❌ |
-| `ghcr.io/ajgon/paperless-ngx:latest@sha256:613c...` | ✅ |
-| `ghcr.io/ajgon/paperless-ngx:1.17.4@sha256:613c...` | ✅ |
+| `ghcr.io/dexters-ops/paperless-ngx:latest` | ❌ |
+| `ghcr.io/dexters-ops/paperless-ngx:1.17.4` | ❌ |
+| `ghcr.io/dexters-ops/paperless-ngx:latest@sha256:613c...` | ✅ |
+| `ghcr.io/dexters-ops/paperless-ngx:1.17.4@sha256:613c...` | ✅ |
_If pinning an image to the sha256 digest, tools like [Renovate](https://github.com/renovatebot/renovate) support updating the container on a digest or application version change._
@@ -74,7 +74,7 @@ Each Image will be built with a `latest` tag, along with tags specific to it's v
Container | Channel | Image | Latest Tags
--- | --- | --- | ---
{% for image in app_images | sort(attribute="name") -%}
-[{{ image.name }}]({{ image.html_url }}) | {{ image.channel }} | ghcr.io/ajgon/{{ image.name }} |
+[{{ image.name }}]({{ image.html_url }}) | {{ image.channel }} | ghcr.io/dexters-ops/{{ image.name }} |
{%- set space = joiner(" ") -%}
{%- for tag in image.tags -%}
{{ space() }}![{{ tag }}](https://img.shields.io/badge/{{ tag.replace("-", "--") }}-{% if tag == "latest" %}green{% else %}blue{% endif %}?style=flat-square)
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 8c60cc99..137e5877 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -1,3 +1,4 @@
+# yamllint disable rule:comments
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Create and publish a Docker images
@@ -8,7 +9,8 @@ env:
jobs:
prepare-matrix:
- uses: ajgon/containers/.github/workflows/prepare-matrix.yaml@master
+ uses: dexters-ops/containers/.github/workflows/prepare-matrix.yaml@master
+ secrets: inherit
deploy:
needs: prepare-matrix
@@ -21,8 +23,17 @@ jobs:
fail-fast: false
# yamllint disable rule:line-length
steps:
- - uses: actions/checkout@v4
+ - name: Generate Token
+ uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+ id: generate-token
with:
+ app_id: "${{ secrets.BOT_APP_ID }}"
+ private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ token: "${{ steps.generate-token.outputs.token }}"
fetch-depth: 1
- name: Setup workflow Variables
@@ -64,20 +75,20 @@ jobs:
echo "tags=${tags}" >> $GITHUB_OUTPUT
- name: Setup QEMU
- uses: docker/setup-qemu-action@v3
+ uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with:
image: "public.ecr.aws/eks-distro-build-tooling/binfmt-misc:qemu-v7.0.0"
- name: Setup Docker Buildx
id: buildx
- uses: docker/setup-buildx-action@v3
+ uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with:
version: latest
driver-opts: |
image=public.ecr.aws/vend/moby/buildkit:buildx-stable-1
- name: Setup GHCR
- uses: docker/login-action@v3
+ uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ github.actor }}
@@ -85,7 +96,7 @@ jobs:
- name: Build all platforms
id: release
- uses: docker/build-push-action@v5
+ uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
build-args: |-
BASEIMGVERSION=${{ steps.vars.outputs.baseimg_build_version }}
@@ -96,9 +107,9 @@ jobs:
${{ steps.vars.outputs.label_type }}.title="${{ matrix.apps.app }} (${{ matrix.apps.channel }})"
${{ steps.vars.outputs.label_type }}.version="${{ steps.vars.outputs.build_version }}"
${{ steps.vars.outputs.label_type }}.authors="Igor Rzegocki "
- ${{ steps.vars.outputs.label_type }}.url="https://github.com/ajgon/containers/tree/master/apps/${{ matrix.apps.app }}"
- ${{ steps.vars.outputs.label_type }}.build.url="https://github.com/ajgon/containers/actions/runs/${{ github.run_id }}"
- ${{ steps.vars.outputs.label_type }}.documentation="https://github.com/ajgon/containers/tree/master/apps/${{ matrix.apps.app }}/README.md"
+ ${{ steps.vars.outputs.label_type }}.url="https://github.com/dexters-ops/containers/tree/master/apps/${{ matrix.apps.app }}"
+ ${{ steps.vars.outputs.label_type }}.build.url="https://github.com/dexters-ops/containers/actions/runs/${{ github.run_id }}"
+ ${{ steps.vars.outputs.label_type }}.documentation="https://github.com/dexters-ops/containers/tree/master/apps/${{ matrix.apps.app }}/README.md"
${{ steps.vars.outputs.label_type }}.revision="${{ github.sha }}"
context: apps/${{ matrix.apps.app }}
platforms: ${{ steps.vars.outputs.platforms }}
@@ -123,3 +134,4 @@ jobs:
- name: Check build matrix status
if: ${{ needs.deploy.result != 'success' && needs.deploy.result != 'skipped' }}
run: exit 1
+# yamllint enable rule:comments
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
deleted file mode 100644
index e9169a8f..00000000
--- a/.github/workflows/lint.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
-name: Run all the linters
-'on': workflow_call
-
-jobs:
- lint:
- name: Run linters
- runs-on: ubuntu-latest
- steps:
- - name: Check out repository
- uses: actions/checkout@v4
- with:
- fetch-depth: 1
-
- - name: Setup CUE
- uses: cue-lang/setup-cue@v1.0.0
-
- - name: "Linter: CUE"
- shell: bash
- run: |-
- cue vet --schema '#Spec' ./apps/*/metadata.json ./metadata.rules.cue
-
- - name: "Linter: hadolint"
- uses: jbergstroem/hadolint-gh-action@v1
- with:
- annotate: true
- dockerfile: "apps/*/Dockerfile"
- error_level: 1
- # renovate: datasource=github-releases depName=hadolint/hadolint
- version: 2.12.0
-
- - name: "Linter: shellcheck"
- uses: ludeeus/action-shellcheck@master
- with:
- severity: warning
- # renovate: datasource=github-releases depName=koalaman/shellcheck
- version: v0.9.0
-
- - name: "Linter: yamllint"
- uses: karancode/yamllint-github-action@master
- with:
- yamllint_strict: true
- yamllint_config_filepath: ./.yamllint
- yamllint_comment: true
- env:
- GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml
new file mode 100644
index 00000000..03d20be6
--- /dev/null
+++ b/.github/workflows/linter.yaml
@@ -0,0 +1,53 @@
+# yamllint disable rule:comments
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Run all the linters
+'on': workflow_call
+
+jobs:
+ lint:
+ name: Run linters
+ runs-on: ubuntu-latest
+ steps:
+ - name: Generate Token
+ uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+ id: generate-token
+ with:
+ app_id: "${{ secrets.BOT_APP_ID }}"
+ private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ token: "${{ steps.generate-token.outputs.token }}"
+ fetch-depth: 1
+
+ - name: Setup CUE
+ uses: cue-lang/setup-cue@1713281ae501e533ff06108005dffeab9e2e5203 # v1.0.0
+
+ - name: "Linter: CUE"
+ shell: bash
+ run: |-
+ cue vet --schema '#Spec' ./apps/*/metadata.json ./metadata.rules.cue
+
+ - name: "Linter: hadolint"
+ uses: jbergstroem/hadolint-gh-action@eac45b98f6d761309202bd201205a8f8c988bfad # v1.11.0
+ with:
+ annotate: true
+ dockerfile: "apps/*/Dockerfile"
+ error_level: 1
+
+ - name: "Linter: shellcheck"
+ uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
+ with:
+ severity: warning
+
+ - name: "Linter: yamllint"
+ uses: karancode/yamllint-github-action@fdef6bc189425ecc84cc4543b2674566c0827053 # v2.1.1
+ with:
+ yamllint_strict: true
+ yamllint_config_filepath: ./.yamllint
+ yamllint_comment: true
+ env:
+ GITHUB_ACCESS_TOKEN: "${{ steps.generate-token.outputs.token }}"
+# yamllint enable rule:comments
diff --git a/.github/workflows/meta-labeler.yaml b/.github/workflows/meta-labeler.yaml
new file mode 100644
index 00000000..83064ecd
--- /dev/null
+++ b/.github/workflows/meta-labeler.yaml
@@ -0,0 +1,29 @@
+# yamllint disable rule:comments
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "Meta Labeler"
+
+'on':
+ workflow_dispatch:
+ pull_request:
+ branches:
+ - master
+
+jobs:
+ labeler:
+ name: Labeler
+ runs-on: ubuntu-latest
+ steps:
+ - name: Generate Token
+ uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+ id: generate-token
+ with:
+ app_id: "${{ secrets.BOT_APP_ID }}"
+ private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+ - name: Labeler
+ uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0
+ with:
+ configuration-path: .github/labeler.yaml
+ repo-token: "${{ steps.generate-token.outputs.token }}"
+# yamllint enable rule:comments
diff --git a/.github/workflows/meta-sync-labels.yaml b/.github/workflows/meta-sync-labels.yaml
new file mode 100644
index 00000000..0e8014fe
--- /dev/null
+++ b/.github/workflows/meta-sync-labels.yaml
@@ -0,0 +1,37 @@
+# yamllint disable rule:comments
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "Meta Sync labels"
+
+'on':
+ workflow_dispatch:
+ push:
+ branches:
+ - master
+ paths:
+ - .github/labels.yaml
+
+jobs:
+ labels:
+ name: Sync Labels
+ runs-on: ubuntu-latest
+ steps:
+ - name: Generate Token
+ uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+ id: generate-token
+ with:
+ app_id: "${{ secrets.BOT_APP_ID }}"
+ private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ token: "${{ steps.generate-token.outputs.token }}"
+
+ - name: Sync Labels
+ uses: EndBug/label-sync@da00f2c11fdb78e4fae44adac2fdd713778ea3e8 # v2.3.2
+ with:
+ config-file: .github/labels.yaml
+ token: "${{ steps.generate-token.outputs.token }}"
+ delete-other-labels: true
+# yamllint enable rule:comments
diff --git a/.github/workflows/on-merge-master.yaml b/.github/workflows/on-merge-master.yaml
index c4f351fd..38832797 100644
--- a/.github/workflows/on-merge-master.yaml
+++ b/.github/workflows/on-merge-master.yaml
@@ -8,8 +8,10 @@ name: Deploy image
jobs:
deploy:
- uses: ajgon/containers/.github/workflows/deploy.yaml@master
+ uses: dexters-ops/containers/.github/workflows/deploy.yaml@master
+ secrets: inherit
build-readme:
needs: deploy
- uses: ajgon/containers/.github/workflows/render-readme.yaml@master
+ uses: dexters-ops/containers/.github/workflows/render-readme.yaml@master
+ secrets: inherit
diff --git a/.github/workflows/on-pr.yaml b/.github/workflows/on-pr.yaml
index eb324edf..1e0d09a2 100644
--- a/.github/workflows/on-pr.yaml
+++ b/.github/workflows/on-pr.yaml
@@ -5,8 +5,9 @@ name: Validate pull request
jobs:
lint:
- uses: ajgon/containers/.github/workflows/lint.yaml@master
+ uses: dexters-ops/containers/.github/workflows/lint.yaml@master
+ secrets: inherit
test:
- uses: ajgon/containers/.github/workflows/test.yaml@master
+ uses: dexters-ops/containers/.github/workflows/test.yaml@master
secrets: inherit
diff --git a/.github/workflows/prepare-matrix.yaml b/.github/workflows/prepare-matrix.yaml
index 933d56b8..d71f3468 100644
--- a/.github/workflows/prepare-matrix.yaml
+++ b/.github/workflows/prepare-matrix.yaml
@@ -1,3 +1,4 @@
+# yamllint disable rule:comments
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Prepare matrix of changed images
@@ -14,14 +15,22 @@ jobs:
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- - uses: actions/checkout@v4
+ - name: Generate Token
+ uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+ id: generate-token
with:
+ app_id: "${{ secrets.BOT_APP_ID }}"
+ private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ token: "${{ steps.generate-token.outputs.token }}"
fetch-depth: 0
- # Example 1
- name: Get changed files
id: changed-files
- uses: tj-actions/changed-files@v40
+ uses: tj-actions/changed-files@da093c1609db0edd0a037ce9664e135f74bf30d9 # v40.2.0
- name: Setup matrix
id: set-matrix
@@ -43,3 +52,4 @@ jobs:
done
matrix="${matrix}]"
sed -E 's@,\]@]@g' <<< "matrix=${matrix}" >> $GITHUB_OUTPUT
+# yamllint enable rule:comments
diff --git a/.github/workflows/render-readme.yaml b/.github/workflows/render-readme.yaml
index 098a1c45..ce7b9fb2 100644
--- a/.github/workflows/render-readme.yaml
+++ b/.github/workflows/render-readme.yaml
@@ -1,3 +1,4 @@
+# yamllint disable rule:comments
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: "Render Readme"
@@ -9,11 +10,20 @@ jobs:
name: Render README
runs-on: ubuntu-latest
steps:
+ - name: Generate Token
+ uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+ id: generate-token
+ with:
+ app_id: "${{ secrets.BOT_APP_ID }}"
+ private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ token: "${{ steps.generate-token.outputs.token }}"
- name: Setup Python
- uses: actions/setup-python@v4
+ uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
with:
python-version: '3.11'
cache: 'pip' # caching pip dependencies
@@ -24,12 +34,16 @@ jobs:
- name: Render README
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: "${{ steps.generate-token.outputs.token }}"
run: |
python ./.github/scripts/render-readme.py
- name: Commit Changes
- uses: stefanzweifel/git-auto-commit-action@v5
+ uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
with:
commit_message: "docs: render README.md"
file_pattern: "README.md"
+ commit_user_name: "RoboDexo2000[bot]"
+ commit_user_email: "150604236+RoboDexo2000[bot]@users.noreply.github.com"
+ commit_author: "RoboDexo2000 <150604236+RoboDexo2000[bot]@users.noreply.github.com>"
+# yamllint enable rule:comments
diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
new file mode 100644
index 00000000..31248ec9
--- /dev/null
+++ b/.github/workflows/renovate.yaml
@@ -0,0 +1,62 @@
+# yamllint disable rule:comments
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "Renovate"
+
+'on':
+ workflow_dispatch:
+ inputs:
+ dryRun:
+ description: Dry-Run
+ default: "false"
+ required: false
+ logLevel:
+ description: Log-Level
+ default: info
+ required: false
+ schedule:
+ - cron: "0 * * * *"
+ push:
+ branches:
+ - master
+ paths:
+ - .github/renovate-bot.json5
+ - .github/renovate.json5
+ - .github/renovate/**.json5
+
+env:
+ LOG_LEVEL: info
+ RENOVATE_DRY_RUN: false
+ RENOVATE_CONFIG_FILE: .github/renovate-bot.json5
+ RENOVATE_AUTODISCOVER: true
+ RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}"
+
+jobs:
+ renovate:
+ name: Renovate
+ runs-on: ubuntu-latest
+ steps:
+ - name: Generate Token
+ uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+ id: generate-token
+ with:
+ app_id: "${{ secrets.BOT_APP_ID }}"
+ private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ token: "${{ steps.generate-token.outputs.token }}"
+
+ - name: Override default config from dispatch variables
+ shell: bash
+ run: |
+ echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.RENOVATE_DRY_RUN }}" >> "${GITHUB_ENV}"
+ echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "${GITHUB_ENV}"
+
+ - name: Renovate
+ uses: renovatebot/github-action@5d3fbef92a76cbf78f5732d17c07a2e76e6f7555 # v39.1.4
+ with:
+ configurationFile: "${{ env.RENOVATE_CONFIG_FILE }}"
+ token: "${{ steps.generate-token.outputs.token }}"
+# yamllint enable rule:comments
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 92ba893a..94c41850 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -8,7 +8,8 @@ env:
jobs:
prepare-matrix:
- uses: ajgon/containers/.github/workflows/prepare-matrix.yaml@master
+ uses: dexters-ops/containers/.github/workflows/prepare-matrix.yaml@master
+ secrets: inherit
test:
needs: prepare-matrix
@@ -21,8 +22,17 @@ jobs:
fail-fast: false
# yamllint disable rule:line-length
steps:
- - uses: actions/checkout@v4
+ - name: Generate Token
+ uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+ id: generate-token
with:
+ app_id: "${{ secrets.BOT_APP_ID }}"
+ private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ token: "${{ steps.generate-token.outputs.token }}"
fetch-depth: 1
- name: Setup workflow Variables
@@ -44,24 +54,25 @@ jobs:
fi
- name: Setup Goss
- uses: e1himself/goss-installation-action@v1.1.0
- with:
- # renovate: datasource=github-releases depName=goss-org/goss
- version: v0.4.4
+ uses: e1himself/goss-installation-action@3b8952d233bcc9bb8e901ec819d8cde6daa7f546 # v1.1.0
- name: Setup Docker Buildx
id: buildx
- uses: docker/setup-buildx-action@v3
+ uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+ with:
+ version: latest
+ driver-opts: |
+ image=public.ecr.aws/vend/moby/buildkit:buildx-stable-1
- name: Check tests existence
id: check_ci
- uses: andstor/file-existence-action@v2
+ uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2.0.0
with:
files: apps/${{ matrix.apps.app }}/ci
fail: false
- name: Build container image for testing and snyk
- uses: docker/build-push-action@v5
+ uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
build-args: |-
BASEIMGVERSION=${{ steps.vars.outputs.baseimg_build_version }}
diff --git a/README.md b/README.md
index 52a5b069..599a7168 100644
--- a/README.md
+++ b/README.md
@@ -13,8 +13,8 @@ _A Collection of Container Images Optimized for Kubernetes_
-
-
+
+
@@ -73,12 +73,12 @@ Each Image will be built with a `latest` tag, along with tags specific to it's v
Container | Channel | Image | Latest Tags
--- | --- | --- | ---
-[authelia](https://github.com/ajgon/containers/pkgs/container/authelia) | stable | ghcr.io/ajgon/authelia |   
-[lldap](https://github.com/ajgon/containers/pkgs/container/lldap) | stable | ghcr.io/ajgon/lldap |   
-[lldap-devel](https://github.com/ajgon/containers/pkgs/container/lldap-devel) | devel | ghcr.io/ajgon/lldap-devel |   
-[maddy](https://github.com/ajgon/containers/pkgs/container/maddy) | stable | ghcr.io/ajgon/maddy |   
-[postgres-init](https://github.com/ajgon/containers/pkgs/container/postgres-init) | stable | ghcr.io/ajgon/postgres-init |  
-[postgres-logical-backup](https://github.com/ajgon/containers/pkgs/container/postgres-logical-backup) | stable | ghcr.io/ajgon/postgres-logical-backup |  
+[authelia](https://github.com/dexters-ops/containers/pkgs/container/authelia) | stable | ghcr.io/ajgon/authelia |   
+[lldap](https://github.com/dexters-ops/containers/pkgs/container/lldap) | stable | ghcr.io/ajgon/lldap |   
+[lldap-devel](https://github.com/dexters-ops/containers/pkgs/container/lldap-devel) | devel | ghcr.io/ajgon/lldap-devel |   
+[maddy](https://github.com/dexters-ops/containers/pkgs/container/maddy) | stable | ghcr.io/ajgon/maddy |   
+[postgres-init](https://github.com/dexters-ops/containers/pkgs/container/postgres-init) | stable | ghcr.io/ajgon/postgres-init |  
+[postgres-logical-backup](https://github.com/dexters-ops/containers/pkgs/container/postgres-logical-backup) | stable | ghcr.io/ajgon/postgres-logical-backup |  
## Credits
@@ -87,4 +87,4 @@ A lot of inspiration (and a lot of copy-pasting to be honest) are thanks to the
\ No newline at end of file
+-->
diff --git a/Taskfile.yaml b/Taskfile.yaml
index 4983492d..6a9b0066 100644
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@@ -92,8 +92,8 @@ tasks:
--label '{{ .LABEL_TYPE }}.title={{ .APP }} ({{ .CHANNEL }})' \
--label '{{ .LABEL_TYPE }}.version={{ .VERSION }}' \
--label '{{ .LABEL_TYPE }}.authors=Igor Rzegocki ' \
- --label '{{ .LABEL_TYPE }}.url=https://github.com/ajgon/containers/tree/master/apps/{{ .APP }}' \
- --label '{{ .LABEL_TYPE }}.documentation=https://github.com/ajgon/containers/tree/master/apps/{{ .APP }}/README.md' \
+ --label '{{ .LABEL_TYPE }}.url=https://github.com/dexters-ops/containers/tree/master/apps/{{ .APP }}' \
+ --label '{{ .LABEL_TYPE }}.documentation=https://github.com/dexters-ops/containers/tree/master/apps/{{ .APP }}/README.md' \
-f apps/{{ .APP }}/Dockerfile apps/{{ .APP }}
done
# yamllint enable
diff --git a/apps/alpine/Dockerfile b/apps/alpine/Dockerfile
index f10596be..86d4836d 100644
--- a/apps/alpine/Dockerfile
+++ b/apps/alpine/Dockerfile
@@ -66,3 +66,5 @@ COPY --chmod=0755 --chown=65000:65000 base-entrypoint.sh /usr/local/bin/base-ent
VOLUME ["/tmp"]
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/base-entrypoint.sh"]
+
+# ee